Video Screencast Help

Working with archived signed files

Created: 29 Jan 2013 | 2 comments

Hello all,

If I were to archive old PGP signed files, and on a later date, retrieve these files for verification purposes, should I also archive the sender's public PGP key as well?

Consider this:

The sender renewed his keypair, and I added his new public key into my keyring. If I need to sign-verify an archived file that was signed with the previous key, how can I retrieve the previous key?

 

Comments 2 CommentsJump to latest comment

Tom Mc's picture

You are correct in that you must have the public key portion of the key that signed a file in order to verify the signature.  It does not matter whether the owner of the key has changed to using a new key, revoked the key, the key expired, etc., as long as you retain that key on your keyring.  It wouldn't hurt to archive the key, just in case you might delete it from your keyring; possibly move to using a new keyring and not transferring it, etc.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

Tom Mc's picture

Do you have further questions on this?

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &