From ec61e782dfb0f7031fdb50917df8f99b606bf125 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Fri, 10 Nov 2023 15:56:22 +0100 Subject: [PATCH] edit ch6 hashed vs unhashed areas --- book/source/06-signatures.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/book/source/06-signatures.md b/book/source/06-signatures.md index 285ff54..60cd4d6 100644 --- a/book/source/06-signatures.md +++ b/book/source/06-signatures.md @@ -112,12 +112,14 @@ They are formatted as key-value pairs, where the keys are defined as [subpacket ### Hashed and unhashed signature subpackets -Signature subpackets can reside in [two different areas](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-hashed-vs-unhashed-subpacke) of a signature packet: +Signature subpackets within OpenPGP can reside in one of two distinct areas of a signature packet, each serving a different purpose and providing varying levels of security: -- Subpackets in the *hashed area* are included in the hash digest for that signature. In other words: hashed subpackets are covered by the cryptographic signature in the signature packet. Recipients of the signature can be sure that these subpackets express the intent of the issuer of the signature. -- Subpackets in the *unhashed area*, by contrast, are not included in the hash digest for that signature. They are therefore not protected against tampering. The unhashed area can be used to retroactively add, change or remove metadata in a signature packet, without invalidating it. Since the unhashed area doesn't provide any cryptographic guarantees, it is only intended for advisory packets, or packets that self-authenticate (e.g. the issuer fingerprint subpacket, whose "correctness" can be proven by successfully verifying the signature using the referenced issuer key). - -In most cases, signature subpackets are stored in the hashed area. +- **Hashed area**: Hashed subpackets are included in the hash digest of the signature and are thus covered by its cryptographic signature. They reliably express the signer's intent. +- **Unhashed area**: Unhashed subpackets, conversely, are not included in the hash digest for the signature. They are thus not protected against tampering and can be used to retroactively add, change, or remove metadata in a signature packet without affecting its validity. They are primarily used for advisory purposes or in scenarios where the integrity of the subpacket content can be self-authenticated. An example is the issuer fingerprint subpacket, which can be validated through successful signature verification using the referenced issuer key. + +The majority of signature subpackets are stored in the hashed area. + +For detailed information and specifications, refer to [Hashed vs. Unhashed Subpackets](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-hashed-vs-unhashed-subpacke) in the OpenPGP RFC. ### Criticality of subpackets