SPDX-FileCopyrightText: 2023 The "Notes on OpenPGP" project
SPDX-License-Identifier: CC-BY-SA-4.0
-->
# Glossary
```{glossary}
:sorted:
AEAD
See {term}`Authenticated Encryption With Associated Data`.
AEAD Algorithm
See {term}`Authenticated Encryption With Associated Data`.
Algorithm Preferences
The preferences for {term}`hash algorithms<HashFunction>`, {term}`compression algorithms<DataCompression>`, {term}`symmetric algorithms<SymmetricCryptography>` and {term}`AEAD algorithms<AuthenticatedEncryptionWithAssociatedData>` are set using {term}`direct key signatures<DirectKeySignature>` or {term}`primary User ID` {term}`binding signatures<BindingSignature>`.
Asymmetric cryptography (also known as public-key cryptography) is used in OpenPGP to send messages without using a prior shared secret. For a more detailed discussion see [](public-key-cryptography).
Short AEAD, refers to an encryption scheme that ensures confidentiality of a message. Additionally, additional data, which is not confidential, may be associated with the message, ensuring integrity of both the confidential part of the message, as well as the additional data.
A {term}`Key Flag` which indicates that a {term}`Component Key` can be used to prove control over {term}`private key material` with a challenge-response mechanism. This is typically done to log into a remote system, often using the OpenSSH protocol.
Note that the term "authentication" is used in a different context here than {term}`Authentication` of {term}`identity claims<identityclaim>` that are associated with a {term}`certificate`. See [](key-flags).
A {term}`self-signature` on a {term}`component` which associates that {term}`component` to the issuing {term}`component key` in a {term}`certificate<OpenPGPCertificate>`.
A person or other entity, that holds an {term}`Transferable Secret Key` and thus is able to modify the accompanying {term}`OpenPGP Certificate`. Typically this is the owner of {term}`OpenPGP key`.
A certification, in OpenPGP, is a signature that makes a statement about an {term}`identity` in a {term}`certificate<OpenPGPCertificate>`, or an entire {term}`certificate<OpenPGPCertificate>`.
Most commonly, the term is applied to "[third-party certifications](third-party-certifications)," in which an external actor indicates that they have {term}`validated<Validation>` the link between an {term}`identity` and a {term}`certificate<OpenPGPCertificate>`. However, the term is also used for [self-signatures that bind identity components](bind-identity) to a {term}`certificate<OpenPGPCertificate>`.
Certification Authority
Also known as [Certificate authority](https://en.wikipedia.org/wiki/Certificate_authority), this is an entity that handles digital certificates, especially by signing or issuing them.
Certification Key Flag
A {term}`Key Flag`, indicating that a {term}`Component Key` can be used for issuing third-party {term}`certifications<Certification>`. See [](key-flags).
Certification Revocation Signature Packet
An {term}`OpenPGP Signature Packet` to {term}`revoke<Revocation>` an earlier {term}`self-certification` of a {term}`User ID`.
An {term}`OpenPGP Signature Packet` by the {term}`Certificate Holder` on an {term}`Identity Component` of their own {term}`Certificate`.
Certifying Signature
See {term}`Certification`.
Cipher Type Byte
This historical term was defined in [RFC 1991](https://datatracker.ietf.org/doc/html/rfc1991#section-4.1) and was subsequently superseded by {term}`Packet Tag` in [RFC 2440](https://datatracker.ietf.org/doc/html/rfc2440#section-4.2), which is in turn superseded by {term}`Packet Type ID` in the new [RFC](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-packet-headers).
Cleartext Signature
A {term}`Data Signature` which exists in a combined text format, encapsulating the (readable) text input it was created for. See [](cleartext-signature).
Cleartext Signature Framework
A framework for creating {term}`cleartext signatures<CleartextSignature>`.
See [RFC 7](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#cleartext-signature).
Component
An element in an {term}`OpenPGP Certificate`, that represents a {term}`component key` or {term}`identity component`.
A {term}`packet` that contains a compressed {term}`OpenPGP Message` (typically a {term}`Literal Data Packet`). A Compressed Data Packet represents a "compressed message".
A flag on {term}`Subpacket`s, that can mark them as critical or non-critical, which is has an influence on signature validation. See [](criticality-of-subpackets).
The process of encoding information using fewer bits than the original representation.
In OpenPGP data compression is used to reduce the size required for encrypted messages.
See Wikipedia on [Data Compression](https://en.wikipedia.org/wiki/Data_compression).
Data Signature
{term}`Cryptographic signature` over binary documents or canonical text documents. See [](/signing_data).
Data Signature Packet
An {term}`OpenPGP Signature Packet` which describes a {term}`Data Signature`. See [](/signing_data).
Delegation
OpenPGP users can [delegate authentication decisions](delegation) to third parties, and thus rely on {term}`certifications<Certification>` they issue. The remote party is then called a "{term}`trusted introducer`".
This kind of delegation involves {term}`certifications<Certification>` that include the {term}`trust signature` subpacket.
Describes both a {term}`Signature Type ID`, as well as an according {term}`OpenPGP Signature` over a {term}`Primary Key`.
Issued as a {term}`Self-Signature` it sets preferences and advertises {term}`features<FeaturesSubpacket>` applicable to an entire {term}`Certificate`. See [](direct-key-signature).
A mechanism by which a {term}`Component` is invalidated due to the {term}`Expiration Time` of its {term}`binding signature` being older than the {term}`Reference Time` by which it is validated.
Expiration Time
The time of expiry of an {term}`OpenPGP Signature Packet`.
For an in-depth view on these {term}`subpackets<OpenPGPSignatureSubpacket>` see [](zoom-dks).
See [RFC 5.2.3.32](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-features)
Fingerprint
See {term}`OpenPGP Fingerprint`.
Hard Revocation
A {term}`Revocation Signature Packet` for a {term}`Certification` or a {term}`Component Key`, which either includes a {term}`Reason For Revocation Subpacket` with a {term}`Revocation Code`, that signifies the target being compromised (e.g., `0` or `2`), or has no {term}`Reason For Revocation Subpacket` at all.
See [](hard-vs-soft-revocations).
See [RFC 5.2.3.31](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-reason-for-revocation).
Hash Algorithm
See {term}`Hash Function`.
Hash Digest
Output of a cryptographic hash function for a string of data of any length. See [](cryptographic-hash).
Hash Function
A function used to map data of arbitrary size to fixed-size values (see {term}`Hash Digest`).
An area in an {term}`OpenPGP Signature Packet` containing {term}`OpenPGP Signature Subpacket`s, that is covered by the {term}`Hash Digest` a {term}`Cryptographic Signature` is created for. See [](subpacket-areas).
Hashed Subpacket
An {term}`OpenPGP Signature Subpacket` residing in the {term}`Hashed Area` of an {term}`OpenPGP Signature Packet`.
Hybrid Cryptosystem
A cryptographic system that employs both {term}`Asymmetric Cryptography` and {term}`Symmetric Cryptography`. See [](hybrid-cryptosystems).
An identity of a {term}`Certificate Holder`. It is represented by an {term}`Identity Component`, which may be certified using {term}`identity certifications<IdentityCertification>`, or by a {term}`Notation`.
A {term}`Certificate Holder` may use {term}`Identity Components<IdentityComponent>` or {term}`Notations<Notation>` to state a claim about their {term}`Identity`.
Identity Component
Part of an {term}`OpenPGP Certificate`, that is used to associate data about the {term}`Certificate Holder` with it. See [](identity-components) for further details.
Identity Verification
A process by which the {term}`Identity Claim` of a {term}`Certificate Holder` is verified. See also {term}`Signature Verification`.
Initial Introducer
An {term}`OpenPGP Certificate` explicitly {term}`delegated<Delegation>` to from a {term}`Trust Anchor`.
An [inline signature](inline-signature) is a type of {term}`OpenPGP message` which stores a {term}`Data Signature` alongside the message it signs. Both the message and the signature are stored in a shared OpenPGP container.
The standard defines two variant formats for inline signatures:
- {term}`One-pass signed Message`: This format is now commonly used.
- {term}`Prefixed signed Message`: This is a historical format. It is still supported, but rarely used.
For more context, see [](forms-of-data-signatures).
See [RFC 5.2.3.13](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-key-expiration-time)
Key Flag
A preference encoded in an {term}`OpenPGP Signature Subpacket`, that defines the {term}`Capability` a {term}`OpenPGP Component Key` has. See [](signature-subpackets).
A Key ID is a shorthand identifier for OpenPGP certificates (or for individual subkeys). A Key ID is a shortened versions of a {term}`fingerprint<OpenPGPFingerprint>`:
- For OpenPGP v6 keys, the Key ID consists of the high-order (leftmost) 64 bits of their {term}`OpenPGP Fingerprint`.
- For OpenPGP v4 keys, the Key ID consists of the low-order (rightmost) 64 bits of their {term}`OpenPGP Fingerprint`.
Note that since Key IDs are relatively short, they don't meaningfully guard against collisions. Applications must not assume that Key IDs are unique.
A service available over the network, which provides access to {term}`OpenPGP Certificates<OpenPGPCertificate>` e.g., by searching for an {term}`OpenPGP Fingerprint` or {term}`User ID`, via the `HKP` and/ or `HKPS` protocols.
Several implementations such as [hagrid](https://gitlab.com/keys.openpgp.org/hagrid/), or [hockeypuck](https://github.com/hockeypuck/hockeypuck) exist.
Life-cycle Management
In OpenPGP several actions are necessary for the prolonged use of an {term}`OpenPGP Certificate` or adapting its {term}`components<Component>` to the requirements of the {term}`Certificate Holder`.
These are for example changes to {term}`binding signatures<BindingSignature>` (adding or {term}`revocation` of {term}`component keys<ComponentKey>` or {term}`direct key signature<DirectKeySignature>`), modification of {term}`expiration time` or other {term}`metadata` for {term}`components<Component>`.
Data related to preferences of an {term}`OpenPGP Certificate` or its {term}`Certificate Holder`, that can be found in {term}`signature` {term}`packets<Packet>`. See [](metadata-in-certificates).
Notation
A mechanism for a {term}`Certificate Holder` to provide user-defined data using a {term}`Notation Signature Subpacket`.
Notation Signature Subpacket
An {term}`OpenPGP Signature Subpacket` which is used to add user-defined data to a {term}`Certificate`. See [](notation-signature-subpackets).
One or more {term}`packets<Packet>` before the actual data in a {term}`Data Signature` which contain information to allow a receiving {term}`implementation<OpenPGPImplementation>` to create {term}`hashes<HashDigest>` required for signature verification.
See [](one-pass-signature-packet).
Also see [RFC 5.4](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#one-pass-sig).
The commonly used form of an OpenPGP {term}`Inline Signature`. It combines an {term}`OpenPGP Message` with {term}`signature packets<OpenPGPSignaturePacket>` and accompanying auxiliary {term}`One-pass signatures<One-passSignaturePacket>`.
Any data in OpenPGP format, represented as a series of OpenPGP packets. The data could for example represent an {term}`OpenPGP Certificate`, or an {term}`OpenPGP Signature Packet` combined with plaintext or encrypted data.
An OpenPGP Fingerprint is a shorthand representation of an {term}`OpenPGP Component Key`. Fingerprints effectively act as unique identifiers. See [](fingerprint).
The Fingerprint of the {term}`primary component key<OpenPGPPrimaryKey>` is used as an identifier for the full {term}`OpenPGP Certificate`.
OpenPGP Implementation
A piece of software implementing the OpenPGP protocol (to some extend).
OpenPGP Key
Used either for an {term}`OpenPGP Certificate` (containing public key material and metadata), or for an {term}`OpenPGP Private Key`. See [](/certificates) for an in-depth discussion.
An {term}`OpenPGP Component Key` that is used in the primary key role of an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](primary-key).
OpenPGP Signature
See {term}`OpenPGP Signature Packet`.
OpenPGP Signature Packet
A {term}`packet` that contains a raw {term}`cryptographic signature`, a {term}`Signature Type ID` and additional {term}`metadata`. See [](/signatures). Basic concepts are introduced in [](/signatures) and more detailed use-cases are explained in [](/signing_data) and [](/signing_components).
OpenPGP Signature Subpacket
A data structure in a {term}`Signature Packet`, that describes {term}`metadata` and preferences. See [](signature-subpackets).
OpenPGP Signature Subpacket Type
An {term}`OpenPGP Signature Subpacket` type.
OpenPGP Signature Type
The type of an {term}`OpenPGP Signature Packet` is defined by its {term}`Signature Type ID`. See [](signature-types).
OpenPGP Signing Subkey
An {term}`OpenPGP Subkey` with the {term}`Signing Key Flag`.
OpenPGP Subkey
An {term}`OpenPGP Component Key` that is used in the subkey role, in an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](subkeys).
A section of variable length at the beginning of a {term}`Packet`, which encodes for example the {term}`Packet Type ID`. See the relevant [section in the RFC](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-packet-headers), which explains this section in more detail.
Packet Tag
This historical term was defined in [RFC 2440](https://datatracker.ietf.org/doc/html/rfc2440#section-4.2) and is superseded by {term}`Packet Type ID` in the new [RFC](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-packet-headers).
Packet Type ID
A numerical value encoded in the first octet of a {term}`Packet Header`, defining a {term}`Packet`'s type.
Positive Certification
An {term}`OpenPGP Signature Type` with the {term}`Signature Type ID` `0x13`, which is used in {term}`binding signatures<BindingSignature>` for {term}`User IDs<UserID>`. This {term}`OpenPGP Signature Type` implies that the {term}`issuer` has done substantial {term}`verification` of the {term}`Identity Claim`.
An {term}`OpenPGP Signature Subpacket Type` which defines the preferred {term}`compression algorithms<DataCompression>` for an {term}`OpenPGP Certificate` or {term}`Component Key`. This defines which {term}`algorithms<DataCompression>` the {term}`key holder<CertificateHolder>` prefers to receive.
An {term}`OpenPGP Signature Subpacket Type` which defines the preferred {term}`hash algorithm<HashFunction>` for an {term}`OpenPGP Certificate` or {term}`Component Key`. This defines which algorithms the {term}`key holder<CertificateHolder>` prefers to receive.
An {term}`OpenPGP Signature Subpacket Type` which defines the preferred version 1 {term}`SEIPD<SymmetricallyEncryptedIntegrityProtectedData>` algorithms for an {term}`OpenPGP Certificate` or {term}`Component Key`. This defines which algorithms the {term}`key holder<CertificateHolder>` prefers to receive and implicitly signifies the supported algorithms of the {term}`key holder<CertificateHolder>`'s {term}`implementation<OpenPGPImplementation>`.
An {term}`OpenPGP Signature Subpacket Type` which defines the preferred version 2 {term}`SEIPD<SymmetricallyEncryptedIntegrityProtectedData>` algorithms for an {term}`OpenPGP Certificate` or {term}`Component Key`. This defines which algorithms the {term}`key holder<CertificateHolder>` prefers to receive and implicitly signifies the supported algorithms of the {term}`key holder<CertificateHolder>`'s {term}`implementation<OpenPGPImplementation>`.
A type of {term}`Inline Signature`. This form of {term}`Inline Signature` is historical and now rarely used. Superseded by {term}`One-pass signed Message`.
A {term}`Binding Signature`, which is created by a {term}`OpenPGP Signing Subkey` on the {term}`OpenPGP Primary Key` of an {term}`OpenPGP Certificate` and stored in an {term}`Embedded Signature Subpacket` in the {term}`Binding Signature` for the {term}`OpenPGP Signing Subkey`.
This special case is explained in more detail in [](bind-signing-subkey).
Primary User ID
A {term}`User ID` which carries the default preferences for {term}`identity components<IdentityComponent>` without preferences.
See [](primary-user-id).
Primary User ID Subpacket
An {term}`OpenPGP Signature Subpacket` used in {term}`User ID self-signatures<UserIDBindingSignature>` which allows to signify whether the {term}`User ID` in question is considered a {term}`Primary User ID`.
See [RFC 5.2.3.27](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#primary-user-id-subpacket)
Primary User ID Binding Signature
A {term}`Binding Signature`, which is created by an {term}`OpenPGP Primary Key` to bind a {term}`User ID` to its {term}`OpenPGP Certificate` and marking it as the {term}`Primary User ID`.
This {term}`Binding Signature` may carry {term}`metadata` specific to the {term}`User ID` at hand as well as some applicable to the entire {term}`OpenPGP Certificate`.
See [](primary-user-id-binding).
Private Key
See {term}`Transferable Secret Key`.
Private Key Material
A raw cryptographic private key.
Public Key
See {term}`OpenPGP Public Key`.
Public Key Algorithm
An {term}`asymmetric cryptographic<AsymmetricCryptography>` algorithm. See [](public-key-cryptography).
Public Key Cryptography
See {term}`Asymmetric Cryptography`.
Public Key Material
See {term}`OpenPGP Certificate`.
Reason For Revocation Subpacket
An {term}`OpenPGP Signature Subpacket`, which is used in {term}`Certification Revocation Signature Packet` and {term}`key revocation signature packets<KeyRevocationSignaturePacket>` to describe a reason for the {term}`revocation`.
See [RFC 5.2.3.31](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-reason-for-revocation)
An {term}`OpenPGP Signature Subpacket` which allows for limiting {term}`delegations<Delegation>` to {term}`identities<Identity>` matching a regular expression.
Revocation
Mechanism to invalidate a {term}`component` or an entire {term}`OpenPGP Certificate` using a {term}`Revocation Self-signature`. See [](revocations).
Revocation Certificate
A {term}`Revocation Self-signature` for an {term}`OpenPGP Primary Key` distributed alongside the plain {term}`OpenPGP Primary Key`.
See [RFC 10.1.2](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-openpgp-v6-revocation-certi)
Note that in [OpenPGP v4 this term is typically used](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#section-10.1.3-6) for a bare {term}`Revocation Self-signature` {term}`packet<OpenPGPSignaturePacket>`.
Revocation Code
A number in a {term}`Reason For Revocation Subpacket` which represents the reason for a {term}`Revocation`.
Revocation Self-signature
A class of {term}`self-signatures<Self-signature>` to {term}`revoke<Revocation>` {term}`primary keys<OpenPGPPrimaryKey>`, {term}`User IDs<UserID>` or {term}`User Attributes<UserAttribute>` and invalidate {term}`subkey binding signatures<SubkeyBindingSignature>`.
See [](self-revocations).
Revocation Signature
See {term}`Revocation Signature Packet`.
Revocation Signature Packet
An {term}`OpenPGP Signature Packet` used for the {term}`revocation` of a {term}`certification` or {term}`binding`.
Revocation signatures are often {term}`self-signatures<Self-signature>`, more specifically {term}`revocation self-signatures<RevocationSelf-signature>`.
However, *{term}`certification revocations<Certification Revocation Signature Packet>`* can be both {term}`self-signatures<Self-signature>` or {term}`third-party signatures<Third-partySignature>`.
Additionally, with the deprecated *Revocation Key* mechanism, {term}`third-party<Third-partySignature>` *Key-* and *Subkey revocations* also exist.
RFC
This document, unless noted otherwise, refers to the [OpenPGP version 6 specification](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) when referring to *RFC*.
SEIPD
See {term}`Symmetrically Encrypted Integrity Protected Data`.
Self-certification
A {term}`certification` on a {term}`component` of an {term}`OpenPGP Certificate` issued by a {term}`component key` of the same {term}`OpenPGP certificate`.
Secret Key Material
See {term}`Private Key Material`.
Self-signature
An {term}`OpenPGP Signature Packet` by the {term}`Certificate Holder` on a {term}`Component` of their own {term}`Certificate`.
Session Key
A unique shared secret used in encryption in a {term}`Hybrid Cryptosystem`. See [](encryption) and [](decryption).
Soft Revocation
A {term}`Revocation Signature Packet` for a {term}`Certification` or a {term}`Component Key`, which includes a {term}`Reason For Revocation Subpacket` with a {term}`Revocation Code`, that does not signify the target being compromised (e.g., `0` or `2`).
See [](hard-vs-soft-revocations).
See [RFC 5.2.3.31](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-reason-for-revocation).
Signature
See {term}`OpenPGP Signature Packet`.
Signature Creation Time Subpacket
An {term}`OpenPGP Signature Subpacket Type` which defines the {term}`Creation Time` for an {term}`OpenPGP Signature Packet`.
See [RFC 5.2.3.11](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-signature-creation-time)
Signature Expiration Time Subpacket
An {term}`OpenPGP Signature Subpacket Type` which defines the {term}`Expiration Time` for an {term}`OpenPGP Signature Packet`.
See [RFC 5.2.3.18](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-signature-expiration-time)
Signature On Component
{term}`Cryptographic signature` associated with {term}`Component Keys<ComponentKey>` or {term}`Identity Components<IdentityComponent>`. See [](/signing_components).
In cryptography the mechanism of verification relates to a process in which a claim (i.e., a {term}`signature`) is tested (i.e., using the relevant {term}`components<Component>` of a {term}`certificate`).
Signer
A {term}`Certificate Holder`, that is able to create {term}`self-signatures<Self-signature>` and {term}`third-party signatures<Third-partySignature>`.
Signing-capable
See {term}`Signing Key Flag`.
Signing Key Flag
A {term}`Key Flag`, indicating that a {term}`Component Key` can be used for signing data. See [](key-flags).
Signing Subkey
See {term}`OpenPGP Signing Subkey`.
Strong Authentication
"Strong Authentication" in this text refers to having ascertained that a {term}`certificate<OpenPGPCertificate>` and an {term}`identity claim` on it are legitimately linked. That is, that the person who controls the {term}`certificate<OpenPGPCertificate>` is correctly represented by the {term}`identity component`.
Strong authentication in OpenPGP is typically encoded with a {term}`certification signature`.
Ascertaining strong authentication requires an out-of-band check: Either via a manual {term}`verification` process, or an automated system that can {term}`certify<Certification>` that a user has identified to the system that issues the {term}`identity` in question (e.g. an email provider can {term}`certify<Certification>` email-based {term}`identities<Identity>` that it issues to the user).
Also see {term}`Authentication`.
Subkey
See {term}`OpenPGP Subkey`.
Subkey Binding Signature
A {term}`Self-signature` to associate an {term}`OpenPGP Subkey` with an {term}`OpenPGP Primary Key`. See [](bind-subkey).
Subkey Revocation Signature Packet
A {term}`Self-signature` to {term}`revoke<Revocation>` an {term}`OpenPGP Subkey` in an {term}`OpenPGP Certificate`.
See [RFC 5.2.1.12](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-subkey-revocation-signature)
Subpacket
See {term}`OpenPGP Signature Subpacket`.
Subpacket Type
See {term}`OpenPGP Signature Subpacket Type`.
Symmetric Cryptography
Symmetric cryptography is used in OpenPGP. For a more detailed discussion see [](symmetric-key-cryptography).
Symmetrically Encrypted Integrity Protected Data
Short *SEIPD*, this refers to {term}`Symmetric Cryptography` based encrypted data, which is used in a Symmetrically Encrypted Integrity Protected Data Packet.
See [RFC 5.13](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-symmetrically-encrypted-int).
Symmetric Secret Key
The {term}`Private Key Material` used in {term}`Symmetric Cryptography`.
Text Signature
A {term}`signature packet<OpenPGPsignaturepacket>` with the {term}`Signature Type ID` `0x01`, which is used for textual data.
{term}`Certification` by third-parties to confirm ownership of an {term}`OpenPGP Certificate` ({term}`Identity Claim`) by a {term}`Certificate Holder`. See [](third-party-identity-certifications).
A {term}`Signature` by a third-party on a {term}`Component` of a {term}`Certificate`.
Transferable Secret Key
A Transferable Secret Key (TSK) is the combination of an {term}`OpenPGP Certificate` and the associated {term}`private key material`. Also often referred to as an "OpenPGP private key". It is discussed in detail in [](/private_keys).
Trust Amount
A numerical value between `0` and `255`, stored in {term}`trust signatures<TrustSignature>` used for indicating the degree of reliance on the {term}`delegation`.
Values less than `120` indicate partial trust, values equal to or greater than `120` indicate complete trust.
See [](trust-amount).
See [RFC 5.2.3.21](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-trust-signature)
Trust Anchor
An entity in a {term}`Trust Model` for which trust is assumed and not derived.
Trust Depth
This numerical value is part of a {term}`Trust Signature` and describes the extent of trustworthiness of a {term}`Certification`, that the {term}`signer` assigns to it.
See [](trust-level).
Trust Level
See {term}`Trust Depth`.
Trust Model
A model by which trust between {term}`identities<Identity>` associated with different {term}`OpenPGP Certificates<OpenPGPCertificate>` is created. See [](third-party-identity-certifications).
Trust Root
See {term}`Trust Anchor`.
Trust Signature
The *trust signature* {term}`subpacket<OpenPGPSignatureSubpacket>` on a {term}`certifying signature<Certification>` is used for {term}`delegation` of {term}`authentication` decisions. With this feature, an OpenPGP user can designate a {term}`certificate<OpenPGPCertificate>` as a "{term}`trusted introducer`" and opt to rely on {term}`certifications<Certification>` they issue.
See [RFC 5.2.3.21](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-trust-signature)
Trusted introducer
OpenPGP users can choose to rely on {term}`certifications<Certification>` issued by a third party. The remote party of such a {term}`delegation` is called a "trusted introducer".
An area in a {term}`Signature Packet` containing {term}`Signature Subpacket`s, that is *not* covered by the {term}`Hash Digest` a {term}`Cryptographic Signature` is created for. See [](subpacket-areas).
Unhashed Subpacket
A {term}`Signature Subpacket` residing in the {term}`Unhashed Area` of a {term}`Signature Packet`.
An {term}`Identity Component`, which describes an {term}`Identity` of a {term}`Certificate Holder`. See [](user-ids).
User ID Binding Signature
A {term}`Binding Signature`, which is created by an {term}`OpenPGP Primary Key` to bind a {term}`User ID` to an {term}`OpenPGP Certificate`.
Validation
A mechanism by which the [operational needs of a use-case are met](https://en.wikipedia.org/wiki/Verification_and_validation#Validation).
In OpenPGP terminology this may refer to processes such as ensuring, that an {term}`OpenPGP Signature Packet` has been created after a {term}`Transferable Secret Key`'s {term}`Creation Time`, but before its {term}`Expiration Time`.
Validity
See {term}`Validation`.
Verification
A mechanism by which the [compliance with design specifications are met](https://en.wikipedia.org/wiki/Verification_and_validation#Verification).
In OpenPGP terminology this may refer to e.g. {term}`Signature Verification` or {term}`Identity Verification`.
Web Of Trust
A {term}`trust model` which is based on a network of {term}`certifications<Certification>` and {term}`delegations<Delegation>`, that can be used to discern the reliability of {term}`certificates<Certificate>` and their associated {term}`identities<Identity>`. See [](wot).