Conversion between X509 certificates and gpg keys
Johan Wevers
johanw@vulcan.xs4all.nl
Fri Feb 23 08:59:03 2001
Florian Weimer wrote:
>> I'm asking because I would like to know if gpg keys can be uniquely
>> converted to them and vice versa.
> Yes, that's possible. However, due to the nature of this process,
> signatures on key material are not preserved which makes such
> conversions pretty meaningless.
Not necessarily. If a conversion program can also show if a X509 cert and a
gpg key have the same data the person who signed the original gpg key can be
rather certain he can safely sign the X509 in the knowledge that it belongs
to the same person than the gpg key.
It would IMO be an easy way to export an existing web of thrust to your
certificate, thus avoiding the need of not-so-much trusted third parties.
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html