vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-10 11:49:40 +02:00
Code Issues Projects Releases Packages Wiki Activity

swap chapters on signing components and data

Browse source
This commit is contained in:
Heiko Schaefer 2023-10-27 00:10:53 +02:00
parent 06d3e1f230
commit 0cf0c2069c
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
3 changed files with 24 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

30
book/source/06-signatures.md
View file

@ -26,17 +26,6 @@ show our visuals for these two layers of meaning:
- box with yellow tag-thing, including sig-circle
```
## Structure of an OpenPGP signature
As outlined above, an OpenPGP signature is a composite data structure, which combines:
- A *signature type ID*, which specifies the intended meaning of the signature,
- Metadata (which is variable and depends in part on the type ID),
- Most of this metadata is encoded as so-called "subpackets," see {ref}`signature_subpackets`,
- A raw cryptographic signature.
The cryptographic signature is calculated by its issuer. It certifies a hash digest, which in turn combines a set of input data. The exact input data depends on the signature type. Roughly: the hash digest is over the elements that the OpenPGP signature makes a statement about, combined with the metadata in the OpenPGP signature packet itself. More on this later.
## Types of signatures in OpenPGP
The OpenPGP standard defines a set of [Signature Types](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-signature-types), each identified by a numerical *signature type ID*. Signature types define the intent of a signature, and how it needs to be interpreted.
@ -48,12 +37,23 @@ An overview of signature types in OpenPGP
Most OpenPGP signature types can be classified as either:
- *Signatures on components* (that is: signatures that apply to component keys or identity components), or
- *Signatures over data*.
- *Signatures over data*, or
- *Signatures on components* (that is: signatures that apply to component keys or identity components).
In this chapter, we discuss the general principles of OpenPGP signatures.
In this chapter, we discuss the general principles of OpenPGP signatures, which apply to all types of OpenPGP signatures.
For more detail about specific types of signatures, see the chapters {ref}`component_signatures_chapter` and {ref}`signing_data`, respectively.
For more detail about specific types of signatures, see the chapters {ref}`signing_data` and {ref}`component_signatures_chapter`, respectively.
## Structure of an OpenPGP signature
As outlined above, an OpenPGP signature is a composite data structure, which combines:
- A *signature type ID* (see above), which specifies the intended meaning of the signature,
- Metadata (which is variable and depends in part on the type ID),
- Most of this metadata is encoded as so-called "subpackets," see {ref}`signature_subpackets`,
- A raw cryptographic signature.
The cryptographic signature is calculated by its issuer. It certifies a hash digest, which in turn combines a set of input data. The exact input data depends on the signature type. Roughly: the hash digest is over the elements that the OpenPGP signature makes a statement about, combined with the metadata in the OpenPGP signature packet itself. More on this later.
(signature_subpackets)=
## Signature subpackets