explain nrsign & lsign?
snowcrash+gnupg-users
schneecrash+gnupg-users at gmail.com
Sun Jan 28 22:16:22 CET 2007
john, david,
thanks for the clarifications.
> Can you explain what you're trying to do?
that never hurts, does it.
i want to have a 'master' trust key that, e.g., is owned/controlled by
my company,
-- with strongest-possible, highest-performance encryption (RSA?
yes, i know this is a religious debate ...)
-- never used for anything other than tsigning other keys
-- limited in distribution as much as possible to minimize risk,
while still allowing trust to be found/followed for the keys it signs.
i'm thinking here, onlyUID="trust_sig at mydomain.local" <-- NOT a real address
then, i want to create key "packages" for each employee that consist of
-- a 'weaker' DSA email-signing-only key
-- a strong ElGamal encrypt-only key
-- a strong RSA encrypt-only key
-- a 'real' primaryUID="emplayee_name at mydomain.com"
-- a trust signature from/by the company
-- ability for the employee to add add'l UID's
> If you insist on throwing nails in the gears, the software can't do its job.
i'm trying rather hard -- by asking all these apparently silly
questions -- _not_ to bork the gears, actually. it's not like the
docs are terribly enlightening ;-)
More information about the Gnupg-users
mailing list