mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-23 16:12:05 +01:00
edit section on layers of keys, integrating previoous Ch2 section
This commit is contained in:
parent
f9d0c132ee
commit
63c3a2c94a
1 changed files with 7 additions and 6 deletions
|
@ -11,16 +11,17 @@ The term "(cryptographic) keys" is central to grasping the concept of OpenPGP ce
|
|||
|
||||
The term "key," without additional context, can refer to either public or private asymmetric key material. In asymmetric cryptography, fundamental to the OpenPGP standard, a pair of keys is used: a public key for encryption and a corresponding private key for decryption. The public key is shared openly, allowing others to encrypt data meant for the individual who owns the key pair, while the private key is kept confidential by the key pair owner, ensuring only they can decrypt and access the encrypted data. Additionally, symmetric keys may be used in OpenPGP to encrypt private key material, adding a layer of security and complexity.
|
||||
|
||||
### Layers of "keys," in OpenPGP
|
||||
### Layers of keys in OpenPGP
|
||||
|
||||
Independent of the distinction between private and public keys, in OpenPGP, the term "key" is used to refer to three different layers, all related but distinct:
|
||||
In OpenPGP, the term "key" is used to refer to three distinct layers, each serving a unique purpose:
|
||||
|
||||
1. A (bare) ["cryptographic key"](asymmetric_key_pair) (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`.
|
||||
2. An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consists of a cryptographic keypair combined some invariant metadata (e.g. key creation time).
|
||||
3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys, identity components and additional elements.
|
||||
1. A (bare) ["cryptographic key"](asymmetric_key_pair) comprises the private and/or public parameters forming a key. For instance, in the case of an RSA private key, the key consists of the exponent `d` along with the prime numbers `p` and `q`.
|
||||
2. An OpenPGP *component key* includes either an "OpenPGP primary key" or an "OpenPGP subkey." It is a building block of an OpenPGP certificate, consisting of a cryptographic keypair coupled with some invariant metadata, such as key creation time.
|
||||
3. An "OpenPGP certificate" (or "OpenPGP key") consists of several component keys, identity components, and other elements. These certificates are dynamic, evolving over time as components are added, expire, or are marked as invalid.
|
||||
|
||||
In the following section, we'll look at the two OpenPGP-specific layers (2 and 3).
|
||||
The following section will delve into the OpenPGP-specific layers (2 and 3) to provide a clearer understanding of their roles within OpenPGP certificates.
|
||||
|
||||
For detailed insights on structure and handling, refer to our chapters on OpenPGP [certificates](certificates_chapter) and [private keys](private_key_chapter). Additionally, managing certificates, and understanding their authentication and trust models are vital topics. While this document briefly touches upon these aspects, they are integral to working proficiently with OpenPGP.
|
||||
|
||||
## Structure of OpenPGP certificates
|
||||
|
||||
|
|
Loading…
Reference in a new issue