readme changes

Author: unreality

README.md

@@ -18,7 +18,7 @@ Use your WebAuthN authenticator as your SSH key with `sk-ssh-ed25519@openssh.com
 * Import and use keys stored on smart cards
   * Yubikeys
   * [Virtual Smart Cards](https://learn.microsoft.com/en-us/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview)
-  * ...any other smart card or PIV applet supported the `Microsoft Smart Card Key Storage Provider`
+  * ...any other smart card or PIV applet supported by the `Microsoft Smart Card Key Storage Provider`
 * A nice-ish GUI for managing your hardware-backed keys
 * Supports multiple SSH Agent listeners:
   * OpenSSH for Windows
@@ -34,20 +34,20 @@ Use your WebAuthN authenticator as your SSH key with `sk-ssh-ed25519@openssh.com
 
 * Download and launch the latest release
 * Click **Create Key** and enter a key name and container name.
-  * Key name is a friendly descriptive name for the SSH Key
-  * Container name is the nCrypt key container identifier which will be used - it will be shown in the password prompt when signing is requested.
-* Select your Key Algorithm
-* Enter a password or PIN
+  * **Key Name** is a friendly descriptive name for the SSH Key
+  * **Container Name** is the nCrypt key container identifier which will be used - it will be shown in the password prompt when signing is requested.
+* Select your **Key Algorithm**
+* Enter a **Password or PIN**
   * This can be empty if you wish to be a bit less secure
-* Click save
+* Click **Save**
 * You now have a new SSH key, you can click the **Copy Key** button to copy the `authorized_keys` content to the clipboard and save it to the remote server. Alternatively you can copy the public key's path for use as a command line arg, or opening with another program.
 
 You can use the key by configuring your SSH client to use nCryptAgent as its SSH agent. For OpenSSH for Windows and PuTTY this should work automatically, as long as those listeners are enabled in the **Config** tab. For WSL2 and Cygwin, you will need to set your `SSH_AUTH_SOCK` environment variable. The commands for doing this are available in the **Config** tab.
 
 ## Getting Started with WebAuthN Security Keys
 
 * From the nCryptAgent main window, select the dropdown arrow in the bottom left and click on **Create new WebAuthN key**
-* Enter a friendly name for the key and choose your key algorithm
+* Enter a friendly name for the key and choose a **Key Algorithm**
 * Click **Save** and you will be prompted to enter your pin and touch your security key
 * Your key is now available for use
 
@@ -59,11 +59,11 @@ OpenSSH has a few specific options for `sk-ssh-ed25519@openssh.com` and `sk-ecds
 
 ### Resident Keys
 
-You can create a resident key by selecting the appropriate checkbox when creating the key. Unfortunately the Windows WebAuthN API only supports retrieving credentials in v4 or greater (ie Windows 11 22H2 is required), so support for retrieving credentials is not yet in nCryptAgent.
+You can create a resident key by selecting the appropriate checkbox when creating the key. Unfortunately the Windows WebAuthN API only supports retrieving credentials in v4 or greater (i.e. Windows 11 22H2 is required), so support for retrieving credentials is not yet in nCryptAgent.
 
 ## Getting Started with Smart Cards
 
-If you don't already have a certificate on your smart card, you'll need to create one:
+If you already have a certificate and key on your smart card, you can skip to _Import an existing key_, otherwise you will need to create a certificate and key:
 
 ### Yubikeys
 
@@ -72,23 +72,23 @@ If you don't already have a certificate on your smart card, you'll need to creat
 * Click on **Configure Certificates**
 * Select an empty slot and click **Generate**
 * Click through the wizard to create a self-signed certificate
-* Once you have a certificate saved, follow the Use existing keys section below.
+* Once you have a certificate saved, follow the _Import an existing key_ section below.
 
 ### TPM Smart Cards
 
 * Create a card if you don't have one:
   * Ensure your TPM is enabled in BIOS or UEFI. Different manufacturers name the setting differently.
   * Open a command prompt
   * Run `tpmvscmgr create /name <Friendly_Name> /AdminKey DEFAULT /pin PROMPT /pinpolicy minlen 4 /generate` where `<Friendly_Name>` is a name you choose
-* You can use `certreq` and `certutil` to load a certificate onto the smart card, after which you can `Add existing nCrypt Key` to import your Smart Card credentials into nCryptAgent
+* You can use `certreq` and `certutil` to load a certificate onto the smart card, after which you can **Add existing nCrypt Key** to import your Smart Card credentials into nCryptAgent
 
-### Import an existing key
+## Import an existing key
 
-If you have a key on your smart card (for instance you have existing credentials on your Yubikey), or have previously created a key using PCP, you can import that key by clicking on the dropdown next to **Create Key** and selecting **Add existing nCrypt key**. Select your key from the dropdown after selecting the provider and smart card reader (if required), and enter a name. Click save and your existing key will be ready for use.
+If you have a key on your smart card (for instance you have existing credentials on your Yubikey), or have previously created a key using PCP, you can import that key by clicking on the dropdown next to **Create Key** and selecting **Add existing nCrypt key**. Select your key from the dropdown after selecting the provider and smart card reader (if required), and enter a name. Click **Save** and your existing key will be ready for use.
 
 ## Client Configuration
 
-Once you have a key added to nCryptAgent you can use it by configuring your SSH client to use nCryptAgent as its SSH agent. For OpenSSH for Windows and PuTTY this should work automatically, as long as those listeners are enabled in the `Config` tab. For WSL2 and Cygwin, you will need to set your `SSH_AUTH_SOCK` environment variable. The commands for doing this are available in the `Config` tab.
+Once you have a key added to nCryptAgent you can use it by configuring your SSH client to use nCryptAgent as its SSH agent. For OpenSSH for Windows and PuTTY this should work automatically, as long as those listeners are enabled in the **Config** tab. For WSL2 and Cygwin, you will need to set your `SSH_AUTH_SOCK` environment variable. The commands for doing this are available in the **Config** tab.
 
 * If you are using the Named Pipe listener, ensure the `OpenSSH Authentication Agent` service is stopped in `Services`
 * If you are using the Pageant listener, ensure pageant is not running
@@ -116,7 +116,7 @@ I'll get around to making a proper build script at some point...
 ## FAQ
 
 ### I'd REALLY like to use a non-hardware key
-If you simply MUST have a software backed key you can open the configuration file at `%AppData%\nCryptAgent\config.json` and add a key with `providerName: "Microsoft Software Key Storage Provider"`  and set the `containerName` to an existing key. You can get a list of existing keys by running `certutil -key -user -csp KSP` in a command prompt window.
+If you simply MUST have a software key you can open the configuration file at `%AppData%\nCryptAgent\config.json` and add a key with `providerName: "Microsoft Software Key Storage Provider"`  and set the `containerName` to an existing key. You can get a list of existing keys by running `certutil -key -user -csp KSP` in a command prompt window.
 
 ### The nCrypt `containerName` lists a location on my local filesystem, what gives?
 The `Platform Crypto Provider` does not actually store the complete key in the TPM, instead it stores a file for loading into the TPM when signing operations are required. The files are specific to each TPM so your key is still non-exportable. [@ElMostafaIdrassi](https://github.com/ElMostafaIdrassi/pcpcrypto#general-trivia-about-pcp-tpm-keys) has written a nice explanation of it if you'd like more detail.