Obtaining sig2 and sig3 signatures

Stefan Claas stefan.claas at posteo.de
Tue May 30 21:25:24 CEST 2017

Hi all,

while i am not new to GnuPG i must admit that i did not used it very often
and when i had signed/encrypted email communications i usually had the
"Untrusted Good Signature" from person x,x,z, because i am not a member
of the classic Web-of-Trust. So far so good. I'm interested about your
thoughts (especially from people living in Germany) about the following:

A couple of days ago i came along the CA Service of Governikus KG at:


where i obtained a  sig3 signature for my new pub key:

pub   2048R/82EC52B4 2017-05-26 [verfällt: 2021-05-26]
  Schl.-Fingerabdruck = 2BAF 85F9 281A BD54 3823  C7C5 981E B7C3 82EC 52B4
uid       [ uneing.] Stefan Claas <stefan.claas at posteo.de>
sub   2048R/64C48933 2017-05-26 [verfällt: 2021-05-26]

I also received my X.509 classIII certificate from the "Volkverschlüsselung"
initiative from Fraunhofer SIT:


Additionally i have a reset keybase account, due to the upload of my new
pub key, where people could have seen that i had there a Facebook, Twitter
and github proof and i am running the PGP/GnuPG Forum at Facebook.

Let's assume we would exchange signed emails (PGP/SMIME) would these proofs
be enough for you to warrant a sig2? And for a sig3 an additional video

The classical procedure would be to sign a key with a sig3 after seeing
the persons id-card in a real meeting. But who guarantees that the
id-card is not fake (if the person is a complete stranger)?

Please note, i don't want to ask people here to sign my pub key, i just
want to know what your thoughts are. :-)


More information about the Gnupg-users mailing list