From 01e18a835b1bf069ede360c874c7aed5cf82927d Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Thu, 14 Dec 2023 12:35:23 +0100 Subject: [PATCH] Differentiate inline-signed messages between one-pass-signed and prefix-signed messages --- book/source/glossary.md | 7 ++++++- book/source/signing_data.md | 9 ++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/book/source/glossary.md b/book/source/glossary.md index b9e75ca..01fc23f 100644 --- a/book/source/glossary.md +++ b/book/source/glossary.md @@ -313,7 +313,10 @@ Notation Tag Part of a {term}`Notation` name. One-pass Signature Packet - One or more {term}`packets` before the actual data in a {term}`Data Signature` which contain information to allow a receiving {term}`implementation` to create {term}`hashes` required for signature verification. See [RFC 5.4](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#one-pass-sig) for more details. + One or more {term}`packets` before the actual data in a {term}`Data Signature` which contain information to allow a receiving {term}`implementation` to create {term}`hashes` required for signature verification. See [RFC 5.4](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#one-pass-sig) for more details. + +One-pass-signed Message + A {term}`OpenPGP Message` signed using one or more {term}`One-pass signatures`. OpenPGP Certificate An OpenPGP certificate contains public key material, identity claims and third party certifications (but no private key material) @@ -405,6 +408,8 @@ Preferred AEAD Ciphersuites Subpacket See [RFC 5.2.3.15](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-preferred-aead-ciphersuites) +Prefixed-Signed Message + An {term}`OpenPGP Message` with one or more prefixed {term}`signature packets`. Primary Component Key See {term}`OpenPGP Primary Key`. diff --git a/book/source/signing_data.md b/book/source/signing_data.md index ca174b3..7979400 100644 --- a/book/source/signing_data.md +++ b/book/source/signing_data.md @@ -54,7 +54,12 @@ This method is commonly used for signing or encrypting emails. Most email softwa #### Structure -An {term}`inline-signed` {term}`OpenPGP message` consists of three segments: +There are two different constructions available to generate inline-signed messages: + +* {term}`One-pass-signed messages` are signed using one ore more {term}`one-pass signatures` +* {term}`Prefixed-signed messages` have the actual signature(s) prefixed to the {term}`OpenPGP message`. + +A {term}`one-pass-signed` {term}`OpenPGP message` consists of three segments: 1. [**One-pass signature packets**](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#one-pass-sig): These one or more {term}`packets` precede the signed data and enable {term}`signature` computation in one pass. @@ -62,6 +67,8 @@ An {term}`inline-signed` {term}`OpenPGP message` consists of t 3. **{term}`Data signature packets`**: These contain the {term}`cryptographic signature` corresponding to the original data. +Less commonly used are {term}`prefixed-signed messages`, where the {term}`signature packet(s)` are simply prepended to the message. + #### Creation To produce an {term}`inline signature`, the {term}`signer` processes the entirety of the data by reading from an input file and writing into an output {term}`OpenPGP message` file. As the data is processed, the {term}`signer` simultaneously calculates a {term}`cryptographic signature`. This procedure results in the appending of a {term}`data signature packet` to the output {term}`OpenPGP message` file, where it can be efficiently stored.