Differences: OpenPGP vs. X.509

Stefan X stefanxe at gmx.net
Wed Jan 14 09:01:24 CET 2009

Robert J. Hansen schrieb:
> Stefan X wrote:
>> If a web-of-trust is also possible with X.509 I am wondering, what are
>> the remaining differences between both formats?
>>From a capability perspective?  Not very much, really.
>>From a technical perspective?  The differences are large enough that
> your best bet is to read the respective RFCs.

Does it mean theoretically it would possible to convert a)
keys/certificates and b) encrypted or signed messages between OpenPGP
and X.509 without serious problems (e.g. loss of information)?

If so, would the following scenario be possible? A user gets her X.509
certificate signed/approved by - lets say - CAcert or Verisign, convert
it to OpenPGP afterwards and get it signed additionally by her friends
(with OpenPGP). If she is required to use X.509 for email encryption
(instead of OpenPGP) - e.g. because her recipient can not use OpenPGP in
his corporate environment - she could convert the OpenPGP key back to
X.509 and use it while the additionally signatures of her friends don't
get lost.

>> AFAIK file encryption and signing seems not be possible with X.509 which
>> can be used for e-mail only.
> Sure it is.  As a simple case, what happens if you send a file to
> yourself and pull it down with POP3?  It gets stored on your hard drive
> in ciphertext.
> You can certainly use X.509 for file encryption.  Very few people do,
> but that's a much different thing from there being mathematical or
> engineering obstacles to doing it.

More information about the Gnupg-devel mailing list