On Fri, 13 Jun 2008 17:07, [EMAIL PROTECTED] said: > Which is correct? Are signatures an inherent part of the key or are they > stored extrinsically?
Lets clarify the terms: - In OpenPGP parlance a "certificate" (as used with X.509) is called a "keyblock". It is perfectly okay to use the term certificate for an OpenPGP public key block - it is the same concept. (Please ignore the fact that OpenPGP also has secret key blocks) A certificate/keyblock consists of several packets, at least one packet is a key and usually you see user ID packet and signature packets as well. This composition of packets makes up the certificate/keyblock. - People often use the term "key" and they usually mean the certificate/keyblock and not the packet with the actual key. - A "keyring" is used by some implementations to store certificates/keyblocks. RFC4880 says (3.6): A keyring is a collection of one or more keys in a file or database. Traditionally, a keyring is simply a sequential list of keys, but may be any suitable database. It is beyond the scope of this standard to discuss the details of keyrings or other databases. Back to your question: Signatures are stored in the keyblock. At least for OpenPGP compliant messages. OpenPGP defines only the interchange format; applications may store it differently. If you export an OpenPGP certificate it is entirely exported with some minor changes (for example signatures marked as non-exportable are removed). In contrast to X.509 the OpenPGP format allows for certain transformations of the certificate without rendering it invalid. The armor is just put at the end around the binary certificate/keyblock and only a transport encoding. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users