explain nrsign & lsign?

snowcrash+gnupg-users schneecrash+gnupg-users at gmail.com
Sun Jan 28 22:16:22 CET 2007

john, david,

thanks for the clarifications.

> Can you explain what you're trying to do?

that never hurts, does it.

i want to have a 'master' trust key that, e.g., is owned/controlled by
my company,

  -- with strongest-possible, highest-performance encryption (RSA?
yes, i know this is a religious debate ...)
  -- never used for anything other than tsigning other keys
  -- limited in distribution as much as possible to minimize risk,
while still allowing trust to be found/followed for the keys it signs.

i'm thinking here, onlyUID="trust_sig at mydomain.local"  <-- NOT a real address

then, i want to create key "packages" for each employee that consist of

  -- a 'weaker' DSA email-signing-only key
  -- a strong ElGamal encrypt-only key
  -- a strong RSA encrypt-only key
  -- a 'real' primaryUID="emplayee_name at mydomain.com"
  -- a trust signature from/by the company
  -- ability for the employee to add add'l UID's

> If you insist on throwing nails in the gears, the software can't do its job.

i'm trying rather hard -- by asking all these apparently silly
questions -- _not_ to bork the gears, actually.  it's not like the
docs are terribly enlightening  ;-)

More information about the Gnupg-users mailing list