GPGME_ATTR_CAN_SIGN vs. GPGME_ATTR_CAN_CERTIFY

David Shaw dshaw@jabberwocky.com
Wed Jul 9 02:03:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Jul 08, 2003 at 07:34:34PM -0400, Gordon Worley wrote:
> I'm not clear on what the real difference here is.  Wouldn't the keys 
> that can sign be the same as the ones that can certify?  In what case 
> would you have a key that could do one but not the other?
> 
> Or maybe I misunderstand the use of certify here?

Sign means to sign data (i.e. --sign). Certify means to certify a key
(i.e. --sign-key).

While technically any key that can sign at all can sign both data and
other keys, the key flags may dictate otherwise.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE/C1wK4mZch0nhy8kRAqXNAKCS2202lDItDn3IXOTs0ksGACxpwACfbSs1
8/SNAcGMz/+7VpMjf0x9YPU=
=xZGb
-----END PGP SIGNATURE-----