gpgsm and expired certificates

Pete Stephenson pete at heypete.com
Sun Oct 27 10:23:28 CET 2013


On Sun, Oct 27, 2013 at 9:53 AM, Uwe Brauer <oub at mat.ucm.es> wrote:
>>> "Werner" == Werner Koch <wk at gnupg.org> writes:
>
>    > On Sat, 26 Oct 2013 22:03, oub at mat.ucm.es said:
>    >> know by the date of the certificate which certificate to use for which
>    >> message?
>    >>
>    >> -  old for old messages
>
>    > Note, that there is no need for a certificate for decryption - only the
>    > private key is required.  The certificate is only used to show some meta
>    > information.
>
> Now I am confused. Most likely my knowledge of certificates is not
> correct. (I played around with openssl to generate my own, useless,
> certificates).
>
> I thought a certificate consists of a key pair (private/public) which is
> signed by the Authority (here comodo).

Mostly correct.

All that is needed to encrypt/decrypt/sign/verify messages is the
public/private keys themselves. The certificate is a signed,
structured format that binds a particular public key to an identity
(be it an email address, a name, a website, etc.). The certificate is
for public consumption: Comodo is asserting to the world that this
particular public key (and it's corresponding private key, which only
you know) belongs to you (or your website, email, etc.).

On your end, all you need is the private key to decrypt messages
encrypted to your public key. You don't need a certificate to decrypt
messages that had already been encrypted to that public key -- a
certificate may expire at a certain time, but the private key has no
baked-in expiration date.

> When I apply for a certificate, the keypair is generated by the crypto
> module of the browser and then signed.

Correct.

> So I thought when I apply for a new certificate  a new key pair
> is generated which gets signed again.

Correct, though it is possible (but usually recommend against) to
create a new certificate using the same private keypair as before. In
general, you should create a new keypair when applying for a new
certificate.

> But your comment above seems to indicate that the old pair gets a new
> signature. Is this correct?  But what if I apply with a different
> browser I applied the last time.

I interpreted Werner's comment to mean "In order to decrypt messages
encrypted to you, you only need a private key. You don't need a valid
certificate to decrypt old messages that were encrypted to a
now-expired certificate."

If you generate a new keypair for the new certificate (which is
probably a good idea) then gpgsm (and presumably any other
certificate-using software) will figure out what private key will be
needed to decrypt a particular message and, so long as you still have
the private key on your system, will use it as needed even if the
corresponding certificate has expired.

Cheers!
-Pete

-- 
Pete Stephenson



More information about the Gnupg-users mailing list