mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-27 01:52:06 +01:00
s/user ID/User ID/
This commit is contained in:
parent
be5fff67ab
commit
c5ba06dc78
1 changed files with 6 additions and 6 deletions
|
@ -45,9 +45,9 @@ A certification made by a key over components of the same certificate is referre
|
|||
The **C**certify Others key flag is not required in order to issue self-certifications.
|
||||
It is only necessary to issue valid third-party certifications.
|
||||
:::
|
||||
A typical use-case for a self-certification is to attach a user ID, such as a name and email address to a certificate.
|
||||
This is done by calculating the signature over the user ID and the public primary key.
|
||||
The resulting user ID certification (typically type 0x13, potentially type 0x10-0x12) can then be inserted into the certificate, right after the user ID packet.
|
||||
A typical use-case for a self-certification is to attach a User ID, such as a name and email address to a certificate.
|
||||
This is done by calculating the signature over the User ID and the public primary key.
|
||||
The resulting User ID certification (typically type 0x13, potentially type 0x10-0x12) can then be inserted into the certificate, right after the User ID packet.
|
||||
|
||||
Other examples for self-signatures are binding signatures for subkeys.
|
||||
In order to add an OpenPGP subkey to a certificate, a subkey binding signature is calculated over the public primary key, followed by the public subkey.
|
||||
|
@ -55,15 +55,15 @@ The resulting subkey binding signature (type 0x18) can then be inserted into the
|
|||
If the subkey itself is intended to be used as a **S**igning key, an extra step is required.
|
||||
To prevent an attacker from being able to "adopt" a victims signing subkey and then being able to claim to be the origin of signatures in fact made by victim, subkey binding signatures for signing subkeys need to include an embedded "back signature" (formally known as primary key binding signature) made by the signing key itself.
|
||||
|
||||
Certifications over user IDs can also be used to certify certificates of third-parties.
|
||||
If Alice is certain that `Bob Baker <bob@example.com>` controls the key 0xB0B, she can create a user ID certification signature for that identity and send it to Bob.
|
||||
Certifications over User IDs can also be used to certify certificates of third-parties.
|
||||
If Alice is certain that `Bob Baker <bob@example.com>` controls the key `0xB0B`, she can create a User ID certification signature for that identity and send it to Bob.
|
||||
Bob can then add this signature to his certificate.
|
||||
TODO: More WoT.
|
||||
|
||||
Another important category of signatures are revocations.
|
||||
A revocation is used to retract the statement formed by a prior signature.
|
||||
A subkey revocation signature revokes a prior subkey binding signature, while a certification revocation revokes a certification signature.
|
||||
Typical use-cases for revocations are marking certificates or individual subkeys as unusable, or marking user IDs as no longer used.
|
||||
Typical use-cases for revocations are marking certificates or individual subkeys as unusable, or marking User IDs as no longer used.
|
||||
|
||||
## Signature Subpackets
|
||||
|
||||
|
|
Loading…
Reference in a new issue