From f6e456dd552c18fbea3fc854ff6f945b0a51b2ea Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Tue, 28 Nov 2023 21:56:12 +0100 Subject: [PATCH] edit ch5 tsk format --- book/source/05-private.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/book/source/05-private.md b/book/source/05-private.md index 630cc3e..0bcd6d5 100644 --- a/book/source/05-private.md +++ b/book/source/05-private.md @@ -21,7 +21,7 @@ In this documentation, we treat the private key material as logically separate f ```{figure} diag/OpenPGPCert_with_privatekeystore.png :name: fig-openpgp-certificate-with-private-key-store -:alt: A diagram on white background showing an OpenPGP certificate and a private key store. Gray dotted lines connect the green public key symbols of the OpenPGP certificate to red dotted private key symbols in the private key store. +:alt: A diagram on a white background showing an OpenPGP certificate and a private key store. Gray dotted lines connect the green public key symbols of the OpenPGP certificate to red dotted private key symbols in the private key store. An OpenPGP certificate, with the associated private key material handled in a separate subsystem. ``` @@ -32,26 +32,26 @@ However, there is one exception. Cryptographic private key material is sometimes ## Transferable secret key format -Sometimes it is useful to handle OpenPGP certificates combined with private key material in the form of [*transferable secret keys (TSK)*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-11.html#name-transferable-secret-keys). Transferable secret keys are a serialized format that combines OpenPGP certificate data with the connected private key material, stored in a single file. +Sometimes it is useful to handle OpenPGP certificates combined with private key material in the form of a [*transferable secret key (TSK)*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-11.html#name-transferable-secret-keys). A TSK is a serialized format that combines OpenPGP certificate data with its connected private key material, stored in a single file. ```{figure} diag/TSK.png :name: fig-transferable-secret-key -:alt: Depicts a box on white background with the title "Transferable secret key". It is identical to the figure depicting an OpenPGP certificate, with the exception, that in each component key box, below the green public key symbol, also the red dotted private key symbol is shown. +:alt: A box on a white background titled "transferable secret key." It resembles the figure depicting an OpenPGP certificate, except that in each component key box, below the green public key symbol, the red-dotted private key symbol is also shown. OpenPGP certificate with integrated private key material, as a TSK ``` -The TSK format can be useful for backups of OpenPGP key material, or to move a key to a different computer[^gpg-tsk]. See the chapter {ref}`zoom_private` for insights into the packet structure of a TSK. +The TSK format is particularly useful for backups of OpenPGP key material or transferring a key to a different computer[^gpg-tsk]. For insights into the packet structure of a TSK, see the chapter {ref}`zoom_private`. -[^gpg-tsk]: For example, with GnuPG, an OpenPGP key can be exported in (armored) TSK format like this: `gpg --export-secret-key --armor ` +[^gpg-tsk]: For example, in GnuPG, an OpenPGP key can be exported in (armored) TSK format using the following command: `gpg --export-secret-key --armor `. ```{admonition} Terminology :class: note -Transferable secret keys are sometimes colloquially referred to as "OpenPGP private keys". +Transferable secret keys are sometimes colloquially referred to as "OpenPGP private keys." ``` -Historically, the concept of TSKs, which combine all aspects of an OpenPGP certificate and the associated private key material, has sometimes been conflated with OpenPGP private key operations. We consider it more helpful to think of TSKs as a specialized format for storage/transport, and not as a data structure for use in a key store. Also see {ref}`key-store-design`. +Historically, the concept of TSKs, which combine all components of an OpenPGP certificate with the associated private key material, has sometimes been conflated with OpenPGP private key operations. However, it is more accurate to view TSKs as a specialized format for storage and transport, rather than as a data structure for use in a key store. For further details, see {ref}`key-store-design`. (encrypted_secrets)= ## Protection of private key material in OpenPGP