mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-27 01:52:06 +01:00
Signature Types
This commit is contained in:
parent
d4d02dffba
commit
ae776d2b13
1 changed files with 12 additions and 0 deletions
|
@ -115,6 +115,18 @@ Typical use-cases for revocations are marking certificates or individual subkeys
|
|||
|
||||
A revocation signature can either be hard or soft. A soft revocation of a certificate invalidates it from the revocation signature's creation time onwards, meaning signatures that were issued before the revocation remain intact, while a hard revocation invalidates the certificate retroactively, rendering all issued signatures invalid, regardless of creation time. Soft revocations are typically used whenever a key or User ID is retired or superseded gracefully, while hard revocations can for example signal compromise of secret key material.
|
||||
|
||||
## Signature Types
|
||||
There is a number of different Signature Types in the form of numerical IDs.
|
||||
These give guidance on what the intent of a signature is and how it needs to be interpreted, however, the meaning of a signature also depends on who issued it.
|
||||
A self-signature has a different meaning from a signature issued by a third party.
|
||||
|
||||
A `DirectKeySignature` issued as a self-signature can be used to set preferences and advertise features that apply to the whole certificate.
|
||||
A third-party `DirectKeySignature` carrying a `TrustSignature` subpacket on the other hand can be interpreted as a statement by the issuer that it delegates trust to the signed certificate (WoT).
|
||||
|
||||
Self-certifications of types `0x10` - `0x13` can be used to bind a User ID to a certificate, while the same types issued by a third-party are statements by the issuer that they have checked the authenticity of the signed User ID to some degree.
|
||||
|
||||
There are further signature types for signatures on data, as well as designated types to bind and revoke subkeys.
|
||||
|
||||
## Signature Subpackets
|
||||
|
||||
A cryptographic signature alone is often not expressive enough to serve certain use-cases.
|
||||
|
|
Loading…
Reference in a new issue