From 92d7d218fbdd017a279b77ee839cd23564d21283 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Thu, 23 Nov 2023 14:09:15 +0100 Subject: [PATCH] edit ch8 adding metadata --- book/source/08-signing_components.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/book/source/08-signing_components.md b/book/source/08-signing_components.md index c01fa35..f40a34d 100644 --- a/book/source/08-signing_components.md +++ b/book/source/08-signing_components.md @@ -142,20 +142,20 @@ Linking a User ID to an OpenPGP certificate (primary-metadata)= ### Adding metadata to the primary key/certificate -The signatures that bind subkeys and identity components to a certificate serve two different purposes: Linking components to the certificate and adding metadata to a component. +The signatures that bind subkeys and identity components to a certificate serve dual purposes: linking components to the certificate and adding metadata to components. -The primary key in a certificate doesn't need to be linked to the certificate. It acts as the anchor for linking, itself and thus doesn't require being linked. However, there is nevertheless a need to associate metadata with the primary key, which typically applies to the certificate as a whole. +Unlike these components, the primary key of a certificate doesn't require a linking signature since it serves as the central anchor of the certificate. However, associating metadata with the primary key is still essential, as it generally applies to the entire certificate. -There are two mechanisms for adding metadata to the primary key: +Metadata can be added to the primary key via two mechanisms: -- Via a direct key signature on the primary key, or -- via a "primary User ID" binding signature. +- direct key signature on the primary key +- *primary User ID* binding signature -Relevant metadata for the primary key that is defined the above mechanisms includes: +The types of metadata typically associated with the primary key through these methods include: -- Key expiration, -- key flags, -- algorithm preference signaling. +- key expiration +- key flags +- algorithm preference signaling (direct_key_signature)= #### Direct key signature