mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-26 09:32:06 +01:00
clarify auth-flag of commit c6888559f5
This commit is contained in:
parent
9d040057eb
commit
6ada412e74
1 changed files with 1 additions and 1 deletions
|
@ -204,7 +204,7 @@ Commonly used key flags include:
|
||||||
- **Encryption**: allows the key to encrypt data
|
- **Encryption**: allows the key to encrypt data
|
||||||
- **Authentication**: primarily used for SSH authentication[^auth-flag]
|
- **Authentication**: primarily used for SSH authentication[^auth-flag]
|
||||||
|
|
||||||
[^auth-flag]: Note that the capability offered by the [authentication](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-authentication-via-digital-) key flag is unrelated to "authentication" in the context of certifying and verifying OpenPGP identities and their connection to certificates. This key flag is about a mechanism that proves control of private key material to a remote system, using cryptographic signatures.
|
[^auth-flag]: It's important to note that the function of the [authentication](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-authentication-via-digital-) key flag is unrelated to the authentication process used in certifying OpenPGP identities and linking them to certificates. Rather, this flag indicates a mechanism that uses cryptographic signatures to confirm control of private key material with a remote system.
|
||||||
|
|
||||||
```{note}
|
```{note}
|
||||||
Distinct component keys handle specific operations. Only the primary key can be used for certification, although it can have additional capabilities. Subkeys can be used for signing, encryption, and authentication but cannot have the certification capability. A component key can technically have multiple capabilities. It is considered good practice, however, to [use separate keys for each capability](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#section-10.1.5-7).
|
Distinct component keys handle specific operations. Only the primary key can be used for certification, although it can have additional capabilities. Subkeys can be used for signing, encryption, and authentication but cannot have the certification capability. A component key can technically have multiple capabilities. It is considered good practice, however, to [use separate keys for each capability](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#section-10.1.5-7).
|
||||||
|
|
Loading…
Reference in a new issue