mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-23 08:02:05 +01:00
ch4: restructure packet splitting text sections
This commit is contained in:
parent
1aa4696f3e
commit
3688054f4f
1 changed files with 29 additions and 19 deletions
|
@ -321,13 +321,16 @@ Note that the secret key material we're using in this chapter is not password pr
|
||||||
|
|
||||||
In this section, we use the Sequoia-PGP tool `sq` to handle and transform our example OpenPGP key, and to inspect internal OpenPGP packet data.
|
In this section, we use the Sequoia-PGP tool `sq` to handle and transform our example OpenPGP key, and to inspect internal OpenPGP packet data.
|
||||||
|
|
||||||
One way to produce this minimal version of Alice's key is:
|
(split_alice)=
|
||||||
|
#### Splitting an OpenPGP key into packets
|
||||||
|
|
||||||
|
One way to produce a very minimal version of Alice's key is to split her full key into its component packets, and join only the relevant ones back together into a variant of the key.
|
||||||
|
|
||||||
```text
|
```text
|
||||||
$ sq packet split alice.priv
|
$ sq packet split alice.priv
|
||||||
```
|
```
|
||||||
|
|
||||||
With this command, `sq` generates a set of files, one for each packet in `alice.priv`:
|
With this command, `sq` generates a set of files, each containing an individual OpenPGP packet of the original full key in `alice.priv`:
|
||||||
|
|
||||||
```text
|
```text
|
||||||
alice.priv-0--SecretKey
|
alice.priv-0--SecretKey
|
||||||
|
@ -342,12 +345,32 @@ alice.priv-8--SecretSubkey
|
||||||
alice.priv-9--Signature
|
alice.priv-9--Signature
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```{admonition} VISUAL
|
||||||
|
:class: warning
|
||||||
|
|
||||||
|
Show a very abstract diagram of the packets of Alice's OpenPGP key (above):
|
||||||
|
- Secret-Key packet
|
||||||
|
- Direct Key Signature
|
||||||
|
- User ID
|
||||||
|
- Certifying self-signature for User ID
|
||||||
|
- Secret-Subkey packet
|
||||||
|
- Subkey binding signature
|
||||||
|
- Secret-Subkey packet
|
||||||
|
- Subkey binding signature
|
||||||
|
- Secret-Subkey packet
|
||||||
|
- Subkey binding signature
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Joining packets into an OpenPGP key
|
||||||
|
|
||||||
For our first step, we'll use just the first two of these packets, and join them together as a private key:
|
For our first step, we'll use just the first two of these packets, and join them together as a private key:
|
||||||
|
|
||||||
```text
|
```text
|
||||||
$ sq packet join alice.priv-0--SecretKey alice.priv-1--Signature --output alice_minimal.priv
|
$ sq packet join alice.priv-0--SecretKey alice.priv-1--Signature --output alice_minimal.priv
|
||||||
```
|
```
|
||||||
|
|
||||||
|
#### Inspecting this key
|
||||||
|
|
||||||
This version of Alice's key contains just two packets:
|
This version of Alice's key contains just two packets:
|
||||||
|
|
||||||
- The [*Secret-Key packet*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-secret-key-packet-formats) for the primary key, and
|
- The [*Secret-Key packet*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-secret-key-packet-formats) for the primary key, and
|
||||||
|
@ -649,31 +672,18 @@ Now we'll look at a subkey in Alice's key. An OpenPGP subkey, when it is linked
|
||||||
- a key packet that contains the component key itself, and
|
- a key packet that contains the component key itself, and
|
||||||
- a signature packet that links this component key to the primary key (and thus implicitly to the full OpenPGP certificate).
|
- a signature packet that links this component key to the primary key (and thus implicitly to the full OpenPGP certificate).
|
||||||
|
|
||||||
In this section, we'll use the files that contain individual packets of Alice's key, which we generated above. In this split representation of Alice's key, the encryption subkey happens to be stored in `alice.priv-4--SecretSubkey`, and the associated binding self-signature for the subkey in `alice.priv-5--Signature`.
|
In this section, we'll use the files that contain individual packets of Alice's key, which we split apart above. In this split representation of Alice's key, the encryption subkey happens to be stored in `alice.priv-4--SecretSubkey`, and the associated binding self-signature for the subkey in `alice.priv-5--Signature`.
|
||||||
|
|
||||||
|
|
||||||
````{note}
|
````{note}
|
||||||
It's common to look at a packet dump for a full OpenPGP key (not split apart), like this:
|
It's common to look at a packet dump for a full OpenPGP key, like this:
|
||||||
|
|
||||||
```text
|
```text
|
||||||
$ sq packet dump --hex alice.priv
|
$ sq packet dump --hex alice.priv
|
||||||
```
|
```
|
||||||
|
|
||||||
That output shows a much longer series of packets (as shown in the diagram below). This output will contain the two packets we now look at, with the exact same data, but they would be a bit harder to locate visually.
|
That command shows the details for the full series of packets in an OpenPGP certificate (recall the list of [packets of Alice's key](split_alice)). Finding a particular packet in that list can take a moment.
|
||||||
|
|
||||||
```{admonition} VISUAL
|
In the following sections we're making it a bit easier for ourselves, and directly look at individual packets, from the files we created with `sq packet split`, above.
|
||||||
:class: warning
|
|
||||||
|
|
||||||
Show a very abstract diagram of packets in a typical full OpenPGP key:
|
|
||||||
- Secret-Key packet
|
|
||||||
- Direct Key Signature
|
|
||||||
- User ID
|
|
||||||
- Certifying self-signature for User ID
|
|
||||||
- Secret-Subkey packet
|
|
||||||
- Subkey binding signature
|
|
||||||
- Secret-Subkey packet
|
|
||||||
- Subkey binding signature
|
|
||||||
```
|
|
||||||
````
|
````
|
||||||
|
|
||||||
#### Secret-Subkey packet
|
#### Secret-Subkey packet
|
||||||
|
|
Loading…
Reference in a new issue