| rfc9580v4.txt | rfc9580.txt | |||
|---|---|---|---|---|
| skipping to change at line 130 ¶ | skipping to change at line 130 ¶ | |||
| 5.1.5. Algorithm-Specific Fields for ECDH Encryption | 5.1.5. Algorithm-Specific Fields for ECDH Encryption | |||
| 5.1.6. Algorithm-Specific Fields for X25519 Encryption | 5.1.6. Algorithm-Specific Fields for X25519 Encryption | |||
| 5.1.7. Algorithm-Specific Fields for X448 Encryption | 5.1.7. Algorithm-Specific Fields for X448 Encryption | |||
| 5.1.8. Notes on PKESK | 5.1.8. Notes on PKESK | |||
| 5.2. Signature Packet (Type ID 2) | 5.2. Signature Packet (Type ID 2) | |||
| 5.2.1. Signature Types | 5.2.1. Signature Types | |||
| 5.2.1.1. Binary Signature (type ID 0x00) of a Document | 5.2.1.1. Binary Signature (type ID 0x00) of a Document | |||
| 5.2.1.2. Text Signature (type ID 0x01) of a Canonical | 5.2.1.2. Text Signature (type ID 0x01) of a Canonical | |||
| Document | Document | |||
| 5.2.1.3. Standalone Signature (type ID 0x02) | 5.2.1.3. Standalone Signature (type ID 0x02) | |||
| 5.2.1.4. Generic Certification (type ID 0x10) of a User ID | 5.2.1.4. Generic Certification Signature (type ID 0x10) of a | |||
| and Public-Key Packet | User ID and Public-Key Packet | |||
| 5.2.1.5. Persona Certification (type ID 0x11) of a User ID | 5.2.1.5. Persona Certification Signature (type ID 0x11) of a | |||
| and Public-Key Packet | User ID and Public-Key Packet | |||
| 5.2.1.6. Casual Certification (type ID 0x12) of a User ID | 5.2.1.6. Casual Certification Signature (type ID 0x12) of a | |||
| and Public-Key Packet | User ID and Public-Key Packet | |||
| 5.2.1.7. Positive Certification (type ID 0x13) of a User ID | 5.2.1.7. Positive Certification Signature (type ID 0x13) of | |||
| and Public-Key Packet | a User ID and Public-Key Packet | |||
| 5.2.1.8. Subkey Binding Signature (type ID 0x18) | 5.2.1.8. Subkey Binding Signature (type ID 0x18) | |||
| 5.2.1.9. Primary Key Binding Signature (type ID 0x19) | 5.2.1.9. Primary Key Binding Signature (type ID 0x19) | |||
| 5.2.1.10. Direct Key Signature (type ID 0x1F) | 5.2.1.10. Direct Key Signature (type ID 0x1F) | |||
| 5.2.1.11. Key Revocation (type ID 0x20) Signature | 5.2.1.11. Key Revocation Signature (type ID 0x20) | |||
| 5.2.1.12. Subkey Revocation (type ID 0x28) Signature | 5.2.1.12. Subkey Revocation Signature (type ID 0x28) | |||
| 5.2.1.13. Certification Revocation (type ID 0x30) Signature | 5.2.1.13. Certification Revocation Signature (type ID 0x30) | |||
| 5.2.1.14. Timestamp Signature (type ID 0x40) | 5.2.1.14. Timestamp Signature (type ID 0x40) | |||
| 5.2.1.15. Third-Party Confirmation (type ID 0x50) Signature | 5.2.1.15. Third-Party Confirmation Signature (type ID 0x50) | |||
| 5.2.1.16. Reserved (type ID 0xFF) | 5.2.1.16. Reserved (type ID 0xFF) | |||
| 5.2.2. Version 3 Signature Packet Format | 5.2.2. Version 3 Signature Packet Format | |||
| 5.2.3. Versions 4 and 6 Signature Packet Formats | 5.2.3. Versions 4 and 6 Signature Packet Formats | |||
| 5.2.3.1. Algorithm-Specific Fields for RSA Signatures | 5.2.3.1. Algorithm-Specific Fields for RSA Signatures | |||
| 5.2.3.2. Algorithm-Specific Fields for DSA or ECDSA | 5.2.3.2. Algorithm-Specific Fields for DSA or ECDSA | |||
| Signatures | Signatures | |||
| 5.2.3.3. Algorithm-Specific Fields for EdDSALegacy | 5.2.3.3. Algorithm-Specific Fields for EdDSALegacy | |||
| Signatures (Deprecated) | Signatures (Deprecated) | |||
| 5.2.3.4. Algorithm-Specific Fields for Ed25519 Signatures | 5.2.3.4. Algorithm-Specific Fields for Ed25519 Signatures | |||
| 5.2.3.5. Algorithm-Specific Fields for Ed448 Signatures | 5.2.3.5. Algorithm-Specific Fields for Ed448 Signatures | |||
| skipping to change at line 1490 ¶ | skipping to change at line 1490 ¶ | |||
| There are a number of possible meanings for a signature, which are | There are a number of possible meanings for a signature, which are | |||
| indicated by the signature type ID in any given signature. Please | indicated by the signature type ID in any given signature. Please | |||
| note that the vagueness of these meanings is not a flaw but rather a | note that the vagueness of these meanings is not a flaw but rather a | |||
| feature of the system. Because OpenPGP places final authority for | feature of the system. Because OpenPGP places final authority for | |||
| validity upon the receiver of a signature, it may be that one | validity upon the receiver of a signature, it may be that one | |||
| signer's casual act might be more rigorous than some other | signer's casual act might be more rigorous than some other | |||
| authority's positive act. See Section 5.2.4 for detailed information | authority's positive act. See Section 5.2.4 for detailed information | |||
| on how to compute and verify signatures of each type. | on how to compute and verify signatures of each type. | |||
| +======+===============================+==================+ | +======+====================================+==================+ | |||
| | ID | Name | Reference | | | ID | Name | Reference | | |||
| +======+===============================+==================+ | +======+====================================+==================+ | |||
| | 0x00 | Binary Signature | Section 5.2.1.1 | | | 0x00 | Binary Signature | Section 5.2.1.1 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| | 0x01 | Text Signature | Section 5.2.1.2 | | | 0x01 | Text Signature | Section 5.2.1.2 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| | 0x02 | Standalone Signature | Section 5.2.1.3 | | | 0x02 | Standalone Signature | Section 5.2.1.3 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| | 0x10 | Generic Certification | Section 5.2.1.4 | | | 0x10 | Generic Certification Signature | Section 5.2.1.4 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| | 0x11 | Persona Certification | Section 5.2.1.5 | | | 0x11 | Persona Certification Signature | Section 5.2.1.5 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| | 0x12 | Casual Certification | Section 5.2.1.6 | | | 0x12 | Casual Certification Signature | Section 5.2.1.6 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| | 0x13 | Positive Certification | Section 5.2.1.7 | | | 0x13 | Positive Certification Signature | Section 5.2.1.7 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| | 0x18 | Subkey Binding Signature | Section 5.2.1.8 | | | 0x18 | Subkey Binding Signature | Section 5.2.1.8 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| | 0x19 | Primary Key Binding Signature | Section 5.2.1.9 | | | 0x19 | Primary Key Binding Signature | Section 5.2.1.9 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| | 0x1F | Direct Key Signature | Section 5.2.1.10 | | | 0x1F | Direct Key Signature | Section 5.2.1.10 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| | 0x20 | Key Revocation | Section 5.2.1.11 | | | 0x20 | Key Revocation Signature | Section 5.2.1.11 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| | 0x28 | Subkey Revocation | Section 5.2.1.12 | | | 0x28 | Subkey Revocation Signature | Section 5.2.1.12 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| | 0x30 | Certification Revocation | Section 5.2.1.13 | | | 0x30 | Certification Revocation Signature | Section 5.2.1.13 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| | 0x40 | Timestamp Signature | Section 5.2.1.14 | | | 0x40 | Timestamp Signature | Section 5.2.1.14 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| | 0x50 | Third-Party Confirmation | Section 5.2.1.15 | | | 0x50 | Third-Party Confirmation Signature | Section 5.2.1.15 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| | 0xFF | Reserved | Section 5.2.1.16 | | | 0xFF | Reserved | Section 5.2.1.16 | | |||
| +------+-------------------------------+------------------+ | +------+------------------------------------+------------------+ | |||
| Table 4: OpenPGP Signature Types Registry | Table 4: OpenPGP Signature Types Registry | |||
| The meanings of each signature type are described in the subsections | The meanings of each signature type are described in the subsections | |||
| below. | below. | |||
| 5.2.1.1. Binary Signature (type ID 0x00) of a Document | 5.2.1.1. Binary Signature (type ID 0x00) of a Document | |||
| This means the signer owns it, created it, or certifies that it has | This means the signer owns it, created it, or certifies that it has | |||
| not been modified. | not been modified. | |||
| 5.2.1.2. Text Signature (type ID 0x01) of a Canonical Document | 5.2.1.2. Text Signature (type ID 0x01) of a Canonical Document | |||
| skipping to change at line 1549 ¶ | skipping to change at line 1549 ¶ | |||
| not been modified. The signature is calculated over the text data | not been modified. The signature is calculated over the text data | |||
| with its line endings converted to <CR><LF>. | with its line endings converted to <CR><LF>. | |||
| 5.2.1.3. Standalone Signature (type ID 0x02) | 5.2.1.3. Standalone Signature (type ID 0x02) | |||
| This signature is a signature of only its own subpacket contents. It | This signature is a signature of only its own subpacket contents. It | |||
| is calculated identically to a signature over a zero-length binary | is calculated identically to a signature over a zero-length binary | |||
| document. V3 standalone signatures MUST NOT be generated and MUST be | document. V3 standalone signatures MUST NOT be generated and MUST be | |||
| ignored. | ignored. | |||
| 5.2.1.4. Generic Certification (type ID 0x10) of a User ID and Public- | 5.2.1.4. Generic Certification Signature (type ID 0x10) of a User ID | |||
| Key Packet | and Public-Key Packet | |||
| The issuer of this certification does not make any particular | The issuer of this certification does not make any particular | |||
| assertion as to how well the certifier has checked that the owner of | assertion as to how well the certifier has checked that the owner of | |||
| the key is in fact the person described by the User ID. | the key is in fact the person described by the User ID. | |||
| 5.2.1.5. Persona Certification (type ID 0x11) of a User ID and Public- | 5.2.1.5. Persona Certification Signature (type ID 0x11) of a User ID | |||
| Key Packet | and Public-Key Packet | |||
| The issuer of this certification has not done any verification of the | The issuer of this certification has not done any verification of the | |||
| claim that the owner of this key is the User ID specified. | claim that the owner of this key is the User ID specified. | |||
| 5.2.1.6. Casual Certification (type ID 0x12) of a User ID and Public- | 5.2.1.6. Casual Certification Signature (type ID 0x12) of a User ID and | |||
| Key Packet | Public-Key Packet | |||
| The issuer of this certification has done some casual verification of | The issuer of this certification has done some casual verification of | |||
| the claim of identity. | the claim of identity. | |||
| 5.2.1.7. Positive Certification (type ID 0x13) of a User ID and Public- | 5.2.1.7. Positive Certification Signature (type ID 0x13) of a User ID | |||
| Key Packet | and Public-Key Packet | |||
| The issuer of this certification has done substantial verification of | The issuer of this certification has done substantial verification of | |||
| the claim of identity. | the claim of identity. | |||
| Most OpenPGP implementations make their "key signatures" as generic | Most OpenPGP implementations make their "key signatures" as generic | |||
| (type ID 0x10) certifications. Some implementations can issue | (type ID 0x10) certifications. Some implementations can issue | |||
| 0x11-0x13 certifications, but few differentiate between the types. | 0x11-0x13 certifications, but few differentiate between the types. | |||
| 5.2.1.8. Subkey Binding Signature (type ID 0x18) | 5.2.1.8. Subkey Binding Signature (type ID 0x18) | |||
| skipping to change at line 1605 ¶ | skipping to change at line 1605 ¶ | |||
| 5.2.1.10. Direct Key Signature (type ID 0x1F) | 5.2.1.10. Direct Key Signature (type ID 0x1F) | |||
| This signature is calculated directly on a key. It binds the | This signature is calculated directly on a key. It binds the | |||
| information in the Signature subpackets to the key and is appropriate | information in the Signature subpackets to the key and is appropriate | |||
| to be used for subpackets that provide information about the key, | to be used for subpackets that provide information about the key, | |||
| such as the Key Flags subpacket or the (deprecated) Revocation Key | such as the Key Flags subpacket or the (deprecated) Revocation Key | |||
| subpacket. It is also appropriate for statements that non-self | subpacket. It is also appropriate for statements that non-self | |||
| certifiers want to make about the key itself rather than the binding | certifiers want to make about the key itself rather than the binding | |||
| between a key and a name. | between a key and a name. | |||
| 5.2.1.11. Key Revocation (type ID 0x20) Signature | 5.2.1.11. Key Revocation Signature (type ID 0x20) | |||
| This signature is calculated directly on the key being revoked. A | This signature is calculated directly on the key being revoked. A | |||
| revoked key is not to be used. Only revocation signatures by the key | revoked key is not to be used. Only revocation signatures by the key | |||
| being revoked, or by a (deprecated) Revocation Key, should be | being revoked, or by a (deprecated) Revocation Key, should be | |||
| considered valid revocation signatures. | considered valid revocation signatures. | |||
| 5.2.1.12. Subkey Revocation (type ID 0x28) Signature | 5.2.1.12. Subkey Revocation Signature (type ID 0x28) | |||
| This signature is calculated directly on the primary key and the | This signature is calculated directly on the primary key and the | |||
| subkey being revoked. A revoked subkey is not to be used. Only | subkey being revoked. A revoked subkey is not to be used. Only | |||
| revocation signatures by the top-level signature key that is bound to | revocation signatures by the top-level signature key that is bound to | |||
| this subkey, or by a (deprecated) Revocation Key, should be | this subkey, or by a (deprecated) Revocation Key, should be | |||
| considered valid revocation signatures. | considered valid revocation signatures. | |||
| 5.2.1.13. Certification Revocation (type ID 0x30) Signature | 5.2.1.13. Certification Revocation Signature (type ID 0x30) | |||
| This signature revokes an earlier User ID certification signature | This signature revokes an earlier User ID certification signature | |||
| (signature class 0x10 through 0x13) or direct key signature (0x1F). | (signature class 0x10 through 0x13) or direct key signature (0x1F). | |||
| It should be issued by the same key that issued the revoked signature | It should be issued by the same key that issued the revoked signature | |||
| or by a (deprecated) Revocation Key. The signature is computed over | or by a (deprecated) Revocation Key. The signature is computed over | |||
| the same data as the certification that it revokes, and it should | the same data as the certification that it revokes, and it should | |||
| have a later creation date than that certification. | have a later creation date than that certification. | |||
| 5.2.1.14. Timestamp Signature (type ID 0x40) | 5.2.1.14. Timestamp Signature (type ID 0x40) | |||
| This signature is only meaningful for the timestamp contained in it. | This signature is only meaningful for the timestamp contained in it. | |||
| 5.2.1.15. Third-Party Confirmation (type ID 0x50) Signature | 5.2.1.15. Third-Party Confirmation Signature (type ID 0x50) | |||
| This signature is a signature over some other OpenPGP Signature | This signature is a signature over some other OpenPGP Signature | |||
| packet(s). It is analogous to a notary seal on the signed data. A | packet(s). It is analogous to a notary seal on the signed data. A | |||
| third-party signature SHOULD include one or more Signature Target | third-party signature SHOULD include one or more Signature Target | |||
| subpackets to give easy identification. Note that we really do mean | subpackets to give easy identification. Note that we really do mean | |||
| SHOULD. There are plausible uses for this (such as a blind party | SHOULD. There are plausible uses for this (such as a blind party | |||
| that only sees the signature, not the key or source document) that | that only sees the signature, not the key or source document) that | |||
| cannot include a target subpacket. | cannot include a target subpacket. | |||
| 5.2.1.16. Reserved (type ID 0xFF) | 5.2.1.16. Reserved (type ID 0xFF) | |||
| End of changes. 13 change blocks. | ||||
| 60 lines changed or deleted | 60 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||