Proofreading

Y0Coss · Y0Coss · commit 5446d90da2fb · 2023-03-10T14:50:49.000+01:00
diff --git a/pages/platform/logs-data-platform/cold_storage_encryption/guide.en-asia.md b/pages/platform/logs-data-platform/cold_storage_encryption/guide.en-asia.md
@@ -4,32 +4,32 @@ slug: cold-storage-encryption
 order: 5
 excerpt: Secure your Cold Stored logs by encrypting them with your PGP public key
 section: Features
-updated: 2023-03-07
+updated: 2023-03-10
 ---
 
-**Last updated 7th March, 2023**
+**Last updated 10th March, 2023**
 
 ## Objective
 
-With the [Cold Storage feature](../cold-storage){.ref} you can generate daily archives for your log streams.
+With the [Cold Storage feature](../cold-storage) you can generate daily archives for your log streams.
 
-On top of that you can secure these archives by encrypting them with one or more of your PGP public keys. Only the owner of the private keys will be able to decrypt and see the archives content.
+On top of that, you can secure these archives by encrypting them with one or more of your PGP public keys. Only the owner of the private keys will be able to decrypt and see the archives content.
 
 ## Requirements
 
-This is what you need to get you started:
+This is what you need to get started:
 
-- A stream with cold storage enabled. You can follow this [Cold Storage tutorial](../cold-storage){.ref} to set it up
-- An existing PGP keypair, or a machine with the `gpg` binary to generate a new PGP keypair
+- A stream with cold storage enabled. You can follow this [Cold Storage tutorial](../cold-storage) to set it up.
+- An existing PGP keypair, or a machine with the `gpg` binary to generate a new PGP keypair.
 
 ## Instructions
 
 ### Get a PGP public key
 
-First of all, you need a PGP keypair. You can use an existing keypair or create a new one. Both cases are documented bellow.
+First of all, you need a PGP keypair. You can use an existing keypair or create a new one. Both cases are documented below.
 The only restrictions we impose regarding this keypair are:
 
-- use RSA 4096 or ECC with Curve 25519 as public key algorithms
+- using RSA 4096 or ECC with Curve 25519 as public key algorithms
 - the key must not have any expiration date
 
 > [!warning]
@@ -48,7 +48,7 @@ $ gpg --list-secret-keys
 -----------------------
 sec   ed25519 2023-03-07 [SC]
       448940C5335D1D278788F4AF67336C97696A1BE0
-uid           [ultimate] John Doe <john@doe.org>
+uid           [ultimate] John Doe <john@smith.org>
 ssb   cv25519 2023-03-07 [E]
 
 sec   rsa3072 2023-03-07 [SC] [expires: 2025-03-06]
@@ -59,15 +59,15 @@ ssb   rsa3072 2023-03-07 [E] [expires: 2025-03-06]
 
 We have two keypairs here:
 
-- One for `John Doe <john@doe.org>`, which fingerprint is `448940C5335D1D278788F4AF67336C97696A1BE0`, which is an EdDSA/ECDH key (`ed25519`/`cv25519`), and which don't have any expiration date
+- One for `John Smith <john@smith.org>`, which fingerprint is `448940C5335D1D278788F4AF67336C97696A1BE0`, which is an EdDSA/ECDH key (`ed25519`/`cv25519`), and which doesn't have any expiration date
     - **This key is usable for Cold Storage Encryption**
 - One for `Robert Dupont <robert@dupont.org>`, which fingerprint is `A742F6D3566178F008066E252BE29904DDDA4BA1`, which is an RSA 3072 key, and which expires on `2025-03-06`
     - **This key is NOT usable for Cold Storage Encryption**, as it uses RSA < 4096 and has an expiration date
 
-Once you identified a key which match our restrictions, you can export the **public** key in an ASCII armored format with the following command, using its fingerprint:
+Once you identified a key which matches our restrictions, you can export the **public** key in an ASCII armored format with the following command, using its fingerprint:
 
 ```shell-session
-# Replace the fingerprint bellow with the one of your key
+# Replace the fingerprint below with the one of your key
 $ gpg --armor --export 448940C5335D1D278788F4AF67336C97696A1BE0
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
@@ -84,7 +84,7 @@ JX2+PZIPN0uhQdsvvF52tQFhags=
 -----END PGP PUBLIC KEY BLOCK-----
 ```
 
-If none of your existing keypairs are compatible, simply generate a new one as explained bellow.
+If none of your existing keypairs are compatible, simply generate a new one as explained below.
 
 #### Generate a new PGP public key
 
@@ -129,13 +129,13 @@ Please select which elliptic curve you want:
 Your selection? 1
 
 Please specify how long the key should be valid.
-         0 = key does not expire
+         0 = key smiths not expire
       <n>  = key expires in n days
       <n>w = key expires in n weeks
       <n>m = key expires in n months
       <n>y = key expires in n years
 Key is valid for? (0) 0
-Key does not expire at all
+Key smiths not expire at all
 
 Is this correct? (y/N) y
 
@@ -168,16 +168,14 @@ sub   cv25519 2023-03-07 [E]
 
 > [!primary]
 >
-> When you are prompted to choose a passphrase, 
-> it's up to you to pick one or to leave it empty for no passphrase.
-> If you choose to use a passphrase, be sure to store it in some password manager, 
-> it will be needed to decrypt your archives.
+> When you are prompted to choose a passphrase, it's up to you to pick one or to leave it empty for no passphrase.
+> If you choose to use a passphrase, be sure to store it in a password manager, it will be needed to decrypt your archives.
 >
 
 Congratulations, your key is now generated. You can now export the **public** key in an ASCII armored format with the following command:
 
 ```shell-session
-# Replace the fingerprint bellow with the one outputed at the end of your key generation
+# Replace the fingerprint below with the one from the output at the end of your key generation
 $ gpg --armor --export E9136DAF94BD3D708C855124A7109E653C115379
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
@@ -196,57 +194,56 @@ aMinMlgU3tTxxr1HuldFrFXKcNxfsgdsWNtCBA==
 
 ### Register your PGP public key in your Logs Data Platform account
 
-In the home page of your Logs Data Platform service, in the bottom left you will find a `Configuration` panel. In this panel, in the `PGP encryption keys` line, click on **"..."** and then `Edit`{.action}:
+In the home page of your Logs Data Platform service, in the bottom left you will find a `Configuration` panel. In this panel, in the `PGP encryption keys` line, click the `...`{.action} button and then `Edit`{.action}:
 
 ![Home page](images/home.png){.thumbnail}
 
 You will land on the `PGP encryption keys` page, where you can manage your keys.
 It is from this page that you can add, delete, or view the details of your PGP encryption keys. You can also view there how many archives have been encrypted with a given key.
 
-You will possibly view some keys named `LDP Recovery key <cluster name>`, that you did not add yourself. We will talk about these LDP Recovery keys later.
+You will possibly view some keys named `LDP Recovery key <cluster name>`, that you did not add yourself. We will mention these LDP Recovery keys later in this documentation.
 
 ![PGP keys home page](images/pgp_home.png){.thumbnail}
 
-To register your PGP public key to your Logs Data Platform account, click on the `Add a PGP encryption key`{.action} button.
-You will land on a form where you have three fields to fill:
+To register your PGP public key into your Logs Data Platform account, click on the `Add a PGP encryption key`{.action} button.
+You will land on a form in which you have three fields to fill in:
 
-- **Name**: it is the display name of this PGP public key inside OVHcloud systems. It can be the same as your PGP key UID (usualy `First name Last name <email>`), but it can also be something totaly different. As it's only a display name, put whatever is relevant for you
-- **Fingerprint**: your PGP key fingerprint, in its 40 characters hexadecimal version. In the example above where we generated a new key, it is `E9136DAF94BD3D708C855124A7109E653C115379`
-- **Content**: the ASCII armored content of your PGP **public** key. Copy paste here the full block beginning with `-----BEGIN PGP PUBLIC KEY BLOCK-----` and ending by `-----END PGP PUBLIC KEY BLOCK-----`
+- **Name**: it is the display name of this PGP public key inside OVHcloud systems. It can be the same as your PGP key UID (usually `First name Last name <email>`), but it can also be something totally different. As it's only a display name, enter whatever is relevant for you.
+- **Fingerprint**: your PGP key fingerprint, in its 40 characters hexadecimal version. In the example above in which we generated a new key, it is `E9136DAF94BD3D708C855124A7109E653C115379`.
+- **Content**: the ASCII armored content of your PGP **public** key. Copy paste here the full block beginning with `-----BEGIN PGP PUBLIC KEY BLOCK-----` and ending by `-----END PGP PUBLIC KEY BLOCK-----`.
 
-Even if the fingerprint can be deducted from the PGP public key content, we want you to specify both so we are 100% sure you are adding the correct key.
+Even if the fingerprint can be deducted from the PGP public key content, we want you to specify both so that we are 100% sure you are adding the correct key.
 
 ![Add a new PGP key](images/add_key.png){.thumbnail}
 
-Then click on `Save`{.action}.
+Then click `Save`{.action}.
 
-If anything is wrong with your public key (unsuported algorithm, mismatch between fingerprint & key content, etc.) a precise error will be printed.
+If anything is wrong with your public key (unsupported algorithm, mismatch between fingerprint & key content, etc.) an explicit error message will be printed.
 
 ### Update your stream Cold Storage configuration to use encryption
 
 Now that you added your PGP public key to your Logs Data Platform account, you can use it in your streams cold storage configurations.
 
-For this, go to the `Data Stream` tab, pick the stream for which you want cold storage encryption, click on **"..."** and then `Edit`{.action}.
+For this, go to the `Data Stream` tab, pick the stream for which you want cold storage encryption, click the `...`{.action} button and then click`Edit`{.action}.
 
-- Ensure the `Enable long-term storage` option is checked. You can refer to the [Cold Storage feature](../cold-storage){.ref} documentation to know about each of its fields.
+- Ensure the `Enable long-term storage` option is checked. You can refer to the [Cold Storage feature](../cold-storage) documentation to know about each of its fields.
 - Check the `Encrypt archives with my PGP encryption keys` option
 - Select each PGP encryption key you want your archive to be encrypted with
 - Click on `Save`{.action}
 
 ![Update stream configuration](images/update_stream.png){.thumbnail}
 
-That's it: now each archive produced by this stream will be encrypted with the selected keys (don't forget that archives are produced 2 days after logs are sends).
+That's it: now each archive produced by this stream will be encrypted with the selected keys (don't forget that archives are produced 2 days after logs are sent).
 
 > [!primary]
 >
-> For a given stream, you can select up to five of your encryption keys
-> (the LDP Recovery Keys are not included in this five keys).
-> A given encryption key can be used in several coldstorage configurations.
+> For a given stream, you can select up to five of your encryption keys (the LDP Recovery Keys are not included in this five keys).
+> A given encryption key can be used in several cold storage configurations.
 >
 
 ### Know which key was used to encrypt which archive
 
-In the `Data Stream` tab, you can see how many archives exist for each stream. On a stream where you have some archives, click on **"..."** and then `Archives`{.action}
+In the `Data Stream` tab, you can see how many archives exist for each stream. On a stream on which you have some archives, click the`...`{.action} button and then click `Archives`{.action}.
 
 ![List archives](images/archives.png){.thumbnail}
 
@@ -258,15 +255,15 @@ In this archives list, you can see a `PGP encryption keys` column.
 #### Download and decrypt your archives
 
 Once your encrypted archives are available, you can retrieve them [following this tutorial](../cold-storage/#retrieving-the-archives).
-To decrypt a given archive, you can use `gpg` on a machine where your private key is present:
+To decrypt a given archive, you can use `gpg` on a machine on which your private key is present:
 
 ```shell-session
 $ ls
 2022-11-15.zst.pgp
 
 $ gpg --output 2022-11-15.zst --decrypt 2022-11-15.zst.pgp 
 gpg: encrypted with 4096-bit RSA key, ID 97B70793B8270D80, created 2022-05-10
-      "John Doe <john.doe@corp.acme.org>"
+      "John Doe <john.smith@corp.acme.org>"
 
 $ ls
 2022-11-15.zst  2022-11-15.zst.pgp
@@ -275,21 +272,22 @@ $ ls
 ### The LDP Recovery Key
 
 Now your stream's archives are encrypted with your PGP public keys, and only the owner of the related private keys can decrypt the archives.
+
 But what if you lose access to your private keys or to your passphrase ? In such a case, you won't be able to decrypt your archives anymore, and won't be able to see the archives content.
 
-To avoid such a situation, we provide the `LDP Recovery Keys`. These are also PGP public keys you can use in your coldstorage configuration, but which private keys are owned by OVHcloud. Thus if you choosed to use `LDP Recovery Keys` in addition to your own keys, and you lose access to your private keys, OVHcloud teams will still be able to decrypt your archives; re-encrypt it with your new keys; and send you these re-encrypted archives.
+To avoid such a situation, we provide the `LDP Recovery Keys`. These are also PGP public keys you can use in your cold storage configuration, but which private keys are owned by OVHcloud. Thus if you chose to use `LDP Recovery Keys` in addition to your own keys, and you lose access to your private keys, OVHcloud teams will still be able to decrypt your archives, re-encrypt it with your new keys and send you these re-encrypted archives.
 
-Note that this feature is opt-in: you have to explicitly select the `LDP Recovery Key` in your stream's coldstorage configuration to benefit from this feature.
+Note that this feature is opt-in: you have to explicitly select the `LDP Recovery Key` in your stream's cold storage configuration to benefit from this feature.
 
 #### Ask OVHcloud to recover your encrypted archive
 
-If the situation described above happens (you lost your private key, but your archive is also encrypted with the `LDP Recovery Key`), you will have to [contact OVHcloud support](https://www.ovhcloud.com/en/contact/). Open a ticket and describe precisely the name of your Logs Data Platform service, the name of the stream and the name of the archive. You will also have to provide a new PGP encryption key (a one you already added to your Logs Data Platform account).
+If the situation described above happens (you lost your private key, but your archive is also encrypted with the `LDP Recovery Key`), you will have to [contact OVHcloud support](https://www.ovhcloud.com/en/contact/). Open a ticket and describe precisely the name of your Logs Data Platform service, the name of the stream and the name of the archive. You will also have to provide a new PGP encryption key (a key you already added to your Logs Data Platform account).
 
 The Logs Data Platform team will then take care of your request.
 
 ## Go further
 
-- Getting Started: [Quick Start](../quick-start){.ref}
-- Documentation: [Guides](../){.ref}
+- Getting Started: [Quick Start](../quick-start)
+- Documentation: [Guides](../)
 - Community hub: [https://community.ovh.com](https://community.ovh.com/en/c/Platform/data-platforms){.external}
 - Create an account: [Try it!](https://www.ovh.com/en/order/express/#/express/review?products=~(~(planCode~'logs-account~productId~'logs)){.external}
