explain nrsign & lsign?
dshaw at jabberwocky.com
Sun Jan 28 18:19:22 CET 2007
On Sun, Jan 28, 2007 at 08:31:32AM -0800, snowcrash+gnupg-users wrote:
> i've a 'master', high-strength signing key, "A".
> i'm using it to tsign another key, "B".
> i note i can also nrsign(non-revocable)/lsign(non-exportable) "B" with "A".
> can someone please clearly explain the consequences of doing so?
> e.g., if i lsign "B" with "A", *which* key, then is made
> non-exportable? "A" or "B"?
Neither key is made non-exportable. A local signature just means the
*signature* is local. So if you lsigned B with A, then exported B (or
sent it to a keyserver), the local signature from A would not go along
with it. GPG automatically strips off any local signatures on the way
nrsign, for a non-revocable signature, means pretty much what it
seems: a signature that cannot be later revoked. If A nrsigns B, then
A can't change his mind later and issue a revocation.
More information about the Gnupg-users