Add diagram about narrow interpretation of signatures

2025-09-10 11:49:40 +02:00 · 2023-11-10 16:27:52 +01:00 · 2023-11-10 16:27:52 +01:00 · bc25296cec
commit bc25296cec
parent b04b823830
3 changed files with 95 additions and 0 deletions
--- a/book/source/09-verification.md
+++ b/book/source/09-verification.md
@ -139,6 +139,12 @@ For example, the latest direct-key signature could list "SHA512, SHA384" as hash
 For yet another User-ID "Bobby", the self-signature could list no hash algorithm preferences at all.
 If the user wants to compose a signed message using the associated OpenPGP key, they need to figure out, which preferences to use.
 The specification recommends, that implementations decide which signature takes precendence by the way the certificate is "addressed".
+
+```{figure} drawio/narrow-interpretation.png
+
+Preferrences are sourced from different component signatures, depending on how the key is addressed.
+```
+
 If the user wants to write an email as "Bob", it should consider the signature on "Bob", so SHA256 should be used as hash algorithm.
 If instead the user wants to write as "Bobby", the impementation should inspect the self-certification on "Bobby" instead.
 However, since this signature does not carry any hash algorithm preferences subpacket, the implementation must fall back to the direct-key signature instead.
--- a/book/source/drawio/narrow-interpretation.drawio
+++ b/book/source/drawio/narrow-interpretation.drawio
@ -0,0 +1,89 @@
+<mxfile host="app.diagrams.net" modified="2023-11-10T15:20:22.634Z" agent="Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/119.0" etag="RpGQWCBljR0OpVnwUbNJ" version="22.1.0" type="device">
+  <diagram name="Page-1" id="2YBvvXClWsGukQMizWep">
+    <mxGraphModel dx="989" dy="523" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
+      <root>
+        <mxCell id="0" />
+        <mxCell id="1" parent="0" />
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-2" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+          <mxGeometry x="220" y="30" width="370" height="350" as="geometry" />
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-3" value="&lt;div&gt;Primary Key&lt;/div&gt;&lt;div&gt;(0xAA)&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" vertex="1" parent="1">
+          <mxGeometry x="260" y="70" width="150" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-24" value="Certificate 0xAA" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
+          <mxGeometry x="370" y="40" width="110" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-31" value="&lt;div&gt;Direct-Key Signature #0&lt;/div&gt;&lt;div&gt;Key-Flags: [C]&lt;br&gt;&lt;/div&gt;&lt;div&gt;Pref. AEAD Cipher-Suites: [AES128-OCB]&lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" vertex="1" parent="1">
+          <mxGeometry x="290" y="110" width="270" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-38" value="&lt;div&gt;Encryption Subkey&lt;br&gt;&lt;/div&gt;&lt;div&gt;(0xAB)&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" vertex="1" parent="1">
+          <mxGeometry x="260" y="270" width="150" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-60" value="" style="endArrow=block;dashed=1;html=1;rounded=0;endFill=1;fillColor=#60a917;strokeColor=#000000;" edge="1" parent="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="280" y="120" as="sourcePoint" />
+            <mxPoint x="280" y="270" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-39" value="Alice &amp;lt;alice@example.org&amp;gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#e1d5e7;strokeColor=#9673a6;" vertex="1" parent="1">
+          <mxGeometry x="260" y="170" width="180" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-40" value="&lt;div&gt;Positive Certification #0&lt;/div&gt;&lt;div&gt;Pref. AEAD Cipher-Suites: [AES256-OCB]&lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" vertex="1" parent="1">
+          <mxGeometry x="290" y="210" width="270" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-41" value="&lt;div&gt;Subkey-Binding Signature #0&lt;/div&gt;&lt;div&gt;Key-Flags: [E]&lt;br&gt;&lt;/div&gt;&lt;div&gt;Pref. AEAD Cipher-Suites: [AES256-GCM]&lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" vertex="1" parent="1">
+          <mxGeometry x="290" y="310" width="270" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-44" value="" style="endArrow=classic;html=1;rounded=0;entryX=1;entryY=0.5;entryDx=0;entryDy=0;exitX=0.958;exitY=0.833;exitDx=0;exitDy=0;exitPerimeter=0;fillColor=#0050ef;strokeColor=#001DBC;" edge="1" parent="1" source="u9JMdRfH3SxJ6CQ8vYaj-54" target="u9JMdRfH3SxJ6CQ8vYaj-39">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="640" y="195" as="sourcePoint" />
+            <mxPoint x="680" y="180" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-53" value="" style="endArrow=classic;html=1;rounded=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;fillColor=#0050ef;strokeColor=#001DBC;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" edge="1" parent="1" source="u9JMdRfH3SxJ6CQ8vYaj-40" target="u9JMdRfH3SxJ6CQ8vYaj-64">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="630" y="270" as="sourcePoint" />
+            <mxPoint x="720" y="235" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-54" value="Encrypting to &quot;Alice &amp;lt;alice@example.org&amp;gt;&quot;" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
+          <mxGeometry x="600" y="170" width="240" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-55" value="&lt;div&gt;Preferences from&lt;/div&gt;&lt;div&gt;self-certification&lt;/div&gt;" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
+          <mxGeometry x="610" y="200" width="120" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-56" value="" style="endArrow=classic;html=1;rounded=0;entryX=1;entryY=0.5;entryDx=0;entryDy=0;exitX=0.895;exitY=0.833;exitDx=0;exitDy=0;exitPerimeter=0;fillColor=#60a917;strokeColor=#2D7600;" edge="1" parent="1" source="u9JMdRfH3SxJ6CQ8vYaj-57" target="u9JMdRfH3SxJ6CQ8vYaj-3">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="780" y="95" as="sourcePoint" />
+            <mxPoint x="730" y="100" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-57" value="Encrypting to certificate 0xAA" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
+          <mxGeometry x="590" y="70" width="190" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-61" value="" style="endArrow=classic;html=1;rounded=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;fillColor=#60a917;strokeColor=#2D7600;" edge="1" parent="1" source="u9JMdRfH3SxJ6CQ8vYaj-41" target="u9JMdRfH3SxJ6CQ8vYaj-63">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="650" y="370" as="sourcePoint" />
+            <mxPoint x="730" y="130" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="600" y="335" />
+              <mxPoint x="600" y="135" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-62" value="&lt;div&gt;Preferences from&lt;/div&gt;&lt;div&gt;encryption key binding&lt;/div&gt;" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
+          <mxGeometry x="550" y="100" width="230" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-63" value="AES256-GCM" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
+          <mxGeometry x="730" y="120" width="80" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-64" value="AES256-OCB" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
+          <mxGeometry x="730" y="220" width="80" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="u9JMdRfH3SxJ6CQ8vYaj-65" value="Operation is delegated to subkey" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontSize=7;" vertex="1" parent="1">
+          <mxGeometry x="230" y="230" width="40" height="30" as="geometry" />
+        </mxCell>
+      </root>
+    </mxGraphModel>
+  </diagram>
+</mxfile>
--- a/book/source/drawio/narrow-interpretation.png
+++ b/book/source/drawio/narrow-interpretation.png