ch4: clarify terminology

Also see #43
This commit is contained in:
Heiko Schaefer 2023-10-05 10:30:13 +02:00
parent d20fbbc13d
commit ec78df2453
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D

View file

@ -17,27 +17,29 @@ Independent of the distinction between private and public keys, in OpenPGP, the
1. A (bare) ["cryptographic key"](asymmetric_key_pair) (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`. 1. A (bare) ["cryptographic key"](asymmetric_key_pair) (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`.
2. An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consists of a cryptographic keypair combined some invariant metadata (e.g. key creation time). 2. An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consists of a cryptographic keypair combined some invariant metadata (e.g. key creation time).
3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys, identity information and additional elements. 3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys, identity components and additional elements.
In the following section, we'll look at the two OpenPGP-specific layers (2 and 3). In the following section, we'll look at the two OpenPGP-specific layers (2 and 3).
## Structure of OpenPGP certificates ## Structure of OpenPGP certificates
An OpenPGP certificate (or "OpenPGP key") is a collection of an arbitrary number of elements: An OpenPGP certificate (or "OpenPGP key") is a collection of an arbitrary number of elements[^packets]:
[^packets]: In technical terms, the elements of an OpenPGP certificate are a collection "packets". Each component key and identity component is internally represented as one packet. The other common type of element is "signature" packets, which link the components of a certificate together.
- Component OpenPGP keys, - Component OpenPGP keys,
- Identity information, - Identity components,
- Other metadata (this includes connections between the certificate's elements). - Other metadata (this includes connections between the certificate's components).
We sometimes collectively refer to component keys and identity information as the "components" of a certificate. We sometimes collectively refer to component keys and identity information as "the components of a certificate."
```{figure} diag/OpenPGP_Certificate.png ```{figure} diag/OpenPGP_Certificate.png
Typical components in an OpenPGP certificate Typical components in an OpenPGP certificate
``` ```
All elements of an OpenPGP certificate are structured around one central element: the *OpenPGP primary key*. The primary key acts as a personal CA for the certificate's owner: It can make cryptographic statements about subkeys, identities, expiration, revocation, ... All elements in an OpenPGP certificate are structured around one central component: the *OpenPGP primary key*. The primary key acts as a personal CA for the certificate's owner: It can make cryptographic statements about subkeys, identities, expiration, revocation, ...
```{note} ```{note}
OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidated, over the lifetime of a certificate OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidated, over the lifetime of a certificate