man: drop comment about ECC vs. RSA and Yubikey

The comment is pointless, ECC systematically doesn't allow
encryption/decryption directly, only RSA does that. If you want to use
ECC for asymmetric encryption/decryption you have to combine it with key
exchange scheme and symmetric scheme. This all is not a limitation of
the Yubikey, hence don't claim so. It's just how ECC is.

diff --git a/man/crypttab.xml b/man/crypttab.xml
index 04695f626f41ca354d2cbb8793beb2dcffcc1fdb..93c0ec01e4da58cbe163c988a3394b1978f56978 100644 (file)
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -568,7 +568,6 @@ external   /dev/sda3       keyfile:LABEL=keydev keyfile-timeout=10s,cipher=xchac
 <para>A few notes on the above:</para>
 
 <itemizedlist>
-  <listitem><para>We use RSA (and not ECC), since Yubikeys support PKCS#11 Decrypt() only for RSA keys</para></listitem>
   <listitem><para>We use RSA2048, which is the longest key size current Yubikeys support</para></listitem>
   <listitem><para>LUKS key size must be shorter than 2048bit due to RSA padding, hence we use 128 bytes</para></listitem>
   <listitem><para>We use Yubikey key slot 9d, since that's apparently the keyslot to use for decryption purposes,