master key certify capability

john doe Fri, 03 Jan 2020 10:07:57 -0800

Hi,

I use the following command to test my new key setup:


$ gpg --batch --passphrase '' --yes --quick-gen 'Firstname Lastname
<t...@example.com>' rsa4096 cert 1d&& for u in sign sign encrypt; do gpg
--batch --passphrase '' --yes --quick-add-key $(gpg --with-colons -k
test | awk -F::::::::: 'NR==3{print substr($2,1,length($2)-1)}') rsa4096
$u 1d || exit $?; done

which give the following:

$ gpg -K

-----------------------------
sec   rsa4096 2020-01-03 [C] [expires: 2020-01-04]
      3C5CFD620005347A62052A6B596CB80D30E8829D
uid           [ultimate] Firstname Lastname <t...@example.com>
ssb   rsa4096 2020-01-03 [S] [expires: 2020-01-04]
ssb   rsa4096 2020-01-03 [S] [expires: 2020-01-04]
ssb   rsa4096 2020-01-03 [E] [expires: 2020-01-04]


Is there any downside to have my master key with the certify capability
only?


In other words, is it required for the master key to have the sign and
certify capabilities.

--
John Doe

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

master key certify capability

Reply via email to