vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2024-11-23 08:02:05 +01:00
Code Issues Projects Releases Packages Wiki Activity

ch4: Introduce "component" term

Browse source
This commit is contained in:
Heiko Schaefer 2023-10-03 15:30:25 +02:00
parent 7c94b45ea8
commit 42e37a6260
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
book/source/04-certificates.md
View file

@ -28,13 +28,15 @@ An OpenPGP certificate (or "OpenPGP key") is a collection of an arbitrary number
- identity information, and - identity information, and
- other metadata. - other metadata.
All elements of an OpenPGP certificate are structured around one central element: the *OpenPGP primary key*. The primary key acts as a personal CA for the key's owner: It can make cryptographic statements about subkeys, identities, expiration times, revocation, ... We sometimes collectively refer to component keys and identity information as the "components" of a certificate.
```{figure} diag/OpenPGP\ Certificate.svg ```{figure} diag/OpenPGP\ Certificate.svg
An OpenPGP certificate Typical components in an OpenPGP certificate
``` ```
All elements of an OpenPGP certificate are structured around one central element: the *OpenPGP primary key*. The primary key acts as a personal CA for the certificate's owner: It can make cryptographic statements about subkeys, identities, expiration, revocation, ...
```{note} ```{note}
OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidated, over the lifetime of a certificate OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidated, over the lifetime of a certificate
``` ```
@ -151,6 +153,8 @@ User attributes are similar to User IDs, but less commonly used.
### Linking the components of an OpenPGP certificate together ("bindings") ### Linking the components of an OpenPGP certificate together ("bindings")
So far we've looked at the components in an OpenPGP certificate, but certificates actually contain another set of elements, which bind the components together, and add metadata to them.
Internally, an OpenPGP certificate consists of a sequence of OpenPGP packets. These packets are just stringed together, one after the other. When a certificate is stored in a file[^tpk], it's easy to remove some of these packets, or add new ones. Internally, an OpenPGP certificate consists of a sequence of OpenPGP packets. These packets are just stringed together, one after the other. When a certificate is stored in a file[^tpk], it's easy to remove some of these packets, or add new ones.
[^tpk]: When an OpenPGP certificate is stored as a file, it's in a format that is called [transferable public key](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-transferable-public-keys) in the RFC [^tpk]: When an OpenPGP certificate is stored as a file, it's in a format that is called [transferable public key](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-transferable-public-keys) in the RFC