or Connect
AppleInsider › Forums › General › Genius Bar › What happens when mail encryption keys expire?
New Posts  All Forums:Forum Nav:

What happens when mail encryption keys expire?

post #1 of 5
Thread Starter 
I'm interested in sending/receiving mails encrypted/signed in both directions. Am considering all options, including using PGP/GPG as well as being my own CA and distributing keys (private and public) to my friends and family.

Am tending towards being my own CA as many of my contacts are not savvy enough to install PGP/GPG but most mail clients already support the P12 format natively (including Mail.app). This will make it easy for them...

As I understand it, mails are stored encrypted even after it is decrypted for viewing the first time, so using the key is necessary to open it. My question really is what happens after keys expire? Will I be able to read my old mails? I have to consider other mail clients on other platforms, so the solutions has to be independent of specific mail clients...

Thanks in advance...
PM G5 Dual 2.0GHz, 2GB RAM
PB G4 1.67GHz, 1.5GB RAM
Reply
PM G5 Dual 2.0GHz, 2GB RAM
PB G4 1.67GHz, 1.5GB RAM
Reply
post #2 of 5
A certificate need to be valid when using it to sign and or encrypt.

For decrypting the certificate (and the corresponding private key) just needs to be available (i. e. readable in the certificate store -- whatever kind that would be on any platform). A good mail programm will indicate that the vertificate was valid at the point in time when you did get the mail. So there are only two issues you need to watch out for:
- never delete any old/expired certificate (and/or corresponding private key)
- when moving mail from one machine to another (or upgrading the OS) be sure to preserve certificates and the corresponding private keys(including any expired ones)

On a side-note: just get PGP it even comes with a fantastic manual!
post #3 of 5
Thread Starter 
Quote:
Originally posted by BNOYHTUAWB
A good mail programm will indicate that the vertificate was valid at the point in time when you did get the mail.

Ah hah! I didn't think of that... That would be good. So, a good mail client compares the timestamp of the mail before decrypting it. Old mails get decrypted with old keys, while new ones get decrypted with new keys. I just have to ensure that I never lose old keys. Too easy!

What are "good mail clients" in this regard? Do Mail.app and Thunderbird (regardless of platform) do this time check?
PM G5 Dual 2.0GHz, 2GB RAM
PB G4 1.67GHz, 1.5GB RAM
Reply
PM G5 Dual 2.0GHz, 2GB RAM
PB G4 1.67GHz, 1.5GB RAM
Reply
post #4 of 5
Quote:
Originally posted by drumsticks
Ah hah! I didn't think of that... That would be good. So, a good mail client compares the timestamp of the mail before decrypting it. Old mails get decrypted with old keys, while new ones get decrypted with new keys. I just have to ensure that I never lose old keys. Too easy!

What are "good mail clients" in this regard? Do Mail.app and Thunderbird (regardless of platform) do this time check?

Mozilla is mostly correct in these repects (and I guess that will make Thunderbird correct too). I do not know about Apple's Mail app, cos I did not (yet) use S/MIME certs with it (I'm back to using PGP, because it offers way more)!
post #5 of 5
Thread Starter 
Thanks a lot for your comments! Cheers!
PM G5 Dual 2.0GHz, 2GB RAM
PB G4 1.67GHz, 1.5GB RAM
Reply
PM G5 Dual 2.0GHz, 2GB RAM
PB G4 1.67GHz, 1.5GB RAM
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Genius Bar
AppleInsider › Forums › General › Genius Bar › What happens when mail encryption keys expire?