1.9 KiB
(signing_data)=
Signatures over data
:class: warning
Add content, including:
- Signature of a binary document
- Signature of a canonical text document
- "The signature is calculated over the text data with its line endings converted to `<CR><LF>`"
data signatures have three forms:
- detached,
- inline (that is signature contains the data which is signed inside of a signature container) and
- cleartext which I guess will be special-cased in v6 (to require small text etc).
(This corresponds to gnupg's --detach-sign --sign and --clear-sign)
cleartext: explain text transforms for cleartext signatures (LF->CRLF etc)
Data signatures
A data signature serves the purpose to cryptographically guarantee the authenticity (and implicitly also the integrity) of a message, e.g. an email or a file, while a certification is used to attach metadata or subkeys to a certificate. Data signatures are always calculated by keys carrying the Signing key flag. Different types of signatures are distinguished by a signature type code and are calculated in different ways. Signatures can either be distributed standalone as detached signatures, or can be inlined with OpenPGP data, such as an OpenPGP message or a key or certificate.
Data signatures (type 0x00 and 0x01) are created by hashing the message content and calculating a cryptographic signature over the hash. You can read more about data signatures in the next chapter. The result is packed up into an OpenPGP signature packet, which can either be included in the OpenPGP message (TODO: See section about forming messages, cleartext signature framework), or distributed separately as a so-called detached signature. Data signatures are always calculated using a Signing key.