gpgsm and expired certificates
Werner Koch
wk at gnupg.org
Sun Oct 27 11:13:32 CET 2013
On Sun, 27 Oct 2013 10:23, pete at heypete.com said:
> Correct, though it is possible (but usually recommend against) to
> create a new certificate using the same private keypair as before. In
The business model of most CAs is to sell you a subscription by setting
the expiration time very low so that they can ask after a year for
another fee to create a new certificate. Here it does not make sense to
create a new private key every year.
GnuPG basically does the same by allowing you to prolong the expiration
time.
> I interpreted Werner's comment to mean "In order to decrypt messages
> encrypted to you, you only need a private key. You don't need a valid
> certificate to decrypt old messages that were encrypted to a
> now-expired certificate."
Correct.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list