Who can explain RSA key types for me?

David Shaw dshaw at jabberwocky.com
Sat Oct 9 15:08:53 CEST 2004

On Sat, Oct 09, 2004 at 08:14:41PM +0800, Zuxy wrote:

> And, when running "gpg --edit-key xxxxx", I note something called
> "key usage". Again, there's "C" for certification, "S" for signing,
> "E" for encryption and "A" for authentification. So what's the
> essence of these four letters (especially the difference between C,
> S and A)?

Certification  == signing someone's key
Signing        == signing some data (e.g. a file)
Encryption     == encrypting some data
Authentication == signing a challenge to indicate you are who you say
		  you are

Authentication is the new one.  It was only recently added to the
OpenPGP standard.  It could be used, for example, if you wanted to use
your OpenPGP key for a SSH login.

The flags can be set on any key, with some restrictions - Elgamal is
an encrypt-only algorithm and cannot be C, S, or A.  DSA is a
sign-only algorithm and cannot be E.  RSA can be anything.  None of
this is a special property of the key - it's just a flag given as a
hint as to what purpose you intend to use the key for.

I should note that this applies to the upcoming GnuPG 1.4.  The
current version does not have all of these options.


More information about the Gnupg-users mailing list