mirror of
https://codeberg.org/openpgp/notes.git
synced 2025-09-10 11:49:40 +02:00
30 lines
1.5 KiB
Markdown
30 lines
1.5 KiB
Markdown
<!--
|
|
SPDX-FileCopyrightText: 2023 The "Notes on OpenPGP" project
|
|
SPDX-License-Identifier: CC-BY-SA-4.0
|
|
-->
|
|
|
|
(signing_data)=
|
|
# Signatures over data
|
|
|
|
```{admonition} TODO
|
|
:class: warning
|
|
|
|
Add content, including:
|
|
|
|
- Signature of a binary document
|
|
|
|
- Signature of a canonical text document
|
|
- "The signature is calculated over the text data with its line endings converted to `<CR><LF>`"
|
|
```
|
|
|
|
## Data signatures
|
|
|
|
A data signature serves the purpose to cryptographically guarantee the authenticity (and implicitly also the integrity) of a message, e.g. an email or a file, while a certification is used to attach metadata or subkeys to a certificate.
|
|
Data signatures are always calculated by keys carrying the **S**igning key flag.
|
|
Different types of signatures are distinguished by a signature type code and are calculated in different ways.
|
|
Signatures can either be distributed standalone as *detached* signatures, or can be inlined with OpenPGP data, such as an OpenPGP message or a key or certificate.
|
|
|
|
Data signatures (type 0x00 and 0x01) are created by hashing the message content and calculating a cryptographic signature over the hash.
|
|
You can read more about data signatures in the [next chapter](signing_data).
|
|
The result is packed up into an OpenPGP signature packet, which can either be included in the OpenPGP message (TODO: See section about forming messages, cleartext signature framework), or distributed separately as a so-called *detached* signature.
|
|
Data signatures are always calculated using a **S**igning key.
|