mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-26 17:42:06 +01:00
Add a bit of text about where the "backsig" is actually embedded
This commit is contained in:
parent
f91b386ea9
commit
e1668dbd09
1 changed files with 2 additions and 1 deletions
|
@ -121,7 +121,7 @@ When binding a signing subkey to a primary key, it is not sufficient that the "p
|
|||
|
||||
Otherwise, Alice could "adopt" Bob's signing subkey and convincingly claim that she made signatures that were in fact issued by Bob.
|
||||
This is to prevent an attack where the attacker "adopts" the victims signing subkey as their own in order to claim ownership over documents which were in fact signed by the victim.
|
||||
Contrary to the `SubkeyBinding` signature, which is issued by the certificates primary key, the `PrimaryKeyBinding` signature is instead created by the subkey.
|
||||
Contrary to the `SubkeyBinding` signature, which is issued by the certificate's primary key, the `PrimaryKeyBinding` signature is instead created by the subkey.
|
||||
|
||||
```{figure} diag/subkey_binding_signatur_for_signing_sk.png
|
||||
|
||||
|
@ -130,6 +130,7 @@ Linking an OpenPGP signing subkey to the primary key with a binding signature, a
|
|||
|
||||
This additional "Primary Key Binding" Signature is informally called a "back signature" (because the subkey uses the signature to point "back" to the primary key) is an embedded `PrimaryKeyBinding` "back signature" (type 0x19).
|
||||
|
||||
The *primary key binding signature* is "embedded" as subpacket data in the *subkey binding signature* that connects the signing subkey to the primary key.
|
||||
|
||||
### Binding identities to a certificate
|
||||
|
||||
|
|
Loading…
Reference in a new issue