vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2024-11-23 08:02:05 +01:00
Code Issues Projects Releases Packages Wiki Activity

edit section on layers of keys, integrating previoous Ch2 section

Browse source
This commit is contained in:
Tammi L. Coles 2023-10-07 15:13:58 +02:00 committed by Heiko Schaefer
parent 4e9ddaee0b
commit 2beba67d13
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
1 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
book/source/04-certificates.md
View file

@ -11,16 +11,17 @@ The term "(cryptographic) keys" is central to grasping the concept of OpenPGP ce
The term "key," without additional context, can refer to either public or private asymmetric key material. In asymmetric cryptography, fundamental to the OpenPGP standard, a pair of keys is used: a public key for encryption and a corresponding private key for decryption. The public key is shared openly, allowing others to encrypt data meant for the individual who owns the key pair, while the private key is kept confidential by the key pair owner, ensuring only they can decrypt and access the encrypted data. Additionally, symmetric keys may be used in OpenPGP to encrypt private key material, adding a layer of security and complexity.
### Layers of "keys," in OpenPGP
### Layers of keys in OpenPGP
Independent of the distinction between private and public keys, in OpenPGP, the term "key" is used to refer to three different layers, all related but distinct:
In OpenPGP, the term "key" is used to refer to three distinct layers, each serving a unique purpose:
1. A (bare) ["cryptographic key"](asymmetric_key_pair) (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`.
2. An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consists of a cryptographic keypair combined some invariant metadata (e.g. key creation time).
3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys, identity components and additional elements.
1. A (bare) ["cryptographic key"](asymmetric_key_pair) comprises the private and/or public parameters forming a key. For instance, in the case of an RSA private key, the key consists of the exponent `d` along with the prime numbers `p` and `q`.
2. An OpenPGP *component key* includes either an "OpenPGP primary key" or an "OpenPGP subkey." It is a building block of an OpenPGP certificate, consisting of a cryptographic keypair coupled with some invariant metadata, such as key creation time.
3. An "OpenPGP certificate" (or "OpenPGP key") consists of several component keys, identity components, and other elements. These certificates are dynamic, evolving over time as components are added, expire, or are marked as invalid.
In the following section, we'll look at the two OpenPGP-specific layers (2 and 3).
The following section will delve into the OpenPGP-specific layers (2 and 3) to provide a clearer understanding of their roles within OpenPGP certificates.
For detailed insights on structure and handling, refer to our chapters on OpenPGP [certificates](certificates_chapter) and [private keys](private_key_chapter). Additionally, managing certificates, and understanding their authentication and trust models are vital topics. While this document briefly touches upon these aspects, they are integral to working proficiently with OpenPGP.
## Structure of OpenPGP certificates