vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-10 19:59:40 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add diagram about narrow interpretation of signatures

Browse source
This commit is contained in:
Paul Schaub 2023-11-10 16:27:52 +01:00 committed by Heiko Schaefer
parent b04b823830
commit bc25296cec
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
3 changed files with 95 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
book/source/09-verification.md
View file

@ -139,6 +139,12 @@ For example, the latest direct-key signature could list "SHA512, SHA384" as hash
For yet another User-ID "Bobby", the self-signature could list no hash algorithm preferences at all.
If the user wants to compose a signed message using the associated OpenPGP key, they need to figure out, which preferences to use.
The specification recommends, that implementations decide which signature takes precendence by the way the certificate is "addressed".
```{figure} drawio/narrow-interpretation.png
Preferrences are sourced from different component signatures, depending on how the key is addressed.
```
If the user wants to write an email as "Bob", it should consider the signature on "Bob", so SHA256 should be used as hash algorithm.
If instead the user wants to write as "Bobby", the impementation should inspect the self-certification on "Bobby" instead.
However, since this signature does not carry any hash algorithm preferences subpacket, the implementation must fall back to the direct-key signature instead.