What happens when a key expires?

Johan Wevers johanw@vulcan.xs4all.nl
Mon Oct 15 22:34:02 2001


Jean-David Beyer wrote:


> I expect that a little before 2002-09-22 comes around, I will make a new
> 1024g key to replace EEF02424 and export it to some keyservers. But what
> happens to the e-mails I have received (assuming I have kept them) that
> have been encoded with EEF02424?
You are still able to decrypt them. An expiry date is only a way to tell an implementation not to use a key any more after a certain date, but there is no cryptographical method to enforce that (and it would be easily circumvented by setting back the time on your machine).
> I would not want people sending me new email with EEF02424 after that key
> expires, and I suppose they will not.
But they still could. I still receive email encrypted with a compromised key which I revoked, for which I sent the revocation certificate to the keyservers and with warnings on my site not to use it any more. :-(
> But will I still be able to read the old e-mails (provided I do not
> delete it from my private keyring)?
Yes. BTW, that's also possible with revoked keys. -- ir. J.C.A. Wevers // Physics and science fiction site: johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html