Authenticate capability of DSA or RSA signing keys

Kevin Hilton kevhilton at
Mon Feb 11 03:48:13 CET 2008

When I perform a

gpg --expert --gen-key

Im given the following options:

Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (3) DSA (set your own capabilities)
   (5) RSA (sign only)
   (7) RSA (set your own capabilities)
Your selection?

If I select either 3 or 7, Im given the choice similar to below (note
the following was produced with option #3):
Possible actions for a DSA key: Sign Certify Authenticate
Current allowed actions: Sign Certify

   (S) Toggle the sign capability
   (A) Toggle the authenticate capability
   (Q) Finished

I believe I'm aware of the signing capabilities, but how does Certify
differ from Authenticate?  Obviously I'm confused on the meaning of
Certify vs Authenticate.  I thought the public DSA signing key did
certification/authentication whereas the private DSA key performed the

Thanks for any explanation!

Kevin Hilton

More information about the Gnupg-users mailing list