Differences: OpenPGP vs. X.509

Stefan X stefanxe at gmx.net
Wed Jan 14 13:36:42 CET 2009

I see, a conversation would unfortunately result in the loss of signatures.

Also I came to this question by having a X.509 smart card which I would
like to use with OpenPGP/gnupg. Is there any practical tool to convert
the key parameters in such case?

If both formats have very similar sets of features, it really does not
make sense for me to have both formats available. Instead
interoperability between different systems would be better with a single
format. Better and easier interoperability could also result in a wider
distribution of encryption-usage overall. Thus I am wondering if there
are any efforts to synchronize or unite both formats? If not, which
strategies/options may be appropriate to go in this way (e.g. embed one
format into the other, using the same key parameters etc.)?

Also I saw that GnuPG 2 is able to use X.509 but to which extend and
does it allow any interoperability between both formats?

Werner Koch schrieb:
> On Wed, 14 Jan 2009 09:01, stefanxe at gmx.net said:
>> Does it mean theoretically it would possible to convert a)
>> keys/certificates and b) encrypted or signed messages between OpenPGP
>> and X.509 without serious problems (e.g. loss of information)?
> No, that is not possible.  You can use the same key parameters with
> OpenPGP and X.509 (I do this sometimes with smartcards). However it
> gives you nothing because the value of a certificate (keyblock in
> OpenPGP parlance) is that other information is associated with the key
> and that information is bound to the key by a digital signature.  This
> signature is either X.509 or OpenPGP.  You can't convert one signature
> into another one.
> Shalom-Salam,
>    Werner

More information about the Gnupg-devel mailing list