rotating encryption sub keys
vedaal at hush.com
vedaal at hush.com
Fri Aug 28 15:53:32 CEST 2009
>Date: Fri, 28 Aug 2009 02:37:02 -0400
>From: Faramir <faramir.cl at gmail.com>
>Subject: Re: rotating encryption sub keys
> What if I want to be able to decrypt an old email message?
to decrypt any old messages is easy, although somewhat tedious ;-)
before you destroy your encryption/decryption key,
decrypt all the messages/files encrypted to that key,
using the option of --show-session-key
then copy the session key as a 'comment' into the encypted message
then zip all the encrypted files with their session keys together,
and encrypt the zip file to your new encyption key
>If my
>encryption key was compromised, and my messages were sniffed, I
>get no
>advantage in deleting my copy of the key and the messages, the
>attacker
>has his own copy of them, and surely won't delete them.
agreed,
the only usefulness i can see practically for such a feature,
is if you want to retain a certain anonymity,
and you create a new key and give that public key to only certain
individuals, or keep it for your own uses, and then revoke your old
key, and 'disappear off the grid' ;-)
i don't see any advantage if the key is already compromised and the
attacker has the encrypted messages
vedaal
More information about the Gnupg-users
mailing list