[pkg-gnupg-maint] What do we do about GnuPG 1.4 in debian?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Apr 30 19:15:34 BST 2022

On Sat 2022-04-30 11:53:43 +0200, Davide Prina wrote:
> So if I have, for example, old e-mails encrypted with this old and no more
> supported ciphers I will not be able anymore to read the content if I
> don't install manually an old and unmaintained package (if I will be able
> to do that... dependencies also can be unavailable or uninstallable)...
> is that correct?

dealing with legacy archived encrypted data is definitely a potential
problem.  I see two ways of doing this:

 - Decrypt the data in one shot, using legacy tools, and store it in
   cleartext form for future access.

 - Decrypt the legacy PKESKs to retrieve the session keys, and store
   them separately alongside your modern secret key material.  Modern
   implementations can use the session keys to decrypt the symmetric
   data without bothering with the legacy PKESKs.

> Naturally this is a general problem not Debian specific.

Yep, agreed.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20220430/5fa0b17c/attachment-0003.sig>

More information about the pkg-gnupg-maint mailing list