(Rough merge of two precursor projects by Heiko, and outline notes by Paul)
2.7 KiB
Signatures as "statments"
- Purpose of a signature
- Meaning of different signature types, nuances of subpackets
- Can we have a "catalogue" of statements a user might want to make, mapping these to archetypical signatures?
- Revocation; Hard vs. Soft
Certifications (third party signatures on keys)
A certification is a machine-readable statement about a (public) key, made by a third party. In OpenPGP, certifications are implemented as Signature Packets.
More specifically, certifications in OpenPGP are usually modelled as "third party binding signatures".
Typically, certifications in OpenPGP work like this: Alice checks that a key 0x1234...
belongs to Bob, who uses the
email address bob@example.org
. After making sure that the key 0x1234...
and the digital identity bob@example.org
are meaningfully linked, she creates a certification stating that the key and the identity are linked.
Such a certification can serve two purposes:
- Alice's OpenPGP software can now reason about Bob's key, and thus show that
0x1234...
is a good key to use for interacting withbob@example.org
. - Other parties can observe Alice's certification and derive some amount of confidence in Bob's key from it.
For example, Carol might not easily be able to check if
0x1234...
is Bob's key, but she might consider Alice's certification for Bob's key sufficient evidence.
Carol may decide to systematically rely on Alice's certifications. Then we say that Carol uses Alice as a "trusted introducer". That is, Carol delegates part of her authentication decisions to Alice.
Regular certifications
Are a cryptographic statement that binds a User ID and a Key (via its fingerprint) together.
Have a SignatureType in GenericCertification, PersonaCertification, CasualCertification, PositiveCertification
.
Trust signatures (using a key as "trusted introducer")
A "trust signature" has two additional parameters: a depth
and a level
.
Alternative model: direct key signatures for pure delegation
This is useful for using 0xB as a trusted introducer without asserting that 0xB is Bob (when a tsig is on a User ID, it is necessarily also a vouch about the binding).
The logical place to store a tsig that is not also a vouch about a binding is a direct key signature (however, GnuPG does probably not respect such tsigs).
The OpenPGP Web of Trust spec allows such direct key signatures.
SignatureType is DirectKey
In Sequoia, roughly:
SignatureBuilder::new(SignatureType::GenericCertification).set_trust_signature(..).sign_direct_key(&mut your_signer, &signee_cert.primary_key())