From 7da0131ea72337db0cd2138680446fe12db3ddd6 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Sat, 7 Oct 2023 14:45:56 +0200 Subject: [PATCH 1/7] change opening lines/introduction to chapter --- book/source/04-certificates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 8583c90..597704c 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -1,7 +1,7 @@ (certificates_chapter)= # Certificates -One central (and non-trivial) element of OpenPGP are "OpenPGP certificates" (also often called "OpenPGP keys"). OpenPGP certificates are relatively complex data structures, so it's good to have a clear mental model of them. +OpenPGP fundamentally hinges on the concept of "OpenPGP certificates," often referred to as "OpenPGP keys." These certificates are complex data structures essential for identity verification and data encryption. Understanding their structure and functionality is pivotal for effective application of the OpenPGP standard. ## Terminology: The various meanings of "key" From ab926334bd678823f040ced2dfbcd41b02e5051f Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Sat, 7 Oct 2023 14:49:26 +0200 Subject: [PATCH 2/7] edit section intro on understanding keys --- book/source/04-certificates.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 597704c..2d856d2 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -3,9 +3,9 @@ OpenPGP fundamentally hinges on the concept of "OpenPGP certificates," often referred to as "OpenPGP keys." These certificates are complex data structures essential for identity verification and data encryption. Understanding their structure and functionality is pivotal for effective application of the OpenPGP standard. -## Terminology: The various meanings of "key" +## Terminology: Understanding "keys" -The concept of "(cryptographic) keys" plays a central role, when looking at OpenPGP certificates. Confusingly, the term can be used to refer to a number of subtly different things. +The term "(cryptographic) keys" is central to grasping the concept of OpenPGP certificates. However, it can refer to different entities, making it a potentially confusing term. Let's clarify those differences. ### Private vs. public keys From 4e9ddaee0b9634e4d70c639b226ad98b0adbbfc1 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Sat, 7 Oct 2023 15:03:43 +0200 Subject: [PATCH 3/7] clarify in section on public vs private keys --- book/source/04-certificates.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 2d856d2..667617d 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -7,9 +7,9 @@ OpenPGP fundamentally hinges on the concept of "OpenPGP certificates," often ref The term "(cryptographic) keys" is central to grasping the concept of OpenPGP certificates. However, it can refer to different entities, making it a potentially confusing term. Let's clarify those differences. -### Private vs. public keys +### Public vs. private keys -First, without additional context, the word "key" can refer either to public, or to private asymmetric key material (or even to symmetric keys, which can be used to encrypt private key material in OpenPGP keys). +The term "key," without additional context, can refer to either public or private asymmetric key material. In asymmetric cryptography, fundamental to the OpenPGP standard, a pair of keys is used: a public key for encryption and a corresponding private key for decryption. The public key is shared openly, allowing others to encrypt data meant for the individual who owns the key pair, while the private key is kept confidential by the key pair owner, ensuring only they can decrypt and access the encrypted data. Additionally, symmetric keys may be used in OpenPGP to encrypt private key material, adding a layer of security and complexity. ### Layers of "keys," in OpenPGP From 2beba67d13d796ddf957a41bb964ac5b1f989c3e Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Sat, 7 Oct 2023 15:13:58 +0200 Subject: [PATCH 4/7] edit section on layers of keys, integrating previoous Ch2 section --- book/source/04-certificates.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 667617d..a256b8e 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -11,16 +11,17 @@ The term "(cryptographic) keys" is central to grasping the concept of OpenPGP ce The term "key," without additional context, can refer to either public or private asymmetric key material. In asymmetric cryptography, fundamental to the OpenPGP standard, a pair of keys is used: a public key for encryption and a corresponding private key for decryption. The public key is shared openly, allowing others to encrypt data meant for the individual who owns the key pair, while the private key is kept confidential by the key pair owner, ensuring only they can decrypt and access the encrypted data. Additionally, symmetric keys may be used in OpenPGP to encrypt private key material, adding a layer of security and complexity. -### Layers of "keys," in OpenPGP +### Layers of keys in OpenPGP -Independent of the distinction between private and public keys, in OpenPGP, the term "key" is used to refer to three different layers, all related but distinct: +In OpenPGP, the term "key" is used to refer to three distinct layers, each serving a unique purpose: -1. A (bare) ["cryptographic key"](asymmetric_key_pair) (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`. -2. An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consists of a cryptographic keypair combined some invariant metadata (e.g. key creation time). -3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys, identity components and additional elements. +1. A (bare) ["cryptographic key"](asymmetric_key_pair) comprises the private and/or public parameters forming a key. For instance, in the case of an RSA private key, the key consists of the exponent `d` along with the prime numbers `p` and `q`. +2. An OpenPGP *component key* includes either an "OpenPGP primary key" or an "OpenPGP subkey." It is a building block of an OpenPGP certificate, consisting of a cryptographic keypair coupled with some invariant metadata, such as key creation time. +3. An "OpenPGP certificate" (or "OpenPGP key") consists of several component keys, identity components, and other elements. These certificates are dynamic, evolving over time as components are added, expire, or are marked as invalid. -In the following section, we'll look at the two OpenPGP-specific layers (2 and 3). +The following section will delve into the OpenPGP-specific layers (2 and 3) to provide a clearer understanding of their roles within OpenPGP certificates. +For detailed insights on structure and handling, refer to our chapters on OpenPGP [certificates](certificates_chapter) and [private keys](private_key_chapter). Additionally, managing certificates, and understanding their authentication and trust models are vital topics. While this document briefly touches upon these aspects, they are integral to working proficiently with OpenPGP. ## Structure of OpenPGP certificates From b353129bcc9a4f21e3d2dc43f6d58d71367f5a15 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Thu, 12 Oct 2023 13:42:38 +0200 Subject: [PATCH 5/7] add digital signatures --- book/source/04-certificates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index a256b8e..48f943a 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -1,7 +1,7 @@ (certificates_chapter)= # Certificates -OpenPGP fundamentally hinges on the concept of "OpenPGP certificates," often referred to as "OpenPGP keys." These certificates are complex data structures essential for identity verification and data encryption. Understanding their structure and functionality is pivotal for effective application of the OpenPGP standard. +OpenPGP fundamentally hinges on the concept of "OpenPGP certificates," often referred to as "OpenPGP keys." These certificates are complex data structures essential for identity verification, data encryption, and digital signatures. Understanding their structure and functionality is pivotal for effective application of the OpenPGP standard. ## Terminology: Understanding "keys" From 6f179d2c078f47237d9564644c6e02ff3e1e72eb Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Thu, 12 Oct 2023 13:47:43 +0200 Subject: [PATCH 6/7] remove asysmmetric explainer, evaluate for ch3 --- book/source/04-certificates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 48f943a..49d50f6 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -9,7 +9,7 @@ The term "(cryptographic) keys" is central to grasping the concept of OpenPGP ce ### Public vs. private keys -The term "key," without additional context, can refer to either public or private asymmetric key material. In asymmetric cryptography, fundamental to the OpenPGP standard, a pair of keys is used: a public key for encryption and a corresponding private key for decryption. The public key is shared openly, allowing others to encrypt data meant for the individual who owns the key pair, while the private key is kept confidential by the key pair owner, ensuring only they can decrypt and access the encrypted data. Additionally, symmetric keys may be used in OpenPGP to encrypt private key material, adding a layer of security and complexity. +The term "key," without additional context, can refer to either public or private asymmetric key material. Additionally, symmetric keys may be used in OpenPGP to encrypt private key material, adding a layer of security and complexity. ### Layers of keys in OpenPGP From 44eba4a6bbbca95e9f62f64ebcf91135ac34e6e6 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Thu, 12 Oct 2023 14:06:10 +0200 Subject: [PATCH 7/7] change to 'may refer to' --- book/source/04-certificates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 49d50f6..29b2fef 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -13,7 +13,7 @@ The term "key," without additional context, can refer to either public or privat ### Layers of keys in OpenPGP -In OpenPGP, the term "key" is used to refer to three distinct layers, each serving a unique purpose: +In OpenPGP, the term "key" may refer to three distinct layers, each serving a unique purpose: 1. A (bare) ["cryptographic key"](asymmetric_key_pair) comprises the private and/or public parameters forming a key. For instance, in the case of an RSA private key, the key consists of the exponent `d` along with the prime numbers `p` and `q`. 2. An OpenPGP *component key* includes either an "OpenPGP primary key" or an "OpenPGP subkey." It is a building block of an OpenPGP certificate, consisting of a cryptographic keypair coupled with some invariant metadata, such as key creation time.