GPG's vulnerability to quantum cryptography

Johan Wevers johanw at
Sun Jul 6 16:25:57 CEST 2014

On 06-07-2014 9:36, The Fuzzy Whirlpool Thunderstorm wrote:

> Using GPG encryption is still good, although it's vulnerable to quantum 
> cryptodecryption.
> It's a good idea to set an expiration for each of your GPG key.
> So that, when the expiration time comes, you'll be able to generate a
> new GPG key to address a possibility of your old keys being cracked.

I don't see the relation between these two. You don't know when quantum
computers who can break > 1024 RSA will be a reality so when should you
set the expiration date? And you can always revoke a key if something
like this happens, no need for expiration dates there either.

Since I don't know when I will consider a key compromised or weak, I
don't work with expiry dates but revoke the key in such a case.

> GPG is not perfect. It's just pretty good as the name suggest.
> At least, it'll be able to protect your secured data for the rest of
> your life or for the time specified at the expiration date.

If a key expires data will not be automatically decrypted. Nor will it
become unusable.

ir. J.C.A. Wevers
PGP/GPG public keys at

More information about the Gnupg-users mailing list