vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2024-11-23 16:12:05 +01:00
Code Issues Projects Releases Packages Wiki Activity

ch4: adjust to use alice's v6 key; minor edits

Browse source
This commit is contained in:
Heiko Schaefer 2023-10-01 18:31:13 +02:00
parent f080803555
commit 854bda18ad
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
2 changed files with 361 additions and 349 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

663
book/source/04-certificates.md
View file

@ -14,10 +14,10 @@ First, without additional context, the word "key" can refer either to public, or
Independent of the distinction between private and public keys, in OpenPGP, the term "key" is used to refer to three different layers, all related but distinct: Independent of the distinction between private and public keys, in OpenPGP, the term "key" is used to refer to three different layers, all related but distinct:
1. A (bare) "cryptographic key" (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`. 1. A (bare) "cryptographic key" (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`.
2. An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consist of a (bare) cryptographic keypair combined some invariant metadata (e.g. key creation time). 2. An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consists of a (bare) cryptographic keypair combined some invariant metadata (e.g. key creation time).
3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys plus additional elements, such as identity information. (e.g. OpenPGP "key servers" serve this type of object). 3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys plus additional elements, such as identity information. (e.g., OpenPGP "key servers" serve this type of object).
In the following section, we'll look at two OpenPGP-specific layers (2 and 3). In the following section, we'll look at the two OpenPGP-specific layers (2 and 3).
## Structure of OpenPGP certificates ## Structure of OpenPGP certificates
@ -66,22 +66,28 @@ For each OpenPGP component key, an *OpenPGP fingerprint* can be derived from the
Each OpenPGP component key has a fingerprint Each OpenPGP component key has a fingerprint
``` ```
The fingerprint of our example component OpenPGP key is `B3D2 7B09 FBA4 1235 2B41 8972 C8B8 6AC4 2455 4239` [^keyid]. The fingerprint of our example component OpenPGP key is `AAA1 8CBB 2546 85C5 8358 3205 63FD 37B6 7F33 00F9 FB0E C457 378C D29F 1026 98B3` [^keyid].
[^keyid]: Sometimes, a shortened (64 bit) version of the fingerprint is used instead of the full fingerprint, like this: `C8B8 6AC4 2455 4239` (the rightmost 64 bit of the fingerprint). This type of identifier is called a "Key ID". Historically, 32 bit shorthand identifiers have been used with PGP, like this: `2455 4239`. You may still see such identifiers in very old documents about PGP, but 32 bit identifiers have [been unfit for purpose for a long time](https://evil32.com/). At some point, 32 bit identifiers were called "short Key ID", while 64 bit identifiers were called "long Key ID". [^keyid]: In OpenPGP version 4, the rightmost 64 bit were sometimes used as a shorter identifier, called "Key ID".
E.g., an OpenPGP version 4 certificate with the fingerprint `B3D2 7B09 FBA4 1235 2B41 8972 C8B8 6AC4 2455 4239` might be referred to by the 64 bit Key ID `C8B8 6AC4 2455 4239` or styled as `0xC8B86AC424554239`.
Historically, even shorter 32 bit identifiers have sometimes been used, like this: `2455 4239`, or `0x24554239`. You may still see such identifiers in very old documents about PGP. However, 32 bit identifiers have [been unfit for purpose for a long time](https://evil32.com/). At some point, 32 bit identifiers were called "short Key ID", while 64 bit identifiers were called "long Key ID".
#### Primary key #### Primary key
The "OpenPGP primary key" has the same structure as all other component keys. But it serves a central role: The "OpenPGP primary key" has the same structure as all other component keys. But it serves a central role:
- Its fingerprint is used as the unique identifier for the full OpenPGP certificate. - Its fingerprint is used as the unique identifier for the full OpenPGP certificate.
- In addition, it is used for lifecycle operations (e.g. adding or invalidating subkeys or identities in a certificate) - In addition, it is used for lifecycle operations, such as adding or invalidating subkeys or identities in a certificate.
(The OpenPGP primary key has historically also sometimes informally been referred to as "master key".) ```{admonition} Terminology
:class: note
In the RFC, the OpenPGP primary key is also sometimes referred to as "top-level key." Historically, it has sometimes informally been called "master key."
```
#### Subkeys #### Subkeys
In addition to the primary key, modern OpenPGP certificates can contain "subkeys" in addition to the primary key. In addition to the primary key, modern OpenPGP certificates usually contain "subkeys" in addition to the primary key.
Subkeys have the same structure as the primary key, but play a subtly different role in the certificate. Subkeys are cryptographically linked with the primary key (more on this below). Subkeys have the same structure as the primary key, but play a subtly different role in the certificate. Subkeys are cryptographically linked with the primary key (more on this below).
@ -178,7 +184,7 @@ This additional "Primary Key Binding Signature" is informally called a "back sig
OpenPGP certificates often contain identity markers. Typically, in the form of "User ID"s (however, User Attributes are analogous for the purpose of this section). OpenPGP certificates often contain identity markers. Typically, in the form of "User ID"s (however, User Attributes are analogous for the purpose of this section).
For example, above, we saw the User ID "Alice Adams <alice@example.org>" associated with Alice's key `B3D2 7B09 FBA4 1235 2B41 8972 C8B8 6AC4 2455 4239`. For example, above, we saw the User ID `Alice Adams <alice@example.org>` associated with Alice's key `AAA1 8CBB 2546 85C5 8358 3205 63FD 37B6 7F33 00F9 FB0E C457 378C D29F 1026 98B3`.
Alice can link a User ID to her OpenPGP certificate with a cryptographic signature. To link a User ID, a signature of the type `PositiveCertification` is created. The signature is issued using the primary (secret) key. Alice can link a User ID to her OpenPGP certificate with a cryptographic signature. To link a User ID, a signature of the type `PositiveCertification` is created. The signature is issued using the primary (secret) key.
@ -247,122 +253,123 @@ The counterpart is called [Transferable Secret Keys](https://www.ietf.org/archiv
### A minimal OpenPGP key ### A minimal OpenPGP key
A minimal key can be made with Sequoia-PGP like this: A minimal OpenPGP key consists of the Secret-Key Packet for the primary key, and a self-certification (the Direct Key Signature).
`let (cert, _) = CertBuilder::new().generate()?;`
#### Seen as a private OpenPGP key #### Seen as a private OpenPGP key
Viewed as a private key (in ASCII-armored representation), such a minimal key looks like this: A minimal version of [Alice's private key](alice_priv) (in ASCII-armored representation) looks like this:
``` ```text
-----BEGIN PGP PRIVATE KEY BLOCK----- -----BEGIN PGP PRIVATE KEY BLOCK-----
Comment: 6D10 0EB0 444D 1648 DAD9 A0EE DE83 CCF4 A204 F957 Comment: AAA1 8CBB 2546 85C5 8358 3205 63FD 37B6 7F33 00F9 FB0E C457 378C D29F 1026 98B3
xVgEX7Kj9hYJKwYBBAHaRw8BAQdAztZjmUk3IUgnKwR9rfukVUt7UaVsvk+AoBtO xUsGZRbqphsAAAAgUyTpQ6+rFfdu1bUSmHlpzRtdEGXr50Liq0f0hrOuZT4A7+GZ
ZNbVqDcAAP4nrycHrmWHT8g454H/tr/19rT0nuPkYxMCUH9z5Atx/xLYwoMEHxYK tV8R+6qT6CadO7ItciB9/71C3UvpozaBO6XMz/vCtgYfGwoAAAA9BYJlFuqmBYkF
ADUFgl+yo/YDCwkHCRDeg8z0ogT5VwMVCggCmwECHgEWIQRtEA6wRE0WSNrZoO7e pI+9AwsJBwMVCggCmwECHgEiIQaqoYy7JUaFxYNYMgVj/Te2fzMA+fsOxFc3jNKf
g8z0ogT5VwAAbFgBAO1OYraoaDmFMZ7JWbLoTKW7xpDUNKB+kh+bdC6HjYpcAP9q ECaYswAAAAoJEKqhjLslRoXFZ0cgouNjgeNr0E9W18g4gAIl6FM5SWuQxg12j0S0
HhhgNE7noeQEsJmR0yW7tTYT8RyrJF6o2xZENlXdCw== 7ExCOI5NPRDCrSnAV85mAXOzeIGeiVLPQ40oEal3CX/L+BXIoY2sIEQrLd4TAEEy
=/8Os 0BA8aQZTPEmMdiOCM1QB+V+BQZAO
=f0GN
-----END PGP PRIVATE KEY BLOCK----- -----END PGP PRIVATE KEY BLOCK-----
``` ```
Looking into the internals of this key with `sq packet dump --hex`, or https://dump.sequoia-pgp.org/, we see that it is made up of a sequence of "Packets": If we decode this OpenPGP data, we see that the key is made up of a sequence of two packets:
``` ```text
Secret-Key Packet, new CTB, 2 header bytes + 88 bytes $ sq packet dump --hex alice_minimal.priv
Version: 4 Secret-Key Packet, new CTB, 2 header bytes + 75 bytes
Creation time: 2020-11-16 16:08:22 UTC Version: 6
Pk algo: EdDSA Edwards-curve Digital Signature Algorithm Creation time: 2023-09-29 15:17:58 UTC
Pk size: 256 bits Pk algo: Ed25519
Fingerprint: 6D10 0EB0 444D 1648 DAD9 A0EE DE83 CCF4 A204 F957 Pk size: 256 bits
KeyID: DE83 CCF4 A204 F957 Fingerprint: AAA18CBB254685C58358320563FD37B67F3300F9FB0EC457378CD29F102698B3
KeyID: AAA18CBB254685C5
Secret Key: Secret Key:
Unencrypted Unencrypted
00000000 c5 CTB 00000000 c5 CTB
00000001 58 length 00000001 4b length
00000002 04 version 00000002 06 version
00000003 5f b2 a3 f6 creation_time 00000003 65 16 ea a6 creation_time
00000007 16 pk_algo 00000007 1b pk_algo
00000008 09 curve_len 00000008 00 00 00 20 public_len
00000009 2b 06 01 04 01 da 47 curve 0000000c 53 24 e9 43 ed25519_public
00000010 0f 01 00000010 af ab 15 f7 6e d5 b5 12 98 79 69 cd 1b 5d 10 65
00000012 01 07 eddsa_public_len 00000020 eb e7 42 e2 ab 47 f4 86 b3 ae 65 3e
00000014 40 ce d6 63 99 49 37 21 48 27 2b 04 eddsa_public 0000002c 00 s2k_usage
00000020 7d ad fb a4 55 4b 7b 51 a5 6c be 4f 80 a0 1b 4e 0000002d ef e1 99 ed25519_secret
00000030 64 d6 d5 a8 37 00000030 b5 5f 11 fb aa 93 e8 26 9d 3b b2 2d 72 20 7d ff
00000035 00 s2k_usage 00000040 bd 42 dd 4b e9 a3 36 81 3b a5 cc cf fb
00000036 00 fe eddsa_secret_len
00000038 27 af 27 07 ae 65 87 4f eddsa_secret
00000040 c8 38 e7 81 ff b6 bf f5 f6 b4 f4 9e e3 e4 63 13
00000050 02 50 7f 73 e4 0b 71 ff
00000058 12 d8 checksum
Signature Packet, new CTB, 2 header bytes + 131 bytes Signature Packet, new CTB, 2 header bytes + 182 bytes
Version: 4 Version: 6
Type: DirectKey Type: DirectKey
Pk algo: EdDSA Edwards-curve Digital Signature Algorithm Pk algo: Ed25519
Hash algo: SHA512 Hash algo: SHA512
Hashed area: Hashed area:
Signature creation time: 2020-11-16 16:08:22 UTC (critical) Signature creation time: 2023-09-29 15:17:58 UTC (critical)
Symmetric algo preferences: AES256, AES128 Key expiration time: P1095DT62781S (critical)
Issuer: DE83 CCF4 A204 F957 Symmetric algo preferences: AES256, AES128
Hash preferences: SHA512, SHA256 Hash preferences: SHA512, SHA256
Key flags: C (critical) Key flags: C (critical)
Features: MDC Features: MDC
Issuer Fingerprint: 6D10 0EB0 444D 1648 DAD9 A0EE DE83 CCF4 A204 F957 Issuer Fingerprint: AAA18CBB254685C58358320563FD37B67F3300F9FB0EC457378CD29F102698B3
Digest prefix: 6C58 Unhashed area:
Level: 0 (signature over data) Issuer: AAA18CBB254685C5
Digest prefix: 6747
Level: 0 (signature over data)
00000000 c2 CTB 00000000 c2 CTB
00000001 83 length 00000001 b6 length
00000002 04 version 00000002 06 version
00000003 1f type 00000003 1f type
00000004 16 pk_algo 00000004 1b pk_algo
00000005 0a hash_algo 00000005 0a hash_algo
00000006 00 35 hashed_area_len 00000006 00 00 00 3d hashed_area_len
00000008 05 subpacket length 0000000a 05 subpacket length
00000009 82 subpacket tag 0000000b 82 subpacket tag
0000000a 5f b2 a3 f6 sig creation time 0000000c 65 16 ea a6 sig creation time
0000000e 03 subpacket length 00000010 05 subpacket length
0000000f 0b subpacket tag 00000011 89 subpacket tag
00000010 09 07 pref sym algos 00000012 05 a4 8f bd key expiry time
00000012 09 subpacket length 00000016 03 subpacket length
00000013 10 subpacket tag 00000017 0b subpacket tag
00000014 de 83 cc f4 a2 04 f9 57 issuer 00000018 09 07 pref sym algos
0000001c 03 subpacket length 0000001a 03 subpacket length
0000001d 15 subpacket tag 0000001b 15 subpacket tag
0000001e 0a 08 pref hash algos 0000001c 0a 08 pref hash algos
00000020 02 subpacket length 0000001e 02 subpacket length
00000021 9b subpacket tag 0000001f 9b subpacket tag
00000022 01 key flags 00000020 01 key flags
00000023 02 subpacket length 00000021 02 subpacket length
00000024 1e subpacket tag 00000022 1e subpacket tag
00000025 01 features 00000023 01 features
00000026 16 subpacket length 00000024 22 subpacket length
00000027 21 subpacket tag 00000025 21 subpacket tag
00000028 04 version 00000026 06 version
00000029 6d 10 0e b0 44 4d 16 issuer fp 00000027 aa a1 8c bb 25 46 85 c5 83 issuer fp
00000030 48 da d9 a0 ee de 83 cc f4 a2 04 f9 57 00000030 58 32 05 63 fd 37 b6 7f 33 00 f9 fb 0e c4 57 37
0000003d 00 00 unhashed_area_len 00000040 8c d2 9f 10 26 98 b3
0000003f 6c digest_prefix1 00000047 00 00 00 0a unhashed_area_len
00000040 58 digest_prefix2 0000004b 09 subpacket length
00000041 01 00 eddsa_sig_r_len 0000004c 10 subpacket tag
00000043 ed 4e 62 b6 a8 68 39 85 31 9e c9 59 b2 eddsa_sig_r 0000004d aa a1 8c issuer
00000050 e8 4c a5 bb c6 90 d4 34 a0 7e 92 1f 9b 74 2e 87 00000050 bb 25 46 85 c5
00000060 8d 8a 5c 00000055 67 digest_prefix1
00000063 00 ff eddsa_sig_s_len 00000056 47 digest_prefix2
00000065 6a 1e 18 60 34 4e e7 a1 e4 04 b0 eddsa_sig_s 00000057 20 salt_len
00000070 99 91 d3 25 bb b5 36 13 f1 1c ab 24 5e a8 db 16 00000058 a2 e3 63 81 e3 6b d0 4f salt
00000080 44 36 55 dd 0b 00000060 56 d7 c8 38 80 02 25 e8 53 39 49 6b 90 c6 0d 76
00000070 8f 44 b4 ec 4c 42 38 8e
00000078 4d 3d 10 c2 ad 29 c0 57 ed25519_sig
00000080 ce 66 01 73 b3 78 81 9e 89 52 cf 43 8d 28 11 a9
00000090 77 09 7f cb f8 15 c8 a1 8d ac 20 44 2b 2d de 13
000000a0 00 41 32 d0 10 3c 69 06 53 3c 49 8c 76 23 82 33
000000b0 54 01 f9 5f 81 41 90 0e
``` ```
We see that the key consists of two packets:
* First, a [*"Secret-Key Packet"*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#seckey), which contains the actual cryptographic key data. Note: the "Secret-Key" Packet contains both the private and the public part of the key. We also see in the output that this packet is "Unencrypted" (i.e. not password-protected). * First, a [*"Secret-Key Packet"*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#seckey), which contains the actual cryptographic key data. Note: the "Secret-Key" Packet contains both the private and the public part of the key. We also see in the output that this packet is "Unencrypted" (i.e. not password-protected).
* Second, a [*"Direct Key Signature"*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#sigtype-direct-key) (type 0x1F), *"Signature directly on a key"*. This packet *"binds the information in the Signature subpackets to the key"*. Each entry under "Signature Packet -> Hashed area" is one Signature subpacket, including for example information about algorithm preferences (*"Symmetric algo preferences"* and *"Hash preferences"*). * Second, a [*"Direct Key Signature"*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#sigtype-direct-key) (type 0x1F), *"Signature directly on a key"*. This packet *"binds the information in the Signature subpackets to the key"*. Each entry under "Signature Packet -> Hashed area" is one Signature subpacket, including for example information about algorithm preferences (*"Symmetric algo preferences"* and *"Hash preferences"*).
@ -374,112 +381,111 @@ A minimal OpenPGP key, visualized
#### Seen as a public certificate #### Seen as a public certificate
Let's compare this with the same certificate seen as an armored "public" certificate (that is, a variant of the key above, but without the private key material. An OpenPGP user might give such a certificate to a communication partner, so that the remote party could send encrypted messages to the user): Let's compare this with the same certificate seen as an armored OpenPGP certificate (that is, a "public key" variant of the key above, but without the private key material. An OpenPGP user might give such a certificate to a communication partner, so that the remote party could send encrypted messages to the user):
```text
```{admonition} TODO
:class: warning
Show packet dump invocations.
```
```
-----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: 6D10 0EB0 444D 1648 DAD9 A0EE DE83 CCF4 A204 F957 Comment: AAA1 8CBB 2546 85C5 8358 3205 63FD 37B6 7F33 00F9 FB0E C457 378C D29F 1026 98B3
xjMEX7Kj9hYJKwYBBAHaRw8BAQdAztZjmUk3IUgnKwR9rfukVUt7UaVsvk+AoBtO xioGZRbqphsAAAAgUyTpQ6+rFfdu1bUSmHlpzRtdEGXr50Liq0f0hrOuZT7CtgYf
ZNbVqDfCgwQfFgoANQWCX7Kj9gMLCQcJEN6DzPSiBPlXAxUKCAKbAQIeARYhBG0Q GwoAAAA9BYJlFuqmBYkFpI+9AwsJBwMVCggCmwECHgEiIQaqoYy7JUaFxYNYMgVj
DrBETRZI2tmg7t6DzPSiBPlXAABsWAEA7U5itqhoOYUxnslZsuhMpbvGkNQ0oH6S /Te2fzMA+fsOxFc3jNKfECaYswAAAAoJEKqhjLslRoXFZ0cgouNjgeNr0E9W18g4
H5t0LoeNilwA/2oeGGA0Tueh5ASwmZHTJbu1NhPxHKskXqjbFkQ2Vd0L gAIl6FM5SWuQxg12j0S07ExCOI5NPRDCrSnAV85mAXOzeIGeiVLPQ40oEal3CX/L
=ZN14 +BXIoY2sIEQrLd4TAEEy0BA8aQZTPEmMdiOCM1QB+V+BQZAO
=5nyq
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----
``` ```
``` ```text
Public-Key Packet, new CTB, 2 header bytes + 51 bytes $ sq packet dump --hex alice_minimal.pub
Version: 4 Public-Key Packet, new CTB, 2 header bytes + 42 bytes
Creation time: 2020-11-16 16:08:22 UTC Version: 6
Pk algo: EdDSA Edwards-curve Digital Signature Algorithm Creation time: 2023-09-29 15:17:58 UTC
Pk algo: Ed25519
Pk size: 256 bits Pk size: 256 bits
Fingerprint: 6D10 0EB0 444D 1648 DAD9 A0EE DE83 CCF4 A204 F957 Fingerprint: AAA18CBB254685C58358320563FD37B67F3300F9FB0EC457378CD29F102698B3
KeyID: DE83 CCF4 A204 F957 KeyID: AAA18CBB254685C5
00000000 c6 CTB 00000000 c6 CTB
00000001 33 length 00000001 2a length
00000002 04 version 00000002 06 version
00000003 5f b2 a3 f6 creation_time 00000003 65 16 ea a6 creation_time
00000007 16 pk_algo 00000007 1b pk_algo
00000008 09 curve_len 00000008 00 00 00 20 public_len
00000009 2b 06 01 04 01 da 47 curve 0000000c 53 24 e9 43 ed25519_public
00000010 0f 01 00000010 af ab 15 f7 6e d5 b5 12 98 79 69 cd 1b 5d 10 65
00000012 01 07 eddsa_public_len 00000020 eb e7 42 e2 ab 47 f4 86 b3 ae 65 3e
00000014 40 ce d6 63 99 49 37 21 48 27 2b 04 eddsa_public
00000020 7d ad fb a4 55 4b 7b 51 a5 6c be 4f 80 a0 1b 4e
00000030 64 d6 d5 a8 37
00000035 s2k_usage
Signature Packet, new CTB, 2 header bytes + 131 bytes Signature Packet, new CTB, 2 header bytes + 182 bytes
Version: 4 Version: 6
Type: DirectKey Type: DirectKey
Pk algo: EdDSA Edwards-curve Digital Signature Algorithm Pk algo: Ed25519
Hash algo: SHA512 Hash algo: SHA512
Hashed area: Hashed area:
Signature creation time: 2020-11-16 16:08:22 UTC (critical) Signature creation time: 2023-09-29 15:17:58 UTC (critical)
Key expiration time: P1095DT62781S (critical)
Symmetric algo preferences: AES256, AES128 Symmetric algo preferences: AES256, AES128
Issuer: DE83 CCF4 A204 F957
Hash preferences: SHA512, SHA256 Hash preferences: SHA512, SHA256
Key flags: C (critical) Key flags: C (critical)
Features: MDC Features: MDC
Issuer Fingerprint: 6D10 0EB0 444D 1648 DAD9 A0EE DE83 CCF4 A204 F957 Issuer Fingerprint: AAA18CBB254685C58358320563FD37B67F3300F9FB0EC457378CD29F102698B3
Digest prefix: 6C58 Unhashed area:
Issuer: AAA18CBB254685C5
Digest prefix: 6747
Level: 0 (signature over data) Level: 0 (signature over data)
00000000 c2 CTB 00000000 c2 CTB
00000001 83 length 00000001 b6 length
00000002 04 version 00000002 06 version
00000003 1f type 00000003 1f type
00000004 16 pk_algo 00000004 1b pk_algo
00000005 0a hash_algo 00000005 0a hash_algo
00000006 00 35 hashed_area_len 00000006 00 00 00 3d hashed_area_len
00000008 05 subpacket length 0000000a 05 subpacket length
00000009 82 subpacket tag 0000000b 82 subpacket tag
0000000a 5f b2 a3 f6 sig creation time 0000000c 65 16 ea a6 sig creation time
0000000e 03 subpacket length 00000010 05 subpacket length
0000000f 0b subpacket tag 00000011 89 subpacket tag
00000010 09 07 pref sym algos 00000012 05 a4 8f bd key expiry time
00000012 09 subpacket length 00000016 03 subpacket length
00000013 10 subpacket tag 00000017 0b subpacket tag
00000014 de 83 cc f4 a2 04 f9 57 issuer 00000018 09 07 pref sym algos
0000001c 03 subpacket length 0000001a 03 subpacket length
0000001d 15 subpacket tag 0000001b 15 subpacket tag
0000001e 0a 08 pref hash algos 0000001c 0a 08 pref hash algos
00000020 02 subpacket length 0000001e 02 subpacket length
00000021 9b subpacket tag 0000001f 9b subpacket tag
00000022 01 key flags 00000020 01 key flags
00000023 02 subpacket length 00000021 02 subpacket length
00000024 1e subpacket tag 00000022 1e subpacket tag
00000025 01 features 00000023 01 features
00000026 16 subpacket length 00000024 22 subpacket length
00000027 21 subpacket tag 00000025 21 subpacket tag
00000028 04 version 00000026 06 version
00000029 6d 10 0e b0 44 4d 16 issuer fp 00000027 aa a1 8c bb 25 46 85 c5 83 issuer fp
00000030 48 da d9 a0 ee de 83 cc f4 a2 04 f9 57 00000030 58 32 05 63 fd 37 b6 7f 33 00 f9 fb 0e c4 57 37
0000003d 00 00 unhashed_area_len 00000040 8c d2 9f 10 26 98 b3
0000003f 6c digest_prefix1 00000047 00 00 00 0a unhashed_area_len
00000040 58 digest_prefix2 0000004b 09 subpacket length
00000041 01 00 eddsa_sig_r_len 0000004c 10 subpacket tag
00000043 ed 4e 62 b6 a8 68 39 85 31 9e c9 59 b2 eddsa_sig_r 0000004d aa a1 8c issuer
00000050 e8 4c a5 bb c6 90 d4 34 a0 7e 92 1f 9b 74 2e 87 00000050 bb 25 46 85 c5
00000060 8d 8a 5c 00000055 67 digest_prefix1
00000063 00 ff eddsa_sig_s_len 00000056 47 digest_prefix2
00000065 6a 1e 18 60 34 4e e7 a1 e4 04 b0 eddsa_sig_s 00000057 20 salt_len
00000070 99 91 d3 25 bb b5 36 13 f1 1c ab 24 5e a8 db 16 00000058 a2 e3 63 81 e3 6b d0 4f salt
00000080 44 36 55 dd 0b 00000060 56 d7 c8 38 80 02 25 e8 53 39 49 6b 90 c6 0d 76
00000070 8f 44 b4 ec 4c 42 38 8e
00000078 4d 3d 10 c2 ad 29 c0 57 ed25519_sig
00000080 ce 66 01 73 b3 78 81 9e 89 52 cf 43 8d 28 11 a9
00000090 77 09 7f cb f8 15 c8 a1 8d ac 20 44 2b 2d de 13
000000a0 00 41 32 d0 10 3c 69 06 53 3c 49 8c 76 23 82 33
000000b0 54 01 f9 5f 81 41 90 0e
``` ```
Note that the two OpenPGP artifacts (public certificate and private key) are almost identical. Note that the two OpenPGP artifacts (OpenPGP certificate and OpenPGP private key) are almost identical.
The public certificate uses the packet type "Public-Key Packet" instead of "Secret-Key Packet". The two packet types are very similar. The "Public-Key Packet" leaves out two types of data The public certificate uses the packet type "Public-Key Packet" instead of "Secret-Key Packet." The two packet types are very similar. The "Public-Key Packet" leaves out two types of data
* the private key material (visualized in red), and * the private key material (visualized in red), and
* s2k configuration data, if any (this example doesn't have any). * s2k configuration data, if any (this example doesn't have any).
@ -500,195 +506,200 @@ User IDs are a mechanism for attaching *identities* to an OpenPGP certificate. T
To look into these, we'll make a certificate that has one [User ID](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#uid). User IDs are *"intended to represent the name and email address of the key holder"*. A certificate can have multiple User IDs associated with it. To look into these, we'll make a certificate that has one [User ID](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#uid). User IDs are *"intended to represent the name and email address of the key holder"*. A certificate can have multiple User IDs associated with it.
```
let (cert, _) = CertBuilder::new()
.add_userid("Alice Adams <alice@example.org>")
.generate()?;
```
Let's look into the details of this key: Let's look into the details of this key:
``` ```text
-----BEGIN PGP PRIVATE KEY BLOCK----- -----BEGIN PGP PRIVATE KEY BLOCK-----
Comment: A3F3 1A57 E400 A77C 2239 24C0 783B 4E35 B4E5 F1BA Comment: AAA1 8CBB 2546 85C5 8358 3205 63FD 37B6 7F33 00F9 FB0E C457 378C D29F 1026 98B3
Comment: Alice Adams <alice@example.org> Comment: <alice@example.org>
xVgEX7LO1RYJKwYBBAHaRw8BAQdAiDI09+r0a4BVBUZCIqdSF9yuC706fRNC6tvZ xUsGZRbqphsAAAAgUyTpQ6+rFfdu1bUSmHlpzRtdEGXr50Liq0f0hrOuZT4A7+GZ
zReMlI4AAP0VhUQxbMmXjJgXfiH2p0Zo/1G9WgC2h5HwfluLGONYJQ/+woMEHxYK tV8R+6qT6CadO7ItciB9/71C3UvpozaBO6XMz/vCtgYfGwoAAAA9BYJlFuqmBYkF
ADUFgl+yztUDCwkHCRB4O041tOXxugMVCggCmwECHgEWIQSj8xpX5ACnfCI5JMB4 pI+9AwsJBwMVCggCmwECHgEiIQaqoYy7JUaFxYNYMgVj/Te2fzMA+fsOxFc3jNKf
O041tOXxugAAfXwBAPkjwkSO5aI3lQUNi/h4OiwPUF/u6AO9rHsg45WURZOwAQDy ECaYswAAAAoJEKqhjLslRoXFZ0cgouNjgeNr0E9W18g4gAIl6FM5SWuQxg12j0S0
8TQHQyFR52QjldVYbevffMaWfBiB4LfmrMeNvoHNC80fQWxpY2UgQWRhbXMgPGFs 7ExCOI5NPRDCrSnAV85mAXOzeIGeiVLPQ40oEal3CX/L+BXIoY2sIEQrLd4TAEEy
aWNlQGV4YW1wbGUub3JnPsKGBBMWCgA4BYJfss7VAwsJBwkQeDtONbTl8boDFQoI 0BA8aQZTPEmMdiOCM1QB+V+BQZAOzRM8YWxpY2VAZXhhbXBsZS5vcmc+wrkGExsK
ApkBApsBAh4BFiEEo/MaV+QAp3wiOSTAeDtONbTl8boAALLzAP4oGNBkrnpv7TBi AAAAQAWCZRbqpgWJBaSPvQMLCQcDFQoIApkBApsBAh4BIiEGqqGMuyVGhcWDWDIF
cucUcQZbAURxRDZLioWmwu/VVqWRQwEAk/3oG5sP327lu73CE7LUjBt5ChtAlDlP Y/03tn8zAPn7DsRXN4zSnxAmmLMAAAAKCRCqoYy7JUaFxdu4IIotb9pnNbxdBHe0
szWqa9TiCw4= nWeobsXWiFNf4u/5Zgi/wuDbwFYN69QspRkBD7om0IKiz1zreqly2fOyZgeLsro9
=tnJI t4nkdgRuNSQrJymDvpGceGrMtNVpR3YsKdZUv0MZBP9TmMDVCw==
=bgQM
-----END PGP PRIVATE KEY BLOCK----- -----END PGP PRIVATE KEY BLOCK-----
``` ```
``` ```text
Secret-Key Packet, new CTB, 2 header bytes + 88 bytes $ sq packet dump --hex alice_userid.priv
Version: 4 Secret-Key Packet, new CTB, 2 header bytes + 75 bytes
Creation time: 2020-11-16 19:11:17 UTC Version: 6
Pk algo: EdDSA Edwards-curve Digital Signature Algorithm Creation time: 2023-09-29 15:17:58 UTC
Pk algo: Ed25519
Pk size: 256 bits Pk size: 256 bits
Fingerprint: A3F3 1A57 E400 A77C 2239 24C0 783B 4E35 B4E5 F1BA Fingerprint: AAA18CBB254685C58358320563FD37B67F3300F9FB0EC457378CD29F102698B3
KeyID: 783B 4E35 B4E5 F1BA KeyID: AAA18CBB254685C5
Secret Key: Secret Key:
Unencrypted Unencrypted
00000000 c5 CTB 00000000 c5 CTB
00000001 58 length 00000001 4b length
00000002 04 version 00000002 06 version
00000003 5f b2 ce d5 creation_time 00000003 65 16 ea a6 creation_time
00000007 16 pk_algo 00000007 1b pk_algo
00000008 09 curve_len 00000008 00 00 00 20 public_len
00000009 2b 06 01 04 01 da 47 curve 0000000c 53 24 e9 43 ed25519_public
00000010 0f 01 00000010 af ab 15 f7 6e d5 b5 12 98 79 69 cd 1b 5d 10 65
00000012 01 07 eddsa_public_len 00000020 eb e7 42 e2 ab 47 f4 86 b3 ae 65 3e
00000014 40 88 32 34 f7 ea f4 6b 80 55 05 46 eddsa_public 0000002c 00 s2k_usage
00000020 42 22 a7 52 17 dc ae 0b bd 3a 7d 13 42 ea db d9 0000002d ef e1 99 ed25519_secret
00000030 cd 17 8c 94 8e 00000030 b5 5f 11 fb aa 93 e8 26 9d 3b b2 2d 72 20 7d ff
00000035 00 s2k_usage 00000040 bd 42 dd 4b e9 a3 36 81 3b a5 cc cf fb
00000036 00 fd eddsa_secret_len
00000038 15 85 44 31 6c c9 97 8c eddsa_secret
00000040 98 17 7e 21 f6 a7 46 68 ff 51 bd 5a 00 b6 87 91
00000050 f0 7e 5b 8b 18 e3 58 25
00000058 0f fe checksum
Signature Packet, new CTB, 2 header bytes + 131 bytes Signature Packet, new CTB, 2 header bytes + 182 bytes
Version: 4 Version: 6
Type: DirectKey Type: DirectKey
Pk algo: EdDSA Edwards-curve Digital Signature Algorithm Pk algo: Ed25519
Hash algo: SHA512 Hash algo: SHA512
Hashed area: Hashed area:
Signature creation time: 2020-11-16 19:11:17 UTC (critical) Signature creation time: 2023-09-29 15:17:58 UTC (critical)
Key expiration time: P1095DT62781S (critical)
Symmetric algo preferences: AES256, AES128 Symmetric algo preferences: AES256, AES128
Issuer: 783B 4E35 B4E5 F1BA
Hash preferences: SHA512, SHA256 Hash preferences: SHA512, SHA256
Key flags: C (critical) Key flags: C (critical)
Features: MDC Features: MDC
Issuer Fingerprint: A3F3 1A57 E400 A77C 2239 24C0 783B 4E35 B4E5 F1BA Issuer Fingerprint: AAA18CBB254685C58358320563FD37B67F3300F9FB0EC457378CD29F102698B3
Digest prefix: 7D7C Unhashed area:
Issuer: AAA18CBB254685C5
Digest prefix: 6747
Level: 0 (signature over data) Level: 0 (signature over data)
00000000 c2 CTB 00000000 c2 CTB
00000001 83 length 00000001 b6 length
00000002 04 version 00000002 06 version
00000003 1f type 00000003 1f type
00000004 16 pk_algo 00000004 1b pk_algo
00000005 0a hash_algo 00000005 0a hash_algo
00000006 00 35 hashed_area_len 00000006 00 00 00 3d hashed_area_len
00000008 05 subpacket length 0000000a 05 subpacket length
00000009 82 subpacket tag 0000000b 82 subpacket tag
0000000a 5f b2 ce d5 sig creation time 0000000c 65 16 ea a6 sig creation time
0000000e 03 subpacket length 00000010 05 subpacket length
0000000f 0b subpacket tag 00000011 89 subpacket tag
00000010 09 07 pref sym algos 00000012 05 a4 8f bd key expiry time
00000012 09 subpacket length 00000016 03 subpacket length
00000013 10 subpacket tag 00000017 0b subpacket tag
00000014 78 3b 4e 35 b4 e5 f1 ba issuer 00000018 09 07 pref sym algos
0000001c 03 subpacket length 0000001a 03 subpacket length
0000001d 15 subpacket tag 0000001b 15 subpacket tag
0000001e 0a 08 pref hash algos 0000001c 0a 08 pref hash algos
00000020 02 subpacket length 0000001e 02 subpacket length
00000021 9b subpacket tag 0000001f 9b subpacket tag
00000022 01 key flags 00000020 01 key flags
00000023 02 subpacket length 00000021 02 subpacket length
00000024 1e subpacket tag 00000022 1e subpacket tag
00000025 01 features 00000023 01 features
00000026 16 subpacket length 00000024 22 subpacket length
00000027 21 subpacket tag 00000025 21 subpacket tag
00000028 04 version 00000026 06 version
00000029 a3 f3 1a 57 e4 00 a7 issuer fp 00000027 aa a1 8c bb 25 46 85 c5 83 issuer fp
00000030 7c 22 39 24 c0 78 3b 4e 35 b4 e5 f1 ba 00000030 58 32 05 63 fd 37 b6 7f 33 00 f9 fb 0e c4 57 37
0000003d 00 00 unhashed_area_len 00000040 8c d2 9f 10 26 98 b3
0000003f 7d digest_prefix1 00000047 00 00 00 0a unhashed_area_len
00000040 7c digest_prefix2 0000004b 09 subpacket length
00000041 01 00 eddsa_sig_r_len 0000004c 10 subpacket tag
00000043 f9 23 c2 44 8e e5 a2 37 95 05 0d 8b f8 eddsa_sig_r 0000004d aa a1 8c issuer
00000050 78 3a 2c 0f 50 5f ee e8 03 bd ac 7b 20 e3 95 94 00000050 bb 25 46 85 c5
00000060 45 93 b0 00000055 67 digest_prefix1
00000063 01 00 eddsa_sig_s_len 00000056 47 digest_prefix2
00000065 f2 f1 34 07 43 21 51 e7 64 23 95 eddsa_sig_s 00000057 20 salt_len
00000070 d5 58 6d eb df 7c c6 96 7c 18 81 e0 b7 e6 ac c7 00000058 a2 e3 63 81 e3 6b d0 4f salt
00000080 8d be 81 cd 0b 00000060 56 d7 c8 38 80 02 25 e8 53 39 49 6b 90 c6 0d 76
00000070 8f 44 b4 ec 4c 42 38 8e
00000078 4d 3d 10 c2 ad 29 c0 57 ed25519_sig
00000080 ce 66 01 73 b3 78 81 9e 89 52 cf 43 8d 28 11 a9
00000090 77 09 7f cb f8 15 c8 a1 8d ac 20 44 2b 2d de 13
000000a0 00 41 32 d0 10 3c 69 06 53 3c 49 8c 76 23 82 33
000000b0 54 01 f9 5f 81 41 90 0e
User ID Packet, new CTB, 2 header bytes + 31 bytes User ID Packet, new CTB, 2 header bytes + 19 bytes
Value: Alice Adams <alice@example.org> Value: <alice@example.org>
00000000 cd CTB 00000000 cd CTB
00000001 1f length 00000001 13 length
00000002 41 6c 69 63 65 20 41 64 61 6d 73 20 3c 61 value 00000002 3c 61 6c 69 63 65 40 65 78 61 6d 70 6c 65 value
00000010 6c 69 63 65 40 65 78 61 6d 70 6c 65 2e 6f 72 67 00000010 2e 6f 72 67 3e
00000020 3e
Signature Packet, new CTB, 2 header bytes + 134 bytes Signature Packet, new CTB, 2 header bytes + 185 bytes
Version: 4 Version: 6
Type: PositiveCertification Type: PositiveCertification
Pk algo: EdDSA Edwards-curve Digital Signature Algorithm Pk algo: Ed25519
Hash algo: SHA512 Hash algo: SHA512
Hashed area: Hashed area:
Signature creation time: 2020-11-16 19:11:17 UTC (critical) Signature creation time: 2023-09-29 15:17:58 UTC (critical)
Key expiration time: P1095DT62781S (critical)
Symmetric algo preferences: AES256, AES128 Symmetric algo preferences: AES256, AES128
Issuer: 783B 4E35 B4E5 F1BA
Hash preferences: SHA512, SHA256 Hash preferences: SHA512, SHA256
Primary User ID: true (critical) Primary User ID: true (critical)
Key flags: C (critical) Key flags: C (critical)
Features: MDC Features: MDC
Issuer Fingerprint: A3F3 1A57 E400 A77C 2239 24C0 783B 4E35 B4E5 F1BA Issuer Fingerprint: AAA18CBB254685C58358320563FD37B67F3300F9FB0EC457378CD29F102698B3
Digest prefix: B2F3 Unhashed area:
Issuer: AAA18CBB254685C5
Digest prefix: DBB8
Level: 0 (signature over data) Level: 0 (signature over data)
00000000 c2 CTB 00000000 c2 CTB
00000001 86 length 00000001 b9 length
00000002 04 version 00000002 06 version
00000003 13 type 00000003 13 type
00000004 16 pk_algo 00000004 1b pk_algo
00000005 0a hash_algo 00000005 0a hash_algo
00000006 00 38 hashed_area_len 00000006 00 00 00 40 hashed_area_len
00000008 05 subpacket length 0000000a 05 subpacket length
00000009 82 subpacket tag 0000000b 82 subpacket tag
0000000a 5f b2 ce d5 sig creation time 0000000c 65 16 ea a6 sig creation time
0000000e 03 subpacket length 00000010 05 subpacket length
0000000f 0b subpacket tag 00000011 89 subpacket tag
00000010 09 07 pref sym algos 00000012 05 a4 8f bd key expiry time
00000012 09 subpacket length 00000016 03 subpacket length
00000013 10 subpacket tag 00000017 0b subpacket tag
00000014 78 3b 4e 35 b4 e5 f1 ba issuer 00000018 09 07 pref sym algos
0000001c 03 subpacket length 0000001a 03 subpacket length
0000001d 15 subpacket tag 0000001b 15 subpacket tag
0000001e 0a 08 pref hash algos 0000001c 0a 08 pref hash algos
00000020 02 subpacket length 0000001e 02 subpacket length
00000021 99 subpacket tag 0000001f 99 subpacket tag
00000022 01 primary user id 00000020 01 primary user id
00000023 02 subpacket length 00000021 02 subpacket length
00000024 9b subpacket tag 00000022 9b subpacket tag
00000025 01 key flags 00000023 01 key flags
00000026 02 subpacket length 00000024 02 subpacket length
00000027 1e subpacket tag 00000025 1e subpacket tag
00000028 01 features 00000026 01 features
00000029 16 subpacket length 00000027 22 subpacket length
0000002a 21 subpacket tag 00000028 21 subpacket tag
0000002b 04 version 00000029 06 version
0000002c a3 f3 1a 57 issuer fp 0000002a aa a1 8c bb 25 46 issuer fp
00000030 e4 00 a7 7c 22 39 24 c0 78 3b 4e 35 b4 e5 f1 ba 00000030 85 c5 83 58 32 05 63 fd 37 b6 7f 33 00 f9 fb 0e
00000040 00 00 unhashed_area_len 00000040 c4 57 37 8c d2 9f 10 26 98 b3
00000042 b2 digest_prefix1 0000004a 00 00 00 0a unhashed_area_len
00000043 f3 digest_prefix2 0000004e 09 subpacket length
00000044 00 fe eddsa_sig_r_len 0000004f 10 subpacket tag
00000046 28 18 d0 64 ae 7a 6f ed 30 62 eddsa_sig_r 00000050 aa a1 8c bb 25 46 85 c5 issuer
00000050 72 e7 14 71 06 5b 01 44 71 44 36 4b 8a 85 a6 c2 00000058 db digest_prefix1
00000060 ef d5 56 a5 91 43 00000059 b8 digest_prefix2
00000066 01 00 eddsa_sig_s_len 0000005a 20 salt_len
00000068 93 fd e8 1b 9b 0f df 6e eddsa_sig_s 0000005b 8a 2d 6f da 67 salt
00000070 e5 bb bd c2 13 b2 d4 8c 1b 79 0a 1b 40 94 39 4f 00000060 35 bc 5d 04 77 b4 9d 67 a8 6e c5 d6 88 53 5f e2
00000080 b3 35 aa 6b d4 e2 0b 0e 00000070 ef f9 66 08 bf c2 e0 db c0 56 0d
0000007b eb d4 2c a5 19 ed25519_sig
00000080 01 0f ba 26 d0 82 a2 cf 5c eb 7a a9 72 d9 f3 b2
00000090 66 07 8b b2 ba 3d b7 89 e4 76 04 6e 35 24 2b 27
000000a0 29 83 be 91 9c 78 6a cc b4 d5 69 47 76 2c 29 d6
000000b0 54 bf 43 19 04 ff 53 98 c0 d5 0b
``` ```
Instead of two sections, as before, we see four sections in this certificate: Instead of two packets, as before, we see four packets in this certificate:
* First, a "Secret-Key Packet," * First, a "Secret-Key Packet,"
* then a "Signature Packet" (these two packets are the same as above). * then a "Signature Packet" (these two packets are the same as above).

1
book/source/a-artifacts.md
View file

@ -1,5 +1,6 @@
# Appendix A: OpenPGP artifacts # Appendix A: OpenPGP artifacts
(alice_priv)=
## Alice's private key ## Alice's private key
```text ```text