get OpenPGP pubkeys authenticated using German personal ID
Andrew Gallagher
andrewg at andrewg.com
Thu Jun 1 17:08:06 CEST 2023
On 1 Jun 2023, at 15:50, Johan Wevers via Gnupg-users <gnupg-users at gnupg.org> wrote:
>
> On 2023-05-31 16:55, Bernhard Reiter wrote:
>
>> Governikus provides the online service for authenticating your OpenPGP key on
>> behalf of the German Federal Office for Information Security (BSI). This
>> online service compares the name read from your ID card, your electronic
>> residence permit or eID card for citizens of the European Union with the name
>> specified in your OpenPGP key. If the names match, your public key is
>> electronically signed by Governikus, confirming the match.
>
> Considering the persistent attempts of the EU to scan all encrypted
> communication, would you think it is wise to prove to one of the
> governments pushing this which key is yours? GnuPG encrypted mail can be
> analyzed to see what the receiver's keyID is so using such a key with
> another mail address would inform any snooper that it is yours.
If you want to maintain two separate online identities, and keep that linkage secret from your government, using the same encryption key for both is pretty high up the list of very bad ideas.
A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230601/8c1da986/attachment.sig>
More information about the Gnupg-users
mailing list