vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-10 11:49:40 +02:00
Code Issues Projects Releases Packages Wiki Activity

Attribute shadowing

Browse source
This commit is contained in:
Paul Schaub 2023-11-09 17:29:26 +01:00 committed by Heiko Schaefer
parent 5ab4546144
commit 55396e8452
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
book/source/09-verification.md
View file

@ -76,7 +76,14 @@ On the other hand, in order to verify a data signature over a text document, an
### Attribute Shadowing
TODO
When determining preferences of a key, different signatures can be inspected.
For example, when using a signing subkey to generate a data signature, the implementation might want to check for hash algorithm preferences on the subkey binding signature.
At the same time, the specification states, that signature subpackets on the direct-key signature of the OpenPGP keys primary key apply to the whole key (therefore also to the signing subkey).
In this case, the implementation uses the preferences from the subkey binding signature, but if no such subpacket is found on the latest binding signature, it falls back to the preferences of the direct-key signature.
This is called attribute shadowing, since direct-key signature subpackets apply to all subkeys, but are shadowed by binding signature subpackets.
Note: Attribute shadowing should only be used for algorithm preferences, since there are subpacket types where shadowing makes no sense (e.g. key expiration time subpackets).
### Revocations