edit ch8 adding metadata

This commit is contained in:
Tammi L. Coles 2023-11-23 14:09:15 +01:00
parent 28a69fe381
commit 92d7d218fb

View file

@ -142,20 +142,20 @@ Linking a User ID to an OpenPGP certificate
(primary-metadata)= (primary-metadata)=
### Adding metadata to the primary key/certificate ### Adding metadata to the primary key/certificate
The signatures that bind subkeys and identity components to a certificate serve two different purposes: Linking components to the certificate and adding metadata to a component. The signatures that bind subkeys and identity components to a certificate serve dual purposes: linking components to the certificate and adding metadata to components.
The primary key in a certificate doesn't need to be linked to the certificate. It acts as the anchor for linking, itself and thus doesn't require being linked. However, there is nevertheless a need to associate metadata with the primary key, which typically applies to the certificate as a whole. Unlike these components, the primary key of a certificate doesn't require a linking signature since it serves as the central anchor of the certificate. However, associating metadata with the primary key is still essential, as it generally applies to the entire certificate.
There are two mechanisms for adding metadata to the primary key: Metadata can be added to the primary key via two mechanisms:
- Via a direct key signature on the primary key, or - direct key signature on the primary key
- via a "primary User ID" binding signature. - *primary User ID* binding signature
Relevant metadata for the primary key that is defined the above mechanisms includes: The types of metadata typically associated with the primary key through these methods include:
- Key expiration, - key expiration
- key flags, - key flags
- algorithm preference signaling. - algorithm preference signaling
(direct_key_signature)= (direct_key_signature)=
#### Direct key signature #### Direct key signature