Key Management - BSI had send private key instead of public key
Стефан Васильев
stefan.vasilev at posteo.ru
Wed Nov 17 00:17:58 CET 2021
Hello,
According to an article on the German site golem.de[1]
Germany's BSI[2] had sent its private key instead of
it's public key to a user via email, who requested its
public key.
I am only familiar with GnuPG command line usage
and assume that they may use a GUI based program
or add-on for an MUA.
My question is what can cause this, let's say if you
have a busy and stressful day and would accidentally
carry out such operation, as security professional
knowing such a cryptographic tool for a long time,
I assume.
If this can happen to professionals then it would
tell me that there is a design flaw in the software
used.
Because this german article does not go into details, has
someone of you more details on how this happened?
Regards
Stefan
[1]
https://www.golem.de/news/verschluesselung-bsi-verschickt-privaten-pgp-schluessel-2111-161073.html
[2] https://www.bsi.bund.de/EN/Home/home_node.html
More information about the Gnupg-users
mailing list