gpgsm and expired certificates

Uwe Brauer oub at
Sun Oct 27 11:01:39 CET 2013

   > If you generate a new keypair for the new certificate (which is
   > probably a good idea) then gpgsm (and presumably any other
   > certificate-using software) will figure out what private key will be
   > needed to decrypt a particular message and, so long as you still have
   > the private key on your system, will use it as needed even if the
   > corresponding certificate has expired.

So gpgsm (and others) will also figure out which private key to use for
signing: that is the new one, once the old certificate is expired? 

Which means in the case of smime, also to embedd the corresponding
new public key in the signature.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5556 bytes
Desc: not available
URL: </pipermail/attachments/20131027/85730634/attachment.bin>

More information about the Gnupg-users mailing list