gpgsm and expired certificates
Uwe Brauer
oub at mat.ucm.es
Sun Oct 27 09:53:00 CET 2013
>> "Werner" == Werner Koch <wk at gnupg.org> writes:
> On Sat, 26 Oct 2013 22:03, oub at mat.ucm.es said:
>> know by the date of the certificate which certificate to use for which
>> message?
>>
>> - old for old messages
> Note, that there is no need for a certificate for decryption - only the
> private key is required. The certificate is only used to show some meta
> information.
Now I am confused. Most likely my knowledge of certificates is not
correct. (I played around with openssl to generate my own, useless,
certificates).
I thought a certificate consists of a key pair (private/public) which is
signed by the Authority (here comodo).
When I apply for a certificate, the keypair is generated by the crypto
module of the browser and then signed.
So I thought when I apply for a new certificate a new key pair
is generated which gets signed again.
But your comment above seems to indicate that the old pair gets a new
signature. Is this correct? But what if I apply with a different
browser I applied the last time.
thanks
Uwe Brauer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5556 bytes
Desc: not available
URL: </pipermail/attachments/20131027/cfa2d6fa/attachment.bin>
More information about the Gnupg-users
mailing list