vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-09 11:19:41 +02:00
Code Issues Projects Releases Packages Wiki Activity

fix suggested by paul

Browse source
This commit is contained in:
Heiko Schaefer 2023-12-07 12:02:07 +01:00
parent c6137f43e2
commit 54f0bb31e4
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
book/source/04-certificates.md
View file

@ -326,9 +326,11 @@ Component keys use *Key Expiration Time* subpackets for expressing the expiratio
Since OpenPGP certificates act as ["append only" data structures](append-only), existing components or signatures cannot simply be "removed." Instead, they can be marked as invalid by issuing revocation signatures. These additional revocation signatures are added to the certificate.
Each component, such as User ID and a subkey, may be revoked without affecting the rest of the certificate.
Each component, such as User ID and a subkey, can be revoked without affecting the rest of the certificate.
Revoking the primary key with a [*Key revocation signature*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-key-revocation-signature-ty) (type ID `0x20`) is a special case: This marks the entire certificate, including all of its components unusable.
The *primary User ID* is an exception: when it is revoked, the entire certificate is considered invalid.
Revoking the primary key with a [*Key revocation signature*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-key-revocation-signature-ty) (type ID `0x20`) also marks the entire certificate, including all of its components, as invalid and unusable.
#### Semantics of Revocations