From 61625c4c5e77dd68c7a0ecc83060585f3dfef869 Mon Sep 17 00:00:00 2001 From: Pol Henarejos <55573252+polhenarejos@users.noreply.github.com> Date: Mon, 6 Jun 2022 11:53:39 +0200 Subject: [PATCH] Update README.md Fix typos. --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 0fbed3f..37c2c87 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Private and secret keys are stored with a master AES 256 key (DKEK). The DKEK is ### RSA key generation from 1024 to 4096 bits RSA key generation in place for 1024, 2048, 3072 and 4096 bits. Private keys never leave the device. -### ECDSA key generation from 192 to 521 bits +### ECDSA key generation from 192 to 521 bits ECDSA key generation in place for different curves, from 192 to 521 bits. ### ECC curves @@ -69,13 +69,13 @@ It supports extended APDU packets, which allows up to 65535 bytes. ### CVC certificates Pico HSM manipulates CVC certificates and requests to minimize the storage of internal certificates. -### Attestation +### Attestation Every generated key is attached to a certificate, signed by an external PKI to ensure that a particular key is effectively generated by this specific device. ### Import external private keys and certificates It allows private key and certificates import via WKY or PKCS#12 files.[^2][^3] -### Tranport PIN +### Tranport PIN It allows transport PIN for provisioning and forcing to set a new PIN.[^2] It is a tampered mechanism that ensures the device has not been unsealed during the transportation from the issuer to the legitimate user. ### Press-to-confirm button @@ -95,13 +95,13 @@ Pico HSM supports secure channel, where the data packets between the host and de A specific session PIN can be set during the session opening to avoid the systemmatic use of PIN. ### PKI CVCert remote issuing for Secure Message -Secure channel are secured via a certificate issued by a external PKI. +Secure channel messages are secured with a certificate issued by an external PKI. ### Multiple key domains Key domains are domains to store separate private/secret keys. Each domain is protected by a DKEK, independent from the other domains. Private/secret keys can be generated in different key domains to be used with separated DKEK. Therefore, a single device may contain different domains with independent keys. -### Key usage counter +### Key usage counter A key usage counter is a counter that is reduced by 1 everytime that the private/secret key is used for signing, decrypting, derivation, etc. When it reaches 0, the key is disabled and cannot be used anymore. Key usage can also be used to perform and auditory and track the usage of a particular key.