GnuPG v2.x?

Werner Koch wk at gnupg.org
Fri Apr 4 22:45:52 CEST 2008


On Thu,  3 Apr 2008 19:20, sven at radde.name said:

> I'm just curious and do not mean to be offensive or to belittle the
> effort to implement S/MIME, but is GnuPG's S/MIME implementation
> actually used somewhere?

Well, KDE uses it.  It is further the only Unix S/MIME application (with
KMail) which passed the compatibility checks done by the BSI [1].
Mozilla has been tested too but woth some problems.  In fact the Mozilla
Foundation rejected our offer to implement a couple of useful and
necessary enhancements to their S/MIME implementation.  The way Mozilla
works is basically: Show a positive result but don't annoy the user if
the signature is suspicious.  The fact that Mozilla may fall back to 40
bit RC4 encryption may indicate that the developers do not consider
privacy a major goal.

> aware of (like being able to re-use OpenPGP key material 'transparently'
> in an S/MIME certificate)?

You can't do that for technical reasons.  An X.509 certificate based on
the key material from an OpenPGP key has just the key material in common
but nothing else.  This would only make sense if you store your private
key on a smartcard.  GnuPG supports creation of certificates (to be
exact, certificate signing requests) using existing key material.


Salam-Shalom,

   Werner


[1] e.g. http://www.bsi.de/fachthem/verwpki/dokumente/1_2005.pdf  (German)

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-users mailing list