Remix clone Hacker News

new | show | ask | jobs Github

▲

theteapot 4 days ago

> What happens when you have multiple matching keys?

Use keyid instead.

> What happens when your key expires?

GPG will refuse to use it for encryption. Create a new encryption key.

> What happens when the output format changes?

N/A here (?)

> What happens when the key expires and it's attached to a hardware device?

You got me.

▲

XorNot 4 days ago | parent [-]

Also.. expired keys aren't unusable. The encryption doesn't stop working.

If you have an expired GPG private key it will still decrypt things encrypted with the public key.

▲

viraptor 4 days ago | parent [-]

They're not unusable, but depending on the gpg wrapper it may look like it. Gpgme is the one I had most issues with raining with fatal errors where gpg on its own only reports a warning.

Non of this is impossible to overcome. Yet, I still was sometimes relied on to debug things.

	▲	XorNot 3 days ago \| parent [-]
		Gonna have to give that a try because it sounds like a very bad interpretation of the expiry mechanism in keys - encryption functionally never expires if you have the key, because you have the key. It's solely an error on the part of the sender to use an expired key, because it might be no longer available. (admittedly AFAIK encryption is handled by key expiry poorly overall in GPG - the lack of perfect forward secrecy means an expired key which leaks can still decrypt all the old messages if they were intercepted).