From deff896a26e80c1f32eae6ba6148b2fb01226449 Mon Sep 17 00:00:00 2001 From: Norman Ashley Date: Wed, 24 Jan 2024 14:30:46 -0500 Subject: [PATCH] Update CONFIGURE.md Co-authored-by: Spencer Wilson --- CONFIGURE.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/CONFIGURE.md b/CONFIGURE.md index 9e77b3469b..f65d4492e7 100644 --- a/CONFIGURE.md +++ b/CONFIGURE.md @@ -114,15 +114,15 @@ When `OQS_USE_OPENSSL` is `ON`, CMake also scans the filesystem to find the mini ## Stateful Hash Based Signatures -XMSS and LMS are the two supported Hash-Based Signatures schemes -OQS_ENABLE_SIG_STFL_XMSS and OQS_ENABLE_SIG_STFL_LMS contorl these algorithms which are disabled by default. -A thrid variable, OQS_ENABLE_SIG_STFL_KEY_SIG_GEN also controls the ability to generate keys and signatures. This is also disabled by efault. +XMSS and LMS are the two supported Hash-Based Signatures schemes. +`OQS_ENABLE_SIG_STFL_XMSS` and `OQS_ENABLE_SIG_STFL_LMS` control these algorithms, which are disabled by default. +A thrid variable, `OQS_ENABLE_SIG_STFL_KEY_SIG_GEN`, also controls the ability to generate keys and signatures. This is also disabled by default. Each of these variables can be set to `ON` or `OFF`. -When all three are `ON`, stateful signatures is fully functional and can generate key-pairs, sign data, and verify signatures. -If OQS_ENABLE_SIG_STFL_KEY_SIG_GEN is `OFF` signature verification is the only functioanl operation. +When all three are `ON`, stateful signatures are fully functional and can generate key pairs, sign data, and verify signatures. +If `OQS_ENABLE_SIG_STFL_KEY_SIG_GEN` is `OFF` signature verification is the only functional operation. -Standards bodies, such as NIST, recommend that key and signature generation only by done in hardware in-order to best enforce the one-time use of secret keys. -Keys stored in a file system is extreamly susceptible to simultaneous use. +Standards bodies, such as NIST, recommend that key and signature generation only by done in hardware in order to best enforce the one-time use of secret keys. +Keys stored in a file system are extremely susceptible to simultaneous use. When enabled in this library a warning message will be generated by the config process. By default,