get OpenPGP pubkeys authenticated using German personal ID

Andrew Gallagher andrewg at
Tue Jun 6 13:20:07 CEST 2023

On 3 Jun 2023, at 01:56, Jacob Bachmeyer <jcb62281 at> wrote:
> Alexander Leidinger via Gnupg-users wrote:
>> [...]
>> I don't remember if there was a challenge/response or not. As I still have the email with the signed key, I can tell that the signature can arrive via a TLS encrypted SMTP channel directly from governicus (and they have a SPF setup but not DKIM):
>> ---snip---
>> Received: from ( [])
>> (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
>>  key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
>>  client-signature RSA-PSS (4096 bits) client-digest SHA256)
>> (Client CN "", Issuer "" (not verified))
>> ---snip---
> Am I misreading that header or does Governikus' outgoing SMTP have a self-signed client certificate for ''?  That does not inspire confidence…

I wouldn’t read too much into this. The client cert here is probably used for internal purposes, and their MXes may be configured to offer their client certs by default - external sites won’t check it anyway, so no harm done.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <>

More information about the Gnupg-users mailing list