> If you generate a new keypair for the new certificate (which is > probably a good idea) then gpgsm (and presumably any other > certificate-using software) will figure out what private key will be > needed to decrypt a particular message and, so long as you still have > the private key on your system, will use it as needed even if the > corresponding certificate has expired.
So gpgsm (and others) will also figure out which private key to use for signing: that is the new one, once the old certificate is expired? Which means in the case of smime, also to embedd the corresponding new public key in the signature. thanks Uwe
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
