[Q] "sign" vs "sign-locally"
Sat May 31 09:57:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Wednesday 28 May 2003 11:00 pm, Daniel Carrera wrote:
> Hi all,
> I just realized that there are two ways of signing a key. You can
> "sign" it, or sign it it "locally". What's the difference?
This is the equivalent of the exportable signature and non-exportable=20
signature in PGP. If you locally sign a key that signature cannot be=20
exported to another person or keyserver: in other words, it is a method=20
of allocating trust to a key on your keyring only.
> If I understand correctly, your signing a key means that you are
> confident that the key belongs to the person you think it does. So,
> for instance, I could meet the person face-to-face and get his or her
> key ID for verification.
Correct, and this in fact the purpose of "key signing parties".
> I've looked at the man page. I think that "sign" is what I just
> described in the above paragraph. But I'm not sure I understand how
> "sign-locally" is different.
If you sign a key and then export the key, the signature goes with that=20
key. If you locally sign the key and export it, the signature does not=20
go with the key.
> Also, why would I ever want to sign a key "non-revocably"?
Some keys are used for specific purposes, and one such purpose could be=20
to sign documents. Having a non-revocable key stops anybody revoking=20
that key and therefore stops the invalidation of the documents.
GPG keys at: email@example.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Please sign and encrypt for internet privacy
-----END PGP SIGNATURE-----