On Mon, 4 Nov 2019 08:58, karel-v_g--- said: > In a message to this list on August 8th Werner Koch said he is > permanent contact with BSI and the reason for the withdrawal is in the > OpenPGP part of GnuPG. Once again no further details were > provided. [4]
We received a new approval BSI-VS-10400 dated Sep 9. We have not yet announced this widely except for a short notice at gnupg.com. The reason for this that we are still waiting for the promised "Freigabeempfehlung" for the OpenPGP part. That is a kind of approval which allows to use OpenPGP without a smartcard. Without such a Freigabeempfehlung the public might have get the false idea that the OpenPGP part is not secure. But now, that you asked I better explain what I know. There seem to be different opinions at the BSI on whether a smartcard should be mandatory for use with VS-NfD. The whole thing is not a technical issue but a pure political/organizational thing. In fact the current software used for VS-NfD (Chiasmus) does not use any smartcards but a plain old proprietary 64 bit block length symmetric algorithms. Users of VS-NfD are eagerly waiting for an easy migration path from that legacy software to GnuPG (Gpg4win/Gpg4KDE). > Should we consider our data protected by GnuPG insecure as german > authorities obviously do? No they don't. They even use Gpg4win and GnuPG in house. > Can or must we take any steps to eliminate or at least mitigate the > problem in the current modern (2.2.17) and classic 1.4.23) versions of > GnuPG (e.g. avoid compatibility options like —openpgp)? Nope. All is fine and Gpg4win may be used for VS-Nfd if the SecOPs are followed (e.g a Telesec NetKey 3.0 card is used for the S/MIME keys) > Is it a problem only with GnuPG or with OpenPGP in general? Are other > implementations affected as well? No, there is no bug or issue except for the slow grinding bureaucratic mills to get an approval for the OpenPGP and S/MIME without a smartcard. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users