Revoke and expire

Robert J. Hansen rjh at sixdemonbag.org
Mon Jun 11 19:11:08 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> When a key is revoked using the revocation certificate, does it have
> the same effect as reaching the expiry date of the key? In other words
> if I set a key to no expire but generate a revocation certificate, it
> is equally safe?

It depends on what you mean by "same effect".  You can't encrypt a  
message to an expired key, precisely because it's expired.  You can't  
encrypt a message to a revoked key, precisely because it's revoked.

If by "same effect" you mean "both keys are equally unusable", then  
yeah.  Same effect.

If by "same effect" you mean "they work the same way", then no.   
Different.  With one, GnuPG simply sees that the key has expired.   
You can unexpire the key just by resetting your computer's clock.   
With the other, GnuPG sees the key has been revoked, and unrevoking  
it is kind of problematic.

- --
Robert J. Hansen <rjh at sixdemonbag.org>

"Most people are never thought about after they're gone.  'I wonder
where Rob got the plutonium?' is better than most get." -- Phil Munson



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iFYEAREIAAYFAkZtgiwACgkQf2XByo0Cu7PQdgDfYSHgpicOUcseTUVpWEFLp6aS
hRaYL23H5181vADeP+aK/WkQFsFq401z3AJLwyIqN2KOn9cfxdnaeokBHAQBAQgA
BgUCRm2CLAAKCRC3APSC/q+BCT//B/9QYb9SN30BABc/HZOzr5M702l8KT/Y1i7g
2wmHMWo6tYFO9XOdkbVApDFLHDYzK5UzphajUwkuY2rNk0Lk4/lBW725igOTIbl0
Utc2VvHd3+Ltbzli9Tpj6VjHrsV+gc1vLjF8B60A8kj9zHy88+QOUmZXFEI+r/y/
721zF2qSf60xXRCkugn1/sttzX2fV6fi5E4S/n62n/VrkbFjUloGF2wmT5VO9dXm
bmLkSHU23Z2qWNa0JUcrfc+UYT2kDSIVRO5LkvCAG/v0ViSg7GASEze+AaGrnU/3
WZnUWZumeuFoyHxoptvXALrbWRudXn2TM6hv8Cz1jndjXyILwGFN
=nlgN
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list