You can link an OpenPGP key to a German eID

Here is the gist (directly taken from the website):<p>&gt; Governikus provides the online service for authenticating your OpenPGP key on behalf of the German Federal Office for Information Security (BSI). This online service compares the name read from your ID card, your electronic residence permit or eID card for citizens of the European Union with the name specified in your OpenPGP key. If the names match, your public key is electronically signed by Governikus, confirming the match. The Governikus public key can be used to verify the Governikus electronic signature.<p>So this is apparently useful if somebody wants to send an encrypted email to somebody else and want to ensure that only the desired person can read the email. For that the sender would have to check that the OpenPGP key got signed with the Governikus public key before encrypting and sending the message.<p>What that doesn&#x27;t seem to address are multiple people with the same name. So the sender know he&#x27;s sending an email only John Doe can read, but he still don&#x27;t know which John Doe it is.<p>To me that sounds like something which makes only sense for a few limited use cases.

Is there a reputable identity provider that would verify a passport, SSN or similar, preferably in person, and link that to an OpenPGP key with metadata same as in the ID?<p>Similar to this service, but linking not just the name, but more secure unique identity data. Linking the person’s name to the key is not very useful, since there are many people with that name.<p>That’s basically a government issued smart card, that would allow the use of OpenPGP A-E-S keys for arbitrary data through a FOSS API.<p>Keybase was a good idea, but it’s semi dead.

What&#x27;s the primary key to identify a German citizien? The full name is certainly not unique. Even combined with birthdate duplicates do probably exist. Some countries have something like a social security number. Of course those exist in Germany, too, but using them cross-functionally has long been deemed unconstitutional. So the tax office can use the tax number, but that cannot be shown e.g. in your passport or drivers licence. Analogously with every other identifier. I think some law and order politicians have tried to weaken this up, but I guess it&#x27;s still not fully allowed.<p>Asking out of real curiousity. I am German citizen, but have not lived there after the first government office got a PC.

Interestingly the whole page does not tell what one can practically do with this. Most likely: Nothing at all.

This mostly looks like open software, which seems positive<p>But in the end you can only get&#x2F;use it using Google, Microsoft, Apple or Huawei. As a German citizen I don&#x27;t agree that I have to sell my freedom to American companies or a Chinese one, which show little respect for our legislation. Neither as companies nor countries they reside in and whose legislation they have to comply with.

In Russia you can get a key-certificate pair (x509, perhaps with GOST algorithms) signed by government CA and then sign documents with it.<p>How different this OpenPGP key stuff is, minus the &quot;OpenPGP is so bad we decided to sunset it&quot; vibe?