get OpenPGP pubkeys authenticated using German personal ID

Andre Heinecke aheinecke at gnupg.org
Wed Jun 14 10:22:36 CEST 2023 

Hi,

On Wednesday, 31 May 2023 16:55:05 CEST Bernhard Reiter wrote:
> https://pgp.governikus.de/?lang=EN
> 
> """
> Governikus provides the online service for authenticating your OpenPGP key 
on 
> behalf of the German Federal Office for Information Security (BSI). This 
> online service compares the name read from your ID card, your electronic 
> residence permit or eID card for citizens of the European Union with the 
name 
> specified in your OpenPGP key. If the names match, your public key is 
> electronically signed by Governikus, confirming the match. 
> """
> 
> interesting, kind of cool.

Cool, I was thinking about setting something like this up myself as I would 
love to use my ID card more.

But damn this website has bad usability. I am using the AusweisApp on my 
Smartphone and used it in the past to sign PDFs using an online service. But 
that website just says "To continue use AusweisApp2" even if I open the 
website with my smartphone. The button has no functionality. It does nothing.

Okay... Then how the hell do I open it. When I go to the download site, of 
course there is no option for Linux. So lets boot a Windows VM and install the 
software.

Which of course requires root access and wants to open up my windows firewall. 
Sure! I trust the Government! Here you go.

Then I start the Windows App and it wants to connect either to the smartphone 
or to an NFC reader. The option to connect to a smartphone is not shown, 
because apparently as they need to be in the same WLAN it is not offered to 
connect them because the VM, which is running on my Laptop in the same WLAN 
does not see it as WLAN but as a network.

So I failed for now.

And the link to the website how to get a PGP Software linking to that fishy 
"openpgp.org" website which lists Gpg4win as "Outlook software" on the same 
level with Gpg4o? And which links to Claws mail as PGP software to get a Key? 
WTF.. has no one even checked how a user with no technical understanding 
should navigate this? I mean would 2-3 Screenshots how to generate a PGP key 
be too much to ask instead of loosing the user on a confusing website that 
lists PGP Mail clients? 


Sorry for the rant but this is typical contracted Government Software which 
might follow some "Contractual requirements" but from the User Experience this 
comes close to a scam. I don't understand why I can't use this site on my 
phone which has the AusweisApp and everything works there. I can't use it in a 
VM. Maybe when I use my native Windows I could use it. I don't know...


Best Regards,
Andre
-- 
GnuPG.com - a brand of g10 Code, the GnuPG experts.

g10 Code GmbH, Erkrath/Germany, AG Wuppertal HRB14459
GF Werner Koch, USt-Id DE215605608, www.g10code.com.

GnuPG e.V., Rochusstr. 44, D-40479 Düsseldorf.  VR 11482 Düsseldorf
Vorstand: W.Koch, B.Reiter, A.Heinecke        Mail: board at gnupg.org
Finanzamt D-Altstadt, St-Nr: 103/5923/1779.   Tel: +49-211-28010702
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 5655 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230614/10a58cc3/attachment.sig>

More information about the Gnupg-users mailing list