看了一下help信息,但是没看懂 = =
lsign 本地签名,不可导出,如果用 A lsign 了 B,然后导出了 B,A的本地签名不会随 B 一同导出
nrsign 不可恢复签名,签名之后不可吊销
tsign 信任签名,GnuPG 会询问信任等级相关信息
[quote]Neither key is made non-exportable. A local signature just means the
signature is local. So if you lsigned B with A, then exported B (or
sent it to a keyserver), the local signature from A would not go along
with it. GPG automatically strips off any local signatures on the way
out.
nrsign, for a non-revocable signature, means pretty much what it
seems: a signature that cannot be later revoked. If A nrsigns B, then
A can’t change his mind later and issue a revocation.[/quote]
[quote]You can also indicate how much you trust someone, sign his key with the command tsign instead of sign. GnuPG will then ask you three questions:
- how far you trust him to verify other people’s keys: marginally or fully (I personally only fully trust people that were trained or challenged by myself or by people I trust even more)
- how far you allow him to make trust signatures on your behalf: usually answer 1; answering 3 would allow him to issue trust signature with level 2, thus allowing other people to issue trust signatures on your behalf (this features exists to implement pyramidal certification systems, but can be interesting for signing your own keys when you have several);
- if you wish to restrict this signature to a domain: I have no idea of what this means so I give none.[/quote]
