diff --git a/book/source/adv/signing_data.md b/book/source/adv/signing_data.md index 2c88dbf..57408a0 100644 --- a/book/source/adv/signing_data.md +++ b/book/source/adv/signing_data.md @@ -146,6 +146,8 @@ By contrast, a message, where the signer attests an already signed message has t A {term}`prefixed signed message` consists of {term}`signature packet(s)` followed by the message. For the verifier, processing one-pass signed and prefixed signed messages are equally convenient. However, on the signer's side, it takes more resources to generate a {term}`prefixed signed message`. +This is a legacy format. Not all modern implementations support. However, for example, GnuPG 2.4.x can validate messages with this signature format. + #### Structure In this format, the signature packets are stored ahead of the message itself: @@ -163,7 +165,13 @@ Structure of a prefixed signed message. Compared to a {term}`one-pass signed message`, there are no {term}`one-pass signature packets` in this format, and the (otherwise equivalent) {term}`signature packet(s)` are stored ahead of the signed data. -For verification, this is equally convenient as the one-pass signed message form. +```{note} +Even when a prefixed signed message contains multiple signature packets, each signature packet contains an independent signature of just the message payload. Signatures do not include subsequent signatures in their hashes, every signature is only over the raw payload data of the message. +``` + +#### Format is inefficient for the signer + +For verification, this format is equally convenient as the one-pass signed message form. However, when a signer creates a {term}`prefixed signed message`, the signed data must be processed twice: