mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-23 08:02:05 +01:00
parent
d20fbbc13d
commit
ec78df2453
1 changed files with 8 additions and 6 deletions
|
@ -17,27 +17,29 @@ Independent of the distinction between private and public keys, in OpenPGP, the
|
|||
|
||||
1. A (bare) ["cryptographic key"](asymmetric_key_pair) (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`.
|
||||
2. An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consists of a cryptographic keypair combined some invariant metadata (e.g. key creation time).
|
||||
3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys, identity information and additional elements.
|
||||
3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys, identity components and additional elements.
|
||||
|
||||
In the following section, we'll look at the two OpenPGP-specific layers (2 and 3).
|
||||
|
||||
|
||||
## Structure of OpenPGP certificates
|
||||
|
||||
An OpenPGP certificate (or "OpenPGP key") is a collection of an arbitrary number of elements:
|
||||
An OpenPGP certificate (or "OpenPGP key") is a collection of an arbitrary number of elements[^packets]:
|
||||
|
||||
[^packets]: In technical terms, the elements of an OpenPGP certificate are a collection "packets". Each component key and identity component is internally represented as one packet. The other common type of element is "signature" packets, which link the components of a certificate together.
|
||||
|
||||
- Component OpenPGP keys,
|
||||
- Identity information,
|
||||
- Other metadata (this includes connections between the certificate's elements).
|
||||
- Identity components,
|
||||
- Other metadata (this includes connections between the certificate's components).
|
||||
|
||||
We sometimes collectively refer to component keys and identity information as the "components" of a certificate.
|
||||
We sometimes collectively refer to component keys and identity information as "the components of a certificate."
|
||||
|
||||
```{figure} diag/OpenPGP_Certificate.png
|
||||
|
||||
Typical components in an OpenPGP certificate
|
||||
```
|
||||
|
||||
All elements of an OpenPGP certificate are structured around one central element: the *OpenPGP primary key*. The primary key acts as a personal CA for the certificate's owner: It can make cryptographic statements about subkeys, identities, expiration, revocation, ...
|
||||
All elements in an OpenPGP certificate are structured around one central component: the *OpenPGP primary key*. The primary key acts as a personal CA for the certificate's owner: It can make cryptographic statements about subkeys, identities, expiration, revocation, ...
|
||||
|
||||
```{note}
|
||||
OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidated, over the lifetime of a certificate
|
||||
|
|
Loading…
Reference in a new issue