0

Authentication OpenPGP key

 1 year ago
source link: https://pgp.governikus.de/?lang=EN
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

The advantages

A certified OpenPGP key creates trust

Hand gives key to another hand

With an OpenPGP key, you can securely encrypt your e-mail communications and ensure that your messages and files cannot be read by unauthorized third parties. By authenticating your public OpenPGP key via the eID function of your ID card, you can achieve additional trust for your e-mail communication: the e-mail address assigned to the OpenPGP key is provided with your real name and you actually have access to the associated e-mail mailbox.

What is OpenPGP?

OpenPGP is a widespread and secure method for digitally encrypting messages and files and thus protecting them from access by unauthorized third parties. This encryption is based on a so-called public key method, in which everyone participating in a communication requires a key pair consisting of a public and a private key. On the one hand, the public key is published for potential mail contacts. This is used to encrypt messages or files sent to you. The private key, on the other hand, remains in your possession and should be protected with a secure password. With its help you can decrypt the encrypted messages or files

More information at: openpgp.org.

Create an OpenPGP key

To create a key pair consisting of a private and a public OpenPGP key for your e-mail address, you can use existing software. Partially free software for different operating systems can be found on this vendor list

Please note that for a successful authentication, the stored name in the OpenPGP key corresponds to that of your credential!

To protect your private OpenPGP key from misuse, it is highly advisable to set a secure password for accessing the private OpenPGP key.

Other recommendations:
  1. For additional security, your OpenPGP key should not have an unlimited validity, but should have an expiration date of, for example, two years. This expiration date can be extended at any time - even if it has already been expired - via the private OpenPGP key!
  2. In the event that the private OpenPGP key has been compromised or the password has been forgotten, a revocation certificate should also be created for immediate revocation of the OpenPGP key.
Once the key pair has been created, you can export it. While you can publish your public key, you must explicitly protect your private key from misuse and loss! For example, you should copy it to a secure medium that is not accessible by third parties.

Using the authenticated OpenPGP key

You can attach your authenticated public OpenPGP key to your e-mail, for example, or include it in your e-mail signature or make it publicly available via your homepage. Please also note the individual settings for using the OpenPGP key in your e-mail program.

Public OpenPGP key from Governikus

Governikus provides the online service for authenticating your OpenPGP key on behalf of the German Federal Office for Information Security (BSI). This online service compares the name read from your ID card, your electronic residence permit or eID card for citizens of the European Union with the name specified in your OpenPGP key. If the names match, your public key is electronically signed by Governikus, confirming the match. The Governikus public key can be used to verify the Governikus electronic signature.

Governikus public OpenPGP key

Key identifier: A4BF43D7
Fingerprint: 864E8B951ECFC04AF2BB233E5E5CCCB4A4BF43D7

Easy and fast with the eID function

Person with a smartphone in one hand and an ID card in the other.

Your ID card with eID function serves as proof of your real identity in the digital world. With the online ID function, you can identify yourself securely on the Internet. This allows you to deal with official procedures or business matters simply, securely, quickly and at any time.

For this you will need:

Your online ID card

You can use your ID card as your online ID. Alternatively, you can also use the electronic residence permit or the eID card for citizens of the European Union.
In this case, your ID card data will only be transmitted after you have successfully entered your self-selected, six-digit PIN.
More information at: personalausweisportal.de/en

The AusweisApp2

AusweisApp2 Logo
You can install the federal government's AusweisApp2 on your smartphone, computer or tablet free of charge. It allows you to read your online ID card and thus identify yourself digitally.
More information at: ausweisapp.bund.de/en

Smartphone as card reader

To read your online ID card via the AusweisApp2, you need a suitable NFC-enabled smartphone.
New Field Communication (NFC) is a transmission standard for exchanging data wirelessly over short distances. This is also used, for example, when paying with a smartphone. Nowadays, almost all smartphones are equipped with this technology. You can find a list of NFC-enabled smartphones here.

Alternatively, you can also use a suitable card reader.

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK