Keys that you own (aka: you have access to the private keys)
1 2 3 4 5
sec rsa4096/0xCCCCCCCCCCCCCCCC 2015-02-01 [SCA] [expires: 2020-01-31] FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF uid [ultimate] Jane Roe <firstname.lastname@example.org> uid [ultimate] Dr. Jane Roe <email@example.com> ssb rsa4096/0xEEEEEEEEEEEEEEEE 2015-02-01 [E] [expires: 2020-01-31]
- line 1: the primary key
- line 2: fingerprint
- line 3-4: user IDs of the key (optional, used in Web-of-Trust and for Certification)
- line 5: the first subkey
sec: … (secret key available?)
ssb: … (secret key of a subkey available?)
ssb*: currently selected subkey during edits (next section: selected via
gpg2 --edit-key CCCCCC-
ssb>: only stub of a subkey is available (next section: after secret part has been moved to a smartcard)
sec#: the secret part is not available (removed from local key store)
uid: this line is a user ID
- date of generation
[...]`: capabilities (see below)
- date of expiration
Noted in each key with
Can be delegated from the primary key to subkeys.
S: Sign. Signs data, such as e-mails.
C: Certification. Certifies (also: “signs”) keys, e.g. keys of other people at a crypto party or during subkey generation. All primary keys must have this capability.
A: Authenticate. Can be used for logins such as SSH.
E: Encrypt. Encrypts (and decrypts?) data.
to do: document each entry/line