Seeking clarification with a few GPG concepts

Hauke Laging mailinglisten at hauke-laging.de
Thu Aug 14 00:17:10 CEST 2014


Am Mi 13.08.2014, 22:43:41 schrieb MFPA:
> > Subkeys and third party signatures are not related
> > (today – one more  problem).
> 
> Why is that a problem?

Because of that OpenPGP (at least in a useful form) is not compatible 
with (probably not only) German signature law. I know that this will be 
replaced by new EU law in a few years but I don't know whether that 
makes any change to the current requirement that the key which has a 
"qualified certificate" must be stored on a smartcard (i.e. inaccessible 
even to the key owner).

This problem could be solved by adding a critical signature notation 
which contains the fingerprint(s) of the key(s) which the CA has created 
on a smartcard. That way the key owner could create new subkeys which 
would not be recognized as part of a "qualified certificate".

If you want to use OpenPGP today then the CA would have to create the 
private mainkey for you and throw it away after signing the subkeys. 
That would render OpenPGP quite useless.


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140814/0a28e8e3/attachment.sig>


More information about the Gnupg-users mailing list