dshaw at jabberwocky.com
Mon Jul 28 22:35:08 CEST 2008
On Mon, Jul 28, 2008 at 12:36:07PM -0700, Loren M. Lang wrote:
> I am trying to understand the differences between the key flags sign and
> certify. As I understand it all self-signatures are a type of
> certification so the primary key needs certify, but not sign.
Yes, though in practice, most primary keys have both.
> A subkey
> can have sign and not certify.
> Also, when signing someone elses user id
> or user attribute the signing key must have certify.
Yes. Note that since the web of trust is made up of primary key
signatures, this naturally follows from your first statement.
> The sign flag is
> used for signing things not part of the web of trust such as emails,
> software, etc.
More information about the Gnupg-users