@@ -65,15 +65,17 @@ updates.
6565The repository tool supports multiple public-key algorithms, such as
6666[ RSA] ( https://en.wikipedia.org/wiki/RSA_%28cryptosystem%29 ) and
6767[ Ed25519] ( https://ed25519.cr.yp.to/ ) , and multiple cryptography libraries.
68- Which cryptography library to use is determined by the default, or user modified,
69- settings in [ settings.py] ( ../tuf/settings.py ) .
7068
7169Using [ RSA-PSS] ( https://tools.ietf.org/html/rfc8017#section-8.1 ) or
7270[ ECDSA] ( https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm )
7371signatures requires the [ cryptography] ( https://cryptography.io/ ) library. If
7472generation of Ed25519 signatures is needed
75- [ PyNaCl] ( https://github.com/pyca/pynacl ) library should be installed.
76- Ed25519 and ECDSA keys are stored in JSON format and RSA keys are stored in PEM
73+ [ PyNaCl] ( https://github.com/pyca/pynacl ) library should be installed. This
74+ tutorial assumes both dependencies are installed: refer to
75+ [ Installation Instructions] ( INSTALLATION.rst#install-with-more-cryptographic-flexibility )
76+ for details.
77+
78+ The Ed25519 and ECDSA keys are stored in JSON format and RSA keys are stored in PEM
7779format. Private keys are encrypted and passphrase-protected (strengthened with
7880PBKDF2-HMAC-SHA256.) Generating, importing, and loading cryptographic key
7981files can be done with functions available in the repository tool.
@@ -82,7 +84,6 @@ To start, a public and private RSA key pair is generated with the
8284` generate_and_write_rsa_keypair() ` function. The keys generated next are
8385needed to sign the repository metadata files created in upcoming sub-sections.
8486
85-
8687Note: In the instructions below, lines that start with ` >>> ` denote commands
8788that should be entered by the reader, ` # ` begins the start of a comment, and
8889text without prepended symbols is the output of a command.
0 commit comments