Endpoint Encryption

 View Only

  • 1.  Replacing an old keypair

    Posted Sep 12, 2011 10:41 AM

    Hi, all.

    I've got some files that I've encrypted over the years, with a keypair that is now 10 years old. 

    I'd like to revoke those keys and create new ones, but I don't want to lose the file contents.

    I don't really want to have to unencrypt each file, then re-encrypt once I've got the new keys...but I have not been able to figure out if that can be done.  I guess I don't understand the keyrings, subkeys, etc as well as I should.

     

    Is there a KB article or some other resource which can show me how to avoid that issue, or will I be decrypting every file, replacing the keys ,and re-encrypting?

     

    Thanks!



  • 2.  RE: Replacing an old keypair

    Posted Sep 12, 2011 11:37 AM

    While revoked keys cannot be encrypted to, they can still be used for decryption.  I just tested this with PGP 10.2 and  see that this remains the way it is working with the current version.  If you want to be extra cautious that this will not be a problem with future versions, you can export your key (making sure to use the option of including the private key in the export) before revoking the key.



  • 3.  RE: Replacing an old keypair

    Posted Nov 21, 2011 08:22 AM

    Does this sufficiently address your concern?