Hi Horst,
Thanks for your reply, it got me thinking (yes I do think sometimes!).
My issue was rather a key management problem. When you get the new
certs from HeSa, usually the old one is replaced by the new certs in the
keystore, and so on.
Having said that, I realize that it does not matter if you only use the
certs temporarily for encrypting/signing just while in transit and the
document returns to its clear text once it hits the target system. If
you encrypt them for the long term you may never recover them. Better
check it out!, I'm sure the guys from Argus have considered this use
case, is that right?.
mario
Horst Herb wrote:
On Friday 27 April 2007, Mario Ruiz wrote:
how do you decrypt your older messages after the current certificates
are revoked? usually every 2 years.
A "certificate" is a two part key really - a public (certified) part, and a
private part.
If you revoke your key (or somebody else who generated your key and thus may
hold a revocation key) it means that you cannot *sign* validly with it any
more. But there is absolutely nothing (other than convention, which may or
may not be implemented in some cryptographic applications) actually stops you
from encrypting / decrypting / signing - just when you check the signature it
will result as invalid (expired key)
Horst
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
