mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-30 03:22:06 +01:00
fix link names
This commit is contained in:
parent
bedae03c42
commit
1dbe95cb1f
6 changed files with 10 additions and 8 deletions
|
@ -19,7 +19,7 @@ With OpenPGP, you can:
|
|||
|
||||
- [Encrypt](encryption_chapter) and [decrypt](decryption_chapter) messages
|
||||
- [Sign](signing_data) and [verify](verification_chapter) data
|
||||
- [Issue certifications and examine statements](certifications_chapter) about keys and identities, similar to the role of a Certificate Authority in validating identities.
|
||||
- [Issue certifications and examine statements](component_signatures_chapter) about keys and identities, similar to the role of a Certificate Authority in validating identities.
|
||||
|
||||
To enable these operations, OpenPGP utilizes a set of [established cryptographic mechanisms](cyrptography_chapter). These building blocks are integrated into OpenPGP's standard, which also addresses identities and their verification.
|
||||
|
||||
|
|
|
@ -55,7 +55,7 @@ Because the GnuPG program binary is called "gpg," "GnuPG" and "gpg" are often us
|
|||
|
||||
In 2007, the IETF published [RFC 4880](https://datatracker.ietf.org/doc/html/rfc4880), which defined version 4 of the OpenPGP standard. As of late 2023, version 4 is the most commonly used version.
|
||||
|
||||
|
||||
(major_implementations)=
|
||||
### Major implementations of OpenPGP
|
||||
|
||||
Today, multiple implementations of OpenPGP play important roles:
|
||||
|
|
|
@ -131,7 +131,7 @@ In OpenPGP, digital signatures have diverse applications, extending beyond mere
|
|||
|
||||
Digital signatures in OpenPGP are used in two primary contexts:
|
||||
|
||||
- [Certification statements](certifications_chapter)
|
||||
- [Certification statements](component_signatures_chapter)
|
||||
- [Data signatures](signing_data)
|
||||
|
||||
(hybrid_cryptosystems)=
|
||||
|
|
|
@ -183,7 +183,7 @@ The OpenPGP standard currently only defines one format to store in User Attribut
|
|||
|
||||
To form an OpenPGP certificate out of a collection of components, the certificate holder links these components together (using their OpenPGP software).
|
||||
|
||||
The OpenPGP term for linking components is "binding," as in: "a subkey is bound to the primary key." The bindings are realized using cryptographic signatures (much more details about this are in {ref}`certifications_chapter`).
|
||||
The OpenPGP term for linking components is "binding," as in: "a subkey is bound to the primary key." The bindings are realized using cryptographic signatures (much more details about this are in {ref}`component_signatures_chapter`).
|
||||
|
||||
In very abstract terms, the primary key of a certificate acts as a root of trust for that certificate (as a kind of "certification authority"):
|
||||
|
||||
|
|
|
@ -3,8 +3,7 @@ SPDX-FileCopyrightText: 2023 The "Notes on OpenPGP" project
|
|||
SPDX-License-Identifier: CC-BY-SA-4.0
|
||||
-->
|
||||
|
||||
(certifications_chapter)=
|
||||
|
||||
(component_signatures_chapter)=
|
||||
# Signatures on components
|
||||
|
||||
In this chapter, we'll consider OpenPGP signatures that apply to components. That is, signatures that apply to:
|
||||
|
@ -95,6 +94,7 @@ Note, though, that there are some cases where third parties legitimately add "un
|
|||
|
||||
[^flooding]: Storing third-party identity certifications in the target OpenPGP certificate is convenient for consumers: it is easy to find all relevant certifications in one central location. However, when third parties can unilaterally add certifications, this opens an avenue for denial-of-service attacks by flooding. The SKS network of OpenPGP key servers [allowed and experienced this problem](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html).
|
||||
|
||||
(bind_subkey)=
|
||||
### Binding subkeys to a certificate
|
||||
|
||||
Linking a subkey to an OpenPGP certificate is done with a ["Subkey Binding Signature"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#sigtype-subkey-binding). Such a signature signals that the "primary key wants to be associated with the subkey".
|
||||
|
@ -178,7 +178,8 @@ Contrary, a hard revocation cannot be re-validated. Furthermore, a hard-revoked
|
|||
|
||||
A missing revocation reason subpacket is equivalent with a hard revocation reason.
|
||||
|
||||
## Third-party signatures: Making statements about other people's certificates and identities
|
||||
(third_party_cert)=
|
||||
## Third-party certifications: Making statements about other people's certificates and identities
|
||||
|
||||
```{admonition} TODO
|
||||
:class: warning
|
||||
|
@ -214,7 +215,7 @@ This signature should have the following structure:
|
|||
|
||||
The recommended way to change the expiration time of a certificate is by issuing a new `DirectKey` signature (type 0x1F) with an adjusted Key Expiration Time subpacket.
|
||||
The structure of such a signature is the same as in the section above.
|
||||
It is also possible to change the expiration date of individual User IDs (see section below) or separate subkeys (see [section X](#add_subkey)).
|
||||
It is also possible to change the expiration date of individual User IDs (see section below) or separate subkeys (see {numref}`bind_subkey`).
|
||||
|
||||
#### Add User ID
|
||||
|
||||
|
|
|
@ -19,6 +19,7 @@ Core concept:
|
|||
|
||||
## Generations of encryption
|
||||
|
||||
(SEIPDv2)=
|
||||
### SEIPD w/ AEAD (v2)
|
||||
|
||||
### SEIPD (v1)
|
||||
|
|
Loading…
Reference in a new issue