Authenticate capability of DSA or RSA signing keys
David Shaw
dshaw at jabberwocky.com
Mon Feb 11 04:08:46 CET 2008
On Sun, Feb 10, 2008 at 08:48:13PM -0600, Kevin Hilton wrote:
> When I perform a
>
> gpg --expert --gen-key
>
> Im given the following options:
>
> Please select what kind of key you want:
> (1) DSA and Elgamal (default)
> (2) DSA (sign only)
> (3) DSA (set your own capabilities)
> (5) RSA (sign only)
> (7) RSA (set your own capabilities)
> Your selection?
>
> If I select either 3 or 7, Im given the choice similar to below (note
> the following was produced with option #3):
> Possible actions for a DSA key: Sign Certify Authenticate
> Current allowed actions: Sign Certify
>
> (S) Toggle the sign capability
> (A) Toggle the authenticate capability
> (Q) Finished
>
> I believe I'm aware of the signing capabilities, but how does Certify
> differ from Authenticate? Obviously I'm confused on the meaning of
> Certify vs Authenticate. I thought the public DSA signing key did
> certification/authentication whereas the private DSA key performed the
> signing.
The public/private question is not relevant here.
Sign = sign some data
Certify = sign a key
Authenticate = prove you are you
Authenticate is used for things like using an OpenPGP key for ssh.
David
More information about the Gnupg-users
mailing list