Revoke and expire
Robert J. Hansen
rjh at sixdemonbag.org
Mon Jun 11 19:11:08 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
> When a key is revoked using the revocation certificate, does it have
> the same effect as reaching the expiry date of the key? In other words
> if I set a key to no expire but generate a revocation certificate, it
> is equally safe?
It depends on what you mean by "same effect". You can't encrypt a
message to an expired key, precisely because it's expired. You can't
encrypt a message to a revoked key, precisely because it's revoked.
If by "same effect" you mean "both keys are equally unusable", then
yeah. Same effect.
If by "same effect" you mean "they work the same way", then no.
Different. With one, GnuPG simply sees that the key has expired.
You can unexpire the key just by resetting your computer's clock.
With the other, GnuPG sees the key has been revoked, and unrevoking
it is kind of problematic.
Robert J. Hansen <rjh at sixdemonbag.org>
"Most people are never thought about after they're gone. 'I wonder
where Rob got the plutonium?' is better than most get." -- Phil Munson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
-----END PGP SIGNATURE-----
More information about the Gnupg-users