vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2024-11-26 09:32:06 +01:00
Code Issues Projects Releases Packages Wiki Activity

i think the rfc says that generic certifications are commonly used for third party certifications, while this section is about self-signatures

Browse source
This commit is contained in:
Heiko Schaefer 2023-11-28 20:06:24 +01:00
parent 46f3ee92f5
commit 3235ad49d4
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
book/source/08-signing_components.md
View file

@ -137,7 +137,7 @@ Self-signatures also play a vital role in binding identity components, such as U
To bind the User ID `Alice Adams <alice@example.org>` to her OpenPGP certificate (`AAA1 8CBB 2546 85C5 8358 3205 63FD 37B6 7F33 00F9 FB0E C457 378C D29F 1026 98B3`), Alice would use a certification signature.
There are four types of *certifying self-signature*. According to the specification, the most commonly used type for binding User IDs is the [generic certification](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-generic-certification-of-a-) (type ID `0x10`). Alternatively, types `0x11`, `0x12` or `0x13` might be used. This binding signature must be issued by the primary key.
There are four types of *certifying self-signature*. The most commonly used type for binding User IDs is the [positive certification](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#sigtype-positive-cert) (type ID `0x13`). Alternatively, types `0x10`, `0x11` or `0x12` might be used. This binding signature must be issued by the primary key.
The certifying self-signature packet calculated over the primary key, User ID, and metadata of the signature packet is added to the certificate, directly following the User ID packet.