BSI withdraws approval of GnuPG (revisited after 3 month)
Werner Koch
wk at gnupg.org
Mon Nov 4 18:16:27 CET 2019
On Mon, 4 Nov 2019 11:40, Robert J. Hansen said:
> requirements. This could be as simple as, "we prohibit the use of 3DES,
> but OpenPGP lists it as a MUST algorithm".
It is even less technical see my other mail.
FWIW, GnuPG knows all allowed algorithms for the VS-NfD use case and can
be switched into a mode where this is enforced (for creating message) or
indicated with a warning (for reading a message).
$ gpg --compliance=help
gpg: valid values for option '--compliance':
gpg: gnupg
gpg: openpgp
gpg: rfc4880bis
gpg: rfc4880
gpg: rfc2440
gpg: pgp6
gpg: pgp7
gpg: pgp8
gpg: de-vs
Thus when VS-NfD is required the admin will configure gpg and gpgsm with
--compliance=de-vs. Actually Kleopatra and GpgOL have GUI elements to
enable/show that mode. One thing which sets us apart from other VS-NfD
products is that the very same software can be used for regular mail and
VS-NfD processing without switching. The user experience is thus better
aligned to the real world use.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191104/ffda4054/attachment.sig>
More information about the Gnupg-users
mailing list