mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-25 17:12:06 +01:00
use "certificate with bindings" diagram
This commit is contained in:
parent
7ad240323f
commit
f6bec55df5
1 changed files with 11 additions and 0 deletions
|
@ -249,6 +249,17 @@ As a starting point, a certificate has a set of preferences that apply generally
|
||||||
|
|
||||||
Additionally, OpenPGP allows modeling User ID-specific preferences. The idea is that a user may prefer a different suite of algorithms on their private email account compared to their work email account. Such identity-specific preferences can be expressed on the certifying signatures that bind User IDs to a certificate.
|
Additionally, OpenPGP allows modeling User ID-specific preferences. The idea is that a user may prefer a different suite of algorithms on their private email account compared to their work email account. Such identity-specific preferences can be expressed on the certifying signatures that bind User IDs to a certificate.
|
||||||
|
|
||||||
|
## A typical OpenPGP certificate, revisited
|
||||||
|
|
||||||
|
Now that we've discussed how keys and identity components are linked together, we can have another look at the certificate from {numref}`fig-openpgp-certificate-components`. This time we include all of its binding signatures, as well as a direct key signature that contains metadata for the full certificate:
|
||||||
|
|
||||||
|
```{figure} diag/OpenPGP_Certificate.png
|
||||||
|
:name: fig-openpgp-certificate
|
||||||
|
:alt: Depicts an OpenPGP certificate, including a set of components, binding signatures and a direct key signature on the primary key.
|
||||||
|
|
||||||
|
A typical OpenPGP certificate, including binding signatures for all of its components, and a signature that associates metadata with the primary key
|
||||||
|
```
|
||||||
|
|
||||||
## Revocations
|
## Revocations
|
||||||
|
|
||||||
When a certificate owner needs to invalidate certain components of their certificate, or even the entire certificate, they accomplish this through "revocation." Revoking the primary key renders the entire certificate invalid.
|
When a certificate owner needs to invalidate certain components of their certificate, or even the entire certificate, they accomplish this through "revocation." Revoking the primary key renders the entire certificate invalid.
|
||||||
|
|
Loading…
Reference in a new issue