vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-10 11:49:40 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add section on well-formedness

Browse source
This commit is contained in:
Paul Schaub 2023-11-24 23:23:43 +01:00
parent 1bb46763ec
commit 2467c044b8
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
1 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
book/source/09-verification.md
View file

@ -32,6 +32,18 @@ This is especially the case with signatures created by dedicated signing subkeys
* **Revocation**: * **Revocation**:
Lastly, signatures can be invalidated by revocations. Lastly, signatures can be invalidated by revocations.
### Well-formedness of signatures
There is a number of criteria, that a signature must fulfill in order to be considered well-formed:
- Each signature MUST have a signature creation time subpacket in its hashed subpacket area. A signature with only a unhashed creation time - or none at all - is not well-formed.
- The signature cannot be older than the key that issued it.
- Analogous, a signature with a creation time in the future needs to be rejected as well.
- A well-formed signature needs to carry an Issuer Fingerprint subpacket, or an Issuer KeyID subpacket.
It is generally recommended to place those in the hashed area of the signature, but a receiving implementation may also accept signatures which only contain unhashed copies of these subpackets.
- A signature disqualifies as well-formed, if it contains subpackets unknown to the implementation, which are marked as critical.
Unknown subpackets which are not marked as critical do not have an effect on whether the signature is well-formed.
- The same applies to notations. Critical, unknown notations result render the signature malformed.
(temporal-validity)= (temporal-validity)=
### Temporal validity ### Temporal validity