Key Management - BSI had send private key instead of public key

Стефан Васильев stefan.vasilev at
Wed Nov 17 00:17:58 CET 2021


According to an article on the German site[1]
Germany's BSI[2] had sent its private key instead of
it's public key to a user via email, who requested its
public key.

I am only familiar with GnuPG command line usage
and assume that they may use a GUI based program
or add-on for an MUA.

My question is what can cause this, let's say if you
have a busy and stressful day and would accidentally
carry out such operation, as security professional
knowing such a cryptographic tool for a long time,
I assume.

If this can happen to professionals then it would
tell me that there is a design flaw in the software

Because this german article does not go into details, has
someone of you more details on how this happened?




More information about the Gnupg-users mailing list