fix: specify smart cards must have openpgp ed25519 support

2024-08-04 14:31:08 -04:00 · 2024-08-04 14:31:08 -04:00 · 25516fcd7f
parent 18cbd8ff69
commit 25516fcd7f
2 changed files with 14 additions and 3 deletions
--- a/quorum-key-management/src/hardware.md
+++ b/quorum-key-management/src/hardware.md
@ -46,12 +46,23 @@ is the following:

 Smart Cards are primarily used for storing OpenPGP cryptographic keys which are
 used as a building block for security controls. These smart cards hold OpenPGP
-keys which are derived in secure environments. FIPS 140-2 is required but the
-end user may choose their manufacturer.
+keys which are derived in secure environments.
+
+There are two primary requirements for smart cards:
+
+* FIPS 140-2
+
+* Support for Ed25519 OpenPGP
+
+* Touch for enacting operations
+
+Some options include:

 * NitroKey 3 - because of its open source approach which helps improve the
 overall security of the products
+
 * YubiKey 5 - because of the widespread use and battle-tested reliability
+
 * Librem Key - because of the manufacturer's approach to hardware supply chain
 security and verifiable software

--- a/quorum-key-management/src/locations.md
+++ b/quorum-key-management/src/locations.md
@ -50,7 +50,7 @@ standard NATO SDIP-27 Level A

 * SHOULD be organizations which are ideally immune to being legally subpoenaed

-* SHOULD not be susceptible to being subpoenaed
+* SHOULD NOT be susceptible to being subpoenaed

 ## Storage Location