How can I read the old encrypted mail after I change the pass phase for a new pair of sec/pub keys?

[YKSum]

For security reason, I have to change the sec/pub key pair for every three months. My question is 'How can I read those mails encrypted by the previous sec/pub key pair?'.

Thanks.

[Patrick Brunschwig]

As long as you don't delete the old sec/pub key pair, you can still read old mails. Once you delete the old key pairs, there is no way you can read encrypted messages.

[YKSum]

Can u explain how this work in detail? Thanks.

[Patrick Brunschwig]

See e.g. here: https://en.wikipedia.org/wiki/Public-key_cryptography or here: http://computer.howstuffworks.com/encryption3.htm

[YKSum]

Hi Patrick,

Read both articles but I still didn't understand how Thunderbird/Enigmail work. For example, if the current key pairs were expired yesterday, then can I see any previous encrypted mail automatically when I click into the mail. Will the system automatically look for the previous key pairs from the system to decrypt the mail message? If not, will the system prompt for the previous key pass-phase?

Thanks in advance.

[Patrick Brunschwig]

You can have as many secret/public keys as you like. As long as you don't delete old key pairs, they will remain available for decryption. This has nothing to do with expiry of the keys.

Once you delete a secret key, and if you don't have a backup of the key, there is no way that you could retrieve it again. Mails encrypted with your deleted keys cannot be decrypted anymore.

Enigmail is only a frontend to GnuPG. All key management, encryption and decryption operations etc. are performed by GnuPG. If you want to know more details, then please contact the GnuPG mailing list (http://lists.gnupg.org/pipermail/gnupg-users/).