key capabilities

Janusz A. Urbanowicz alex at
Thu Dec 30 17:29:46 CET 2004

Nicholas Cole wrote:

> > > My old key (created originally with PGP) is marked as being capable of
> > > signing, certifying and authenticating (with the subkey for
> > > Encrypting).  GPG only marks the keys it creates as suitable for
> > > signing and certifying.

> > Is this a PGP 2.x key?

> No - it's a DH/DSS one created with PGP 5.5 or 6

I guess this would be another PGP proprietary feature since there is no such
thing as 'authenticating' OpenPGP key AFAIR. Encryption and signing are
direct cryptographic operation while authentication is very environment- and
protocol- dependent. It is X.509 certificates that have field that says if
what you are allowed to do with them (supposedly to make it forbidden to use
your cheap e-mail signing certificate instead of expensive authentication
certificate or vice versa), but OpenPGP keys are just key material framed in
some metadata. It is cryptography that makes a key (and algorithm) feasible
for signing or encryption. And this 'authetication' is probably a
combination of those. But there is no such thing as 'authenticating' OpenPGP
key, if I rember correctly (correct this if I am wrong).

mors ab alto 

More information about the Gnupg-devel mailing list