Mailing List Archive

Quoting Bernhard Reiter <bernhard@intevation.de> (from Wed, 31 May
2023 16:55:05 +0200):

> https://pgp.governikus.de/?lang=EN
>
> """
> Governikus provides the online service for authenticating your OpenPGP key on
> behalf of the German Federal Office for Information Security (BSI). This
> online service compares the name read from your ID card, your electronic
> residence permit or eID card for citizens of the European Union with the name
> specified in your OpenPGP key. If the names match, your public key is
> electronically signed by Governikus, confirming the match.
> """
>
> interesting, kind of cool.
>
> Obviously they cannot authenticate the email address
> so once I have a common name, we get collisions?

The signature is send to the email listed in the key. In case you
share a name with someone which has a PGP key and you sign this key,
the person(s) with access to that email account will get the signature.

Bye,
Alexander.

--
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF

On 1 Jun 2023, at 12:23, Alexander Leidinger via Gnupg-users <gnupg-users@gnupg.org> wrote:
>
> Quoting Bernhard Reiter <bernhard@intevation.de <mailto:bernhard@intevation.de>> (from Wed, 31 May 2023 16:55:05 +0200):
>
>> Obviously they cannot authenticate the email address
>> so once I have a common name, we get collisions?
>
> The signature is send to the email listed in the key. In case you share a name with someone which has a PGP key and you sign this key, the person(s) with access to that email account will get the signature.

This is not best practice. Normally when email verification is being performed, the gated action (such as certification, account creation etc.) is not done until after a (time-bound!) challenge/response succeeds. This places too much emphasis on verification of the (non-unique) “real name” component of the UserID, and not enough on the machine-readable email address.

This opens up more fundamental questions about the meaning of signatures over RFC822 UserIDs - do they validate the “real name”, the email address, or some combination of the two? For example, an email-validating CA may only check the email address part, treating the “real name” as little more than a comment; while Governikus appear to be doing it the other way around. It is of course up to the receiver to decide how to interpret signatures, but it only compounds the problem when not only is the signer’s trustworthiness in question, but also their intent. How do you interpret the validity of a claim when it’s not even clear what the claim is?

A

On 2023-05-31 16:55, Bernhard Reiter wrote:

> Governikus provides the online service for authenticating your OpenPGP key on
> behalf of the German Federal Office for Information Security (BSI). This
> online service compares the name read from your ID card, your electronic
> residence permit or eID card for citizens of the European Union with the name
> specified in your OpenPGP key. If the names match, your public key is
> electronically signed by Governikus, confirming the match.

Considering the persistent attempts of the EU to scan all encrypted
communication, would you think it is wise to prove to one of the
governments pushing this which key is yours? GnuPG encrypted mail can be
analyzed to see what the receiver's keyID is so using such a key with
another mail address would inform any snooper that it is yours.

--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

On 1 Jun 2023, at 15:50, Johan Wevers via Gnupg-users <gnupg-users@gnupg.org> wrote:
>
> On 2023-05-31 16:55, Bernhard Reiter wrote:
>
>> Governikus provides the online service for authenticating your OpenPGP key on
>> behalf of the German Federal Office for Information Security (BSI). This
>> online service compares the name read from your ID card, your electronic
>> residence permit or eID card for citizens of the European Union with the name
>> specified in your OpenPGP key. If the names match, your public key is
>> electronically signed by Governikus, confirming the match.
>
> Considering the persistent attempts of the EU to scan all encrypted
> communication, would you think it is wise to prove to one of the
> governments pushing this which key is yours? GnuPG encrypted mail can be
> analyzed to see what the receiver's keyID is so using such a key with
> another mail address would inform any snooper that it is yours.

If you want to maintain two separate online identities, and keep that linkage secret from your government, using the same encryption key for both is pretty high up the list of very bad ideas.

A

Quoting Andrew Gallagher <andrewg@andrewg.com> (from Thu, 1 Jun 2023
14:19:29 +0100):

> On 1 Jun 2023, at 12:23, Alexander Leidinger via Gnupg-users
> <gnupg-users@gnupg.org> wrote:
>
>>  
>> Quoting Bernhard Reiter <bernhard@intevation.de> (from Wed,
>> 31 May 2023 16:55:05 +0200):
>>
>>> Obviously they cannot authenticate the email address
>>> so once I have a common name, we get collisions?
>>
>> The signature is send to the email listed in the key. In case you
>> share a name with someone which has a PGP key and you sign this
>> key, the person(s) with access to that email account will get the
>> signature.
>
> This is not best practice. Normally when email verification is
> being performed, the gated action (such as certification, account
> creation etc.) is not done until after a (time-bound!)
> challenge/response succeeds. This places too much emphasis on
> verification of the (non-unique) “real name” component of the
> UserID, and not enough on the machine-readable email address.
>  
> This opens up more fundamental questions about the meaning of
> signatures over RFC822 UserIDs - do they validate the “real name”,
> the email address, or some combination of the two? For example, an
> email-validating CA may only check the email address part, treating
> the “real name” as little more than a comment; while Governikus
> appear to be doing it the other way around. It is of course up to
> the receiver to decide how to interpret signatures, but it only
> compounds the problem when not only is the signer’s trustworthiness
> in question, but also their intent. How do you interpret the
> validity of a claim when it’s not even clear what the claim is?
>  

I don't remember if there was a challenge/response or not. As I still
have the email with the signed key, I can tell that the signature can
arrive via a TLS encrypted SMTP channel directly from governicus (and
they have a SPF setup but not DKIM):
---snip---
Received: from smtp.governikus.de (smtp.governikus.de [194.31.70.126])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (P-256) server-digest
SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "VPR-BOS004.dmz.bosnetz.de", Issuer
"VPR-BOS004.dmz.bosnetz.de" (not verified))---snip---

Bye,
Alexander.
--
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF

Alexander Leidinger via Gnupg-users wrote:
> [...]
>
> I don't remember if there was a challenge/response or not. As I still
> have the email with the signed key, I can tell that the signature can
> arrive via a TLS encrypted SMTP channel directly from governicus (and
> they have a SPF setup but not DKIM):
> ---snip---
>
> Received: from smtp.governikus.de (smtp.governikus.de [194.31.70.126])
> (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
> key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
> client-signature RSA-PSS (4096 bits) client-digest SHA256)
> (Client CN "VPR-BOS004.dmz.bosnetz.de", Issuer "VPR-BOS004.dmz.bosnetz.de" (not verified))
>
>
> ---snip---
>

Am I misreading that header or does Governikus' outgoing SMTP have a
self-signed client certificate for 'VPR-BOS004.dmz.bosnetz.de'? That
does not inspire confidence...


-- Jacob


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

On 3 Jun 2023, at 01:56, Jacob Bachmeyer <jcb62281@gmail.com> wrote:
>
> Alexander Leidinger via Gnupg-users wrote:
>> [...]
>>
>> I don't remember if there was a challenge/response or not. As I still have the email with the signed key, I can tell that the signature can arrive via a TLS encrypted SMTP channel directly from governicus (and they have a SPF setup but not DKIM):
>> ---snip---
>>
>> Received: from smtp.governikus.de (smtp.governikus.de [194.31.70.126])
>> (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
>> key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
>> client-signature RSA-PSS (4096 bits) client-digest SHA256)
>> (Client CN "VPR-BOS004.dmz.bosnetz.de", Issuer "VPR-BOS004.dmz.bosnetz.de" (not verified))
>>
>> ---snip---
>>
>
> Am I misreading that header or does Governikus' outgoing SMTP have a self-signed client certificate for 'VPR-BOS004.dmz.bosnetz.de'? That does not inspire confidence…


I wouldn’t read too much into this. The client cert here is probably used for internal purposes, and their MXes may be configured to offer their client certs by default - external sites won’t check it anyway, so no harm done.

A

Hi,

On Wednesday, 31 May 2023 16:55:05 CEST Bernhard Reiter wrote:
> https://pgp.governikus.de/?lang=EN
>
> """
> Governikus provides the online service for authenticating your OpenPGP key
on
> behalf of the German Federal Office for Information Security (BSI). This
> online service compares the name read from your ID card, your electronic
> residence permit or eID card for citizens of the European Union with the
name
> specified in your OpenPGP key. If the names match, your public key is
> electronically signed by Governikus, confirming the match.
> """
>
> interesting, kind of cool.

Cool, I was thinking about setting something like this up myself as I would
love to use my ID card more.

But damn this website has bad usability. I am using the AusweisApp on my
Smartphone and used it in the past to sign PDFs using an online service. But
that website just says "To continue use AusweisApp2" even if I open the
website with my smartphone. The button has no functionality. It does nothing.

Okay... Then how the hell do I open it. When I go to the download site, of
course there is no option for Linux. So lets boot a Windows VM and install the
software.

Which of course requires root access and wants to open up my windows firewall.
Sure! I trust the Government! Here you go.

Then I start the Windows App and it wants to connect either to the smartphone
or to an NFC reader. The option to connect to a smartphone is not shown,
because apparently as they need to be in the same WLAN it is not offered to
connect them because the VM, which is running on my Laptop in the same WLAN
does not see it as WLAN but as a network.

So I failed for now.

And the link to the website how to get a PGP Software linking to that fishy
"openpgp.org" website which lists Gpg4win as "Outlook software" on the same
level with Gpg4o? And which links to Claws mail as PGP software to get a Key?
WTF.. has no one even checked how a user with no technical understanding
should navigate this? I mean would 2-3 Screenshots how to generate a PGP key
be too much to ask instead of loosing the user on a confusing website that
lists PGP Mail clients?


Sorry for the rant but this is typical contracted Government Software which
might follow some "Contractual requirements" but from the User Experience this
comes close to a scam. I don't understand why I can't use this site on my
phone which has the AusweisApp and everything works there. I can't use it in a
VM. Maybe when I use my native Windows I could use it. I don't know...


Best Regards,
Andre
--
GnuPG.com - a brand of g10 Code, the GnuPG experts.

g10 Code GmbH, Erkrath/Germany, AG Wuppertal HRB14459
GF Werner Koch, USt-Id DE215605608, www.g10code.com.

GnuPG e.V., Rochusstr. 44, D-40479 D?sseldorf. VR 11482 D?sseldorf
Vorstand: W.Koch, B.Reiter, A.Heinecke Mail: board@gnupg.org
Finanzamt D-Altstadt, St-Nr: 103/5923/1779. Tel: +49-211-28010702

On Wed, 14 Jun 2023 10:22:36 +0200,
Andre Heinecke via Gnupg-users wrote:
> And the link to the website how to get a PGP Software linking to that fishy
> "openpgp.org" website which lists Gpg4win as "Outlook software" on the same
> level with Gpg4o? And which links to Claws mail as PGP software to get a Key?
> WTF.. has no one even checked how a user with no technical understanding
> should navigate this? I mean would 2-3 Screenshots how to generate a PGP key
> be too much to ask instead of loosing the user on a confusing website that
> lists PGP Mail clients?

What do you mean by fishy? openpgp.org is maintained as a community
project by Dominik, one of the developers of Open Keychain. Anyone
can suggest improvements, and 159 people have contributed over the
years.

https://github.com/OpenPGP/openpgp.org/graphs/contributors

That hardly seems to be shady or suspicious.

I don't disagree that the text could use improvement.

Neal

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Quoting Andre Heinecke via Gnupg-users <gnupg-users@gnupg.org> (from
Wed, 14 Jun 2023 10:22:36 +0200):

> Then I start the Windows App and it wants to connect either to the smartphone
> or to an NFC reader. The option to connect to a smartphone is not shown,
> because apparently as they need to be in the same WLAN it is not offered to
> connect them because the VM, which is running on my Laptop in the same WLAN
> does not see it as WLAN but as a network.

The Windows PC I used with the AusweisApp was connected via cable and
it worked. The WLAN and the cable network are in the same /24 range in
my case. So your problem was caused by something else than what you
thought.
I haven't done a packet trace, but I assume they do a broadcast
message in the local network, so if your VM is in e.g. a NATted
10.0.0.x/24 and your linux PC in 192.168.1.y/24, it will not work.

You can give it a try without going through the website.
https://www.ausweisapp.bund.de/faq#c294

There's also a video tutorial, it seems:
https://www.ausweisapp.bund.de/videotutorials

Some basic connection validation can be done via "Gerät und Ausweis
prüfen". Once this works you could try "Meine Daten einsehen".

Bye,
Alexander.

--
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF

On Thu, 15 Jun 2023 09:08, Alexander Leidinger said:

> The Windows PC I used with the AusweisApp was connected via cable and
> it worked. The WLAN and the cable network are in the same /24 range in

WLAN and Ethernet should never share the same network. This is
something such a service should have taken into consideration.


Salam-Shalom,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

/* I don't know how to reply to a previous thread, which predates my
joining on the list. That's why I'm starting a new one. */


I want to share my experience with that service, and have a general
question or two regarding the web-of-trust model.

First: I'm impressed. It (more or less) just works...
...with a GNU/Linux desktop. In Germany! ;) I would have not expected
that, to be honest.

(I have a german ID card (BPA) with the "ePA"-function enabled...)

On an Arch GNU/Linux PC, using Firefox, and with the AusweisApp2 via
flatpak, and an Android phone with the AusweisApp2 from the Google Play
Store, the "remote access" -- using the phone as an NFC card reader --
just worked without issues. IF you just follow the instructions and read
before you click... as always and often.

Procedure is easy and fast-forward:
start the AusweisApp2 on both devices; and start the remote access;
goto the website and start the process;
proof your identity with the ePA;
upload your key; select a uid;
get the mail.
Repeat if you have more the one uid...


Regarding the criticism from Andrew Gallagher on 1 Jun 2023, at 12:23:
> This is not best practice. Normally when email verification is being
performed, the gated action (such as certification, account creation
etc.) is not done until after a (time-bound!) challenge/response
succeeds. This places too much emphasis on verification of the
(non-unique) “real name” component of the UserID, and not enough on the
machine-readable email address.
>
> This opens up more fundamental questions about the meaning of
signatures over RFC822 UserIDs - do they validate the “real name”, the
email address, or some combination of the two? For example, an
email-validating CA may only check the email address part, treating the
“real name” as little more than a comment; while Governikus appear to be
doing it the other way around. It is of course up to the receiver to
decide how to interpret signatures, but it only compounds the problem
when not only is the signer’s trustworthiness in question, but also
their intent. How do you interpret the validity of a claim when it’s not
even clear what the claim is?


If a person, say "Max Mustermann", generates a PGP key with the uid "Max
Mustermann <olaf.scholz@bundestag.de>"; yes I assume Governikus would
still sign the key, because the Real Name corresponds,
but isn't this signature totally worthless? Because:
Max will probably never get the mail with the signature.
And Olaf has now the signed public key, but he is missing the secret
key. Or not? So is this really an /practical/ issue?
(I want to exclude I'm do not overseeing, or missing something out.)


Another related question:

If we can attest, that the ePA is somehow secure and can not be forged,
then the validation of the identity is pretty good, or not?
/* At least it's far better then a passport validation done by
unqualified personal. If I attend the cryptoparty at FOSDEM, I'm pretty
sure I would not be able to tell if this Italian or French passport is
real or not. */

And a last one:
Why shouldn't I give Governikus (864E 8B95 1ECF C04A F2BB 233E 5E5C
CCB4 A4BF 43D7) a trust-signature with a depth of 2, so I can trust
signatures they made? I have not found such info or recommendation on
their website, but the use-case is probably present?

And btw: Are their any *public* OpenPGP CAs out their?
(Not openpgp-ca.org which you can selfhost and stuff, but rather an
entity checking and validating Person/ID/Key and so forth...)


Thanks and greetings,
Bernd

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users