openpgp-notes/book/source/23-glossary.md

<!--
SPDX-FileCopyrightText: 2023 The "Notes on OpenPGP" project
SPDX-License-Identifier: CC-BY-SA-4.0
-->

# Glossary

```{glossary}
:sorted:

Asymmetric Cryptography
    Asymmetric cryptography is used in OpenPGP. For a more detailed discussion see [](public_key_asymmetric_cryptography).

Authentication
    The process of {term}`validiting<Validation>` an {term}`identity claim`.
    The term "authentication" here is semantically different from the one used in {term}`Authentication Key Flag`.

Authentication Key Flag
    A {term}`Key Flag`, which indicates that a {term}`Component Key` can be used to confirm control over {term}`private key material` against a remote system. The term "authentication" here is semantically different from {term}`Authentication`. See [](capabilities_key_flags).

Authentication Tag
    See {term}`Message Authentication Code`.

Authenticity
    See {term}`Authentication`.

Binary Signature
    A {term}`Data Signature` with the {term}`Signature Type ID` `0x00`, which is used for binary data.

Binding Signature
    A {term}`signature` on a {term}`component` which links that {term}`component` to a {term}`certificate<OpenPGP Certificate>`.
    
    See {ref}`binding_sigs` for more.

CA
    See {term}`Certification Authority`.

Capability
    The operations an {term}`OpenPGP Component Key` can perform. See [](capabilities_key_flags).

Certificate
    See {term}`OpenPGP Certificate`

Certificate Authority
    See {term}`Certification Authority`

Certificate Holder
    A person or other entity, that holds an {term}`Transferable Secret Key` and thus is able to modify the accompanying {term}`OpenPGP Certificate`.

Certification
    A certification, in OpenPGP, is a signature that makes a statement about an {term}`identity` in a {term}`certificate<OpenPGP Certificate>`, or an entire {term}`certificate<OpenPGP Certificate>`.
     
     Most commonly, the term is applied to "[third-party certifications](third_party_cert)," in which an external actor indicates that they have {term}`validated<Validation>` the link between an {term}`identity` and a {term}`certificate<OpenPGP Certificate>`. However, the term is also used for [self-signatures that bind identity components](bind_ident) to a {term}`certificate<OpenPGP Certificate>`.

Certification Authority
    Also known as [Certificate authority](https://en.wikipedia.org/wiki/Certificate_authority), this is an entity that handles digital certificates, especially by signing or issuing them.

Certification Key Flag
    A {term}`Key Flag`, indicating that a {term}`Component Key` can be used for issuing third-party {term}`certifications<Certification>`. See [](capabilities_key_flags).

Cipher Type Byte
    This historical term was defined in [RFC 1991](https://datatracker.ietf.org/doc/html/rfc1991#section-4.1) and was subsequently superseded by {term}`Packet Tag` in [RFC 2440](https://datatracker.ietf.org/doc/html/rfc2440#section-4.2), which is in turn superseded by {term}`Packet Type ID` in the new [RFC](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-packet-headers).

Cleartext Signature
    A {term}`Data Signature` which exists in a combined text format, encapsulating the (readable) text input it was created for. See [](cleartext-sig).

Cleartext Signature Framework
    A framework for creating {term}`cleartext signatures<Cleartext Signature>`.
    See [RFC 7](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#cleartext-signature).

Component
    An element in an {term}`OpenPGP Certificate`, that represents a {term}`component key` or {term}`identity component`.

Component Key
    See {term}`OpenPGP Component Key`.

Creation Time
    The point in time at which e.g. an {term}`OpenPGP Certificate`, or one of its {term}`component<Component>` is created.

Creator
    See {term}`Issuer`.

Criticality Flag
    A flag on {term}`Subpacket`s, that defines their criticality, which is used for validation. See [](criticality_of_subpackets).

Cryptographic Key
    A {term}`symmetric<Symmetric Cryptography>` or {term}`asymmetric<Asymmetric Cryptography>` cryptographic key is used for signing and encryption operations. See [](03-cryptography).

Cryptographic Signature
    A raw cryptographic signature is a sequence of bytes created by a {term}`Cryptographic Key`.

CTB
    See {term}`Cipher Type Byte`.

Data Signature
    {term}`Cryptographic signature` over binary documents or canonical text documents. See [](/07-signing_data).

Data Signature Packet
    An {term}`OpenPGP Signature Packet` which describes a {term}`Data Signature`. See [](/07-signing_data).

Delegation
    OpenPGP users can [delegate authentication decisions](delegation) to third parties, and thus rely on {term}`certifications<Certification>` they issue. The remote party is then called a "{term}`trusted introducer`".
    
    This kind of delegation involves {term}`certifications<Certification>` that include the {term}`trust signature` subpacket.

Detached Signature
    A {term}`Data Signature` which exists as a separate file to the file it was created for. See [](forms_of_openpgp_data_signatures).

Direct Key Signature
    A {term}`Signature` that sets preferences and advertises features applicable to an entire {term}`Certificate`. See [](direct_key_signature).

Encryption Key Flag
    A {term}`Key Flag`, indicating that a {term}`Component Key` can be used for encrypting data. See [](capabilities_key_flags).

Expiration
    A mechanism by which a {term}`Component` is invalidated due to the {term}`Expiration Time` of its {term}`binding signature` being older than the {term}`Reference Time` by which it is validated.

Expiration Time
    The time of expiry of an {term}`OpenPGP Signature Packet`.

Fingerprint
    See {term}`OpenPGP Fingerprint`.

Hash Digest
    Output of a cryptographic hash function for a string of data of any length. See [](crypto-hash).

Hashed Area
    An area in an {term}`OpenPGP Signature Packet` containing {term}`OpenPGP Signature Subpacket`s, that is covered by the {term}`Hash Digest` a {term}`Cryptographic Signature` is created for. See [](hashed_and_unhashed_signature_subpackets).

Hashed Subpacket
    An {term}`OpenPGP Signature Subpacket` residing in the {term}`Hashed Area` of an {term}`OpenPGP Signature Packet`.

Hybrid Cryptosystem
    A cryptographic system that employs both {term}`Asymmetric Cryptography` and {term}`Symmetric Cryptography`. See [](hybrid_cryptosystems).

Identity
    An identity of a {term}`Certificate Holder`. It is represented by an {term}`Identity Component`, which may be certified using {term}`third-party identity certifications<Third-party Identity Certification>`, or by a {term}`Notation`.

Identity Claim
    A {term}`Certificate Holder` may use {term}`Identity Components<Identity Component>` or {term}`Notations<Notation>` to state a claim about their {term}`Identity`.

Identity Component
    Part of an {term}`OpenPGP Certificate`, that is used to associate data about the {term}`Certificate Holder` with it. See [](identity_components) for further details.

Identity Verification
    A process by which the {term}`Identity Claim` of a {term}`Certificate Holder` is verified. See also {term}`Signature Verification`.

Inline Signature
    A {term}`Data Signature` which exists encapsulated alongside the data it was created for in an OpenPGP container. See [](forms_of_openpgp_data_signatures).

Issuer
    An entity, that created an {term}`OpenPGP Signature Packet` using an {term}`Transferable Secret Key`.

Issuer Fingerprint Subpacket
    A {term}`Subpacket` specifying the {term}`Fingerprint` of an {term}`Issuer Key`.

Issuer Key
    The {term}`OpenPGP Component Key` of an {term}`Issuer`, used to create an {term}`OpenPGP Signature Packet`.

Key
    In OpenPGP, and cryptography more generally, the term "key" holds different meanings.
     
    First, it can apply to different [cryptographic primitives](cryptography_chapter):
    
    - asymmetric public key
    - asymmetric private key
    - {term}`Symmetric Secret Key`
    
    Additionally, in OpenPGP, asymmetric cryptographic keys are used on [three different layers](layers_of_keys_in_openpgp) of abstraction:
    
    - cryptographic key
    - OpenPGP component key
    - {term}`OpenPGP key` (which in turn refers to either an {term}`OpenPGP Certificate` or a {term}`Transferable Secret Key`

Key Flag
    A preference encoded in an {term}`OpenPGP Signature Subpacket`, that defines the {term}`Capability` a {term}`OpenPGP Component Key` has. See [](signature_subpackets).

Key Holder
    See {term}`Certificate Holder`.

Key ID
    The high-order (leftmost) 64 bits of an {term}`OpenPGP Fingerprint`.
    Historically, this term refers to the low-order (rightmost) 64 bits of an {term}`OpenPGP Fingerprint`.

Key Material
    May refer to {term}`Public Key Material` or {term}`Private Key Material`.

Key Owner
    See {term}`Certificate Holder`.

Key Server
    A piece of software available over the network, which provides access to {term}`OpenPGP Certificates<OpenPGP Certificate>` e.g., by searching for an {term}`OpenPGP Fingerprint` or {term}`User ID`, via the `HKP` and/ or `HKPS` protocols.
    Several implementations such as [hagrid](https://gitlab.com/keys.openpgp.org/hagrid/), or [hockeypuck](https://github.com/hockeypuck/hockeypuck) exist.

Literal Data Packet
    A {term}`packet<OpenPGP Signature Packet>` in a {term}`Data Signature` which contains data, that has been signed using a {term}`cryptographic signature`. See [RFC 5.9](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#lit) for more details.

MAC
    See {term}`Message Authentication Code`.

Master Key
    See {term}`OpenPGP Primary Key`.

Message Authentication Code
    A piece of information used for integrity and {term}`authenticity<Authentication>` verification of a message. See [](message_authentication_codes).

Metadata
    Data related to preferences of an {term}`OpenPGP Certificate` or its {term}`Certificate Holder`, that can be found in {term}`signature` {term}`packets<Packet>`. See [](metadata_in_certificates).

Notation
    A mechanism for a {term}`Certificate Holder` to provide user-defined data using a {term}`Notation Signature Subpacket`.

Notation Signature Subpacket
    An {term}`OpenPGP Signature Subpacket` which is used to add user-defined data to a {term}`Certificate`. See [](notation_signature_subpackets).

Notation Tag
    Part of a {term}`Notation` name.

One-pass Signature Packet
    One or more {term}`packets<OpenPGP Signature Packet>` before the actual data in a {term}`Data Signature` which contain information to allow a receiving {term}`implementation<OpenPGP Implementation>` to create {term}`hashes<Hash Digest>` required for signature verification. See [RFC 5.4](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#one-pass-sig) for more details.

OpenPGP Certificate
    An OpenPGP certificate contains public key material, identity claims and third party certifications (but no private key material)

OpenPGP Component Key
    An {term}`OpenPGP Primary Key` or {term}`OpenPGP Subkey`. For an in-depth discussion see [](component_keys).

OpenPGP Fingerprint
    An OpenPGP Fingerprint is a shorthand representation of an {term}`OpenPGP Component Key`. Fingerprints effectively act as unique identifiers. See [](fingerprint).
     
     The Fingerprint of the {term}`primary component key<OpenPGP Primary Key>` is used as an identifier for the full {term}`OpenPGP Certificate`.

OpenPGP Implementation
    A piece of software implementing the OpenPGP protocol (to some extend).

OpenPGP Key
    Used either for an {term}`OpenPGP Certificate` (containing public key material and metadata), or for an {term}`OpenPGP Private Key`. See [](/04-certificates) for an in-depth discussion.

OpenPGP Message
    A data structure, which contains OpenPGP components such as {term}`OpenPGP Certificate` or {term}`OpenPGP Signature Packet` and plaintext or encrypted data.

OpenPGP Public Key
    See {term}`OpenPGP Certificate`.

OpenPGP Private Key
    See {term}`Transferable Secret Key`.

OpenPGP Primary Key
    An {term}`OpenPGP Component Key` that is used in the primary key role of an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](primary_key).

OpenPGP Signature
    See {term}`OpenPGP Signature Packet`.

OpenPGP Signature Packet
    A {term}`packet` that contains a raw {term}`cryptographic signature`, a {term}`Signature Type ID` and additional {term}`metadata`. See [](/06-signatures). Basic concepts are introduced in [](/06-signatures) and more detailed use-cases are explained in [](/07-signing_data) and [](/08-signing_components).

OpenPGP Signature Subpacket
    A data structure in a {term}`Signature Packet`, that describes {term}`metadata` and preferences. See [](signature_subpackets).

OpenPGP Signature Subpacket Type
    An {term}`OpenPGP Signature Subpacket` type.

OpenPGP Signature Type
    The type of an {term}`OpenPGP Signature Packet` is defined by its {term}`Signature Type ID`. See [](signature_types).

OpenPGP Subkey
    An {term}`OpenPGP Component Key` that is used in the subkey role, in an {term}`OpenPGP Certificate`. For a more detailed discussion, see [](subkeys).

Owner
    See {term}`Certificate Holder`.

Packet
    An element in an {term}`OpenPGP Certificate`, which represents {term}`components<Component>` or {term}`signatures<OpenPGP Signature Packet>`.

Packet Header
    A section of variable length at the beginning of a {term}`Packet`, which encodes for example the {term}`Packet Type ID`. See the relevant [section in the RFC](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-packet-headers), which explains this section in more detail.

Packet Tag
    This historical term was defined in [RFC 2440](https://datatracker.ietf.org/doc/html/rfc2440#section-4.2) and is superseded by {term}`Packet Type ID` in the new [RFC](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-packet-headers).

Packet Type ID
    A numerical value encoded in the first octet of a {term}`Packet Header`, defining a {term}`Packet`'s type.

Primary Component Key
    See {term}`OpenPGP Primary Key`.

Primary Key
    See {term}`OpenPGP Primary Key`.

Primary User ID
    A {term}`User ID` which carries the default preferences for {term}`identity components<Identity Component>` without preferences. See [](primary_user_id).

Private Key
    See {term}`Transferable Secret Key`.

Private Key Material
    A raw cryptographic private key.

Public Key
    See {term}`OpenPGP Public Key`.

Public Key Algorithm
    An {term}`asymmetric cryptographic<Asymmetric Cryptography>` algorithm. See [](public_key_asymmetric_cryptography).

Public Key Cryptography
    See {term}`Asymmetric Cryptography`.

Public Key Material
    See {term}`OpenPGP Certificate`.

Reference Time
    A point in time at which an {term}`OpenPGP Certificate` is evaluated.

Revocation
    Mechanism to invalidate a {term}`component` or an entire {term}`OpenPGP Certificate`. See [](revocations).

Revocation certificate
    A type of {term}`signature` that invalidates a previous statement made via a {term}`signature`

RFC
    This document, unless noted otherwise, refers to the [OpenPGP version 6 specification](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) when referring to *RFC*.

Self-signature
    An {term}`OpenPGP Signature Packet` by the {term}`Certificate Holder` on a {term}`Component` of their own {term}`Certificate`.

Session Key
    A unique shared secret used in encryption in a {term}`Hybrid Cryptosystem`. See {ref}`encryption_chapter` and {ref}`decryption_chapter`.

Signature
    See {term}`OpenPGP Signature Packet`.

Signature Expiration Time Subpacket
    An {term}`OpenPGP Signature Subpacket Type` which defines the {term}`Expiration Time` for an {term}`OpenPGP Signature Packet`.

    See [RFC 5.2.3.18](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-signature-expiration-time)

Signature On Component
    {term}`Cryptographic signature` associated with {term}`Component Keys<Component Key>` or {term}`Identity Components<Identity Component>`. See [](/08-signing_components).

Signature Over Data
    See {term}`Data Signature`.

Signature Packet
    See {term}`OpenPGP Signature Packet`.

Signature Subpacket
    See {term}`OpenPGP Signature Subpacket`.

Signature Subpacket Type
    See {term}`OpenPGP Signature Subpacket Type`.

Signature Type
    See {term}`OpenPGP Signature Type`.

Signature Type ID
    A numerical identifier for a {term}`Signature Type`.

Signature Verification
    In cryptography the mechanism of verification relates to a process in which a claim (i.e., a {term}`signature`) is tested (i.e., using the relevant {term}`components<Component>` of a {term}`certificate`).

Signer
    A {term}`Certificate Holder`, that is able to create {term}`self-signatures<Self-signature>` and {term}`third-party signatures<Third-party Signature>`.

Signing Key Flag
    A {term}`Key Flag`, indicating that a {term}`Component Key` can be used for signing data. See [](capabilities_key_flags).

Strong Authentication
    "Strong Authentication" in this text refers to having ascertained that a {term}`certificate<OpenPGP Certificate>` and an {term}`identity claim` on it are legitimately linked. That is, that the person who controls the {term}`certificate<OpenPGP Certificate>` is correctly represented by the {term}`identity component`.
     
     Strong authentication in OpenPGP is typically encoded with a {term}`certification signature`.
     
     Ascertaining strong authentication requires an out-of-band check: Either via a manual {term}`verification` process, or an automated system that can {term}`certify<Certification>` that a user has identified to the system that issues the {term}`identity` in question (e.g. an email provider can {term}`certify<Certification>` email-based {term}`identities<Identity>` that it issues to the user).
    
    Also see {term}`Authentication`.

Subkey
    See {term}`OpenPGP Subkey`.

Subpacket
    See {term}`OpenPGP Signature Subpacket`.

Subpacket Type
    See {term}`OpenPGP Signature Subpacket Type`.

Symmetric Cryptography
    Symmetric cryptography is used in OpenPGP. For a more detailed discussion see [](symmetric_key_cryptography).

Symmetric Secret Key
    The {term}`Private Key Material` used in {term}`Symmetric Cryptography`.

Text Signature
    A {term}`signature packet<OpenPGP signature packet>` with the {term}`Signature Type ID` `0x01`, which is used for textual data.

Third-party Identity Certification
    {term}`Certification` by third-parties to confirm ownership of an {term}`OpenPGP Certificate` by a {term}`Certificate Holder`. See [](third_party_identity_certifications).

Third-party Signature
    A {term}`Signature` by a third-party on a {term}`Component` of a {term}`Certificate`.

Transferable Secret Key
    A Transferable Secret Key (TSK) is the combination of an {term}`OpenPGP Certificate` and the associated {term}`private key material`. Also often referred to as an "OpenPGP private key". It is discussed in detail in [](/05-private).

Trust Model
    A model by which trust between {term}`identities<Identity>` associated with different {term}`OpenPGP Certificates<OpenPGP Certificate>` is created. See [](third_party_identity_certifications).

Trust signature
    The *trust signature* subpacket on a certifying {term}`signature<OpenPGP Signature Packet>` is used for {term}`delegation` of {term}`authentication` decisions. With this feature, an OpenPGP user can designate a {term}`certificate<OpenPGP Certificate>` as a "{term}`trusted introducer`" and opt to rely on {term}`certifications<Certification>` they issue.

Trusted introducer
    OpenPGP users can choose to rely on {term}`certifications<Certification>` issued by a third party. The remote party of such a {term}`delegation` is called a "trusted introducer".
     
     See {ref}`delegation` for more details. 

TSK
    See {term}`Transferable Secret Key`.

tsig
    See {term}`Trust signature`

Type ID
    See {term}`Signature Type ID`.

Unhashed Area
    An area in a {term}`Signature Packet` containing {term}`Signature Subpacket`s, that is *not* covered by the {term}`Hash Digest` a {term}`Cryptographic Signature` is created for. See [](hashed_and_unhashed_signature_subpackets).

Unhashed Subpacket
    A {term}`Signature Subpacket` residing in the {term}`Unhashed Area` of a {term}`Signature Packet`.

User ID
    An {term}`Identity Component`, which describes an {term}`Identity` of a {term}`Certificate Holder`. See [](user_ids_in_openpgp_certificates).

Validation
    A mechanism by which the [operational needs of a use-case are met](https://en.wikipedia.org/wiki/Verification_and_validation#Validation).
    In OpenPGP terminology this may refer to processes such as ensuring, that an {term}`OpenPGP Signature Packet` has been created after a {term}`Transferable Secret Key`'s {term}`Creation Time`, but before its {term}`Expiration Time`.

Validity
    See {term}`Validation`.

Verification
    A mechanism by which the [compliance with design specifications are met](https://en.wikipedia.org/wiki/Verification_and_validation#Verification).
    In OpenPGP terminology this may refer to e.g. {term}`Signature Verification` or {term}`Identity Verification`.
```