encrypting to expired certificates
Hauke Laging
mailinglisten at hauke-laging.de
Mon Sep 15 03:05:18 CEST 2014
Hello,
after filing a bug report for my mail client because it does not allow
me to encrypt to an expired certificate (neither does Enigmail) I was
surprised to notice that I didn't manage to encrypt to an expired
certificate with gpg in the console (2.0.22).
Is this not possible (what about gpgme?) or am I just not aware of how
to get that done?
I would consider not being able to encrypt to an expired key a severe
security flaw because it may force the sender to send the message
unencrypted. It is OK to warn the user but it must be possible to
override this warning. Expiration is not a security problem (let alone a
severe one).
It does not even work with --encrypt-to. And the man page says about
this command:
"No trust checking is performed for these user ids and even disabled
keys can be used."
Non-valid keys are OK, disabled keys are OK but the least severe case
expiration is not OK?
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140915/84ff7147/attachment.sig>
More information about the Gnupg-users
mailing list