vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2024-11-22 15:42:06 +01:00
Code Issues Projects Releases Packages Wiki Activity

use "certificate with bindings" diagram

Browse source
This commit is contained in:
Heiko Schaefer 2023-11-27 21:59:10 +01:00
parent 7ad240323f
commit f6bec55df5
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
book/source/04-certificates.md
View file

@ -249,6 +249,17 @@ As a starting point, a certificate has a set of preferences that apply generally
Additionally, OpenPGP allows modeling User ID-specific preferences. The idea is that a user may prefer a different suite of algorithms on their private email account compared to their work email account. Such identity-specific preferences can be expressed on the certifying signatures that bind User IDs to a certificate. Additionally, OpenPGP allows modeling User ID-specific preferences. The idea is that a user may prefer a different suite of algorithms on their private email account compared to their work email account. Such identity-specific preferences can be expressed on the certifying signatures that bind User IDs to a certificate.
## A typical OpenPGP certificate, revisited
Now that we've discussed how keys and identity components are linked together, we can have another look at the certificate from {numref}`fig-openpgp-certificate-components`. This time we include all of its binding signatures, as well as a direct key signature that contains metadata for the full certificate:
```{figure} diag/OpenPGP_Certificate.png
:name: fig-openpgp-certificate
:alt: Depicts an OpenPGP certificate, including a set of components, binding signatures and a direct key signature on the primary key.
A typical OpenPGP certificate, including binding signatures for all of its components, and a signature that associates metadata with the primary key
```
## Revocations ## Revocations
When a certificate owner needs to invalidate certain components of their certificate, or even the entire certificate, they accomplish this through "revocation." Revoking the primary key renders the entire certificate invalid. When a certificate owner needs to invalidate certain components of their certificate, or even the entire certificate, they accomplish this through "revocation." Revoking the primary key renders the entire certificate invalid.