From fda7264f10b12026fb2c3be41ae2d1e881bd56b1 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Wed, 27 Dec 2023 03:50:43 +0100 Subject: [PATCH] Move away from using "plaintext" to refer to signed data --- book/source/adv/signing_data.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/book/source/adv/signing_data.md b/book/source/adv/signing_data.md index 6a75d40..6eff25c 100644 --- a/book/source/adv/signing_data.md +++ b/book/source/adv/signing_data.md @@ -107,7 +107,7 @@ There are two subtly different use cases for inline signatures that contain mult To specify which of these two functions a signature performs, the {term}`one-pass signature packet` has a ["nested" flag](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#section-5.4-3.8.1), with a value of either `1` or `0`. -If this flag is set to `0`, it indicates that further OPSs will follow this packet, which are calculated over the same plaintext data as this OPS is. A value of `1` indicates, that either no further OPS packets will follow (this OPS is the last), or that this OPS is calculated over the usual plaintext data, but wrapped inside any OPS+Signature combinations that follow this OPS. +If the "nested" flag is set to `0`, it indicates that further OPSs will follow this packet, which are calculated over the same message payload data as this OPS is. A value of `1` indicates, that either no further OPS packets will follow (this OPS is the last), or that this OPS is calculated over the usual message payload data, but wrapped inside any OPS+Signature combinations that follow this OPS. This mechanism enables attested signatures, where the signer signs an already one-pass signed message including the already contained signature. @@ -120,17 +120,17 @@ As a practical example, consider the following notation: A normal, one-pass signed message looks like this: `OPS₁ LIT("Hello World") SIG` -Here, the signature is calculated over the plaintext `Hello World`, as is it in a message that has the following form: `OPS₁ COMP(LIT("Hello World")) SIG`. +Here, the signature is calculated over the payload `Hello World`. The signature doesn't change if the signed message is instead stored as: `OPS₁ COMP(LIT("Hello World")) SIG` (also see [](hashing-inline-data)). -A message, where multiple one-pass signatures are calculated over the same plaintext looks the following: +A message, where multiple one-pass signatures are calculated over the same payload looks the following: `OPS₀ OPS₀ OPS₁ LIT("Hello World") SIG SIG SIG` -All three signatures are calculated over the same plaintext `Hello World`. +All three signatures are calculated over the same payload `Hello World`. Now, a message, where the signer attests an already signed message has the following format: `OPS₁ OPS₁ LIT("Hello World") SIG SIG` -While the inner signature is calculated over the usual plaintext `Hello World`, the outer signature is instead calculated over `OPS₁ Hello World SIG`. +While the inner signature is calculated over the usual payload `Hello World`, the outer signature is instead calculated over `OPS₁ Hello World SIG`. (prefixed-signature)= ### Prefixed signed message