rotating encryption sub keys

vedaal at vedaal at
Fri Aug 28 15:53:32 CEST 2009

>Date: Fri, 28 Aug 2009 02:37:02 -0400
>From: Faramir < at>
>Subject: Re: rotating encryption sub keys

>  What if I want to be able to decrypt an old email message? 

to decrypt any old messages is easy, although somewhat tedious ;-)

before you destroy your encryption/decryption key,
decrypt all the messages/files encrypted to that key,
using the option of --show-session-key

then copy the session key as a 'comment' into the encypted message

then zip all the encrypted files with their session keys together,
and encrypt the zip file to your new encyption key

>If my
>encryption key was compromised, and my messages were sniffed, I 
>get no
>advantage in deleting my copy of the key and the messages, the 
>has his own copy of them, and surely won't delete them.


the only usefulness i can see practically for such a feature,
is if you want to retain a certain anonymity,
and you create a new key and give that public key to only certain 
individuals, or keep it for your own uses, and then revoke your old 
key, and 'disappear off the grid' ;-)

i don't see any advantage if the key is already compromised and the 
attacker has the encrypted messages


More information about the Gnupg-users mailing list