feat: add and improve documents

1 files changed, 135 insertions, 64 deletions

diff --git a/src/content/docs/extra/algorithms-comparison.md b/src/content/docs/extra/algorithms-comparison.md
index 9c8a478..9a52ccb 100644
--- a/src/content/docs/extra/algorithms-comparison.md
+++ b/src/content/docs/extra/algorithms-comparison.md
@@ -6,7 +6,8 @@ sidebar:
 
 When choosing cryptographic algorithms for key management and data security,
 it's important to understand the differences and use cases for RSA, DSA, ECDSA,
-and ECDH. Here’s a detailed comparison to help you make an informed decision:
+EdDSA, and ECDH. Here’s a detailed comparison to help you make an informed
+decision.
 
 ## RSA (Rivest-Shamir-Adleman)
 
@@ -23,20 +24,6 @@ and ECDH. Here’s a detailed comparison to help you make an informed decision:
 - **Security**: Provides strong security, but larger key sizes are required as
   computational power increases.
 
-## DSA (Digital Signature Algorithm)
-
-- **Key Characteristics**: DSA, introduced by NIST in 1991, is primarily used
-  for digital signatures and is not suitable for encryption.
-- **Key Sizes**: Typically uses 1024 to 3072-bit keys, with a recommended
-  minimum of 2048 bits for new deployments.
-- **Use Cases**: Mainly used for digital signatures in various security
-  protocols. It is less common than RSA and ECDSA.
-- **Performance**: Faster at generating keys compared to RSA but slower in
-  verification. Requires a secure random number for each signature, which if
-  compromised, can lead to vulnerabilities.
-- **Security**: Suitable for digital signatures, but less versatile and not as
-  widely supported as RSA and ECDSA.
-
 ## ElGamal Encryption (ELG-E)
 
 - **Key Characteristics**: ElGamal encryption (ELG-E) is an asymmetric key
@@ -84,52 +71,136 @@ used in two main algorithms: ECDH and ECDSA.
 
 ### Common ECC Algorithms and Their Use Cases
 
-- **NIST Curves (P-256, P-384, P-521)**: These curves, standardized by the
-  National Institute of Standards and Technology (NIST), are widely used in
-  secure communication protocols. For example, **ECDH NIST P-256** provides
-  approximately 128-bit security, making it suitable for most encryption needs,
-  while **ECDSA NIST P-256** is often used for digital signatures. As the key
-  size increases (e.g., P-384, P-521), so does the security level, with P-521
-  offering approximately 256-bit security, ideal for applications requiring the
-  highest level of protection.
-
-- **ED25519 and ED448**: **ED25519** is favored for its speed and security,
-  providing 128-bit security and commonly used in modern applications like
-  secure messaging (e.g., Signal) and blockchain technologies. **ECDSA ED25519**
-  is excellent for generating fast and secure digital signatures. **ED448**, on
-  the other hand, offers higher security (224-bit) and is suitable for
-  environments that require even stronger protection, although at a slight
-  performance cost.
-
-- **BrainPool Curves (P-256, P-384, P-512)**: These curves are alternatives to
-  the NIST standards, offering similar security levels but with different
-  parameters. **ECDH BrainPool P-256** and **ECDSA BrainPool P-256** are used
-  when there is a preference for non-NIST curves, especially in regions or
-  industries where alternative cryptographic standards are required. The
-  BrainPool curves maintain the balance between security and performance across
-  different key sizes.
-
-- **CV25519 and X448**: **ECDH CV25519** is a counterpart to ED25519 but is used
-  specifically for key exchange. It provides approximately 128-bit security and
-  is widely used for its efficiency in secure communications. **ECDH X448** is
-  the higher-security variant (224-bit security) and is appropriate for
-  scenarios demanding more robust encryption, albeit with higher computational
-  costs.
-
-## Algorithm Flexibility in Primary Keys and Subkeys
-
-Primary keys are typically limited to RSA, DSA, and ECDSA due to their critical
-role in establishing trust and signing other keys. These algorithms are
-well-established and extensively audited, providing robust security for identity
-verification.
-
-Subkeys, however, are often used for specific operational tasks such as
-encryption and authentication. This allows them to utilize a broader range of
-algorithms like ECDH, which is optimized for key exchange. The flexibility in
-choosing algorithms for subkeys enhances their efficiency and allows
-cryptographic operations to be tailored to specific use cases, providing both
-performance and security benefits.
-
-By understanding the strengths and appropriate use cases for each algorithm, you
-can choose the best cryptographic solution for your needs, ensuring both
-security and efficiency in your operations.
+Elliptic Curve Cryptography (ECC) offers a range of algorithms and curves
+tailored to different cryptographic needs. Below is an overview of commonly used
+ECC algorithms and their specific applications.
+
+- **NIST Curves (P-256, P-384, P-521)**: Standardized by the National Institute
+  of Standards and Technology (NIST), these curves are widely utilized in secure
+  communication protocols. For example:
+
+  - **ECDH NIST P-256**: Provides approximately 128-bit security, making it
+    suitable for most encryption scenarios.
+  - **ECDSA NIST P-256**: Commonly employed for digital signatures, offering
+    robust security for authentication purposes.
+  - **Higher Key Sizes**: P-384 and P-521 increase security levels
+    proportionally, with P-521 offering around 256-bit security, making it ideal
+    for high-security environments.
+
+- **BrainPool Curves (P-256, P-384, P-512)**: BrainPool curves serve as
+  alternatives to NIST standards, providing similar security levels but with
+  independently developed parameters.
+
+  - **Use Cases**: Often used in regions or industries that prefer non-NIST
+    curves for compliance or operational reasons.
+  - **Examples**: **ECDH BrainPool P-256** and **ECDSA BrainPool P-256** offer a
+    balance between security and performance, catering to scenarios where NIST
+    standards are not desired.
+
+- **CV25519 and X448**: These curves are optimized for performance and are
+  widely used in modern cryptographic applications.
+
+  - **ECDH CV25519**: A counterpart to ED25519, this curve is designed for key
+    exchange and offers approximately 128-bit security. It is highly efficient
+    in secure communications.
+  - **ECDH X448**: A higher-security variant providing 224-bit security,
+    suitable for applications requiring more robust encryption. However, it
+    comes with a slight trade-off in computational efficiency.
+
+- **SECP256K1**: Defined by the Standards for Efficient Cryptography Group
+  (SECG), SECP256K1 is distinct from NIST curves and has gained significant
+  traction due to its adoption in blockchain technologies.
+  - **Key Use Case**: Widely used for cryptographic operations in Bitcoin and
+    other blockchain systems, where efficient signature verification is crucial.
+  - **Performance**: Optimized for computational efficiency, making it an
+    excellent choice for environments requiring rapid cryptographic operations.
+
+## EdDSA (Edwards-Curve Digital Signature Algorithm)
+
+### **Overview**
+
+EdDSA is a modern digital signature algorithm based on elliptic curve
+cryptography. It is specifically designed to be more efficient, secure, and
+resistant to common implementation errors compared to older algorithms like DSA
+or ECDSA.
+
+### **Key Characteristics**
+
+- **Deterministic Signature Generation**: Unlike ECDSA and DSA, which require
+  secure random numbers for each signature, EdDSA uses deterministic methods,
+  reducing the risk of vulnerabilities caused by poor randomness.
+- **Elliptic Curves Used**: EdDSA supports two primary curves:
+  - **Ed25519**: Provides 128-bit security and is optimized for speed and
+    compact key sizes.
+  - **Ed448**: Provides higher 224-bit security for environments requiring
+    greater protection but at the cost of performance.
+
+### **Use Cases**
+
+- **Ed25519**: Ideal for secure messaging (e.g., Signal), blockchain, and other
+  modern cryptographic protocols where performance and efficiency are critical.
+- **Ed448**: Used in environments requiring stronger security, such as highly
+  sensitive communications or systems with long-term security needs.
+
+### **Performance**
+
+EdDSA is faster than RSA and ECDSA for both signing and verification. Its
+compact key sizes make it ideal for resource-constrained devices or systems.
+
+### **Compatibility**
+
+While Ed25519 has gained significant adoption in modern cryptographic libraries,
+it is not yet universally supported in older systems or clients. Ed448 has even
+more limited support.
+
+## Why ECDH Cannot Be Used as a Primary Key Algorithm
+
+### Key Difference Between ECDH and ECDSA/EdDSA
+
+- **ECDH (Elliptic Curve Diffie-Hellman)** is a key exchange algorithm used to
+  establish shared secrets between two parties. It is not designed for signing
+  or verification, which are essential for primary key functionalities.
+- **ECDSA (Elliptic Curve Digital Signature Algorithm)** and **EdDSA** are
+  signature algorithms, specifically designed for identity verification and
+  creating/verifying digital signatures, making them suitable for primary keys.
+
+### Primary Key Requirements
+
+Primary keys are used to:
+
+1. **Sign Other Keys**: Establish trust relationships by signing subordinate
+   keys.
+2. **Verify Identities**: Sign and verify data, proving ownership of the key.
+
+Since ECDH does not provide signature functionality, it cannot be used for these
+purposes. Instead, it is commonly used for subkeys dedicated to encryption or
+key exchange tasks.
+
+## Recommended Algorithms for Compatibility and Security
+
+### **1. RSA (2048-bit or 3072-bit)**
+
+- **Why**: RSA offers the broadest compatibility across legacy systems,
+  libraries, and cryptographic protocols.
+- **When to Use**: Choose RSA when you need to ensure interoperability with
+  older clients or systems that may not support newer elliptic curve algorithms.
+
+### **2. Curve25519**
+
+- **Why**: Curve25519 is highly efficient, secure, and compact, making it a great
+  choice for modern cryptographic applications.
+- **When to Use**: Use Curve25519 in environments where compatibility with
+  modern systems is sufficient, and you want to benefit from its speed and
+  smaller key sizes.
+
+### Combining RSA and Curve25519
+
+For the best balance between compatibility and performance, consider using RSA
+for the **primary key** (for identity verification and signing other keys) and
+Curve25519 for **subkeys** (used for signing, encryption, or authentication).
+This approach ensures:
+
+- **Maximum Compatibility**: RSA as the primary key ensures interoperability
+  with older systems.
+- **Modern Efficiency**: Curve25519 as subkeys provides better performance for
+  modern operations.