Renewing expiring key - done correctly?

Hauke Laging mailinglisten at
Thu Dec 5 19:47:57 CET 2013

Am Do 05.12.2013, 19:30:07 schrieb Ingo Klöcker:

> your assertion is correct.
> In the first scenario
> > > a) the key has been compromised and revoked and you don't know that
> > > (because your last certificate update was before the revocation
> > > publishing)
> it is incorrect because the attacker cannot extend the validity of the
> revoked key.

You misunderstand the attack. If you completely control the system time (which 
is not realistic for big discrepancies, of course) then you can prevent the 
certificate from becoming invalid: You never reach the expiration date.

BTW, OT: May I point you at this?

Crypto für alle:
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20131205/84789ded/attachment.sig>

More information about the Gnupg-users mailing list