mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-27 01:52:06 +01:00
ch4: Introduce "component" term
This commit is contained in:
parent
7c94b45ea8
commit
42e37a6260
1 changed files with 6 additions and 2 deletions
|
@ -28,13 +28,15 @@ An OpenPGP certificate (or "OpenPGP key") is a collection of an arbitrary number
|
||||||
- identity information, and
|
- identity information, and
|
||||||
- other metadata.
|
- other metadata.
|
||||||
|
|
||||||
All elements of an OpenPGP certificate are structured around one central element: the *OpenPGP primary key*. The primary key acts as a personal CA for the key's owner: It can make cryptographic statements about subkeys, identities, expiration times, revocation, ...
|
We sometimes collectively refer to component keys and identity information as the "components" of a certificate.
|
||||||
|
|
||||||
```{figure} diag/OpenPGP\ Certificate.svg
|
```{figure} diag/OpenPGP\ Certificate.svg
|
||||||
|
|
||||||
An OpenPGP certificate
|
Typical components in an OpenPGP certificate
|
||||||
```
|
```
|
||||||
|
|
||||||
|
All elements of an OpenPGP certificate are structured around one central element: the *OpenPGP primary key*. The primary key acts as a personal CA for the certificate's owner: It can make cryptographic statements about subkeys, identities, expiration, revocation, ...
|
||||||
|
|
||||||
```{note}
|
```{note}
|
||||||
OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidated, over the lifetime of a certificate
|
OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidated, over the lifetime of a certificate
|
||||||
```
|
```
|
||||||
|
@ -151,6 +153,8 @@ User attributes are similar to User IDs, but less commonly used.
|
||||||
|
|
||||||
### Linking the components of an OpenPGP certificate together ("bindings")
|
### Linking the components of an OpenPGP certificate together ("bindings")
|
||||||
|
|
||||||
|
So far we've looked at the components in an OpenPGP certificate, but certificates actually contain another set of elements, which bind the components together, and add metadata to them.
|
||||||
|
|
||||||
Internally, an OpenPGP certificate consists of a sequence of OpenPGP packets. These packets are just stringed together, one after the other. When a certificate is stored in a file[^tpk], it's easy to remove some of these packets, or add new ones.
|
Internally, an OpenPGP certificate consists of a sequence of OpenPGP packets. These packets are just stringed together, one after the other. When a certificate is stored in a file[^tpk], it's easy to remove some of these packets, or add new ones.
|
||||||
|
|
||||||
[^tpk]: When an OpenPGP certificate is stored as a file, it's in a format that is called [transferable public key](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-transferable-public-keys) in the RFC
|
[^tpk]: When an OpenPGP certificate is stored as a file, it's in a format that is called [transferable public key](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-transferable-public-keys) in the RFC
|
||||||
|
|
Loading…
Reference in a new issue