vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-02-17 01:26:29 +01:00
Code Issues Projects Releases Packages Wiki Activity

tighten up ch6 signature packet creation section

Browse source
This commit is contained in:
Tammi L. Coles 2023-11-10 15:07:35 +01:00
parent d4a616094e
commit 3b401a17a7
1 changed files with 9 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
book/source/06-signatures.md
View file

@ -62,24 +62,21 @@ Structure of an OpenPGP signature packet
### Creating an OpenPGP signature packet
When someone creates a signature packet, their goal is to make some type of statement about a set of input data, and encode this statement in the signature packet.
Creating an OpenPGP signature packet involves encoding a statement about a specific set of data within the packet.
The input data consists of:
The input data of a signature packet includes:
- a number of packets (usually one or more packets, but in some cases none), which the signature statement is about, and
- some of the data in the signature packet itself. This data specifies the intent of the signature.
- **Packets being signed**: Typically one or more packets, though sometimes none, depending on the context. These are the packets to which the signature statement pertains.
- **Data within the signature packet**: This includes information that specifies the intent of the signature.
The signature type determines which data is used as the input data. Either way, the input data always consists of the information that the signature makes a statement about.
The input data is determined by the signature type and consists of the exact content that the signature statement addresses.
The signature packet consists of two parts:
- The data that defines the meaning of the statement, and
- A cryptographic digital signature with which the signer formally endorses that statement.
So the signature packet hinges on that cryptographic signature. It is produced by the issuer as follows:
1. A hash digest is calculated from the set of input data.
2. The signature is calculated for this hash digest.
1. **Statement definition**: This part of the packet defines the meaning or intent of the signature.
2. **Cryptographic digital signature**: This is the formal endorsement by the signer, created as follows:
- A hash digest is calculated from the input data.
- The signature is then calculated for this hash digest.
```{figure} diag/Signature_Creation.png