Endpoint Encryption

 View Only
  • 1.  Working with archived signed files

    Posted Jan 29, 2013 04:25 AM

    Hello all,

    If I were to archive old PGP signed files, and on a later date, retrieve these files for verification purposes, should I also archive the sender's public PGP key as well?

    Consider this:

    The sender renewed his keypair, and I added his new public key into my keyring. If I need to sign-verify an archived file that was signed with the previous key, how can I retrieve the previous key?

     



  • 2.  RE: Working with archived signed files

    Posted Jan 29, 2013 09:03 AM

    You are correct in that you must have the public key portion of the key that signed a file in order to verify the signature.  It does not matter whether the owner of the key has changed to using a new key, revoked the key, the key expired, etc., as long as you retain that key on your keyring.  It wouldn't hurt to archive the key, just in case you might delete it from your keyring; possibly move to using a new keyring and not transferring it, etc.



  • 3.  RE: Working with archived signed files

    Posted Feb 10, 2013 09:53 AM

    Do you have further questions on this?