On Sun, 27 Oct 2013 10:23, p...@heypete.com said: > Correct, though it is possible (but usually recommend against) to > create a new certificate using the same private keypair as before. In
The business model of most CAs is to sell you a subscription by setting the expiration time very low so that they can ask after a year for another fee to create a new certificate. Here it does not make sense to create a new private key every year. GnuPG basically does the same by allowing you to prolong the expiration time. > I interpreted Werner's comment to mean "In order to decrypt messages > encrypted to you, you only need a private key. You don't need a valid > certificate to decrypt old messages that were encrypted to a > now-expired certificate." Correct. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
