openpgp-notes/book/source/glossary.md
2024-01-18 22:50:26 +01:00

38 KiB

Glossary

:sorted:

AEAD
    See {term}`Authenticated Encryption With Associated Data`.

AEAD Algorithm
    See {term}`Authenticated Encryption With Associated Data`.

Algorithm Preferences
    The preferences for {term}`hash algorithms<Hash Function>`, {term}`compression algorithms<Data Compression>`, {term}`symmetric algorithms<Symmetric Cryptography>` and {term}`AEAD algorithms<Authenticated Encryption With Associated Data>` are set using {term}`direct key signatures<Direct Key Signature>` or {term}`primary User ID` {term}`binding signatures<Binding Signature>`.
    
    See [](recipe-algorithm-preferences).

Asymmetric Cryptography
    Asymmetric cryptography (also known as public-key cryptography) is used in OpenPGP to send messages without using a prior shared secret. For a more detailed discussion see [](public-key-cryptography).

Authenticated Encryption With Associated Data
    Short AEAD, refers to an encryption scheme that ensures confidentiality of a message. Additionally, additional data, which is not confidential, may be associated with the message, ensuring integrity of both the confidential part of the message, as well as the additional data.

    See Wikipedia on [Authenticated Encryption](https://en.wikipedia.org/wiki/Authenticated_encryption).

Authentication
    The process of {term}`validiting<Validation>` an {term}`identity claim`.
    The term "authentication" here is semantically different from the one used in {term}`Authentication Key Flag`.

Authentication Key Flag
    A {term}`Key Flag` which indicates that a {term}`Component Key` can be used to prove control over {term}`private key material` with a challenge-response mechanism. This is typically done to log into a remote system, often using the OpenSSH protocol.

    Note that the term "authentication" is used in a different context here than {term}`Authentication` of {term}`identity claims<identity claim>` that are associated with a {term}`certificate`. See [](key-flags).

Authentication Tag
    See {term}`Message Authentication Code`.

Authenticity
    See {term}`Authentication`.

Back Signature
    See {term}`Primary Key Binding Signature`.

Binary Signature
    A {term}`Data Signature` with the {term}`Signature Type ID` `0x00`, which is used for binary data.

Binding
    The process of creating a {term}`Binding Signature` for a {term}`Component`, or the resulting {term}`Binding Signature`.
    
    See [](binding-signatures) for more.

Binding Signature
    A {term}`self-signature` on a {term}`component` which associates that {term}`component` to the issuing {term}`component key` in a {term}`certificate<OpenPGP Certificate>`.
    
    See [](binding-signatures) for more.

CA
    See {term}`Certification Authority`.

Capability
    The operations an {term}`OpenPGP Component Key` can perform. See [](key-flags).

Certificate
    See {term}`OpenPGP Certificate`

Certificate Authority
    See {term}`Certification Authority`

Certificate Holder
    A person or other entity, that holds an {term}`Transferable Secret Key` and thus is able to modify the accompanying {term}`OpenPGP Certificate`. Typically this is the owner of {term}`OpenPGP key`.

Certification
    A certification, in OpenPGP, is a signature that makes a statement about an {term}`identity` in a {term}`certificate<OpenPGP Certificate>`, or an entire {term}`certificate<OpenPGP Certificate>`.
     
     Most commonly, the term is applied to "[third-party certifications](third-party-certifications)," in which an external actor indicates that they have {term}`validated<Validation>` the link between an {term}`identity` and a {term}`certificate<OpenPGP Certificate>`. However, the term is also used for [self-signatures that bind identity components](bind-identity) to a {term}`certificate<OpenPGP Certificate>`.

Certification Authority
    Also known as [Certificate authority](https://en.wikipedia.org/wiki/Certificate_authority), this is an entity that handles digital certificates, especially by signing or issuing them.

Certification Key Flag
    A {term}`Key Flag`, indicating that a {term}`Component Key` can be used for issuing third-party {term}`certifications<Certification>`. See [](key-flags).

Certification Revocation Signature Packet
    An {term}`OpenPGP Signature Packet` to {term}`revoke<Revocation>` an earlier {term}`self-certification` of a {term}`User ID`.

    [RFC 5.2.1.13](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-certification-revocation-si)

Certification Signature
    See {term}`Certification`.

Certifying Self-Signature
    An {term}`OpenPGP Signature Packet` by the {term}`Certificate Holder` on an {term}`Identity Component` of their own {term}`Certificate`.

Certifying Signature
    See {term}`Certification`.

Cipher Type Byte
    This historical term was defined in [RFC 1991](https://datatracker.ietf.org/doc/html/rfc1991#section-4.1) and was subsequently superseded by {term}`Packet Tag` in [RFC 2440](https://datatracker.ietf.org/doc/html/rfc2440#section-4.2), which is in turn superseded by {term}`Packet Type ID` in the new [RFC](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-packet-headers).

Cleartext Signature
    A {term}`Data Signature` which exists in a combined text format, encapsulating the (readable) text input it was created for. See [](cleartext-signature).

Cleartext Signature Framework
    A framework for creating {term}`cleartext signatures<Cleartext Signature>`.
    See [RFC 7](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#cleartext-signature).

Component
    An element in an {term}`OpenPGP Certificate`, that represents a {term}`component key` or {term}`identity component`.

Component Key
    See {term}`OpenPGP Component Key`.

Compressed Data Packet
    A {term}`packet` that contains a compressed {term}`OpenPGP Message` (typically a {term}`Literal Data Packet`). A Compressed Data Packet represents a "compressed message".

Compression
    See {term}`Data Compression`.

Creation Time
    The point in time at which e.g. an {term}`OpenPGP Signature`, an {term}`OpenPGP Certificate`, or one of its {term}`component<Component>` is created.

Creator
    See {term}`Issuer`.

Criticality Flag
    A flag on {term}`Subpacket`s, that can mark them as critical or non-critical, which is has an influence on signature validation. See [](criticality-of-subpackets).

Cryptographic Key
    A {term}`symmetric<Symmetric Cryptography>` or {term}`asymmetric<Asymmetric Cryptography>` cryptographic key. See [](cryptography).

Cryptographic Signature
    A raw cryptographic signature is an algorithm-specific sequence of bytes created by a {term}`Cryptographic Key`.

CTB
    See {term}`Cipher Type Byte`.

Data Compression
    The process of encoding information using fewer bits than the original representation.
    In OpenPGP data compression is used to reduce the size required for encrypted messages.

    See Wikipedia on [Data Compression](https://en.wikipedia.org/wiki/Data_compression).

Data Signature
    {term}`Cryptographic signature` over binary documents or canonical text documents. See [](/signing_data).

Data Signature Packet
    An {term}`OpenPGP Signature Packet` which describes a {term}`Data Signature`. See [](/signing_data).

Delegation
    OpenPGP users can [delegate authentication decisions](delegation) to third parties, and thus rely on {term}`certifications<Certification>` they issue. The remote party is then called a "{term}`trusted introducer`".
    
    This kind of delegation involves {term}`certifications<Certification>` that include the {term}`trust signature` subpacket.

Detached Signature
    A {term}`Data Signature` which exists separately to the data it was created for. See [](forms-of-data-signatures).

Direct Key Signature
    Describes both a {term}`Signature Type ID`, as well as an according {term}`OpenPGP Signature` over a {term}`Primary Key`.

    Issued as a {term}`Self-Signature` it sets preferences and advertises {term}`features<Features Subpacket>` applicable to an entire {term}`Certificate`. See [](direct-key-signature).

Embedded Signature Subpacket
    An {term}`OpenPGP Signature Subpacket` which contains a complete {term}`OpenPGP Signature Packet`.

    See [RFC 5.2.3.34](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-embedded-signature)

Encrypted Data
    Data that is encrypted.

    See [](/encryption).

Encryption Key Flag
    A {term}`Key Flag`, indicating that a {term}`Component Key` can be used for encrypting data. See [](key-flags).

    There are two distinct encryption key flags, indicating that the key can encrypt communications, or data in long-term storage respectively.

Expiration
    A mechanism by which a {term}`Component` is invalidated due to the {term}`Expiration Time` of its {term}`binding signature` being older than the {term}`Reference Time` by which it is validated.

Expiration Time
    The time of expiry of an {term}`OpenPGP Signature Packet`.

Features Subpacket
    An {term}`OpenPGP Signature Subpacket`, which denotes advanced OpenPGP features an {term}`implementation<OpenPGP Implementation>` supports.

    For an in-depth view on these {term}`subpackets<OpenPGP Signature Subpacket>` see [](zoom-dks).

    See [RFC 5.2.3.32](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-features)

Fingerprint
    See {term}`OpenPGP Fingerprint`.

Hard Revocation
    A {term}`Revocation Signature Packet` for a {term}`Certification` or a {term}`Component Key`, which either includes a {term}`Reason For Revocation Subpacket` with a {term}`Revocation Code`, that signifies the target being compromised (e.g., `0` or `2`), or has no {term}`Reason For Revocation Subpacket` at all.

    See [](hard-vs-soft-revocations).

    See [RFC 5.2.3.31](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-reason-for-revocation).

Hash Algorithm
    See {term}`Hash Function`.

Hash Digest
    Output of a cryptographic hash function for a string of data of any length. See [](cryptographic-hash).

Hash Function
    A function used to map data of arbitrary size to fixed-size values (see {term}`Hash Digest`).

Hash Value
    See {term}`Hash Digest`.

Hashed Area
    An area in an {term}`OpenPGP Signature Packet` containing {term}`OpenPGP Signature Subpacket`s, that is covered by the {term}`Hash Digest` a {term}`Cryptographic Signature` is created for. See [](subpacket-areas).

Hashed Subpacket
    An {term}`OpenPGP Signature Subpacket` residing in the {term}`Hashed Area` of an {term}`OpenPGP Signature Packet`.

Hybrid Cryptosystem
    A cryptographic system that employs both {term}`Asymmetric Cryptography` and {term}`Symmetric Cryptography`. See [](hybrid-cryptosystems).

Identity
    An identity of a {term}`Certificate Holder`. It is represented by an {term}`Identity Component`, which may be certified using {term}`identity certifications<Identity Certification>`, or by a {term}`Notation`.

Identity Certification
    An {term}`OpenPGP Signature Packet` on an {term}`Identity Component` which {term}`certifies<Certification>` its {term}`authenticity<Authentication>`.
    
    Identity certifications can be issued either:
    - by the certificate holder, as a {term}`self-signature`, or
    - by a third party, as a {term}`third-party identity certifications<Third-party Identity Certification>`.

Identity Claim
    A {term}`Certificate Holder` may use {term}`Identity Components<Identity Component>` or {term}`Notations<Notation>` to state a claim about their {term}`Identity`.

Identity Component
    Part of an {term}`OpenPGP Certificate`, that is used to associate data about the {term}`Certificate Holder` with it. See [](identity-components) for further details.

Identity Verification
    A process by which the {term}`Identity Claim` of a {term}`Certificate Holder` is verified. See also {term}`Signature Verification`.

Initial Introducer
    An {term}`OpenPGP Certificate` explicitly {term}`delegated<Delegation>` to from a {term}`Trust Anchor`.

Inline Signature
    An [inline signature](inline-signature) is a type of {term}`OpenPGP message` which stores a {term}`Data Signature` alongside the message it signs. Both the message and the signature are stored in a shared OpenPGP container.
     
    The standard defines two variant formats for inline signatures:
     
    - {term}`One-pass signed Message`: This format is now commonly used.
    - {term}`Prefixed signed Message`: This is a historical format. It is still supported, but rarely used.
      
    For more context, see [](forms-of-data-signatures).

Issuer
    An entity, that created an {term}`OpenPGP Signature Packet` using a {term}`Transferable Secret Key`.

Issuer Fingerprint Subpacket
    A {term}`Subpacket` specifying the {term}`Fingerprint` of an {term}`Issuer Key`.

    See [RFC 5.2.3.35](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-issuer-fingerprint)

Issuer Key
    The {term}`OpenPGP Component Key` of an {term}`Issuer`, used to create an {term}`OpenPGP Signature Packet`.

Key
    In OpenPGP, and cryptography more generally, the term "key" holds different meanings.
     
    First, it can apply to different [cryptographic primitives](/cryptography):
    
    - asymmetric public key
    - asymmetric private key
    - {term}`Symmetric Secret Key`
    
    Additionally, in OpenPGP, asymmetric cryptographic keys are used on [three different layers](layers-of-keys-in-openpgp) of abstraction:
    
    - cryptographic key
    - OpenPGP component key
    - {term}`OpenPGP key` (which in turn refers to either an {term}`OpenPGP Certificate` or a {term}`Transferable Secret Key`

Key Expiration Time Subpacket
    An {term}`OpenPGP Signature Subpacket Type` which defines the {term}`Expiration Time` for a {term}`key<Component Key>`.

    See [RFC 5.2.3.13](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-key-expiration-time)

Key Flag
    A preference encoded in an {term}`OpenPGP Signature Subpacket`, that defines the {term}`Capability` a {term}`OpenPGP Component Key` has. See [](signature-subpackets).

Key Holder
    See {term}`Certificate Holder`.

Key ID
    A Key ID is a shorthand identifier for OpenPGP certificates (or for individual subkeys). A Key ID is a shortened versions of a {term}`fingerprint<OpenPGP Fingerprint>`:
    
    - For OpenPGP v6 keys, the Key ID consists of the high-order (leftmost) 64 bits of their {term}`OpenPGP Fingerprint`.
    - For OpenPGP v4 keys, the Key ID consists of the low-order (rightmost) 64 bits of their {term}`OpenPGP Fingerprint`.
    
    Note that since Key IDs are relatively short, they don't meaningfully guard against collisions. Applications must not assume that Key IDs are unique.

Key Material
    May refer to {term}`Public Key Material` or {term}`Private Key Material`.

Key Owner
    See {term}`Certificate Holder`.

Key Revocation Signature Packet
    A {term}`Revocation Self-signature` for an entire {term}`OpenPGP Certificate`.

Key Server
    A service available over the network, which provides access to {term}`OpenPGP Certificates<OpenPGP Certificate>` e.g., by searching for an {term}`OpenPGP Fingerprint` or {term}`User ID`, via the `HKP` and/ or `HKPS` protocols.
    Several implementations such as [hagrid](https://gitlab.com/keys.openpgp.org/hagrid/), or [hockeypuck](https://github.com/hockeypuck/hockeypuck) exist.

Life-cycle Management
    In OpenPGP several actions are necessary for the prolonged use of an {term}`OpenPGP Certificate` or adapting its {term}`components<Component>` to the requirements of the {term}`Certificate Holder`.
    These are for example changes to {term}`binding signatures<Binding Signature>` (adding or {term}`revocation` of {term}`component keys<Component Key>` or {term}`direct key signature<Direct Key Signature>`), modification of {term}`expiration time` or other {term}`metadata` for {term}`components<Component>`.
    See [](self-signatures).

Literal Data Packet
    A {term}`packet` that contains a payload of data. It represents a "literal message".
     
    A literal data packet typically stores the paintext data of an encrypted message, and/or the data of an inline signed message.
     
     See [RFC 5.9](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#lit).

MAC
    See {term}`Message Authentication Code`.

Master Key
    See {term}`OpenPGP Primary Key`.

Message Authentication Code
    A piece of information used for integrity and {term}`authenticity<Authentication>` verification of a message. See [](message-authentication-code).

Meta Introducer
    An {term}`OpenPGP Certificate` that acts as a {term}`Trusted introducer` and has a {term}`Trust Depth` greater than one.

    A meta introducer can introduce other (meta-) {term}`introducers<Trusted introducer>`.

Metadata
    Data related to preferences of an {term}`OpenPGP Certificate` or its {term}`Certificate Holder`, that can be found in {term}`signature` {term}`packets<Packet>`. See [](metadata-in-certificates).

Notation
    A mechanism for a {term}`Certificate Holder` to provide user-defined data using a {term}`Notation Signature Subpacket`.

Notation Signature Subpacket
    An {term}`OpenPGP Signature Subpacket` which is used to add user-defined data to a {term}`Certificate`. See [](notation-signature-subpackets).

Notation Tag
    Part of a {term}`Notation` name.

One-pass Signature Packet
    One or more {term}`packets<Packet>` before the actual data in a {term}`Data Signature` which contain information to allow a receiving {term}`implementation<OpenPGP Implementation>` to create {term}`hashes<Hash Digest>` required for signature verification.
     
     See [](one-pass-signature-packet).
     Also see [RFC 5.4](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#one-pass-sig).

One-pass signed Message
    The commonly used form of an OpenPGP {term}`Inline Signature`. It combines an {term}`OpenPGP Message` with {term}`signature packets<OpenPGP Signature Packet>` and accompanying auxiliary {term}`One-pass signatures<One-pass Signature Packet>`.
    
    For details see [](one-pass-signature).

OpenPGP Certificate
    An OpenPGP certificate contains public key material, identity claims and third party certifications (but no private key material)

OpenPGP Component Key
    An {term}`OpenPGP Primary Key` or {term}`OpenPGP Subkey`. For an in-depth discussion see [](component-keys).

OpenPGP data
    Any data in OpenPGP format, represented as a series of OpenPGP packets. The data could for example represent an {term}`OpenPGP Certificate`, or an {term}`OpenPGP Signature Packet` combined with plaintext or encrypted data.

OpenPGP Fingerprint
    An OpenPGP Fingerprint is a shorthand representation of an {term}`OpenPGP Component Key`. Fingerprints effectively act as unique identifiers. See [](fingerprint).
     
     The Fingerprint of the {term}`primary component key<OpenPGP Primary Key>` is used as an identifier for the full {term}`OpenPGP Certificate`.

OpenPGP Implementation
    A piece of software implementing the OpenPGP protocol (to some extend).

OpenPGP Key
    Used either for an {term}`OpenPGP Certificate` (containing public key material and metadata), or for an {term}`OpenPGP Private Key`. See [](/certificates) for an in-depth discussion.

OpenPGP Message
    A series of OpenPGP packets that represents one of the following formats:
    
    - an encrypted message
    - a signed message
    - a {term}`compressed message<compressed data packet>`
    - a {term}`literal message<literal data packet>`

    Also see [RFC 10.3](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-openpgp-messages).

OpenPGP Public Key
    See {term}`OpenPGP Certificate`.

OpenPGP Private Key
    See {term}`Transferable Secret Key`.

OpenPGP Primary Key
    An {term}`OpenPGP Component Key` that is used in the primary key role of an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](primary-key).

OpenPGP Signature
    See {term}`OpenPGP Signature Packet`.

OpenPGP Signature Packet
    A {term}`packet` that contains a raw {term}`cryptographic signature`, a {term}`Signature Type ID` and additional {term}`metadata`. See [](/signatures). Basic concepts are introduced in [](/signatures) and more detailed use-cases are explained in [](/signing_data) and [](/signing_components).

OpenPGP Signature Subpacket
    A data structure in a {term}`Signature Packet`, that describes {term}`metadata` and preferences. See [](signature-subpackets).

OpenPGP Signature Subpacket Type
    An {term}`OpenPGP Signature Subpacket` type.

OpenPGP Signature Type
    The type of an {term}`OpenPGP Signature Packet` is defined by its {term}`Signature Type ID`. See [](signature-types).

OpenPGP Signing Subkey
    An {term}`OpenPGP Subkey` with the {term}`Signing Key Flag`.

OpenPGP Subkey
    An {term}`OpenPGP Component Key` that is used in the subkey role, in an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](subkeys).

Owner
    See {term}`Certificate Holder`.

Packet
    An element in an {term}`OpenPGP Certificate` or {term}`OpenPGP Message`.

Packet Header
    A section of variable length at the beginning of a {term}`Packet`, which encodes for example the {term}`Packet Type ID`. See the relevant [section in the RFC](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-packet-headers), which explains this section in more detail.

Packet Tag
    This historical term was defined in [RFC 2440](https://datatracker.ietf.org/doc/html/rfc2440#section-4.2) and is superseded by {term}`Packet Type ID` in the new [RFC](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-packet-headers).

Packet Type ID
    A numerical value encoded in the first octet of a {term}`Packet Header`, defining a {term}`Packet`'s type.

Positive Certification
    An {term}`OpenPGP Signature Type` with the {term}`Signature Type ID` `0x13`, which is used in {term}`binding signatures<Binding Signature>` for {term}`User IDs<User ID>`. This {term}`OpenPGP Signature Type` implies that the {term}`issuer` has done substantial {term}`verification` of the {term}`Identity Claim`.

    See [](bind-identity).

Preferred Compression Algorithms Subpacket
    An {term}`OpenPGP Signature Subpacket Type` which defines the preferred {term}`compression algorithms<Data Compression>` for an {term}`OpenPGP Certificate` or {term}`Component Key`. This defines which {term}`algorithms<Data Compression>` the {term}`key holder<Certificate Holder>` prefers to receive.

    See [RFC 5.2.3.17](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-preferred-compression-algor).

Preferred Hash Algorithms Subpacket
    An {term}`OpenPGP Signature Subpacket Type` which defines the preferred {term}`hash algorithm<Hash Function>` for an {term}`OpenPGP Certificate` or {term}`Component Key`. This defines which algorithms the {term}`key holder<Certificate Holder>` prefers to receive.

    See [RFC 5.2.3.16](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-preferred-hash-algorithms).

Preferred Symmetric Ciphers for v1 SEIPD Subpacket
    An {term}`OpenPGP Signature Subpacket Type` which defines the preferred version 1 {term}`SEIPD<Symmetrically Encrypted Integrity Protected Data>` algorithms for an {term}`OpenPGP Certificate` or {term}`Component Key`. This defines which algorithms the {term}`key holder<Certificate Holder>` prefers to receive and implicitly signifies the supported algorithms of the {term}`key holder<Certificate Holder>`'s {term}`implementation<OpenPGP Implementation>`.

    See [RFC 5.2.3.14](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-preferred-symmetric-ciphers).

Preferred AEAD Ciphersuites Subpacket
    An {term}`OpenPGP Signature Subpacket Type` which defines the preferred version 2 {term}`SEIPD<Symmetrically Encrypted Integrity Protected Data>` algorithms for an {term}`OpenPGP Certificate` or {term}`Component Key`. This defines which algorithms the {term}`key holder<Certificate Holder>` prefers to receive and implicitly signifies the supported algorithms of the {term}`key holder<Certificate Holder>`'s {term}`implementation<OpenPGP Implementation>`.

    See [RFC 5.2.3.15](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-preferred-aead-ciphersuites)

Prefixed signed Message
    A type of {term}`Inline Signature`. This form of {term}`Inline Signature` is historical and now rarely used. Superseded by {term}`One-pass signed Message`.
     
     For details see [](prefixed-signature).

Primary Component Key
    See {term}`OpenPGP Primary Key`.

Primary Introducer
    See {term}`Initial Introducer`.

Primary Key
    See {term}`OpenPGP Primary Key`.

Primary Key Binding Signature
    A {term}`Binding Signature`, which is created by a {term}`OpenPGP Signing Subkey` on the {term}`OpenPGP Primary Key` of an {term}`OpenPGP Certificate` and stored in an {term}`Embedded Signature Subpacket` in the {term}`Binding Signature` for the {term}`OpenPGP Signing Subkey`.

    This special case is explained in more detail in [](bind-signing-subkey).

Primary User ID
    A {term}`User ID` which carries the default preferences for {term}`identity components<Identity Component>` without preferences.
    
    See [](primary-user-id).

Primary User ID Subpacket
    An {term}`OpenPGP Signature Subpacket` used in {term}`User ID self-signatures<User ID Binding Signature>` which allows to signify whether the {term}`User ID` in question is considered a {term}`Primary User ID`.

    See [RFC 5.2.3.27](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#primary-user-id-subpacket)

Primary User ID Binding Signature
    A {term}`Binding Signature`, which is created by an {term}`OpenPGP Primary Key` to bind a {term}`User ID` to its {term}`OpenPGP Certificate` and marking it as the {term}`Primary User ID`.

    This {term}`Binding Signature` may carry {term}`metadata` specific to the {term}`User ID` at hand as well as some applicable to the entire {term}`OpenPGP Certificate`.

    See [](primary-user-id-binding).

Private Key
    See {term}`Transferable Secret Key`.

Private Key Material
    A raw cryptographic private key.

Public Key
    See {term}`OpenPGP Public Key`.

Public Key Algorithm
    An {term}`asymmetric cryptographic<Asymmetric Cryptography>` algorithm. See [](public-key-cryptography).

Public Key Cryptography
    See {term}`Asymmetric Cryptography`.

Public Key Material
    See {term}`OpenPGP Certificate`.

Reason For Revocation Subpacket
    An {term}`OpenPGP Signature Subpacket`, which is used in {term}`Certification Revocation Signature Packet` and {term}`key revocation signature packets<Key Revocation Signature Packet>` to describe a reason for the {term}`revocation`.

    See [RFC 5.2.3.31](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-reason-for-revocation)

Reference Time
    A point in time at which an {term}`OpenPGP Certificate` or {term}`OpenPGP Signature` is evaluated.

Regular Expression Subpacket
    An {term}`OpenPGP Signature Subpacket` which allows for limiting {term}`delegations<Delegation>` to {term}`identities<Identity>` matching a regular expression.

Revocation
    Mechanism to invalidate a {term}`component` or an entire {term}`OpenPGP Certificate` using a {term}`Revocation Self-signature`. See [](revocations).

Revocation Certificate
    A {term}`Revocation Self-signature` for an {term}`OpenPGP Primary Key` distributed alongside the plain {term}`OpenPGP Primary Key`.

    See [RFC 10.1.2](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-openpgp-v6-revocation-certi)
    
    Note that in [OpenPGP v4 this term is typically used](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#section-10.1.3-6) for a bare {term}`Revocation Self-signature` {term}`packet<OpenPGP Signature Packet>`.

Revocation Code
    A number in a {term}`Reason For Revocation Subpacket` which represents the reason for a {term}`Revocation`.

Revocation Self-signature
    A class of {term}`self-signatures<Self-signature>` to {term}`revoke<Revocation>` {term}`primary keys<OpenPGP Primary Key>`, {term}`User IDs<User ID>` or {term}`User Attributes<User Attribute>` and invalidate {term}`subkey binding signatures<Subkey Binding Signature>`.

    See [](self-revocations).

Revocation Signature
    See {term}`Revocation Signature Packet`.

Revocation Signature Packet
    An {term}`OpenPGP Signature Packet` used for the {term}`revocation` of a {term}`certification` or {term}`binding`.
     
    Revocation signatures are often {term}`self-signatures<Self-signature>`, more specifically {term}`revocation self-signatures<Revocation Self-signature>`.
    However, *{term}`certification revocations<Certification Revocation Signature Packet>`* can be both {term}`self-signatures<Self-signature>` or {term}`third-party signatures<Third-party Signature>`.
    Additionally, with the deprecated *Revocation Key* mechanism, {term}`third-party<Third-party Signature>` *Key-* and *Subkey revocations* also exist.

RFC
    This document, unless noted otherwise, refers to the [OpenPGP version 6 specification](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) when referring to *RFC*.

SEIPD
    See {term}`Symmetrically Encrypted Integrity Protected Data`.

Self-certification
    A {term}`certification` on a {term}`component` of an {term}`OpenPGP Certificate` issued by a {term}`component key` of the same {term}`OpenPGP certificate`.

Secret Key Material
    See {term}`Private Key Material`.

Self-signature
    An {term}`OpenPGP Signature Packet` by the {term}`Certificate Holder` on a {term}`Component` of their own {term}`Certificate`.

Session Key
    A unique shared secret used in encryption in a {term}`Hybrid Cryptosystem`. See [](encryption) and [](decryption).

Soft Revocation
    A {term}`Revocation Signature Packet` for a {term}`Certification` or a {term}`Component Key`, which includes a {term}`Reason For Revocation Subpacket` with a {term}`Revocation Code`, that does not signify the target being compromised (e.g., `0` or `2`).

    See [](hard-vs-soft-revocations).

    See [RFC 5.2.3.31](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-reason-for-revocation).

Signature
    See {term}`OpenPGP Signature Packet`.

Signature Creation Time Subpacket
    An {term}`OpenPGP Signature Subpacket Type` which defines the {term}`Creation Time` for an {term}`OpenPGP Signature Packet`.

    See [RFC 5.2.3.11](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-signature-creation-time)

Signature Expiration Time Subpacket
    An {term}`OpenPGP Signature Subpacket Type` which defines the {term}`Expiration Time` for an {term}`OpenPGP Signature Packet`.

    See [RFC 5.2.3.18](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-signature-expiration-time)

Signature On Component
    {term}`Cryptographic signature` associated with {term}`Component Keys<Component Key>` or {term}`Identity Components<Identity Component>`. See [](/signing_components).

Signature Over Data
    See {term}`Data Signature`.

Signature Packet
    See {term}`OpenPGP Signature Packet`.

Signature Subpacket
    See {term}`OpenPGP Signature Subpacket`.

Signature Subpacket Type
    See {term}`OpenPGP Signature Subpacket Type`.

Signature Type
    See {term}`OpenPGP Signature Type`.

Signature Type ID
    A numerical identifier for a {term}`Signature Type<OpenPGP Signature Type>`.

Signature Verification
    In cryptography the mechanism of verification relates to a process in which a claim (i.e., a {term}`signature`) is tested (i.e., using the relevant {term}`components<Component>` of a {term}`certificate`).

Signer
    A {term}`Certificate Holder`, that is able to create {term}`self-signatures<Self-signature>` and {term}`third-party signatures<Third-party Signature>`.

Signing-capable
    See {term}`Signing Key Flag`.

Signing Key Flag
    A {term}`Key Flag`, indicating that a {term}`Component Key` can be used for signing data. See [](key-flags).

Signing Subkey
    See {term}`OpenPGP Signing Subkey`.

Strong Authentication
    "Strong Authentication" in this text refers to having ascertained that a {term}`certificate<OpenPGP Certificate>` and an {term}`identity claim` on it are legitimately linked. That is, that the person who controls the {term}`certificate<OpenPGP Certificate>` is correctly represented by the {term}`identity component`.
     
     Strong authentication in OpenPGP is typically encoded with a {term}`certification signature`.
     
     Ascertaining strong authentication requires an out-of-band check: Either via a manual {term}`verification` process, or an automated system that can {term}`certify<Certification>` that a user has identified to the system that issues the {term}`identity` in question (e.g. an email provider can {term}`certify<Certification>` email-based {term}`identities<Identity>` that it issues to the user).
    
    Also see {term}`Authentication`.

Subkey
    See {term}`OpenPGP Subkey`.

Subkey Binding Signature
    A {term}`Self-signature` to associate an {term}`OpenPGP Subkey` with an {term}`OpenPGP Primary Key`. See [](bind-subkey).

Subkey Revocation Signature Packet
    A {term}`Self-signature` to {term}`revoke<Revocation>` an {term}`OpenPGP Subkey` in an {term}`OpenPGP Certificate`.

    See [RFC 5.2.1.12](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-subkey-revocation-signature)

Subpacket
    See {term}`OpenPGP Signature Subpacket`.

Subpacket Type
    See {term}`OpenPGP Signature Subpacket Type`.

Symmetric Cryptography
    Symmetric cryptography is used in OpenPGP. For a more detailed discussion see [](symmetric-key-cryptography).

Symmetrically Encrypted Integrity Protected Data
    Short *SEIPD*, this refers to {term}`Symmetric Cryptography` based encrypted data, which is used in a Symmetrically Encrypted Integrity Protected Data Packet.

    See [RFC 5.13](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-symmetrically-encrypted-int).

Symmetric Secret Key
    The {term}`Private Key Material` used in {term}`Symmetric Cryptography`.

Text Signature
    A {term}`signature packet<OpenPGP signature packet>` with the {term}`Signature Type ID` `0x01`, which is used for textual data.

Third-party Identity Certification
    {term}`Certification` by third-parties to confirm ownership of an {term}`OpenPGP Certificate` ({term}`Identity Claim`) by a {term}`Certificate Holder`. See [](third-party-identity-certifications).

Third-party Signature
    A {term}`Signature` by a third-party on a {term}`Component` of a {term}`Certificate`.

Transferable Secret Key
    A Transferable Secret Key (TSK) is the combination of an {term}`OpenPGP Certificate` and the associated {term}`private key material`. Also often referred to as an "OpenPGP private key". It is discussed in detail in [](/private_keys).

Trust Amount
    A numerical value between `0` and `255`, stored in {term}`trust signatures<Trust Signature>` used for indicating the degree of reliance on the {term}`delegation`.
    Values less than `120` indicate partial trust, values equal to or greater than `120` indicate complete trust.

    See [](trust-amount).
    See [RFC 5.2.3.21](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-trust-signature)

Trust Anchor
    An entity in a {term}`Trust Model` for which trust is assumed and not derived.

Trust Depth
    This numerical value is part of a {term}`Trust Signature` and describes the extent of trustworthiness of a {term}`Certification`, that the {term}`signer` assigns to it.

    See [](trust-level).

Trust Level
    See {term}`Trust Depth`.

Trust Model
    A model by which trust between {term}`identities<Identity>` associated with different {term}`OpenPGP Certificates<OpenPGP Certificate>` is created. See [](third-party-identity-certifications).

Trust Root
    See {term}`Trust Anchor`.

Trust Signature
    The *trust signature* {term}`subpacket<OpenPGP Signature Subpacket>` on a {term}`certifying signature<Certification>` is used for {term}`delegation` of {term}`authentication` decisions. With this feature, an OpenPGP user can designate a {term}`certificate<OpenPGP Certificate>` as a "{term}`trusted introducer`" and opt to rely on {term}`certifications<Certification>` they issue.

    See [RFC 5.2.3.21](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-trust-signature)

Trusted introducer
    OpenPGP users can choose to rely on {term}`certifications<Certification>` issued by a third party. The remote party of such a {term}`delegation` is called a "trusted introducer".
     
     See [](delegation) for more details. 

TSK
    See {term}`Transferable Secret Key`.

tsig
    See {term}`Trust signature`

Type ID
    See {term}`Signature Type ID`.

Unhashed Area
    An area in a {term}`Signature Packet` containing {term}`Signature Subpacket`s, that is *not* covered by the {term}`Hash Digest` a {term}`Cryptographic Signature` is created for. See [](subpacket-areas).

Unhashed Subpacket
    A {term}`Signature Subpacket` residing in the {term}`Unhashed Area` of a {term}`Signature Packet`.

User Attribute
    An {term}`Identity Component`, which may hold complex attribute data, e.g. a single JPEG image. See [](user-attributes).

User ID
    An {term}`Identity Component`, which describes an {term}`Identity` of a {term}`Certificate Holder`. See [](user-ids).

User ID Binding Signature
    A {term}`Binding Signature`, which is created by an {term}`OpenPGP Primary Key` to bind a {term}`User ID` to an {term}`OpenPGP Certificate`.

Validation
    A mechanism by which the [operational needs of a use-case are met](https://en.wikipedia.org/wiki/Verification_and_validation#Validation).
    In OpenPGP terminology this may refer to processes such as ensuring, that an {term}`OpenPGP Signature Packet` has been created after a {term}`Transferable Secret Key`'s {term}`Creation Time`, but before its {term}`Expiration Time`.

Validity
    See {term}`Validation`.

Verification
    A mechanism by which the [compliance with design specifications are met](https://en.wikipedia.org/wiki/Verification_and_validation#Verification).
    In OpenPGP terminology this may refer to e.g. {term}`Signature Verification` or {term}`Identity Verification`.

Web Of Trust
    A {term}`trust model` which is based on a network of {term}`certifications<Certification>` and {term}`delegations<Delegation>`, that can be used to discern the reliability of {term}`certificates<Certificate>` and their associated {term}`identities<Identity>`. See [](wot).