diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 1b68b61..095bfb7 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -17,27 +17,29 @@ Independent of the distinction between private and public keys, in OpenPGP, the 1. A (bare) ["cryptographic key"](asymmetric_key_pair) (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`. 2. An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consists of a cryptographic keypair combined some invariant metadata (e.g. key creation time). -3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys, identity information and additional elements. +3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys, identity components and additional elements. In the following section, we'll look at the two OpenPGP-specific layers (2 and 3). ## Structure of OpenPGP certificates -An OpenPGP certificate (or "OpenPGP key") is a collection of an arbitrary number of elements: +An OpenPGP certificate (or "OpenPGP key") is a collection of an arbitrary number of elements[^packets]: + +[^packets]: In technical terms, the elements of an OpenPGP certificate are a collection "packets". Each component key and identity component is internally represented as one packet. The other common type of element is "signature" packets, which link the components of a certificate together. - Component OpenPGP keys, -- Identity information, -- Other metadata (this includes connections between the certificate's elements). +- Identity components, +- Other metadata (this includes connections between the certificate's components). -We sometimes collectively refer to component keys and identity information as the "components" of a certificate. +We sometimes collectively refer to component keys and identity information as "the components of a certificate." ```{figure} diag/OpenPGP_Certificate.png Typical components in an OpenPGP certificate ``` -All elements of an OpenPGP certificate are structured around one central element: the *OpenPGP primary key*. The primary key acts as a personal CA for the certificate's owner: It can make cryptographic statements about subkeys, identities, expiration, revocation, ... +All elements in an OpenPGP certificate are structured around one central component: the *OpenPGP primary key*. The primary key acts as a personal CA for the certificate's owner: It can make cryptographic statements about subkeys, identities, expiration, revocation, ... ```{note} OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidated, over the lifetime of a certificate