vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2024-11-26 17:42:06 +01:00
Code Issues Projects Releases Packages Wiki Activity

Add a bit of text about where the "backsig" is actually embedded

Browse source
This commit is contained in:
Heiko Schaefer 2023-11-04 18:39:18 +01:00
parent f91b386ea9
commit e1668dbd09
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
book/source/08-signing_components.md
View file

@ -121,7 +121,7 @@ When binding a signing subkey to a primary key, it is not sufficient that the "p
Otherwise, Alice could "adopt" Bob's signing subkey and convincingly claim that she made signatures that were in fact issued by Bob. Otherwise, Alice could "adopt" Bob's signing subkey and convincingly claim that she made signatures that were in fact issued by Bob.
This is to prevent an attack where the attacker "adopts" the victims signing subkey as their own in order to claim ownership over documents which were in fact signed by the victim. This is to prevent an attack where the attacker "adopts" the victims signing subkey as their own in order to claim ownership over documents which were in fact signed by the victim.
Contrary to the `SubkeyBinding` signature, which is issued by the certificates primary key, the `PrimaryKeyBinding` signature is instead created by the subkey. Contrary to the `SubkeyBinding` signature, which is issued by the certificate's primary key, the `PrimaryKeyBinding` signature is instead created by the subkey.
```{figure} diag/subkey_binding_signatur_for_signing_sk.png ```{figure} diag/subkey_binding_signatur_for_signing_sk.png
@ -130,6 +130,7 @@ Linking an OpenPGP signing subkey to the primary key with a binding signature, a
This additional "Primary Key Binding" Signature is informally called a "back signature" (because the subkey uses the signature to point "back" to the primary key) is an embedded `PrimaryKeyBinding` "back signature" (type 0x19). This additional "Primary Key Binding" Signature is informally called a "back signature" (because the subkey uses the signature to point "back" to the primary key) is an embedded `PrimaryKeyBinding` "back signature" (type 0x19).
The *primary key binding signature* is "embedded" as subpacket data in the *subkey binding signature* that connects the signing subkey to the primary key.
### Binding identities to a certificate ### Binding identities to a certificate