Hi Bjoern--
On Sat 2016-05-28 18:04:13 -0400, Bjoern Kahl wrote:
> Because I have *tons* of mails (and other archived data files) that
> have been signed and / or encrypted with such keys and I (I have to
> use such a strong word here) *insist* on being able to continue to
> read these mails and files whenever the need arises.
So there are two things you might want to do with these mails: verify
their signatures and decrypt them. Right? Is it possible that
signature verification for old (likely weak, and quite possibly
compromised) keys isn't relevant? If so, then the problem space becomes
focused on decryption.
I think there are serious usability risks to providing live decryption
capability for *new* material that is sent encrypted to known-weak keys,
but i can understand the use case you describe.
Perhaps the better approach is to have a one-time tool that can either
(a) translate your encrypted messages into a newer encrypted form
(e.g. replacing the PKESK packets with ones encrypted to a newer,
stronger key), or (b) extracting the session key from the encrypted
object and storing it in a separate lookup table, so that the old secret
key isn't relevant any longer.
Either of these approaches would also be useful to people who want to
destroy their old secret key material without losing access to their
data, while making it harder for people to start interacting with
bad/old keys.
--dkg
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
