Renewing expiring key - done correctly?

Robert J. Hansen rjh at
Wed Dec 4 01:26:09 CET 2013

On 12/3/2013 6:59 PM, Hauke Laging wrote:
> He could but he would need the secret mainkey for that operation
> and...

Could you please share a realistic scenario by which an attacker could
compromise a subkey without also having the ability to compromise the
primary signing key?  I've been trying to come up with one and I just can't.

> ...keys without offline mainkey on insecure systems are a security
> joke anyway.

	* There is no such thing as a secure (or insecure) system
	* The words 'security' and 'insecurity' are intimately tied
	  to risk models: to use the words glibly deprives them of
	  any meaning
	* There exist risk models in which an 'insecure system,' as
	  you would call it, is a perfectly reasonable place to
	  store a secret primary signing key

I'm sorry, but this entire argument is just too glib to be taken seriously.

> It may be possible to prevent someone from seeing the revocation
> certificate. Certificate distribution is a lot less secure than the
> keys themselves. But you cannot trick someone into using an expired
> key.

Of course you can.  Reset their computer's clock.  You don't even have
to compromise their computer in order to do it: compromising whatever
NTP server they're contacting is enough.

More information about the Gnupg-users mailing list