Question for app developers, like Enigmail etc. - Identicons

Andrew Gallagher andrewg at
Wed Jun 7 08:50:28 CEST 2017

> On 7 Jun 2017, at 06:55, Stefan Claas <stefan.claas at> wrote:
> The procedure went like this: I inserted my id-card in a certified
> card reader, which i purchased, startet the german certified id-card
> software "AusweisApp2" to connect to the CA Server and the server
> checked my id-card online and after verification send the signed
> pub-key to my email address. Can this procedure be faked by
> criminals etc.? I doubt it.

Everything *can* be faked, given enough time, effort and/or money. The correct question is *would* criminals etc go to the necessary lengths to fake this procedure, and the answer (as always) is: it depends on what it's worth to them. :-)


More information about the Gnupg-users mailing list