explain nrsign & lsign?

David Shaw dshaw at jabberwocky.com
Sun Jan 28 18:19:22 CET 2007


On Sun, Jan 28, 2007 at 08:31:32AM -0800, snowcrash+gnupg-users wrote:
> hi,
> 
> i've a 'master', high-strength signing key, "A".
> 
> i'm using it to tsign another key, "B".
> 
> i note i can also nrsign(non-revocable)/lsign(non-exportable) "B" with "A".
> 
> can someone please clearly explain the consequences of doing so?
> 
> e.g., if i lsign "B" with "A", *which* key, then is made
> non-exportable?  "A" or "B"?

Neither key is made non-exportable.  A local signature just means the
*signature* is local.  So if you lsigned B with A, then exported B (or
sent it to a keyserver), the local signature from A would not go along
with it.  GPG automatically strips off any local signatures on the way
out.

nrsign, for a non-revocable signature, means pretty much what it
seems: a signature that cannot be later revoked.  If A nrsigns B, then
A can't change his mind later and issue a revocation.

David



More information about the Gnupg-users mailing list