vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-12-10 07:31:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

Add glossary entries and links for chapter 1 - 4 and 6

Browse source 
Signed-off-by: David Runge <dave@sleepmap.de>
This commit is contained in:
David Runge 2023-10-27 13:40:22 +02:00
parent 840d6bdd0f
commit 9848143e77
No known key found for this signature in database
GPG key ID: 90D4B9641E092971
6 changed files with 531 additions and 184 deletions
Download patch file Download diff file Expand all files Collapse all files

359
book/source/23-glossary.md
View file

@ -8,39 +8,370 @@ SPDX-License-Identifier: CC-BY-SA-4.0
```{glossary}
:sorted:
Authentication
Checking the validity of a claim (e.g. an identity claim). Making sure that a claim is "authentic."
Asymmetric Cryptography
Asymmetric cryptography is used in OpenPGP. For a more detailed discussion see [](public_key_asymmetric_cryptography).
Certification
"Third party Signature" on a certificate, making a statement about that certificate, or an identity in the certificate
Authentication
The process of {term}`validiting<Validation>` an {term}`identity claim`.
The term "authentication" here is semantically different from the one used in {term}`Authentication Key Flag`.
Authentication Key Flag
A {term}`Key Flag`, which indicates that a {term}`Component Key` can be used to confirm control over {term}`private key material` against a remote system. The term "authentication" here is semantically different from {term}`Authentication`. See [](capabilities_key_flags).
Authentication Tag
See {term}`Message Authentication Code`.
Authenticity
See {term}`Authentication`.
CA
[Certificate authority](https://en.wikipedia.org/wiki/Certificate_authority) or certification authority. An entity that handles digital certificates, especially by signing or issuing them.
See {term}`Certification Authority`.
Delegation
See {term}`Trust signature`
Capability
The operations an {term}`OpenPGP Component Key` can perform. See [](capabilities_key_flags).
Certificate
See {term}`OpenPGP Certificate`
Certificate Authority
See {term}`Certification Authority`
Certification Authority
Also known as [Certificate authority](https://en.wikipedia.org/wiki/Certificate_authority), this is an entity that handles digital certificates, especially by signing or issuing them.
Certificate Holder
A person or other entity, that holds an {term}`Transferable Secret Key` and thus is able to modify the accompanying {term}`OpenPGP Certificate`.
Certification
"Third party Signature" on a certificate, making a statement about that {term}`certificate<OpenPGP Certificate>`, or an {term}`identity` in the {term}`certificate<OpenPGP Certificate>`.
Certification Key Flag
A {term}`Key Flag`, indicating that a {term}`Component Key` can be used for issuing third-party {term}`certifications<Certification>`. See [](capabilities_key_flags).
Cipher Type Byte
This historical term was defined in [RFC 1991](https://datatracker.ietf.org/doc/html/rfc1991#section-4.1) and was subsequently superseded by {term}`Packet Tag` in [RFC 2440](https://datatracker.ietf.org/doc/html/rfc2440#section-4.2), which is in turn superseded by {term}`Packet Type ID` in the new [RFC](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-packet-headers).
Component
An element in an {term}`OpenPGP Certificate`, that represents a {term}`component key` or {term}`identity component`.
Component Key
See {term}`OpenPGP Component Key`.
Creation Time
The point in time at which e.g. an {term}`OpenPGP Certificate`, or one of its {term}`component<Component>` is created.
Creator
See {term}`Issuer`.
Criticality Flag
A flag on {term}`Subpacket`s, that defines their criticality, which is used for validation. See [](criticality_of_subpackets).
Cryptographic Key
A {term}`symmetric<Symmetric Cryptography>` or {term}`asymmetric<Asymmetric Cryptography>` cryptographic key is used for signing and encryption operations. See [](03-cryptography).
Cryptographic Signature
A raw cryptographic signature is a sequence of bytes created by a {term}`Cryptographic Key`.
CTB
See {term}`Cipher Type Byte`.
Delegation
See {term}`Trust signature`
Direct Key Signature
A {term}`Signature` that sets preferences and advertises features applicable to an entire {term}`Certificate`. See [](direct_key_signature).
Encryption Key Flag
A {term}`Key Flag`, indicating that a {term}`Component Key` can be used for encrypting data. See [](capabilities_key_flags).
Expiration
A mechanism by which a {term}`Component` is invalidated due to the {term}`Expiration Time` of its binding signature being older than the {term}`Reference Time` by which it is validated.
Expiration Date Subpacket
An {term}`OpenPGP Signature Subpacket Type` which defines the {term}`Expiration Time` for an {term}`OpenPGP Signature Packet`.
Expiration Time
The time of expiry of an {term}`OpenPGP Signature Packet`.
Fingerprint
See {term}`OpenPGP Fingerprint`.
Hash Digest
Output of a cryptographic hash function for a string of data of any length. See [](crypto-hash).
Hashed Area
An area in an {term}`OpenPGP Signature Packet` containing {term}`OpenPGP Signature Subpacket`s, that is covered by the {term}`Hash Digest` a {term}`Cryptographic Signature` is created for. See [](hashed_and_unhashed_signature_subpackets).
Hashed Subpacket
An {term}`OpenPGP Signature Subpacket` residing in the {term}`Hashed Area` of an {term}`OpenPGP Signature Packet`.
Hybrid Cryptosystem
A cryptographic system that employs both {term}`Asymmetric Cryptography` and {term}`Symmetric Cryptography`. See [](hybrid_cryptosystems).
Identity
An identity of a {term}`Certificate Holder`. It is represented by an {term}`Identity Component`, which may be certified using {term}`third-party identity certifications<Third-party Identity Certification>`, or by a {term}`Notation`.
Identity Claim
A {term}`Certificate Holder` may use {term}`Identity Components<Identity Component>` or {term}`Notations<Notation>` to state a claim about their {term}`Identity`.
Identity Component
Part of an {term}`OpenPGP Certificate`, that is used to associate data about the {term}`Certificate Holder` with it. See [](identity_components) for further details.
Identity Verification
A process by which the {term}`Identity Claim` of a {term}`Certificate Holder` is verified. See also {term}`Signature Verification`.
Issuer
An entity, that created an {term}`OpenPGP Signature Packet` using an {term}`Transferable Secret Key`.
Issuer Fingerprint Subpacket
A {term}`Subpacket` specifying the {term}`Fingerprint` of an {term}`Issuer Key`.
Issuer Key
The {term}`OpenPGP Component Key` of an {term}`Issuer`, used to create an {term}`OpenPGP Signature Packet`.
Key
See {term}`OpenPGP Key`
In OpenPGP, and cryptography more generally, the term "key" holds different meanings.
First, it can apply to different [cryptographic primitives](cryptography_chapter):
- asymmetric public key
- asymmetric private key
- {term}`Symmetric Secret Key`
Additionally, in OpenPGP, asymmetric cryptographic keys are used on [three different layers](layers_of_keys_in_openpgp) of abstraction:
- cryptographic key
- OpenPGP component key
- {term}`OpenPGP key` (which in turn refers to either an {term}`OpenPGP Certificate` or a {term}`Transferable Secret Key`
OpenPGP Key
Used either for an OpenPGP Certificate (containing public key material and metadata), or for an See {term}`OpenPGP Private Key`
Key Flag
A preference encoded in an {term}`OpenPGP Signature Subpacket`, that defines the {term}`Capability` a {term}`OpenPGP Component Key` has. See [](signature_subpackets).
OpenPGP Private Key
The combination of an {term}`OpenPGP Certificate` and the associated private key material
Key ID
The high-order (leftmost) 64 bits of an {term}`OpenPGP Fingerprint`.
Historically, this term refers to the low-order (rightmost) 64 bits of an {term}`OpenPGP Fingerprint`.
Key Material
May refer to {term}`Public Key Material` or {term}`Private Key Material`.
Key Holder
See {term}`Certificate Holder`.
Key Owner
See {term}`Certificate Holder`.
MAC
See {term}`Message Authentication Code`.
Master Key
See {term}`OpenPGP Primary Key`.
Message Authentication Code
A piece of information used for integrity and {term}`authenticity<Authentication>` verification of a message. See [](message_authentication_codes).
Metadata
Data related to preferences of an {term}`OpenPGP Certificate` or its {term}`Certificate Holder`, that can be found in {term}`signature` {term}`packets<Packet>`. See [](metadata_in_certificates).
Notation
A mechanism for a {term}`Certificate Holder` to provide user-defined data using a {term}`Notation Signature Subpacket`.
Notation Signature Subpacket
An {term}`OpenPGP Signature Subpacket` which is used to add user-defined data to a {term}`Certificate`. See [](notation_signature_subpackets).
Notation Tag
Part of a {term}`Notation` name.
OpenPGP Certificate
An OpenPGP certificate contains public key material, identity claims and third party certifications (but no private key material)
OpenPGP Component Key
An {term}`OpenPGP Primary Key` or {term}`OpenPGP Subkey`. For an in-depth discussion see [](component_keys).
OpenPGP Fingerprint
A fingerprint, that is unique for each {term}`OpenPGP Component Key`. See [](fingerprint).
OpenPGP Implementation
A piece of software implementing the OpenPGP protocol (to some extend).
OpenPGP Key
Used either for an {term}`OpenPGP Certificate` (containing public key material and metadata), or for an {term}`OpenPGP Private Key`. See [](/04-certificates) for an in-depth discussion.
OpenPGP Public Key
See {term}`OpenPGP Certificate`.
OpenPGP Private Key
See {term}`Transferable Secret Key`.
OpenPGP Primary Key
The primary key of an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](primary_key).
OpenPGP Signature
See {term}`OpenPGP Signature Packet`.
OpenPGP Signature Packet
A {term}`packet` that contains a raw {term}`cryptographic signature`, a {term}`Signature Type ID` and additional {term}`metadata`. See [](/06-signatures). Basic concepts are introduced in [](/06-signatures) and more detailed use-cases are explained in [](/07-signing_data) and [](/08-signing_components).
OpenPGP Signature Subpacket
A data structure in a {term}`Signature Packet`, that describes {term}`metadata` and preferences. See [](signature_subpackets).
OpenPGP Signature Subpacket Type
An {term}`OpenPGP Signature Subpacket` type.
OpenPGP Signature Type
The type of an {term}`OpenPGP Signature Packet` is defined by its {term}`Signature Type ID`. See [](signature_types).
OpenPGP Subkey
A subkey of an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](subkeys).
Owner
See {term}`Certificate Holder`.
Packet
An element in an {term}`OpenPGP Certificate`, which represents {term}`components<Component>` or {term}`signatures<OpenPGP Signature Packet>`.
Packet Header
A section of variable length at the beginning of a {term}`Packet`, which encodes for example the {term}`Packet Type ID`. See the relevant [section in the RFC](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-packet-headers), which explains this section in more detail.
Packet Tag
This historical term was defined in [RFC 2440](https://datatracker.ietf.org/doc/html/rfc2440#section-4.2) and is superseded by {term}`Packet Type ID` in the new [RFC](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-packet-headers).
Packet Type ID
A numerical value encoded in the first octet of a {term}`Packet Header`, defining a {term}`Packet`'s type.
Primary Component Key
See {term}`OpenPGP Primary Key`.
Primary Key
See {term}`OpenPGP Primary Key`.
Primary User ID
A {term}`User ID` which carries the default preferences for {term}`identity components<Identity Component>` without preferences. See [](primary_user_id).
Private Key
See {term}`Transferable Secret Key`.
Private Key Material
A raw cryptographic private key.
Public Key
See {term}`OpenPGP Public Key`.
Public Key Algorithm
An {term}`asymmetric cryptographic<Asymmetric Cryptography>` algorithm. See [](public_key_asymmetric_cryptography).
Public Key Cryptography
See {term}`Asymmetric Cryptography`.
Public Key Material
See {term}`OpenPGP Certificate`.
Reference Time
A point in time at which an {term}`OpenPGP Certificate` is evaluated.
Revocation
Mechanism to invalidate a {term}`component` or an entire {term}`OpenPGP Certificate`. See [](revocations).
Revocation certificate
A type of signature that invalidates a previous statement made via a signature
A type of {term}`signature` that invalidates a previous statement made via a {term}`signature`
RFC
This document, unless noted otherwise, refers to the [OpenPGP version 6 specification](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) when referring to *RFC*.
Self-signature
An {term}`OpenPGP Signature Packet` by the {term}`Certificate Holder` on a {term}`Component` of their own {term}`Certificate`.
Session Key
A unique shared secret used in encryption in a {term}`Hybrid Cryptosystem`. See {ref}`encryption_chapter` and {ref}`decryption_chapter`.
Signature
See {term}`OpenPGP Signature Packet`.
Signature On Component
{term}`Cryptographic signature` associated with {term}`Component Keys<Component Key>` or {term}`Identity Components<Identity Component>`. See [](/08-signing_components).
Signature Over Data
{term}`Cryptographic signature` over binary documents or canonical text documents. See [](/07-signing_data).
Signature Packet
See {term}`OpenPGP Signature Packet`.
Signature Subpacket
See {term}`OpenPGP Signature Subpacket`.
Signature Subpacket Type
See {term}`OpenPGP Signature Subpacket Type`.
Signature Type
See {term}`OpenPGP Signature Type`.
Signature Type ID
A numerical identifier for a {term}`Signature Type`.
Signature Verification
In cryptography the mechanism of verification relates to a process in which a claim (i.e., a {term}`signature`) is tested (i.e., using the relevant {term}`components<Component>` of a {term}`certificate`).
Signer
A {term}`Certificate Holder`, that is able to create {term}`self-signatures<Self-signature>` and {term}`third-party signatures<Third-party Signature>`.
Signing Key Flag
A {term}`Key Flag`, indicating that a {term}`Component Key` can be used for signing data. See [](capabilities_key_flags).
Subkey
See {term}`OpenPGP Subkey`.
Subpacket
See {term}`OpenPGP Signature Subpacket`.
Subpacket Type
See {term}`OpenPGP Signature Subpacket Type`.
Symmetric Cryptography
Symmetric cryptography is used in OpenPGP. For a more detailed discussion see [](symmetric_key_cryptography).
Symmetric Secret Key
The {term}`Private Key Material` used in {term}`Symmetric Cryptography`.
Third-party Identity Certification
{term}`Certification` by third-parties to confirm ownership of an {term}`OpenPGP Certificate` by a {term}`Certificate Holder`. See [](third_party_identity_certifications).
Third-party Signature
A {term}`Signature` by a third-party on a {term}`Component` of a {term}`Certificate`.
Transferable Secret Key
A Transferable Secret Key (TSK) is the combination of an {term}`OpenPGP Certificate` and the associated {term}`private key material`. Also often referred to as an "OpenPGP private key". It is discussed in detail in [](/05-private).
Trust Model
A model by which trust between {term}`identities<Identity>` associated with different {term}`OpenPGP Certificates<OpenPGP Certificate>` is created. See [](third_party_identity_certifications).
Trust signature
a specific type of certification for a certificate, which marks that key as a "trusted introducer" (i.e. the party that creates the trust signature signals that they will trust certifications that the "trusted introducer" makes on certificates)
TSK
See {term}`Transferable Secret Key`.
tsig
See {term}`Trust signature`
```
Type ID
See {term}`Signature Type ID`.
Unhashed Area
An area in a {term}`Signature Packet` containing {term}`Signature Subpacket`s, that is *not* covered by the {term}`Hash Digest` a {term}`Cryptographic Signature` is created for. See [](hashed_and_unhashed_signature_subpackets).
Unhashed Subpacket
A {term}`Signature Subpacket` residing in the {term}`Unhashed Area` of a {term}`Signature Packet`.
User ID
An {term}`Identity Component`, which describes an {term}`Identity` of a {term}`Certificate Holder`. See [](user_ids_in_openpgp_certificates).
Validation
A mechanism by which the [operational needs of a use-case are met](https://en.wikipedia.org/wiki/Verification_and_validation#Validation).
In OpenPGP terminology this may refer to processes such as ensuring, that an {term}`OpenPGP Signature Packet` has been created after a {term}`Transferable Secret Key`'s {term}`Creation Time`, but before its {term}`Expiration Time`.
Validity
See {term}`Validation`.
Verification
A mechanism by which the [compliance with design specifications are met](https://en.wikipedia.org/wiki/Verification_and_validation#Verification).
In OpenPGP terminology this may refer to e.g. {term}`Signature Verification` or {term}`Identity Verification`.
```