mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-26 17:42:06 +01:00
Elaborate how the signature is calculated
This commit is contained in:
parent
384f26c1bc
commit
4754753cfc
1 changed files with 13 additions and 2 deletions
|
@ -53,7 +53,7 @@ In this chapter, we discuss the general principles of OpenPGP signatures, which
|
|||
|
||||
For more detail about specific types of signatures, see the chapters {ref}`signing_data` and {ref}`component_signatures_chapter`, respectively.
|
||||
|
||||
## Structure of an OpenPGP signature
|
||||
## Structure of an OpenPGP signature packet
|
||||
|
||||
As outlined above, an OpenPGP signature is a composite data structure, which combines:
|
||||
|
||||
|
@ -67,7 +67,18 @@ As outlined above, an OpenPGP signature is a composite data structure, which com
|
|||
Structure of an OpenPGP signature packet
|
||||
```
|
||||
|
||||
The cryptographic signature is calculated by its issuer. It certifies a hash digest, which in turn combines a set of input data. The exact input data depends on the signature type. Roughly: the hash digest is over the elements that the OpenPGP signature makes a statement about, combined with the metadata in the OpenPGP signature packet itself. More on this later.
|
||||
### Generation and validation of cryptographic signatures in OpenPGP
|
||||
|
||||
The central element of an OpenPGP signature packet is the raw cryptographic signature it contains. This cryptographic signature is calculated by the issuer of that signature packet.
|
||||
|
||||
In abstract terms, the cryptographic signature certifies a set of input data ("signature over"): The signer is making a statement about that set of input data. That statement is encoded as the signature packet.
|
||||
|
||||
If we look more closely, the cryptographic signature is actually calculated in two steps:
|
||||
|
||||
1. A hash digest is calculated from the set of input data.
|
||||
2. The signature is calculated for this hash digest.
|
||||
|
||||
The exact input data depends on the signature type. However, the input data always comprises the information that the signature makes a statement about. It includes the metadata in the OpenPGP signature packet itself.
|
||||
|
||||
(signature_subpackets)=
|
||||
## Signature subpackets
|
||||
|
|
Loading…
Reference in a new issue