From 0e918434a2f2f82916b8398e176d753eeef0857c Mon Sep 17 00:00:00 2001
From: Pol Henarejos <55573252+polhenarejos@users.noreply.github.com>
Date: Tue, 15 Nov 2022 17:38:33 +0100
Subject: [PATCH] Update README.md

---
 README.md | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f7e59e7..356ce72 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ RSA key generation in place for 1024, 2048, 3072 and 4096 bits. Private keys nev
 ECDSA key generation in place for different curves, from 192 to 521 bits.
 
 ### > ECC curves
-It supports secp192r1, secp256r1, secp384r1, secp521r1, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp192k1 (insecure), secp256k1 curves.
+It supports secp192r1, secp256r1, secp384r1, secp521r1, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp192k1 (insecure), secp256k1 curves. Also Curve25519 and Curve448.
 
 ### > SHA1, SHA224, SHA256, SHA384, SHA512 digests
 ECDSA and RSA signature can be combined with SHA digest in place.
@@ -111,6 +111,21 @@ Public Key Authentication (PKA) allows to authenticate by using a secondary devi
 
 In PKA, the PIN is used for protecting the DKEK, as classic method with only PIN, and PKA is used for adding an extra security layer. Therefore, this mechanism provides a higher degree of security, since it needs a secondary Pico HSM to authenticate the primary one.
 
+### > Secure Lock
+An extra layer can be added to the device by adding a private key stored on the computer to lock that Pico HSM to the specific computer. The content will be completely encrypted with a private key only available from a specific computer.
+
+### > ChaCha20-Poly1305
+This is a novel fast and efficient symmetric encryption algorithm. Similarly to AES, it can be used to cipher your private data.
+
+### > X25519 and X448
+Both cruves Curve25519 and Curve448 are supported for doing DH X25519 and X448. Remember that cannot be used for signing.
+
+### > Key Derivation Functions: HKDF, PBKDF2 and X963-KDF
+It supports symmetric key derivations from different standards and RFC.
+
+### > HMAC
+It supports performing HMAC from a secret key on a arbitrary data with SHA digest algorithm.
+
 [^1]: PKCS11 modules (`pkcs11-tool` and `sc-tool`) do not support CMAC and key derivation. It must be processed through raw APDU command (`opensc-tool -s`).
 [^2]: Available via SCS3 tool. See [SCS3](/doc/scs3.md "SCS3") for more information.
 [^3]: Imports are available only if the Pico HSM is previously initialized with a DKEK and the DKEK shares are available during the import process.