30. Glossary¶
- AEAD¶
- AEAD Algorithm¶
- Algorithm Preferences¶
The preferences for hash algorithms, compression algorithms, symmetric algorithms and AEAD algorithms are set using direct key signatures or primary User ID binding signatures.
- Asymmetric Cryptography¶
Asymmetric cryptography (also known as public-key cryptography) is used in OpenPGP to send messages without using a prior shared secret. For a more detailed discussion see Public-key (asymmetric) cryptography.
- Authenticated Encryption With Associated Data¶
Short AEAD, refers to an encryption scheme that ensures confidentiality of a message. Additionally, additional data, which is not confidential, may be associated with the message, ensuring integrity of both the confidential part of the message, as well as the additional data.
See Wikipedia on Authenticated Encryption.
- Authentication¶
The process of validiting an identity claim. The term “authentication” here is semantically different from the one used in Authentication Key Flag.
- Authentication Key Flag¶
A Key Flag which indicates that a Component Key can be used to prove control over private key material with a challenge-response mechanism. This is typically done to log into a remote system, often using the OpenSSH protocol.
Note that the term “authentication” is used in a different context here than Authentication of identity claims that are associated with a certificate. See Defining operational capabilities of component keys with key flags.
- Authentication Tag¶
- Authenticity¶
See Authentication.
- Back Signature¶
- Binary Signature¶
A Data Signature with the Signature Type ID
0x00, which is used for binary data.- Binding¶
The process of creating a Binding Signature for a Component, or the resulting Binding Signature.
See Self-signatures in certificate formation and management for more.
- Binding Signature¶
A self-signature on a component which associates that component to the issuing component key in a certificate.
See Self-signatures in certificate formation and management for more.
- CA¶
- Capability¶
The operations an OpenPGP Component Key can perform. See Defining operational capabilities of component keys with key flags.
- Certificate¶
- Certificate Authority¶
- Certificate Holder¶
A person or other entity, that holds an Transferable Secret Key and thus is able to modify the accompanying OpenPGP Certificate. Typically this is the owner of OpenPGP key.
- Certification¶
A certification, in OpenPGP, is a signature that makes a statement about an identity in a certificate, or an entire certificate.
Most commonly, the term is applied to “third-party certifications,” in which an external actor indicates that they have validated the link between an identity and a certificate. However, the term is also used for self-signatures that bind identity components to a certificate.
- Certification Authority¶
Also known as Certificate authority, this is an entity that handles digital certificates, especially by signing or issuing them.
- Certification Key Flag¶
A Key Flag, indicating that a Component Key can be used for issuing third-party certifications. See Defining operational capabilities of component keys with key flags.
- Certification Revocation Signature Packet¶
An OpenPGP Signature Packet to revoke an earlier self-certification of a User ID.
- Certification Signature¶
See Certification.
- Certifying Self-Signature¶
An OpenPGP Signature Packet by the Certificate Holder on an Identity Component of their own Certificate.
- Certifying Signature¶
See Certification.
- Cipher Type Byte¶
This historical term was defined in RFC 1991 and was subsequently superseded by Packet Tag in RFC 2440, which is in turn superseded by Packet Type ID in the new RFC.
- Cleartext Signature¶
A Data Signature which exists in a combined text format, encapsulating the (readable) text input it was created for. See Cleartext signatures.
- Cleartext Signature Framework¶
A framework for creating cleartext signatures. See RFC 7.
- Component¶
An element in an OpenPGP Certificate, that represents a component key or identity component.
- Component Key¶
- Compressed Data Packet¶
A packet that contains a compressed OpenPGP Message (typically a Literal Data Packet). A Compressed Data Packet represents a “compressed message”.
- Compression¶
See Data Compression.
- Creation Time¶
The point in time at which e.g. an OpenPGP Signature, an OpenPGP Certificate, or one of its component is created.
- Creator¶
See Issuer.
- Criticality Flag¶
A flag on Subpackets, that can mark them as critical or non-critical, which is has an influence on signature validation. See Criticality of subpackets.
- Cryptographic Key¶
A symmetric or asymmetric cryptographic key. See Cryptographic concepts and terms.
- Cryptographic Signature¶
A raw cryptographic signature is an algorithm-specific sequence of bytes created by a Cryptographic Key.
- CTB¶
See Cipher Type Byte.
- Data Compression¶
The process of encoding information using fewer bits than the original representation. In OpenPGP data compression is used to reduce the size required for encrypted messages.
See Wikipedia on Data Compression.
- Data Signature¶
Cryptographic signature over binary documents or canonical text documents. See Signatures over data.
- Data Signature Packet¶
An OpenPGP Signature Packet which describes a Data Signature. See Signatures over data.
- Delegation¶
OpenPGP users can delegate authentication decisions to third parties, and thus rely on certifications they issue. The remote party is then called a “trusted introducer”.
This kind of delegation involves certifications that include the trust signature subpacket.
- Detached Signature¶
A Data Signature which exists separately to the data it was created for. See Forms of OpenPGP data signatures.
- Direct Key Signature¶
Describes both a Signature Type ID, as well as an according OpenPGP Signature over a Primary Key.
Issued as a Self-Signature it sets preferences and advertises features applicable to an entire Certificate. See Direct key signature.
- Embedded Signature Subpacket¶
An OpenPGP Signature Subpacket which contains a complete OpenPGP Signature Packet.
See RFC 5.2.3.34
- Encrypted Data¶
Data that is encrypted.
See Encryption.
- Encryption Key Flag¶
A Key Flag, indicating that a Component Key can be used for encrypting data. See Defining operational capabilities of component keys with key flags.
There are two distinct encryption key flags, indicating that the key can encrypt communications, or data in long-term storage respectively.
- Expiration¶
A mechanism by which a Component is invalidated due to the Expiration Time of its binding signature being older than the Reference Time by which it is validated.
- Expiration Time¶
The time of expiry of an OpenPGP Signature Packet.
- Features Subpacket¶
An OpenPGP Signature Subpacket, which denotes advanced OpenPGP features an implementation supports.
For an in-depth view on these subpackets see Direct Key Signature.
See RFC 5.2.3.32
- Fingerprint¶
See OpenPGP Fingerprint.
- Hard Revocation¶
A Revocation Signature Packet for a Certification or a Component Key, which either includes a Reason For Revocation Subpacket with a Revocation Code, that signifies the target being compromised (e.g.,
0or2), or has no Reason For Revocation Subpacket at all.See RFC 5.2.3.31.
- Hash Algorithm¶
See Hash Function.
- Hash Digest¶
Output of a cryptographic hash function for a string of data of any length. See Cryptographic hash functions.
- Hash Function¶
A function used to map data of arbitrary size to fixed-size values (see Hash Digest).
- Hash Value¶
See Hash Digest.
- Hashed Area¶
An area in an OpenPGP Signature Packet containing OpenPGP Signature Subpackets, that is covered by the Hash Digest a Cryptographic Signature is created for. See Hashed and unhashed signature subpackets.
- Hashed Subpacket¶
An OpenPGP Signature Subpacket residing in the Hashed Area of an OpenPGP Signature Packet.
- Hybrid Cryptosystem¶
A cryptographic system that employs both Asymmetric Cryptography and Symmetric Cryptography. See Hybrid cryptosystems.
- Identity¶
An identity of a Certificate Holder. It is represented by an Identity Component, which may be certified using identity certifications, or by a Notation.
- Identity Certification¶
An OpenPGP Signature Packet on an Identity Component which certifies its authenticity.
Identity certifications can be issued either:
by the certificate holder, as a self-signature, or
by a third party, as a third-party identity certifications.
- Identity Claim¶
A Certificate Holder may use Identity Components or Notations to state a claim about their Identity.
- Identity Component¶
Part of an OpenPGP Certificate, that is used to associate data about the Certificate Holder with it. See Identity components for further details.
- Identity Verification¶
A process by which the Identity Claim of a Certificate Holder is verified. See also Signature Verification.
- Initial Introducer¶
An OpenPGP Certificate explicitly delegated to from a Trust Anchor.
- Inline Signature¶
An inline signature is a type of OpenPGP message which stores a Data Signature alongside the message it signs. Both the message and the signature are stored in a shared OpenPGP container.
The standard defines two variant formats for inline signatures:
One-pass signed Message: This format is now commonly used.
Prefixed signed Message: This is a historical format. It is still supported, but rarely used.
For more context, see Forms of OpenPGP data signatures.
- Issuer¶
An entity, that created an OpenPGP Signature Packet using a Transferable Secret Key.
- Issuer Fingerprint Subpacket¶
A Subpacket specifying the Fingerprint of an Issuer Key.
See RFC 5.2.3.35
- Issuer Key¶
The OpenPGP Component Key of an Issuer, used to create an OpenPGP Signature Packet.
- Key¶
In OpenPGP, and cryptography more generally, the term “key” holds different meanings.
First, it can apply to different cryptographic primitives:
asymmetric public key
asymmetric private key
Additionally, in OpenPGP, asymmetric cryptographic keys are used on three different layers of abstraction:
cryptographic key
OpenPGP component key
OpenPGP key (which in turn refers to either an OpenPGP Certificate or a Transferable Secret Key
- Key Expiration Time Subpacket¶
An OpenPGP Signature Subpacket Type which defines the Expiration Time for a key.
See RFC 5.2.3.13
- Key Flag¶
A preference encoded in an OpenPGP Signature Subpacket, that defines the Capability a OpenPGP Component Key has. See Signature subpackets.
- Key Holder¶
See Certificate Holder.
- Key ID¶
A Key ID is a shorthand identifier for OpenPGP certificates (or for individual subkeys). A Key ID is a shortened versions of a fingerprint:
For OpenPGP v6 keys, the Key ID consists of the high-order (leftmost) 64 bits of their OpenPGP Fingerprint.
For OpenPGP v4 keys, the Key ID consists of the low-order (rightmost) 64 bits of their OpenPGP Fingerprint.
Note that since Key IDs are relatively short, they don’t meaningfully guard against collisions. Applications must not assume that Key IDs are unique.
- Key Material¶
May refer to Public Key Material or Private Key Material.
- Key Owner¶
See Certificate Holder.
- Key Revocation Signature Packet¶
A Revocation Self-signature for an entire OpenPGP Certificate.
- Key Server¶
A service available over the network, which provides access to OpenPGP Certificates e.g., by searching for an OpenPGP Fingerprint or User ID, via the
HKPand/ orHKPSprotocols. Several implementations such as hagrid, or hockeypuck exist.- Life-cycle Management¶
In OpenPGP several actions are necessary for the prolonged use of an OpenPGP Certificate or adapting its components to the requirements of the Certificate Holder. These are for example changes to binding signatures (adding or revocation of component keys or direct key signature), modification of expiration time or other metadata for components. See Self-signatures.
- Literal Data Packet¶
A packet that contains a payload of data. It represents a “literal message”.
A literal data packet typically stores the paintext data of an encrypted message, and/or the data of an inline signed message.
See RFC 5.9.
- MAC¶
- Master Key¶
See OpenPGP Primary Key.
- Message Authentication Code¶
A piece of information used for integrity and authenticity verification of a message. See Message authentication codes.
- Meta Introducer¶
An OpenPGP Certificate that acts as a Trusted introducer and has a Trust Depth greater than one.
A meta introducer can introduce other (meta-) introducers.
- Metadata¶
Data related to preferences of an OpenPGP Certificate or its Certificate Holder, that can be found in signature packets. See Metadata in certificates.
- Notation¶
A mechanism for a Certificate Holder to provide user-defined data using a Notation Signature Subpacket.
- Notation Signature Subpacket¶
An OpenPGP Signature Subpacket which is used to add user-defined data to a Certificate. See Notation signature subpackets.
- Notation Tag¶
Part of a Notation name.
- One-pass Signature Packet¶
One or more packets before the actual data in a Data Signature which contain information to allow a receiving implementation to create hashes required for signature verification.
See The function of the one-pass signature packet. Also see RFC 5.4.
- One-pass signed Message¶
The commonly used form of an OpenPGP Inline Signature. It combines an OpenPGP Message with signature packets and accompanying auxiliary One-pass signatures.
For details see One-pass signed message.
- OpenPGP Certificate¶
An OpenPGP certificate contains public key material, identity claims and third party certifications (but no private key material)
- OpenPGP Component Key¶
An OpenPGP Primary Key or OpenPGP Subkey. For an in-depth discussion see Component keys.
- OpenPGP data¶
Any data in OpenPGP format, represented as a series of OpenPGP packets. The data could for example represent an OpenPGP Certificate, or an OpenPGP Signature Packet combined with plaintext or encrypted data.
- OpenPGP Fingerprint¶
An OpenPGP Fingerprint is a shorthand representation of an OpenPGP Component Key. Fingerprints effectively act as unique identifiers. See Fingerprint.
The Fingerprint of the primary component key is used as an identifier for the full OpenPGP Certificate.
- OpenPGP Implementation¶
A piece of software implementing the OpenPGP protocol (to some extend).
- OpenPGP Key¶
Used either for an OpenPGP Certificate (containing public key material and metadata), or for an OpenPGP Private Key. See Certificates for an in-depth discussion.
- OpenPGP Message¶
A series of OpenPGP packets that represents one of the following formats:
an encrypted message
a signed message
Also see RFC 10.3.
- OpenPGP Primary Key¶
An OpenPGP Component Key that is used in the primary key role of an OpenPGP Certificate. For a more detailed discussion, see Primary key.
- OpenPGP Private Key¶
- OpenPGP Public Key¶
See OpenPGP Certificate.
- OpenPGP Signature¶
- OpenPGP Signature Packet¶
A packet that contains a raw cryptographic signature, a Signature Type ID and additional metadata. See OpenPGP Signatures. Basic concepts are introduced in OpenPGP Signatures and more detailed use-cases are explained in Signatures over data and Signatures on components.
- OpenPGP Signature Subpacket¶
A data structure in a Signature Packet, that describes metadata and preferences. See Signature subpackets.
- OpenPGP Signature Subpacket Type¶
An OpenPGP Signature Subpacket type.
- OpenPGP Signature Type¶
The type of an OpenPGP Signature Packet is defined by its Signature Type ID. See Signature types in OpenPGP.
- OpenPGP Signing Subkey¶
An OpenPGP Subkey with the Signing Key Flag.
- OpenPGP Subkey¶
An OpenPGP Component Key that is used in the subkey role, in an OpenPGP Certificate. For a more detailed discussion, see Subkeys.
- Owner¶
See Certificate Holder.
- Packet¶
An element in an OpenPGP Certificate or OpenPGP Message.
- Packet Header¶
A section of variable length at the beginning of a Packet, which encodes for example the Packet Type ID. See the relevant section in the RFC, which explains this section in more detail.
- Packet Tag¶
This historical term was defined in RFC 2440 and is superseded by Packet Type ID in the new RFC.
- Packet Type ID¶
A numerical value encoded in the first octet of a Packet Header, defining a Packet’s type.
- Positive Certification¶
An OpenPGP Signature Type with the Signature Type ID
0x13, which is used in binding signatures for User IDs. This OpenPGP Signature Type implies that the issuer has done substantial verification of the Identity Claim.- Preferred AEAD Ciphersuites Subpacket¶
An OpenPGP Signature Subpacket Type which defines the preferred version 2 SEIPD algorithms for an OpenPGP Certificate or Component Key. This defines which algorithms the key holder prefers to receive and implicitly signifies the supported algorithms of the key holder’s implementation.
See RFC 5.2.3.15
- Preferred Compression Algorithms Subpacket¶
An OpenPGP Signature Subpacket Type which defines the preferred compression algorithms for an OpenPGP Certificate or Component Key. This defines which algorithms the key holder prefers to receive.
See RFC 5.2.3.17.
- Preferred Hash Algorithms Subpacket¶
An OpenPGP Signature Subpacket Type which defines the preferred hash algorithm for an OpenPGP Certificate or Component Key. This defines which algorithms the key holder prefers to receive.
See RFC 5.2.3.16.
- Preferred Symmetric Ciphers for v1 SEIPD Subpacket¶
An OpenPGP Signature Subpacket Type which defines the preferred version 1 SEIPD algorithms for an OpenPGP Certificate or Component Key. This defines which algorithms the key holder prefers to receive and implicitly signifies the supported algorithms of the key holder’s implementation.
See RFC 5.2.3.14.
- Prefixed signed Message¶
A type of Inline Signature. This form of Inline Signature is historical and now rarely used. Superseded by One-pass signed Message.
For details see Prefixed signed message.
- Primary Component Key¶
See OpenPGP Primary Key.
- Primary Introducer¶
See Initial Introducer.
- Primary Key¶
See OpenPGP Primary Key.
- Primary Key Binding Signature¶
A Binding Signature, which is created by a OpenPGP Signing Subkey on the OpenPGP Primary Key of an OpenPGP Certificate and stored in an Embedded Signature Subpacket in the Binding Signature for the OpenPGP Signing Subkey.
This special case is explained in more detail in Special case: Binding signing subkeys.
- Primary User ID¶
A User ID which carries the default preferences for identity components without preferences.
- Primary User ID Binding Signature¶
A Binding Signature, which is created by an OpenPGP Primary Key to bind a User ID to its OpenPGP Certificate and marking it as the Primary User ID.
This Binding Signature may carry metadata specific to the User ID at hand as well as some applicable to the entire OpenPGP Certificate.
- Primary User ID Subpacket¶
An OpenPGP Signature Subpacket used in User ID self-signatures which allows to signify whether the User ID in question is considered a Primary User ID.
See RFC 5.2.3.27
- Private Key¶
- Private Key Material¶
A raw cryptographic private key.
- Public Key¶
See OpenPGP Public Key.
- Public Key Algorithm¶
An asymmetric cryptographic algorithm. See Public-key (asymmetric) cryptography.
- Public Key Cryptography¶
- Public Key Material¶
See OpenPGP Certificate.
- Reason For Revocation Subpacket¶
An OpenPGP Signature Subpacket, which is used in Certification Revocation Signature Packet and key revocation signature packets to describe a reason for the revocation.
See RFC 5.2.3.31
- Reference Time¶
A point in time at which an OpenPGP Certificate or OpenPGP Signature is evaluated.
- Regular Expression Subpacket¶
An OpenPGP Signature Subpacket which allows for limiting delegations to identities matching a regular expression.
- Revocation¶
Mechanism to invalidate a component or an entire OpenPGP Certificate using a Revocation Self-signature. See Revocations.
- Revocation Certificate¶
A Revocation Self-signature for an OpenPGP Primary Key distributed alongside the plain OpenPGP Primary Key.
See RFC 10.1.2
Note that in OpenPGP v4 this term is typically used for a bare Revocation Self-signature packet.
- Revocation Code¶
A number in a Reason For Revocation Subpacket which represents the reason for a Revocation.
- Revocation Self-signature¶
A class of self-signatures to revoke primary keys, User IDs or User Attributes and invalidate subkey binding signatures.
See Revocation self-signatures: Invalidating certificate components.
- Revocation Signature¶
- Revocation Signature Packet¶
An OpenPGP Signature Packet used for the revocation of a certification or binding.
Revocation signatures are often self-signatures, more specifically revocation self-signatures. However, certification revocations can be both self-signatures or third-party signatures. Additionally, with the deprecated Revocation Key mechanism, third-party Key- and Subkey revocations also exist.
- RFC¶
This document, unless noted otherwise, refers to the OpenPGP version 6 specification when referring to RFC.
- Secret Key Material¶
See Private Key Material.
- SEIPD¶
- Self-certification¶
A certification on a component of an OpenPGP Certificate issued by a component key of the same OpenPGP certificate.
- Self-signature¶
An OpenPGP Signature Packet by the Certificate Holder on a Component of their own Certificate.
- Session Key¶
A unique shared secret used in encryption in a Hybrid Cryptosystem. See Encryption and Decryption.
- Signature¶
- Signature Creation Time Subpacket¶
An OpenPGP Signature Subpacket Type which defines the Creation Time for an OpenPGP Signature Packet.
See RFC 5.2.3.11
- Signature Expiration Time Subpacket¶
An OpenPGP Signature Subpacket Type which defines the Expiration Time for an OpenPGP Signature Packet.
See RFC 5.2.3.18
- Signature On Component¶
Cryptographic signature associated with Component Keys or Identity Components. See Signatures on components.
- Signature Over Data¶
See Data Signature.
- Signature Packet¶
- Signature Subpacket¶
- Signature Subpacket Type¶
- Signature Type¶
- Signature Type ID¶
A numerical identifier for a Signature Type.
- Signature Verification¶
In cryptography the mechanism of verification relates to a process in which a claim (i.e., a signature) is tested (i.e., using the relevant components of a certificate).
- Signer¶
A Certificate Holder, that is able to create self-signatures and third-party signatures.
- Signing Key Flag¶
A Key Flag, indicating that a Component Key can be used for signing data. See Defining operational capabilities of component keys with key flags.
- Signing Subkey¶
- Signing-capable¶
See Signing Key Flag.
- Soft Revocation¶
A Revocation Signature Packet for a Certification or a Component Key, which includes a Reason For Revocation Subpacket with a Revocation Code, that does not signify the target being compromised (e.g.,
0or2).See RFC 5.2.3.31.
- Strong Authentication¶
“Strong Authentication” in this text refers to having ascertained that a certificate and an identity claim on it are legitimately linked. That is, that the person who controls the certificate is correctly represented by the identity component.
Strong authentication in OpenPGP is typically encoded with a certification signature.
Ascertaining strong authentication requires an out-of-band check: Either via a manual verification process, or an automated system that can certify that a user has identified to the system that issues the identity in question (e.g. an email provider can certify email-based identities that it issues to the user).
Also see Authentication.
- Subkey¶
See OpenPGP Subkey.
- Subkey Binding Signature¶
A Self-signature to associate an OpenPGP Subkey with an OpenPGP Primary Key. See Binding subkeys to a certificate.
- Subkey Revocation Signature Packet¶
A Self-signature to revoke an OpenPGP Subkey in an OpenPGP Certificate.
See RFC 5.2.1.12
- Subpacket¶
- Subpacket Type¶
- Symmetric Cryptography¶
Symmetric cryptography is used in OpenPGP. For a more detailed discussion see Symmetric-key cryptography.
- Symmetric Secret Key¶
The Private Key Material used in Symmetric Cryptography.
- Symmetrically Encrypted Integrity Protected Data¶
Short SEIPD, this refers to Symmetric Cryptography based encrypted data, which is used in a Symmetrically Encrypted Integrity Protected Data Packet.
See RFC 5.13.
- Text Signature¶
A signature packet with the Signature Type ID
0x01, which is used for textual data.- Third-party Identity Certification¶
Certification by third-parties to confirm ownership of an OpenPGP Certificate (Identity Claim) by a Certificate Holder. See Third-party (identity) certifications.
- Third-party Signature¶
A Signature by a third-party on a Component of a Certificate.
- Transferable Secret Key¶
A Transferable Secret Key (TSK) is the combination of an OpenPGP Certificate and the associated private key material. Also often referred to as an “OpenPGP private key”. It is discussed in detail in Managing private key material in OpenPGP.
- Trust Amount¶
A numerical value between
0and255, stored in trust signatures used for indicating the degree of reliance on the delegation. Values less than120indicate partial trust, values equal to or greater than120indicate complete trust.See Trust amounts. See RFC 5.2.3.21
- Trust Anchor¶
An entity in a Trust Model for which trust is assumed and not derived.
- Trust Depth¶
This numerical value is part of a Trust Signature and describes the extent of trustworthiness of a Certification, that the signer assigns to it.
See Trust depth/level.
- Trust Level¶
See Trust Depth.
- Trust Model¶
A model by which trust between identities associated with different OpenPGP Certificates is created. See Third-party (identity) certifications.
- Trust Root¶
See Trust Anchor.
- Trust Signature¶
The trust signature subpacket on a certifying signature is used for delegation of authentication decisions. With this feature, an OpenPGP user can designate a certificate as a “trusted introducer” and opt to rely on certifications they issue.
See RFC 5.2.3.21
- Trusted introducer¶
OpenPGP users can choose to rely on certifications issued by a third party. The remote party of such a delegation is called a “trusted introducer”.
See Trust signatures: delegating authentication for more details.
- tsig¶
See Trust signature
- TSK¶
- Type ID¶
See Signature Type ID.
- Unhashed Area¶
An area in a Signature Packet containing Signature Subpackets, that is not covered by the Hash Digest a Cryptographic Signature is created for. See Hashed and unhashed signature subpackets.
- Unhashed Subpacket¶
A Signature Subpacket residing in the Unhashed Area of a Signature Packet.
- User Attribute¶
An Identity Component, which may hold complex attribute data, e.g. a single JPEG image. See User attributes in OpenPGP.
- User ID¶
An Identity Component, which describes an Identity of a Certificate Holder. See User IDs in OpenPGP certificates.
- User ID Binding Signature¶
A Binding Signature, which is created by an OpenPGP Primary Key to bind a User ID to an OpenPGP Certificate.
- Validation¶
A mechanism by which the operational needs of a use-case are met. In OpenPGP terminology this may refer to processes such as ensuring, that an OpenPGP Signature Packet has been created after a Transferable Secret Key’s Creation Time, but before its Expiration Time.
- Validity¶
See Validation.
- Verification¶
A mechanism by which the compliance with design specifications are met. In OpenPGP terminology this may refer to e.g. Signature Verification or Identity Verification.
- Web Of Trust¶
A trust model which is based on a network of certifications and delegations, that can be used to discern the reliability of certificates and their associated identities. See Web of Trust: Decentralized trust decisions.
