Why key owner can opened a new message encrypted with previous revoked key?
OpenPGP addon for Mozilla Thunderbird
Brought to you by:
pbrunschwig
Menu
▾
▴
Reference: https://www.enigmail.net/index.php/en/user-manual/key-management#Revoking_your_key_pair
"A revoked public key will be marked as invalid in Key Management. It cannot be used anymore to encrypt messages to the key's owner; however, it can still be used to verify signatures.
Note that after you revoke your key you can still decrypt messages that were encrypted with that key (provided that you still have the private key, of course); this allows you to read old encrypted messages.
You are also able to decrypt messages sent to you with the revoked key after the revocation. This should not happen as the revoked key is not supposed to be used to encrypt; however, people that haven't refreshed your key in their keyring in a while (and that therefore still have the old, non-revoked copy of your public key) will still be able to do so."
My question:
1. Assumption - A is a revoked key, B is a new key.
2. How can a new email encrypted with A can be read by key owner who had already generated B? - I do not get the logic reason. Why can't we prevent the system by not allowing to open the email. Don't you think the owner is protected, if it is happening?
Thank you,
Yuwono
Reference: https://www.enigmail.net/index.php/en/user-manual/key-management#Revoking_your_key_pair
"A revoked public key will be marked as invalid in Key Management. It cannot be used anymore to encrypt messages to the key's owner; however, it can still be used to verify signatures.
Note that after you revoke your key you can still decrypt messages that were encrypted with that key (provided that you still have the private key, of course); this allows you to read old encrypted messages.
You are also able to decrypt messages sent to you with the revoked key after the revocation. This should not happen as the revoked key is not supposed to be used to encrypt; however, people that haven't refreshed your key in their keyring in a while (and that therefore still have the old, non-revoked copy of your public key) will still be able to do so."
The bold one is the main issue how. How can we protect the key owner?
Thank you,
Yuwono
If you upload your revoked key to the public key servers, then Enigmail will regularly refresh (download) it. This way people will automatically get the revoked version of your key. The way OpenPGP works, there is no other way of protection.