key capabilities usage meanings
David Shaw
dshaw at jabberwocky.com
Fri Apr 1 19:00:34 CEST 2005
On Fri, Apr 01, 2005 at 06:33:13PM +0200, archimedes at infinito.it wrote:
> What is the meaning of usage/capabilities listings for
> keys(shown, for
> example, during edit-keys interactive sessions)?
> S -> sign
> E -> encrypt
> C -> ?
> A -> ?
> looking at doc/DETAILS I found
> C -> certification
> A -> authentication
>
> But I dont' understand the difference between certification,
> authentication and signing. I have different keys, each for a
> different internet "personality", and I noticed that one primary key
> is listed as CSA and another CS. The two keys were generated with
> the same options (DSA for signing +ElGamal subkey for pubkey
> encryption), so why this difference?
Probably they were generated with two different versions of GnuPG.
The "A" authentication type is fairly recentl.
Signing is signing data (i.e. gpg --sign the_file)
Certification is signing a key (i.e. gpg --sign-key the_key)
Authentication is signing a challenge (like ssh does). The
Authentication stuff can be used to log in to a machine using your GPG key.
The signature math is the same however you do it. The key usage flags
are just to classify things.
> Another question: I read in manpage that MDC is enabled by default
> with newer ciphers(blocksize>64bit) and with CAST5. So why when you
> decipher a symmetrically encrypted message you get "WARNING: message
> was not integrity protected" and only with --force-mdc the warning
> goes away?
Not with CAST5. CAST5 has a blocksize of 64 bits.
David
More information about the Gnupg-users
mailing list