diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-12-01 14:23:38 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2020-12-01 14:27:33 +0100 |
| commit | 59d6f7b097ab67b8353db96dfcb1907fce7f5bc6 (patch) | |
| tree | 90261e03b2419ef380974444fcb4606f224e5099 /man | |
| parent | 96e9a9a4e6438704518fea394c128477b5249ed4 (diff) | |
| download | systemd-59d6f7b097ab67b8353db96dfcb1907fce7f5bc6.tar.gz | |
man: drop comment about ECC vs. RSA and Yubikey
The comment is pointless, ECC systematically doesn't allow
encryption/decryption directly, only RSA does that. If you want to use
ECC for asymmetric encryption/decryption you have to combine it with key
exchange scheme and symmetric scheme. This all is not a limitation of
the Yubikey, hence don't claim so. It's just how ECC is.
Diffstat (limited to 'man')
| -rw-r--r-- | man/crypttab.xml | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/man/crypttab.xml b/man/crypttab.xml index 04695f626f..93c0ec01e4 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -568,7 +568,6 @@ external /dev/sda3 keyfile:LABEL=keydev keyfile-timeout=10s,cipher=xchac <para>A few notes on the above:</para> <itemizedlist> - <listitem><para>We use RSA (and not ECC), since Yubikeys support PKCS#11 Decrypt() only for RSA keys</para></listitem> <listitem><para>We use RSA2048, which is the longest key size current Yubikeys support</para></listitem> <listitem><para>LUKS key size must be shorter than 2048bit due to RSA padding, hence we use 128 bytes</para></listitem> <listitem><para>We use Yubikey key slot 9d, since that's apparently the keyslot to use for decryption purposes, |