On 21/08/15 11:31, Dongsheng Song wrote: > But I still did't know why the master key have sign and certify > capabilities in the default ?
I suppose because it doesn't hurt. They're both signatures in essence; cryptographically they are the same and exchangable. The difference only lies in the interpretation. Also note that anyone who has access to the primary key material can issue data signatures at will. They could either add the Sign capability to the key or (easier) create a new subkey with which to issue signatures. The actual reason why the default is as it is can probably best be answered by someone else, though, since I can only guess. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
