vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-09 19:29:41 +02:00
Code Issues Projects Releases Packages Wiki Activity
openpgp-notes/book/source/07-signing_data.md

5 KiB
Raw Blame History

(signing_data)=

Signatures over data

One major use of OpenPGP is to create signatures over various pieces of data, for example software packages or emails. Contrary to alternative solutions like signify, OpenPGP offers the advantage of allowing for strong authetication due to the binding between certificates and entities.

Signature types

There are two signature types which are relevant for data signatures:

  • 0x00: Binary Signature is a universal signature type for binary data. This signature type is typically used for files or data streams. Binary signatures are calculated over the data "as is", without performing any transformations.
  • 0x01: Text Signature is used for textual data, such as email bodies. To calculate a text signature, the data is first transformed by converting line endings into a canonical form (). This is done to mitigate issues caused by platform-specific default text encodings.

Signature schemes

Historically, OpenPGP offers different schemes for signing data:

  • Detached signatures can be distributed alongside the unaltered data that is being signed. This method is especially useful for signing software releases and other files that must not be modified by the signing process.
  • Inline-signatures using so called One-Pass-Signature packets embed the signed data in an OpenPGP artifact. This method is usually used with signed and/or encrypted emails.
  • The Cleartext Signature Framework (CSF) is a deprecated method of signing text, which leaves the original message in a human-readable format. This method is often used in scenarios where recipient clients might not offer OpenPGP support.

Detached signatures

A detached signature is produced by calculating an OpenPGP signature over a piece of data. The resulting OpenPGP signature packet can then be distributed alongside the original data.

Inline-signatures

Most clients that support OpenPGP for encrypted and/or signed messages make use of inline-signatures. To produce a signature, the entirety of the data needs to be processed by the producer. This has the consequence, that an application that efficiently emits signed data, can only append the signature at the end of the data stream. On the other hand, an application that needs to efficiently verify signed data needs to know the signers public key and used hash algorithm before processing the data. To solve this issue, One-Pass-Signature packets are prefixed to the signed data. Those are small packets containing the fingerprint of the signing key, as well as the used hash algorithm. This is all the information a receiving application needs to know in order to initiate the verification process.

To produce an inline-signed message, the original data is first wrapped in a Literal Data packet, which is prefixed with one or more One-Pass-Signature packets, and affixed with the corresponding signature packets. The verifying application can read the One-Pass-Signature packets and initiate the verification process. The literal data can then be processed, such that the signatures at the end of the message can be verified in one pass.

TODO: explain nesting of OPSs.

:class: warning

Add content, including:

- Signature of a binary document

- Signature of a canonical text document
  - "The signature is calculated over the text data with its line endings converted to `<CR><LF>`"
  
data signatures have three forms:
- detached,
- inline (that is signature contains the data which is signed inside of a signature container) and
- cleartext which I guess will be special-cased in v6 (to require small text etc).
 
(This corresponds to gnupg's --detach-sign --sign and --clear-sign)

cleartext: explain text transforms for cleartext signatures (LF->CRLF etc)

Data signatures

A data signature serves the purpose to cryptographically guarantee the authenticity (and implicitly also the integrity) of a message, e.g. an email or a file, while a certification is used to attach metadata or subkeys to a certificate. Data signatures are always calculated by keys carrying the Signing key flag. Different types of signatures are distinguished by a signature type code and are calculated in different ways. Signatures can either be distributed standalone as detached signatures, or can be inlined with OpenPGP data, such as an OpenPGP message or a key or certificate.

Data signatures (type 0x00 and 0x01) are created by hashing the message content and calculating a cryptographic signature over the hash. You can read more about data signatures in the next chapter. The result is packed up into an OpenPGP signature packet, which can either be included in the OpenPGP message (TODO: See section about forming messages, cleartext signature framework), or distributed separately as a so-called detached signature. Data signatures are always calculated using a Signing key.