multiple signing keys

[JanuszA.Urbanowicz]

Marco Colombo wrote/napisał[a]/schrieb:
[Charset ISO-8859-15 unsupported, filtering to ASCII...]

> I see. So, generally speaking, it is not advisable to remove expired keys,
> since they can be un-expired later. But if I delete the (private) key,
> no one can un-expire it (not even me), true?

Yes, and moreover you won't be able to decrypt anything encrypted with
corresponding public key. This applies to messages received both before and
after expiration date.
 
> An example:
> - I create a signing key, with expire 2002-01-01, and export it to the
>   target hosts;
> - On 2002-01-01, it expires.
> - On 2002-01-04, I change the expire date, and sign something with it.
> - I DO NOT re-export it to targets.
> 
> Do target hosts verify the signature as good or bad?

The signature will be good although there will be warning that 'Signing key
has expired on <date>.' or similar.

> If it is good, then I see the need to revoke the key, but then I don't
> understand what 'expire' means. If it is bad, then I guess I need to
> export the key again to host targets.

Expire date means that signatures made with that key are not to be
considered valid after the expire date. But they still will be perfectly
good and verifiable signatures.

> But if an attacker is able to do that (and here the keyring on the target
> hosts is root's one) he can add ANY key to the keyring.

Do what? Reset the expiry date? You need key's secret key to do this.

Alex
-- 
Janusz A. Urbanowicz | ALEX3-RIPE | SF-Framling | Thawte Web Of Trust Notary

Gdy daję biednym chleb, nazywają mnie świętym. Gdy pytam, 
dlaczego biedni nie mają chleba, nazywają mnie komunistą. - abp. Helder Camara