using gpg with private keys from openssl certificates?

Faramir at
Thu Dec 18 05:43:10 CET 2008

Hash: SHA256

arghman escribió:
>>> * if I sign a message with that key pair, and someone challenges my
>>> identity, what's the best/easiest way for me to prove my identity?

> I don't need them to interoperate, I would just like to use the same key
> pair. WoT is fine but it would be nice to have a way to assert that [X = the
> person in possession of private key K_pr = me + anyone I'm stupid enough to
> share my private key with] is both trustable via Wot, *or* by trusting a
> certificate authority. "trustable" probably not the right word but I'm a bit
> shaky on the protocol vocabulary.

  Well... I got a x.509 certificate from, with my name on it.
But also, I got CAcert's pgp signature on my pgp key... Also, if you
have a Thawte certificate with your name on it, you can use it to sign a
message containing your PGP public key, and some people would accept
that as a prove the key belongs to you (unless somebody has stolen you
email account, and your x.509 certificate).

  Rather than using the same key pair with x.509 and PGP, I would
suggest to use your x.509 certificate as a "proof" of your identity, and
if people accept that as a valid proof, then they would sign your pgp
key too.

  Take a look at people there accepts CAcert and Thawte
certificates as valid ways to prove your identity, and can sign your key
to reflect that. Of course, that would only help you if the one
challenging your identity trusts GSWoT Introducers signatures...

  Best Regards
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-users mailing list