diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 7dcf1f3..fc8903b 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -124,6 +124,15 @@ It is considered good practice to have separate component keys for each type of [^key-flag-sharing]: With ECC algorithms, it's actually not possible to share encryption functionality with the signing-based functionalities, e.g.: ed25519 used for signing; cv25519 used for encryption. +#### Component key metadata, including key flags + +The key flags for a component key are actually not defined *inside* that component key itself. + +Instead, key flags, together with other metadata about that component key (such as the key expiration time), are stored using mechanisms that join components together as an OpenPGP certificate: + +- For the primary key, two different mechanisms can be used to define its key flags (as well as other metadata): That configuration can be associated with the [Primary User ID](primary_user_id), or via a [direct key signature](direct_key_signature). +- For subkeys, their key flags (and other metadata) are defined with the mechanism that connects the subkey with the certificate (via the primary key). More on that [below](binding_subkeys). + (identity_components)= ### Identity components @@ -134,13 +143,18 @@ Identity components in an OpenPGP certificate are used by the certificate holder An OpenPGP certificate can contain any number of [User IDs](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-user-id-packet-tag-13). Each User ID associates the certificate with an identity. -Often, identities in a User ID consist of a string that is composed of a name and an email address (this string must be UTF-8 encoded). - ```{figure} diag/user_id.png OpenPGP certificates can contain any number of User IDs ``` +Often, identities in a User ID consist of a UTF-8 encoded string that is composed of a name and an email address. By convention, User IDs typically consist of an [RFC2822](https://www.rfc-editor.org/rfc/rfc2822) *name-addr*. + +Also see [draft-dkg-openpgp-userid-conventions-00](https://datatracker.ietf.org/doc/draft-dkg-openpgp-userid-conventions/), 25 August 2023. + +One proposed variant for encoding identities in User ID is to use ["split User IDs"](https://dkg.fifthhorseman.net/blog/2021-dkg-openpgp-transition.html#split-user-ids). + +(primary_user_id)= #### Primary User ID and its implications One User ID in a certificate has the special property of being the [Primary User ID](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-primary-user-id). @@ -172,7 +186,7 @@ However, the owner of a certificate doesn't want a third party to add subkeys (o To prevent malicious addition of components, OpenPGP uses cryptographic signatures. These signatures show that components have been added by the owner of the OpenPGP certificate (these linking signatures are issued by the primary key of the certificate). -So while anyone can still unilaterally store unrelated subkeys and [identity components](identity_components) in an OpenPGP certificate dataset, OpenPGP implementations that read this file should discard components that don't have a valid cryptographic connection with the certificate. +So while anyone can still unilaterally store unrelated subkeys and [identity components](identity_components) in an OpenPGP certificate dataset, OpenPGP implementations that read this certificate should discard components that don't have a valid cryptographic connection with the certificate. (Conversely, it's easy for a third party to leave out packets when passing on an OpenPGP certificate. An attacker can, for example, choose to omit revocation packets. The recipient of such a partial copy has no way to notice the omission, without access to a different source for the certificate that contains the revocation packet.) @@ -227,6 +241,13 @@ Alice can link a User ID to her OpenPGP certificate with a cryptographic signatu Linking a User ID to an OpenPGP certificate ``` +(direct_key_signature)= +#### Direct key signature + +```{admonition} TODO +explain metadata associated with this signature, and that c-r prefers this over primary user id. +``` + (third_party_cert)= ## Third party (identity) certifications diff --git a/book/source/diag/user_id_certification.png b/book/source/diag/user_id_certification.png index bfa8c06..5f4c7e5 100644 Binary files a/book/source/diag/user_id_certification.png and b/book/source/diag/user_id_certification.png differ diff --git a/book/source/diag/user_id_certification.svg b/book/source/diag/user_id_certification.svg index c117885..582ea0f 100644 --- a/book/source/diag/user_id_certification.svg +++ b/book/source/diag/user_id_certification.svg @@ -7,7 +7,7 @@ viewBox="-12 -8 126.419 102.162" version="1.1" id="svg895" - inkscape:version="1.2.2 (b0a8486541, 2022-12-01)" + inkscape:version="1.3 (0e150ed6c4, 2023-07-21)" sodipodi:docname="user_id_certification.svg" inkscape:export-filename="user_id_certification.png" inkscape:export-xdpi="128" @@ -29,14 +29,15 @@ showgrid="false" inkscape:zoom="2.2417025" inkscape:cx="238.43485" - inkscape:cy="211.00034" + inkscape:cy="210.7773" inkscape:window-width="1920" - inkscape:window-height="1001" + inkscape:window-height="1121" inkscape:window-x="0" inkscape:window-y="0" inkscape:window-maximized="1" inkscape:current-layer="layer1" - showguides="true"> + showguides="true" + inkscape:export-bgcolor="#ffffffff"> + id="g19460" + transform="translate(-3.7041668)"> Primary key creates a issues signature to associate the User ID with itself - Certification for User ID - + width="50.266029" + height="67.318695" + x="83.182564" + y="96.4897" /> Metadata associatedSignature Over:with this Signature:Primary Key,+ User ID+ Metadata associated with this Signature:- creation time- algorithm preferences- key expiration time- "Primary User ID" flag- primary key flags- primary key expiration time- ... + +