mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-23 08:02:05 +01:00
ch4: move packet section to the end
This commit is contained in:
Heiko Schaefer
parent
f985121444
commit
1834ef9a5e
1 changed files with 25 additions and 25 deletions
|
|
@ -155,7 +155,28 @@ Alice can link a User ID to her OpenPGP certificate with a cryptographic signatu
|
||||||
|
|
||||||
### Hard vs. soft revocations
|
### Hard vs. soft revocations
|
||||||
|
|
||||||
## Zooming in: Looking at the package structure and internals
|
|
||||||
|
## Advanced topics
|
||||||
|
|
||||||
|
### Certificate Management / Evolution of a certificate over time
|
||||||
|
|
||||||
|
Minimized versions, merging, effective "append only" semantics, ...
|
||||||
|
|
||||||
|
### Merging
|
||||||
|
|
||||||
|
- How to merge two copies of the same certificate?
|
||||||
|
- Canonicalization
|
||||||
|
|
||||||
|
### How to generate "minimized" certificate?
|
||||||
|
|
||||||
|
### Best Practices regarding Key Freshness
|
||||||
|
|
||||||
|
- Expiry
|
||||||
|
- Subkey rotation
|
||||||
|
|
||||||
|
### Metadata Leak of Social Graph
|
||||||
|
|
||||||
|
## Zooming in: Package structure
|
||||||
|
|
||||||
To use OpenPGP, we need "(OpenPGP) keys."
|
To use OpenPGP, we need "(OpenPGP) keys."
|
||||||
|
|
||||||
|
|
@ -397,15 +418,15 @@ Signature Packet, new CTB, 2 header bytes + 131 bytes
|
||||||
Note that the two OpenPGP artifacts (public certificate and private key) are almost identical.
|
Note that the two OpenPGP artifacts (public certificate and private key) are almost identical.
|
||||||
|
|
||||||
The public certificate uses the packet type "Public-Key Packet" instead of "Secret-Key Packet". The two packet types are very similar. The "Public-Key Packet" leaves out two types of data
|
The public certificate uses the packet type "Public-Key Packet" instead of "Secret-Key Packet". The two packet types are very similar. The "Public-Key Packet" leaves out two types of data
|
||||||
|
|
||||||
* the private key material (visualized in red), and
|
* the private key material (visualized in red), and
|
||||||
* s2k configuration data, if any (this example doesn't have any).
|
* s2k configuration data, if any (this example doesn't have any).
|
||||||
s2k is used when the secret key material is password-protected.
|
s2k is used when the secret key material is password-protected.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
In the following examples, we will look at OpenPGP private keys only. The corresponding public certificates are easy to imagine (just leave out the private key material).
|
In the following examples, we will look at OpenPGP private keys only. The corresponding public certificates are easy to imagine (just leave out the private key material).
|
||||||
|
|
||||||
|
|
||||||
### User IDs
|
### User IDs
|
||||||
|
|
||||||
|
|
@ -616,24 +637,3 @@ From here on, we'll look at the dumps in shorter format (you can see more detail
|
||||||
### Certifications (Third Party Signatures)
|
### Certifications (Third Party Signatures)
|
||||||
|
|
||||||
### Revocations
|
### Revocations
|
||||||
|
|
||||||
|
|
||||||
## Advanced topics
|
|
||||||
|
|
||||||
### Certificate Management / Evolution of a certificate over time
|
|
||||||
|
|
||||||
Minimized versions, merging, effective "append only" semantics, ...
|
|
||||||
|
|
||||||
### Merging
|
|
||||||
|
|
||||||
- How to merge two copies of the same certificate?
|
|
||||||
- Canonicalization
|
|
||||||
|
|
||||||
### How to generate "minimized" certificate?
|
|
||||||
|
|
||||||
### Best Practices regarding Key Freshness
|
|
||||||
|
|
||||||
- Expiry
|
|
||||||
- Subkey rotation
|
|
||||||
|
|
||||||
### Metadata Leak of Social Graph
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue