BSI withdraws approval of GnuPG (revisited after 3 month)

Werner Koch wk at
Mon Nov 4 18:16:27 CET 2019

On Mon,  4 Nov 2019 11:40, Robert J. Hansen said:

> requirements.  This could be as simple as, "we prohibit the use of 3DES,
> but OpenPGP lists it as a MUST algorithm".

It is even less technical see my other mail.

FWIW, GnuPG knows all allowed algorithms for the VS-NfD use case and can
be switched into a mode where this is enforced (for creating message) or
indicated with a warning (for reading a message).

  $ gpg --compliance=help
  gpg: valid values for option '--compliance':
  gpg:   gnupg
  gpg:   openpgp
  gpg:   rfc4880bis
  gpg:   rfc4880
  gpg:   rfc2440
  gpg:   pgp6
  gpg:   pgp7
  gpg:   pgp8
  gpg:   de-vs
Thus when VS-NfD is required the admin will configure gpg and gpgsm with
--compliance=de-vs.  Actually Kleopatra and GpgOL have GUI elements to
enable/show that mode.  One thing which sets us apart from other VS-NfD
products is that the very same software can be used for regular mail and
VS-NfD processing without switching.  The user experience is thus better
aligned to the real world use.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list