diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index fc8903b..3a2ff48 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -50,7 +50,7 @@ OpenPGP certificates are typically long-lived and may be changed (typically by t An OpenPGP certificate usually contains multiple OpenPGP component keys. -OpenPGP component keys consist of an [asymmetric cryptographic keypair](asymmetric_key_pair) and a creation timestamp. These attributes of a component key cannot be changed after creation (in the case of ECDH keys, two additional parameters are part of a component key's constituting data[^ecdh-paramters]). +OpenPGP component keys logically consist of an [asymmetric cryptographic keypair](asymmetric_key_pair) and a creation timestamp. These attributes of a component key cannot be changed after creation (in the case of ECDH keys, two additional parameters are part of a component key's constituting data[^ecdh-paramters]). [^ecdh-paramters]: For [ECDH](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-algorithm-specific-part-for-ecd) component keys, two additional algorithm parameters are part of the component key's constituting and immutable properties. Those parameters define a hash function and a symmetric encryption algorithm. @@ -59,7 +59,9 @@ OpenPGP component keys consist of an [asymmetric cryptographic keypair](asymmetr An OpenPGP component key ``` -Component key representations that include private key material also contain metadata that specifies the password protection scheme for the private key material. +Component key representations that include private key material also contain metadata that specifies the password protection scheme for the private key material. However, in this chapter, we're looking at *OpenPGP certificates*, which *don't* contain private key information. Each component key of such a certificate contains only the public part of its cryptographic key data. To read more about private keys in OpenPGP, see {numref}`private_key_chapter`. + +#### Fingerprint For each OpenPGP component key, an *OpenPGP fingerprint* can be derived from the combination of the public key material and creation timestamp (and ECDH parameters, if applicable).