mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-30 03:22:06 +01:00
ch4: add todo notes
This commit is contained in:
parent
d1203075d1
commit
1aa4696f3e
1 changed files with 22 additions and 1 deletions
|
@ -721,7 +721,22 @@ The subkey packet above by itself is disconnected from the OpenPGP certificate t
|
|||
|
||||
The type of signature that is used for this is called a *subkey binding signature*, because it "binds" (as in "connects") the subkey to the rest of the key.
|
||||
|
||||
In addition to its core purpose of making the connection, this signature also contains additional metadata about the subkey. One reason why this metadata is in a binding signature (and not in the subkey packet) is that it may change over time. The subkey packet itself may not change over time. So metadata about the subkey that can change is stored in self-signatures: if the key holder wants to change some metadata (for example, the key's expiration time), they can issue a newer version of the same kind of signature. Receiving OpenPGP software will then understand that the newer self-signature supercedes the older signature, and that the metadata in the newer signature reflects the most current intent of the key holder.
|
||||
```{admonition} VISUAL
|
||||
:class: warning
|
||||
|
||||
Add detailed packet diagram analogous to 4.6.1
|
||||
```
|
||||
|
||||
```{admonition} TODO
|
||||
:class: warning
|
||||
|
||||
david points out: "The information on metadata in binding signatures may also make sense in other contexts (direct key signature)?"
|
||||
|
||||
Should this text go elsewhere?
|
||||
- 4.2.3?
|
||||
- ch 6?
|
||||
```
|
||||
In addition to its core purpose of making the connection, this signature also contains additional metadata about the subkey. One reason why this metadata is in a binding signature (and not in the subkey packet) is that it may change over time. The subkey packet itself may not change over time. So metadata about the subkey that can change is stored in self-signatures: if the key holder wants to change some metadata (for example, the key's expiration time), they can issue a newer version of the same kind of signature. Receiving OpenPGP software will then understand that the newer self-signature supersedes the older signature, and that the metadata in the newer signature reflects the most current intent of the key holder.
|
||||
|
||||
Note that this subkey binding signature packet is quite similar to the Direct Key Signature we discussed packet above. Both signatures perform the same function in terms of adding metadata to a component key. In particular, the hashed subpacket data contains many of the same pieces of metadata.
|
||||
|
||||
|
@ -808,6 +823,12 @@ The signature is calculated over a hash. The hash, in this case, is calculated o
|
|||
|
||||
### Signing subkey
|
||||
|
||||
```{admonition} TODO
|
||||
:class: warning
|
||||
|
||||
write
|
||||
```
|
||||
|
||||
```text
|
||||
$ sq packet dump --hex alice.priv-6--SecretSubkey
|
||||
Secret-Subkey Packet, new CTB, 2 header bytes + 75 bytes
|
||||
|
|
Loading…
Reference in a new issue