key capabilities usage meanings

David Shaw dshaw at
Fri Apr 1 19:00:34 CEST 2005

On Fri, Apr 01, 2005 at 06:33:13PM +0200, archimedes at wrote:
> What is the meaning of usage/capabilities listings for 
> keys(shown, for
> example, during edit-keys interactive sessions)?
> S -> sign
> E -> encrypt
> C -> ?
> A -> ?
> looking at doc/DETAILS I found
> C -> certification
> A -> authentication
> But I dont' understand the difference between certification,
> authentication and signing.  I have different keys, each for a
> different internet "personality", and I noticed that one primary key
> is listed as CSA and another CS. The two keys were generated with
> the same options (DSA for signing +ElGamal subkey for pubkey
> encryption), so why this difference?

Probably they were generated with two different versions of GnuPG.
The "A" authentication type is fairly recentl.

Signing is signing data (i.e. gpg --sign the_file)

Certification is signing a key (i.e. gpg --sign-key the_key)

Authentication is signing a challenge (like ssh does).  The
Authentication stuff can be used to log in to a machine using your GPG key.

The signature math is the same however you do it.  The key usage flags
are just to classify things.

> Another question: I read in manpage that MDC is enabled by default
> with newer ciphers(blocksize>64bit) and with CAST5. So why when you
> decipher a symmetrically encrypted message you get "WARNING: message
> was not integrity protected" and only with --force-mdc the warning
> goes away?

Not with CAST5.  CAST5 has a blocksize of 64 bits.


More information about the Gnupg-users mailing list