Differences: OpenPGP vs. X.509

Stefan X stefanxe at gmx.net
Tue Jan 20 14:50:05 CET 2009

I found a description (see below) from PGP Corporation, how they import
and use X.509 certificates in OpenPGP format resp. key ring. As
discussed here before this should be possible for the key parameters.
Also these guys managed to use the signatures further on. To achieve
this 1) the imported key which is then available in OpenPGP format is
temporary converted back to X.509 which allows 2) to check the
signatures successfully. Afterwards the temporary X.509 certificate is
removed. At least this is my understanding of the paper. I assume this
procedure would also work the other way around.

I see increasing importance for such interoperability, let me explain:
Currently X.509 is the dominating format for corporations while OpenPGP
is for private Internet users. As long as both "worlds" are mostly
separated an interoperability is not too important. But I expect this
separation will soften in the future. For instance in Germany (but also
in other countries) are big governmental backed projects going on such
as a new public health insurance card (elektronische Gesundheitskarte)
or a new ID card for example. There may be privacy issues implicated
(which I will not discuss here) but newertheless you should not forget
that it is large scale PKI deployment to the people. This opens the
chance to bring the distribution of email and data encryption to a next
level. Image that every (in this example German) citizen may have a
X.509 compatible smart card in her pocket. But to be able to use it also
for private email encryption, such discussed interoperability with
OpenPGP and also with Open Source applications will be important.

More information about the Gnupg-devel mailing list