vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2024-11-23 08:02:05 +01:00
Code Issues Projects Releases Packages Wiki Activity

Signature Types

Browse source
This commit is contained in:
Paul Schaub 2023-10-07 18:27:48 +02:00 committed by Heiko Schaefer
parent d4d02dffba
commit ae776d2b13
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
book/source/06-certifications.md
View file

@ -115,6 +115,18 @@ Typical use-cases for revocations are marking certificates or individual subkeys
A revocation signature can either be hard or soft. A soft revocation of a certificate invalidates it from the revocation signature's creation time onwards, meaning signatures that were issued before the revocation remain intact, while a hard revocation invalidates the certificate retroactively, rendering all issued signatures invalid, regardless of creation time. Soft revocations are typically used whenever a key or User ID is retired or superseded gracefully, while hard revocations can for example signal compromise of secret key material. A revocation signature can either be hard or soft. A soft revocation of a certificate invalidates it from the revocation signature's creation time onwards, meaning signatures that were issued before the revocation remain intact, while a hard revocation invalidates the certificate retroactively, rendering all issued signatures invalid, regardless of creation time. Soft revocations are typically used whenever a key or User ID is retired or superseded gracefully, while hard revocations can for example signal compromise of secret key material.
## Signature Types
There is a number of different Signature Types in the form of numerical IDs.
These give guidance on what the intent of a signature is and how it needs to be interpreted, however, the meaning of a signature also depends on who issued it.
A self-signature has a different meaning from a signature issued by a third party.
A `DirectKeySignature` issued as a self-signature can be used to set preferences and advertise features that apply to the whole certificate.
A third-party `DirectKeySignature` carrying a `TrustSignature` subpacket on the other hand can be interpreted as a statement by the issuer that it delegates trust to the signed certificate (WoT).
Self-certifications of types `0x10` - `0x13` can be used to bind a User ID to a certificate, while the same types issued by a third-party are statements by the issuer that they have checked the authenticity of the signed User ID to some degree.
There are further signature types for signatures on data, as well as designated types to bind and revoke subkeys.
## Signature Subpackets ## Signature Subpackets
A cryptographic signature alone is often not expressive enough to serve certain use-cases. A cryptographic signature alone is often not expressive enough to serve certain use-cases.