rfc9580v4.txt | rfc9580.txt | |||
---|---|---|---|---|
skipping to change at line 130 ¶ | skipping to change at line 130 ¶ | |||
5.1.5. Algorithm-Specific Fields for ECDH Encryption | 5.1.5. Algorithm-Specific Fields for ECDH Encryption | |||
5.1.6. Algorithm-Specific Fields for X25519 Encryption | 5.1.6. Algorithm-Specific Fields for X25519 Encryption | |||
5.1.7. Algorithm-Specific Fields for X448 Encryption | 5.1.7. Algorithm-Specific Fields for X448 Encryption | |||
5.1.8. Notes on PKESK | 5.1.8. Notes on PKESK | |||
5.2. Signature Packet (Type ID 2) | 5.2. Signature Packet (Type ID 2) | |||
5.2.1. Signature Types | 5.2.1. Signature Types | |||
5.2.1.1. Binary Signature (type ID 0x00) of a Document | 5.2.1.1. Binary Signature (type ID 0x00) of a Document | |||
5.2.1.2. Text Signature (type ID 0x01) of a Canonical | 5.2.1.2. Text Signature (type ID 0x01) of a Canonical | |||
Document | Document | |||
5.2.1.3. Standalone Signature (type ID 0x02) | 5.2.1.3. Standalone Signature (type ID 0x02) | |||
5.2.1.4. Generic Certification (type ID 0x10) of a User ID | 5.2.1.4. Generic Certification Signature (type ID 0x10) of a | |||
and Public-Key Packet | User ID and Public-Key Packet | |||
5.2.1.5. Persona Certification (type ID 0x11) of a User ID | 5.2.1.5. Persona Certification Signature (type ID 0x11) of a | |||
and Public-Key Packet | User ID and Public-Key Packet | |||
5.2.1.6. Casual Certification (type ID 0x12) of a User ID | 5.2.1.6. Casual Certification Signature (type ID 0x12) of a | |||
and Public-Key Packet | User ID and Public-Key Packet | |||
5.2.1.7. Positive Certification (type ID 0x13) of a User ID | 5.2.1.7. Positive Certification Signature (type ID 0x13) of | |||
and Public-Key Packet | a User ID and Public-Key Packet | |||
5.2.1.8. Subkey Binding Signature (type ID 0x18) | 5.2.1.8. Subkey Binding Signature (type ID 0x18) | |||
5.2.1.9. Primary Key Binding Signature (type ID 0x19) | 5.2.1.9. Primary Key Binding Signature (type ID 0x19) | |||
5.2.1.10. Direct Key Signature (type ID 0x1F) | 5.2.1.10. Direct Key Signature (type ID 0x1F) | |||
5.2.1.11. Key Revocation (type ID 0x20) Signature | 5.2.1.11. Key Revocation Signature (type ID 0x20) | |||
5.2.1.12. Subkey Revocation (type ID 0x28) Signature | 5.2.1.12. Subkey Revocation Signature (type ID 0x28) | |||
5.2.1.13. Certification Revocation (type ID 0x30) Signature | 5.2.1.13. Certification Revocation Signature (type ID 0x30) | |||
5.2.1.14. Timestamp Signature (type ID 0x40) | 5.2.1.14. Timestamp Signature (type ID 0x40) | |||
5.2.1.15. Third-Party Confirmation (type ID 0x50) Signature | 5.2.1.15. Third-Party Confirmation Signature (type ID 0x50) | |||
5.2.1.16. Reserved (type ID 0xFF) | 5.2.1.16. Reserved (type ID 0xFF) | |||
5.2.2. Version 3 Signature Packet Format | 5.2.2. Version 3 Signature Packet Format | |||
5.2.3. Versions 4 and 6 Signature Packet Formats | 5.2.3. Versions 4 and 6 Signature Packet Formats | |||
5.2.3.1. Algorithm-Specific Fields for RSA Signatures | 5.2.3.1. Algorithm-Specific Fields for RSA Signatures | |||
5.2.3.2. Algorithm-Specific Fields for DSA or ECDSA | 5.2.3.2. Algorithm-Specific Fields for DSA or ECDSA | |||
Signatures | Signatures | |||
5.2.3.3. Algorithm-Specific Fields for EdDSALegacy | 5.2.3.3. Algorithm-Specific Fields for EdDSALegacy | |||
Signatures (Deprecated) | Signatures (Deprecated) | |||
5.2.3.4. Algorithm-Specific Fields for Ed25519 Signatures | 5.2.3.4. Algorithm-Specific Fields for Ed25519 Signatures | |||
5.2.3.5. Algorithm-Specific Fields for Ed448 Signatures | 5.2.3.5. Algorithm-Specific Fields for Ed448 Signatures | |||
skipping to change at line 1490 ¶ | skipping to change at line 1490 ¶ | |||
There are a number of possible meanings for a signature, which are | There are a number of possible meanings for a signature, which are | |||
indicated by the signature type ID in any given signature. Please | indicated by the signature type ID in any given signature. Please | |||
note that the vagueness of these meanings is not a flaw but rather a | note that the vagueness of these meanings is not a flaw but rather a | |||
feature of the system. Because OpenPGP places final authority for | feature of the system. Because OpenPGP places final authority for | |||
validity upon the receiver of a signature, it may be that one | validity upon the receiver of a signature, it may be that one | |||
signer's casual act might be more rigorous than some other | signer's casual act might be more rigorous than some other | |||
authority's positive act. See Section 5.2.4 for detailed information | authority's positive act. See Section 5.2.4 for detailed information | |||
on how to compute and verify signatures of each type. | on how to compute and verify signatures of each type. | |||
+======+===============================+==================+ | +======+====================================+==================+ | |||
| ID | Name | Reference | | | ID | Name | Reference | | |||
+======+===============================+==================+ | +======+====================================+==================+ | |||
| 0x00 | Binary Signature | Section 5.2.1.1 | | | 0x00 | Binary Signature | Section 5.2.1.1 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| 0x01 | Text Signature | Section 5.2.1.2 | | | 0x01 | Text Signature | Section 5.2.1.2 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| 0x02 | Standalone Signature | Section 5.2.1.3 | | | 0x02 | Standalone Signature | Section 5.2.1.3 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| 0x10 | Generic Certification | Section 5.2.1.4 | | | 0x10 | Generic Certification Signature | Section 5.2.1.4 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| 0x11 | Persona Certification | Section 5.2.1.5 | | | 0x11 | Persona Certification Signature | Section 5.2.1.5 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| 0x12 | Casual Certification | Section 5.2.1.6 | | | 0x12 | Casual Certification Signature | Section 5.2.1.6 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| 0x13 | Positive Certification | Section 5.2.1.7 | | | 0x13 | Positive Certification Signature | Section 5.2.1.7 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| 0x18 | Subkey Binding Signature | Section 5.2.1.8 | | | 0x18 | Subkey Binding Signature | Section 5.2.1.8 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| 0x19 | Primary Key Binding Signature | Section 5.2.1.9 | | | 0x19 | Primary Key Binding Signature | Section 5.2.1.9 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| 0x1F | Direct Key Signature | Section 5.2.1.10 | | | 0x1F | Direct Key Signature | Section 5.2.1.10 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| 0x20 | Key Revocation | Section 5.2.1.11 | | | 0x20 | Key Revocation Signature | Section 5.2.1.11 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| 0x28 | Subkey Revocation | Section 5.2.1.12 | | | 0x28 | Subkey Revocation Signature | Section 5.2.1.12 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| 0x30 | Certification Revocation | Section 5.2.1.13 | | | 0x30 | Certification Revocation Signature | Section 5.2.1.13 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| 0x40 | Timestamp Signature | Section 5.2.1.14 | | | 0x40 | Timestamp Signature | Section 5.2.1.14 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| 0x50 | Third-Party Confirmation | Section 5.2.1.15 | | | 0x50 | Third-Party Confirmation Signature | Section 5.2.1.15 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| 0xFF | Reserved | Section 5.2.1.16 | | | 0xFF | Reserved | Section 5.2.1.16 | | |||
+------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
Table 4: OpenPGP Signature Types Registry | Table 4: OpenPGP Signature Types Registry | |||
The meanings of each signature type are described in the subsections | The meanings of each signature type are described in the subsections | |||
below. | below. | |||
5.2.1.1. Binary Signature (type ID 0x00) of a Document | 5.2.1.1. Binary Signature (type ID 0x00) of a Document | |||
This means the signer owns it, created it, or certifies that it has | This means the signer owns it, created it, or certifies that it has | |||
not been modified. | not been modified. | |||
5.2.1.2. Text Signature (type ID 0x01) of a Canonical Document | 5.2.1.2. Text Signature (type ID 0x01) of a Canonical Document | |||
skipping to change at line 1549 ¶ | skipping to change at line 1549 ¶ | |||
not been modified. The signature is calculated over the text data | not been modified. The signature is calculated over the text data | |||
with its line endings converted to <CR><LF>. | with its line endings converted to <CR><LF>. | |||
5.2.1.3. Standalone Signature (type ID 0x02) | 5.2.1.3. Standalone Signature (type ID 0x02) | |||
This signature is a signature of only its own subpacket contents. It | This signature is a signature of only its own subpacket contents. It | |||
is calculated identically to a signature over a zero-length binary | is calculated identically to a signature over a zero-length binary | |||
document. V3 standalone signatures MUST NOT be generated and MUST be | document. V3 standalone signatures MUST NOT be generated and MUST be | |||
ignored. | ignored. | |||
5.2.1.4. Generic Certification (type ID 0x10) of a User ID and Public- | 5.2.1.4. Generic Certification Signature (type ID 0x10) of a User ID | |||
Key Packet | and Public-Key Packet | |||
The issuer of this certification does not make any particular | The issuer of this certification does not make any particular | |||
assertion as to how well the certifier has checked that the owner of | assertion as to how well the certifier has checked that the owner of | |||
the key is in fact the person described by the User ID. | the key is in fact the person described by the User ID. | |||
5.2.1.5. Persona Certification (type ID 0x11) of a User ID and Public- | 5.2.1.5. Persona Certification Signature (type ID 0x11) of a User ID | |||
Key Packet | and Public-Key Packet | |||
The issuer of this certification has not done any verification of the | The issuer of this certification has not done any verification of the | |||
claim that the owner of this key is the User ID specified. | claim that the owner of this key is the User ID specified. | |||
5.2.1.6. Casual Certification (type ID 0x12) of a User ID and Public- | 5.2.1.6. Casual Certification Signature (type ID 0x12) of a User ID and | |||
Key Packet | Public-Key Packet | |||
The issuer of this certification has done some casual verification of | The issuer of this certification has done some casual verification of | |||
the claim of identity. | the claim of identity. | |||
5.2.1.7. Positive Certification (type ID 0x13) of a User ID and Public- | 5.2.1.7. Positive Certification Signature (type ID 0x13) of a User ID | |||
Key Packet | and Public-Key Packet | |||
The issuer of this certification has done substantial verification of | The issuer of this certification has done substantial verification of | |||
the claim of identity. | the claim of identity. | |||
Most OpenPGP implementations make their "key signatures" as generic | Most OpenPGP implementations make their "key signatures" as generic | |||
(type ID 0x10) certifications. Some implementations can issue | (type ID 0x10) certifications. Some implementations can issue | |||
0x11-0x13 certifications, but few differentiate between the types. | 0x11-0x13 certifications, but few differentiate between the types. | |||
5.2.1.8. Subkey Binding Signature (type ID 0x18) | 5.2.1.8. Subkey Binding Signature (type ID 0x18) | |||
skipping to change at line 1605 ¶ | skipping to change at line 1605 ¶ | |||
5.2.1.10. Direct Key Signature (type ID 0x1F) | 5.2.1.10. Direct Key Signature (type ID 0x1F) | |||
This signature is calculated directly on a key. It binds the | This signature is calculated directly on a key. It binds the | |||
information in the Signature subpackets to the key and is appropriate | information in the Signature subpackets to the key and is appropriate | |||
to be used for subpackets that provide information about the key, | to be used for subpackets that provide information about the key, | |||
such as the Key Flags subpacket or the (deprecated) Revocation Key | such as the Key Flags subpacket or the (deprecated) Revocation Key | |||
subpacket. It is also appropriate for statements that non-self | subpacket. It is also appropriate for statements that non-self | |||
certifiers want to make about the key itself rather than the binding | certifiers want to make about the key itself rather than the binding | |||
between a key and a name. | between a key and a name. | |||
5.2.1.11. Key Revocation (type ID 0x20) Signature | 5.2.1.11. Key Revocation Signature (type ID 0x20) | |||
This signature is calculated directly on the key being revoked. A | This signature is calculated directly on the key being revoked. A | |||
revoked key is not to be used. Only revocation signatures by the key | revoked key is not to be used. Only revocation signatures by the key | |||
being revoked, or by a (deprecated) Revocation Key, should be | being revoked, or by a (deprecated) Revocation Key, should be | |||
considered valid revocation signatures. | considered valid revocation signatures. | |||
5.2.1.12. Subkey Revocation (type ID 0x28) Signature | 5.2.1.12. Subkey Revocation Signature (type ID 0x28) | |||
This signature is calculated directly on the primary key and the | This signature is calculated directly on the primary key and the | |||
subkey being revoked. A revoked subkey is not to be used. Only | subkey being revoked. A revoked subkey is not to be used. Only | |||
revocation signatures by the top-level signature key that is bound to | revocation signatures by the top-level signature key that is bound to | |||
this subkey, or by a (deprecated) Revocation Key, should be | this subkey, or by a (deprecated) Revocation Key, should be | |||
considered valid revocation signatures. | considered valid revocation signatures. | |||
5.2.1.13. Certification Revocation (type ID 0x30) Signature | 5.2.1.13. Certification Revocation Signature (type ID 0x30) | |||
This signature revokes an earlier User ID certification signature | This signature revokes an earlier User ID certification signature | |||
(signature class 0x10 through 0x13) or direct key signature (0x1F). | (signature class 0x10 through 0x13) or direct key signature (0x1F). | |||
It should be issued by the same key that issued the revoked signature | It should be issued by the same key that issued the revoked signature | |||
or by a (deprecated) Revocation Key. The signature is computed over | or by a (deprecated) Revocation Key. The signature is computed over | |||
the same data as the certification that it revokes, and it should | the same data as the certification that it revokes, and it should | |||
have a later creation date than that certification. | have a later creation date than that certification. | |||
5.2.1.14. Timestamp Signature (type ID 0x40) | 5.2.1.14. Timestamp Signature (type ID 0x40) | |||
This signature is only meaningful for the timestamp contained in it. | This signature is only meaningful for the timestamp contained in it. | |||
5.2.1.15. Third-Party Confirmation (type ID 0x50) Signature | 5.2.1.15. Third-Party Confirmation Signature (type ID 0x50) | |||
This signature is a signature over some other OpenPGP Signature | This signature is a signature over some other OpenPGP Signature | |||
packet(s). It is analogous to a notary seal on the signed data. A | packet(s). It is analogous to a notary seal on the signed data. A | |||
third-party signature SHOULD include one or more Signature Target | third-party signature SHOULD include one or more Signature Target | |||
subpackets to give easy identification. Note that we really do mean | subpackets to give easy identification. Note that we really do mean | |||
SHOULD. There are plausible uses for this (such as a blind party | SHOULD. There are plausible uses for this (such as a blind party | |||
that only sees the signature, not the key or source document) that | that only sees the signature, not the key or source document) that | |||
cannot include a target subpacket. | cannot include a target subpacket. | |||
5.2.1.16. Reserved (type ID 0xFF) | 5.2.1.16. Reserved (type ID 0xFF) | |||
End of changes. 13 change blocks. | ||||
60 lines changed or deleted | 60 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. |