mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-23 17:34:00 +03:00
man: drop comment about ECC vs. RSA and Yubikey
The comment is pointless, ECC systematically doesn't allow encryption/decryption directly, only RSA does that. If you want to use ECC for asymmetric encryption/decryption you have to combine it with key exchange scheme and symmetric scheme. This all is not a limitation of the Yubikey, hence don't claim so. It's just how ECC is.
This commit is contained in:
parent
96e9a9a4e6
commit
59d6f7b097
@ -568,7 +568,6 @@ external /dev/sda3 keyfile:LABEL=keydev keyfile-timeout=10s,cipher=xchac
|
||||
<para>A few notes on the above:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>We use RSA (and not ECC), since Yubikeys support PKCS#11 Decrypt() only for RSA keys</para></listitem>
|
||||
<listitem><para>We use RSA2048, which is the longest key size current Yubikeys support</para></listitem>
|
||||
<listitem><para>LUKS key size must be shorter than 2048bit due to RSA padding, hence we use 128 bytes</para></listitem>
|
||||
<listitem><para>We use Yubikey key slot 9d, since that's apparently the keyslot to use for decryption purposes,
|
||||
|
Loading…
Reference in New Issue
Block a user