mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-27 01:52:06 +01:00
parent
443023b8e9
commit
2df7aa779d
1 changed files with 17 additions and 0 deletions
|
@ -124,6 +124,15 @@ It is considered good practice to have separate component keys for each type of
|
|||
|
||||
[^key-flag-sharing]: With ECC algorithms, it's actually not possible to share encryption functionality with the signing-based functionalities, e.g.: ed25519 used for signing; cv25519 used for encryption.
|
||||
|
||||
#### Component key metadata, including key flags
|
||||
|
||||
The key flags for a component key are actually not defined *inside* that component key itself.
|
||||
|
||||
Instead, key flags, together with other metadata about that component key (such as the key expiration time), are stored using mechanisms that join components together as an OpenPGP certificate:
|
||||
|
||||
- For the primary key, two different mechanisms can be used to define its key flags (as well as other metadata): That configuration can be associated with the [Primary User ID](primary_user_id), or via a [direct key signature](direct_key_signature).
|
||||
- For subkeys, their key flags (and other metadata) are defined with the mechanism that connects the subkey with the certificate (via the primary key). More on that [below](binding_subkeys).
|
||||
|
||||
|
||||
(identity_components)=
|
||||
### Identity components
|
||||
|
@ -141,6 +150,7 @@ Often, identities in a User ID consist of a string that is composed of a name an
|
|||
OpenPGP certificates can contain any number of User IDs
|
||||
```
|
||||
|
||||
(primary_user_id)=
|
||||
#### Primary User ID and its implications
|
||||
|
||||
One User ID in a certificate has the special property of being the [Primary User ID](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-primary-user-id).
|
||||
|
@ -227,6 +237,13 @@ Alice can link a User ID to her OpenPGP certificate with a cryptographic signatu
|
|||
Linking a User ID to an OpenPGP certificate
|
||||
```
|
||||
|
||||
(direct_key_signature)=
|
||||
#### Direct key signature
|
||||
|
||||
```{admonition} TODO
|
||||
explain metadata associated with this signature, and that c-r prefers this over primary user id.
|
||||
```
|
||||
|
||||
(third_party_cert)=
|
||||
## Third party (identity) certifications
|
||||
|
||||
|
|
Loading…
Reference in a new issue