mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-27 10:02:06 +01:00
parent
d20fbbc13d
commit
ec78df2453
1 changed files with 8 additions and 6 deletions
|
@ -17,27 +17,29 @@ Independent of the distinction between private and public keys, in OpenPGP, the
|
||||||
|
|
||||||
1. A (bare) ["cryptographic key"](asymmetric_key_pair) (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`.
|
1. A (bare) ["cryptographic key"](asymmetric_key_pair) (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`.
|
||||||
2. An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consists of a cryptographic keypair combined some invariant metadata (e.g. key creation time).
|
2. An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consists of a cryptographic keypair combined some invariant metadata (e.g. key creation time).
|
||||||
3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys, identity information and additional elements.
|
3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys, identity components and additional elements.
|
||||||
|
|
||||||
In the following section, we'll look at the two OpenPGP-specific layers (2 and 3).
|
In the following section, we'll look at the two OpenPGP-specific layers (2 and 3).
|
||||||
|
|
||||||
|
|
||||||
## Structure of OpenPGP certificates
|
## Structure of OpenPGP certificates
|
||||||
|
|
||||||
An OpenPGP certificate (or "OpenPGP key") is a collection of an arbitrary number of elements:
|
An OpenPGP certificate (or "OpenPGP key") is a collection of an arbitrary number of elements[^packets]:
|
||||||
|
|
||||||
|
[^packets]: In technical terms, the elements of an OpenPGP certificate are a collection "packets". Each component key and identity component is internally represented as one packet. The other common type of element is "signature" packets, which link the components of a certificate together.
|
||||||
|
|
||||||
- Component OpenPGP keys,
|
- Component OpenPGP keys,
|
||||||
- Identity information,
|
- Identity components,
|
||||||
- Other metadata (this includes connections between the certificate's elements).
|
- Other metadata (this includes connections between the certificate's components).
|
||||||
|
|
||||||
We sometimes collectively refer to component keys and identity information as the "components" of a certificate.
|
We sometimes collectively refer to component keys and identity information as "the components of a certificate."
|
||||||
|
|
||||||
```{figure} diag/OpenPGP_Certificate.png
|
```{figure} diag/OpenPGP_Certificate.png
|
||||||
|
|
||||||
Typical components in an OpenPGP certificate
|
Typical components in an OpenPGP certificate
|
||||||
```
|
```
|
||||||
|
|
||||||
All elements of an OpenPGP certificate are structured around one central element: the *OpenPGP primary key*. The primary key acts as a personal CA for the certificate's owner: It can make cryptographic statements about subkeys, identities, expiration, revocation, ...
|
All elements in an OpenPGP certificate are structured around one central component: the *OpenPGP primary key*. The primary key acts as a personal CA for the certificate's owner: It can make cryptographic statements about subkeys, identities, expiration, revocation, ...
|
||||||
|
|
||||||
```{note}
|
```{note}
|
||||||
OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidated, over the lifetime of a certificate
|
OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidated, over the lifetime of a certificate
|
||||||
|
|
Loading…
Reference in a new issue