1
I would like to ask about proper management of SSL certificates in Keychain. An article on holeyn.com says:
The only time it might be useful to have multiple key-pairs (...) In this situation, you can either temporily make the old key-pair available in the keychain and then remove it, or have the old key-pair in the keychain along with the new key-pair and hope that Apple Mail will never select the wrong key for signing new emails.
So far I have only a few certificates in the keychain. So I understand that:
whenever someone sends me an encrypted message (meaning he has my public key) I use my private key to decrypt it. To read an email from 2 years ago I need to keep my private key, despite it may expire
if I have several keys in my Keychain (and just one which is not expired), Apple Mail will figure it out which key is the proper one for decrypting the message and it will use it?
if I have several keys in my Keychain assigned to a single address, and several are valid (as in not expired) there is no possibility of manual choosing the key.
Questions:
- Am I right in the above?
- In the case when there are several keys in my Keychain but only one is not expired, will Apple Mail use that key to encrypt my messages?
I removed the completely unrelated [tag:gnupg] tag from your question. If you consider it relevant, you should probably explain where GnuPG/OpenPGP is connected to your question. – Jens Erat – 2016-02-19T10:59:52.783
Ok thanks, actually I am not going to contest removal of that tag. It was out of place. – Lacek – 2016-02-19T11:24:46.920