Key Capabilities

David Shaw dshaw at
Thu Nov 17 15:45:36 CET 2005

On Thu, Nov 17, 2005 at 02:34:06PM +0100, Olaf Gellert wrote:
> Hi,
> I have read about the following key capabilites:
> - sign
> - encrypt
> - authenticate
> - certification
> When I generate an RSA key, GPG provides the capabilities
> sign, encrypt and authenticate (in expert mode), but
> not certification.
> Is certification somethin that is actually implemented
> or planned for the near future? What usage is expected
> to depend on this capability?

Certification is just the ability to sign other keys.  All primary
keys, by definition, are able to certify, so the flag is not very
meaningful there.  In GPG 1.4.2 the key generation menu doesn't show
you certification as an option, but it does automatically set the flag
behind the scenes.

1.4.3 is a little different.  To make things clearer, 1.4.3 does show
certification in the list of flags, but you can't turn it off (as this
would violate OpenPGP).


More information about the Gnupg-users mailing list