gpgsm and expired certificates

Uwe Brauer oub at
Sun Oct 27 09:53:00 CET 2013

>> "Werner" == Werner Koch <wk at> writes:

   > On Sat, 26 Oct 2013 22:03, oub at said:
   >> know by the date of the certificate which certificate to use for which
   >> message?
   >> -  old for old messages

   > Note, that there is no need for a certificate for decryption - only the
   > private key is required.  The certificate is only used to show some meta
   > information.

Now I am confused. Most likely my knowledge of certificates is not
correct. (I played around with openssl to generate my own, useless,

I thought a certificate consists of a key pair (private/public) which is
signed by the Authority (here comodo).
When I apply for a certificate, the keypair is generated by the crypto
module of the browser and then signed.

So I thought when I apply for a new certificate  a new key pair
is generated which gets signed again.

But your comment above seems to indicate that the old pair gets a new
signature. Is this correct?  But what if I apply with a different
browser I applied the last time.


Uwe Brauer 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5556 bytes
Desc: not available
URL: </pipermail/attachments/20131027/cfa2d6fa/attachment.bin>

More information about the Gnupg-users mailing list