Hi all. Per our conversation on today's call, here's a quick rundown on the structure of a PGP key, contrasted with that of a certificate.
To get a sense of how the following data structures came about, it's best to think back to the early 1990s. Phil Zimmermann was looking for a way to allow individuals to quickly adopt strong cryptography for email messages and not have to go through a laborious (and sometimes expensive) process of getting a certificate from a central authority. Rather, the strength behind an identity claimed by a cryptographic key would come from a set of signatures upon that identity that lend weight to its veracity. If I have 50 signatures on my identity that say "yes this is me", then it's strongly likely that, yes, I am who I say I am.
The other big differentiation between X.509 certificate structures and PGP key structures is the compound nature of PGP keys. PGP keys, as a data structure, may have more than one piece of actual cryptographic key material inside of themselves. These different subkeys may be put to different purposes, that is one for signing and one for encryption, for example. The overall key is represented to the outside world by a binding, or "top", key, which signs all the bits of other data within the key itself. This structure allows one to use the overall "key" concept as one's identity out in the Internet by simply sharing the one file, rather than two or more certificates for different purposes.
So, with that said, I'm more of a picture person when I'm trying to learn and think about things, so here's a diagram of a relatively simple PGP key, one that I myself may claim as my key in the world of PGP.
Here you can see a few things. One is that each actual piece of key material has a different 32 bit key ID (the 0x12345678 business in the diagram). (Technically the key ID is 64 bit but it's hardly ever represented as such.) You can also see the two different keys as the big boxes on the left, the top key and one sub key. The small boxes represent signatures. In a well formed PGP key, the top key signs all the different bits within its own key, so the sub key and the two user IDs (more about this in a second) are signed by the top key. This signature just proves that this key is well formed, and that it was properly created with the private key for that top key in place. Also the sub keys will sign the top key in order to bolster the idea that this top key is the correct one for this sub key.
The key also bears the user IDs (the yellow boxes on the right). While usually these are email addresses, they can be any arbitrary string. These are held separate from the key material and are the claims that this key makes about the identity of its user. So how do I, as a potential recipient of this key, believe or not these claims? One way is by the signatures from other keys on those user IDs. In this diagram, another key has also signed those user IDs; in this example, it's the key for an overall organization that presumably I belong to.
A PGP key may bear a signature from any other PGP key. Thus, one might have a key like this:
If Tim and Judy wish to say to the world, "Yes this is Mike's key and you can believe it because I say so", then they can use their own PGP keys to sign the user IDs of my key. Similarly, I may do the same for their keys, though that's not shown in this diagram. Also note that now I have separate keys for signing and encrypting, and those sub keys both sign the top key.
That's probably enough for now. Things can get more complex when we start talking about the interoperation of PGP keys and X.509 certificates, but that's probably more than we need to think about just now.
Questions?
- Mike