vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2024-11-26 17:42:06 +01:00
Code Issues Projects Releases Packages Wiki Activity

Restructure opening

Browse source
This commit is contained in:
Heiko Schaefer 2023-11-06 23:22:03 +01:00
parent 390089139e
commit bf41637c05
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
book/source/08-signing_components.md
View file

@ -6,22 +6,28 @@ SPDX-License-Identifier: CC-BY-SA-4.0
(component_signatures_chapter)=
# Signatures on components
In this chapter, we'll consider OpenPGP signatures that apply to components. That is, signatures that apply to:
In this chapter, we'll look into OpenPGP signatures that apply to components of certificates. That is, signatures that apply to:
- Component keys (primary keys or subkeys), or
- Component keys (primary keys or subkeys) and
- Identity components (User IDs or User attributes).
This chapter adds a lot of detail to the material we discussed in the {ref}`certificates_chapter` chapter. Signatures on components are a crucial mechanism for forming OpenPGP certificates (which combine component keys and identities, via signatures on those components).
This chapter adds detail to material we discussed in the {ref}`certificates_chapter` chapter. Signatures on components are a crucial mechanism for forming OpenPGP certificates and .
Additionally, signatures on components play a crucial role for authentication of identities. Mechanisms for decentralized authentication are one of OpenPGP's core strengths, we'll look into how they work.
## Self-signatures: Forming certificates and life-cycle management
Finally, signatures on components are also a central mechanism for life-cycle management of OpenPGP certificates and their components. This includes defining or changing expiration dates, or issuing revocations, for certificates or their components.
*Self-signatures* are issued by the certificate's owner, using the primary key of the same certificate.
Signatures on components are also a central mechanism for life-cycle management of OpenPGP certificates and their components. This includes defining or changing expiration dates, or issuing revocations, for certificates or their components.
## Third-party certifications: Encoding authentication
Additionally, signatures on components play a crucial role in the authentication of identities. Mechanisms for decentralized authentication are one of OpenPGP's core strengths, we'll look into how they work.
## Self-signatures and third-party signatures
There are two important scenarios to distinguish:
- *Self-signatures*: Issued by the certificate's owner, using the primary key of the same certificate.
- *Third-party signatures*: Issued by a key that is part of a different certificate.
### Meaning differs between self- and third-party signatures