How to convert (ancient) key in "version 2" to more modern "version 4" format?
flapflap at riseup.net
Sun May 29 13:43:18 CEST 2016
> On 5/28/2016 6:04 PM, Bjoern Kahl wrote:
>> Because I have *tons* of mails (and other archived data files) that
>> have been signed and / or encrypted with such keys and I (I have to
>> use such a strong word here) *insist* on being able to continue to
>> read these mails and files whenever the need arises.
>>> They are obsolete in every aspect.
>> They may not be a wise choice for creating new data (mails, files) for
>> their limited key length and other shortcomings mentioned in 4880 and
>> elsewhere. But they are perfectly fine and necessary to access
>> historic data.
> The best solution I could think of would be to use a version of PGP that
> is capable of decrypting the mails and using a newer key with a modern
> version of gpg to re-encrypt them to your new key for storage. A script
> could be written for the purpose. This still doesn't solve the problem
> of the signatures, but at the least you would be able to keep the
> archived files encrypted with the newer standards and eliminate the need
> for supporting obsolete keys any further than this point for decryption.
> Not the most elegant solution or even one you may want, but it is *a*
> solution, provided that you can find software to use the V2 keys of course.
(Disclaimer: I'm not 100% sure if this really works, it's just how I
think it could work with more recent keys)
You could try the "Decrypt Permanently" or "Create Decrypted Copy"
functions added by Enigmail to the Thunderbird Message Filters (Tools ->
Message Filters) and use an old version of gnupg that still supportes
your old keys (has GPG ever supported V2 keys?).
This decrypts the messages but also strips/removes signatures on
messages, so you loose information whether a message was signed or not
By doing this on an encrypted disk (e.g., LUKS) you don't accidentially
store decrypted copies of the confidential emails and for future usage
you won't need the old keys any more (just the passphrase for LUKS).
More information about the Gnupg-users