Hi all!
I just ran into aninteresting problem: When a key gets revoked, then mails are not readable any more. How do I change the keys of my gpg encoded mails when I changed my gpg key, so that I can still read the mails?
And as an interim solution, is it possibe to replace the encrypted part of the mails with the decrypted part or reencrypted part?
Nik
Dr. Nikolaus Klepp wrote:
When a key gets revoked, then mails are not readable any more. How do I change the keys of my gpg encoded mails when I changed my gpg key, so that I can still read the mails?
Which key gets revoked - I have never tried this use case, but IMO it should be still readable is you own the public key. I must admit that I am too lazy to test this :)
Am Dienstag, 5. Dezember 2017 schrieb deloptes:
Dr. Nikolaus Klepp wrote:
When a key gets revoked, then mails are not readable any more. How do I change the keys of my gpg encoded mails when I changed my gpg key, so that I can still read the mails?
Which key gets revoked - I have never tried this use case, but IMO it should be still readable is you own the public key. I must admit that I am too lazy to test this :)
Well, the receiver of the mails wants to use a new keypair for all new mails. No matter how careful he is, it ends either in reusing the old private key occasionally or in deleting the old private key (and loosing all old mails of douptful value).
In my case, I like to create a keypair per project. When the project is "done", I' like to archive the mails in a readable (aka unencrypted) manner in a save (offline) place and delete the keypair.
Nik
Dr. Nikolaus Klepp wrote:
Well, the receiver of the mails wants to use a new keypair for all new mails. No matter how careful he is, it ends either in reusing the old private key occasionally or in deleting the old private key (and loosing all old mails of douptful value).
you can remove the trust from the old key and it will not be accepted by gpgme for encrypting mails, even if you have same name, you will have one key that is probably white or red and one key that is green. you use the green to encrypt, the white gets rejected.
In my case, I like to create a keypair per project. When the project is "done", I' like to archive the mails in a readable (aka unencrypted) manner in a save (offline) place and delete the keypair.
It would be enough to revoke the trust, but keep the key to be able to decrypt in future. I don't see issue with this approach. Everything else would be developing a solution for your use case(s).
This is my personal opinion, so it might be there are smarter heads around to give us better ideas.
regards
-
deloptes -
Dr. Nikolaus Klepp