rotating encryption sub keys

Robert J. Hansen rjh at sixdemonbag.org
Fri Aug 28 16:06:38 CEST 2009


vedaal at hush.com wrote:
> to decrypt any old messages is easy, although somewhat tedious ;-)
> 
> before you destroy your encryption/decryption key,
> decrypt all the messages/files encrypted to that key,
> using the option of --show-session-key
> 
> then copy the session key as a 'comment' into the encypted message
> 
> then zip all the encrypted files with their session keys together,
> and encrypt the zip file to your new encyption key

Of course, this kind of defeats the entire purpose of perfect forward
secrecy by rotating your subkeys...



More information about the Gnupg-users mailing list