encrypting to expired certificates
mailinglisten at hauke-laging.de
Mon Sep 15 03:05:18 CEST 2014
after filing a bug report for my mail client because it does not allow
me to encrypt to an expired certificate (neither does Enigmail) I was
surprised to notice that I didn't manage to encrypt to an expired
certificate with gpg in the console (2.0.22).
Is this not possible (what about gpgme?) or am I just not aware of how
to get that done?
I would consider not being able to encrypt to an expired key a severe
security flaw because it may force the sender to send the message
unencrypted. It is OK to warn the user but it must be possible to
override this warning. Expiration is not a security problem (let alone a
It does not even work with --encrypt-to. And the man page says about
"No trust checking is performed for these user ids and even disabled
keys can be used."
Non-valid keys are OK, disabled keys are OK but the least severe case
expiration is not OK?
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users