gpgsm and expired certificates
Uwe Brauer
oub at mat.ucm.es
Sun Oct 27 11:01:39 CET 2013
> If you generate a new keypair for the new certificate (which is
> probably a good idea) then gpgsm (and presumably any other
> certificate-using software) will figure out what private key will be
> needed to decrypt a particular message and, so long as you still have
> the private key on your system, will use it as needed even if the
> corresponding certificate has expired.
So gpgsm (and others) will also figure out which private key to use for
signing: that is the new one, once the old certificate is expired?
Which means in the case of smime, also to embedd the corresponding
new public key in the signature.
thanks
Uwe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5556 bytes
Desc: not available
URL: </pipermail/attachments/20131027/85730634/attachment.bin>
More information about the Gnupg-users
mailing list