1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
gnupg/doc/examples/qualified.txt
Alon Bar-Lev 384a3748d9
sm: Move qualified.txt from datadir into sysconfdir
* doc/Makefile.am: Move qualified.txt into examples.
* doc/qualified.txt: Move into examples, remove trailing spaces.
* doc/examples/README: Document qualified.txt.
* doc/gpgsm.texi: Move qualified.txt from datadir into sysconfdir.
* sm/qualified.c (read_list): Move qualified.txt from datadir into
sysconfdir.
--

The qualified.txt is maintained by Administrator it is a configuration
file. In the past it was a hybrid, provided by package and controlled
by the Administrator, however, it is no longer maintained by package.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2017-09-11 12:42:53 +02:00

9.4 KiB

This is the list of root certificates used for qualified

certificates. They are defined as certificates capable of creating

legally binding signatures in the same way as a handwritten

signatures are. Comments like this one and empty lines are allowed

Lines do have a length limit but this is not a serious limitation as

the format of the entries is fixed and checked by gpgsm: A

non-comment line starts with optional whitespaces, followed by

exactly 40 hex character, whitespace and a lowercased 2 letter

country code. Additional data delimited with by a whitespace is

current ignored but might late be used for other purposes.

Note: The subversion copy of this file carries a gpg:signature

property with its OpenPGP signature. Check this signature before

adding entries:

svn pg gpg:signature qualified.txt | gpg --verify - qualified.txt

to create a new signature:

f=qualified.txt; gpg -sba $f && svn ps gpg:signature -F $f.asc $f

#*******************************************

Belgium

Need to figure out a reliable source.

#*******************************************

#*******************************************

Germany

The information for Germany is available

at http://www.bundesnetzagentur.de

#*******************************************

#Serial number: 32D18D

Issuer: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde

fÈur Telekommunikation und Post/C=DE

Subject: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde

fÈur Telekommunikation und Post/C=DE

validity: 2001-02-01 09:52:17 through 2005-06-01 09:52:17

key type: 1024 bit RSA

key usage: certSign crlSign

#[checked: 2005-11-14] EA:8D:99:DD:36:AA:2D:07:1A:3C:7B:69:00:9E:51:B9:4A:2E:E7:60 de

#Serial number: 00C48C8D

Issuer: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde

fÈur Telekommunikation und Post/C=DE

Subject: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde

fÈur Telekommunikation und Post/C=DE

validity: 2001-10-15 11:15:15 through 2006-02-15 11:15:15

key type: 1024 bit RSA

key usage: certSign crlSign

#[checked: 2005-11-14] DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B de

#Serial number: 01

Issuer: /CN=8R-CA 1:PN/O=Regulierungsbehörde für

Telekommunikation und Post/C=DE

Subject: /CN=8R-CA 1:PN/O=Regulierungsbehörde für

Telekommunikation und Post/C=DE

validity: 2004-11-25 14:10:37 through 2007-12-31 14:04:03

key type: 1024 bit RSA

key usage: certSign

policies: 1.3.36.8.1.1:N:

chain length: unlimited

#[checked: 2005-11-14] 42:6A:F6:78:30:E9:CE:24:5B:EF:41:A2:C1:A8:51:DA:C5:0A:6D:F5 de

#Serial number: 02

Issuer: /CN=9R-CA 1:PN/O=Regulierungsbehörde für

Telekommunikation und Post/C=DE

Subject: /CN=9R-CA 1:PN/O=Regulierungsbehörde für

Telekommunikation und Post/C=DE

validity: 2004-11-25 14:59:11 through 2007-12-31 14:56:59

key type: 1024 bit RSA

key usage: certSign

policies: 1.3.36.8.1.1:N:

chain length: unlimited

#[checked: 2005-11-14] 75:9A:4A:CE:7C:DA:7E:89:1B:B2:72:4B:E3:76:EA:47:3A:96:97:24 de

#Serial number: 2A

Issuer: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE

Subject: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE

validity: 2005-08-03 15:30:36 through 2007-12-31 15:09:23

key type: 1024 bit RSA

key usage: certSign

policies: 1.3.36.8.1.1:N:

chain length: unlimited

#[checked: 2005-11-14] 31:C9:D2:E6:31:4D:0B:CC:2C:1A:45:00:A6:6B:97:98:27:18:8E:CD de

#Serial number: 2D

Issuer: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE

Subject: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE

validity: 2005-08-03 18:09:49 through 2007-12-31 18:04:28

key type: 1024 bit RSA

key usage: certSign

policies: 1.3.36.8.1.1:N:

chain length: unlimited

#[checked: 2005-11-14] A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D de

ID: 0x5B4757B0

S/N: 0139

Issuer: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE

Subject: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE

validity: 2007-05-25 11:01:44 through 2012-05-25 10:56:07

key type: 2048 bit RSA

key usage: certSign

policies: 1.3.36.8.1.1:N:

chain length: unlimited

[checked: 2008-06-25]

44:7E:D4:E3:9A:D7:92:E2:07:FA:53:1A:2E:F5:B8:02:5B:47:57:B0 de

ID: 0x46A2CC8A

S/N: 013C

Issuer: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE

Subject: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE

validity: 2007-05-29 11:02:37 through 2012-05-29 10:55:54

key type: 2048 bit RSA

key usage: certSign

policies: 1.3.36.8.1.1:N:

chain length: unlimited

[checked: 2008-06-25]

AC:A7:BE:45:1F:A6:BF:09:F2:D1:3F:08:7B:BC:EB:7F:46:A2:CC:8A de

D-Trust root certificates. Probably by shifting a lot of Euros to

laywer companies, German CAs achieved to get the permission to

create their own legally binding root certificates - independent of

the Bundesnetzagentur. The main problem with this is that it is

hard to figure out what qualified root certificates are actually

active. There is now no way to be sure whether a signature is a

qualified one. A pettifogger's way of validating certificates.

#Serial number: 00B95F

Issuer: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE

Subject: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE

aka: info@d-trust.net

aka: (uri http://www.d-trust.net)

validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54

key type: 2048 bit RSA

key usage: certSign crlSign

policies: 1.3.6.1.4.1.4788.2.30.1:N:

chain length: unlimited

#[checked: 2007-01-31 by phone 030-259391-0 and callback by Mrs. Enke] E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:37:23:96:B1:4A:2E:5C de

#Serial number: 00B960

Issuer: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE

Subject: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE

aka: info@d-trust.net

aka: (uri http://www.d-trust.net)

validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54

key type: 2048 bit RSA

key usage: certSign crlSign

policies: 1.3.6.1.4.1.4788.2.30.1:N:

chain length: unlimited

#[checked: 2007-01-31 by phone 030-259391-0 and callback by Mrs. Enke] 98:2A:75:67:0F:F8:28:4A:94:E0:9D:23:D8:E7:62:C8:BD:A4:54:04 de

S-Trust root certificates.

#Serial number: 00DF749F80AA51F0EDC0CB1FC183E97EE2

Issuer: /CN=S-TRUST Qualified Root CA 2006-001:PN

/O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart

/ST=Baden-Wuerttemberg (BW)/C=DE

Subject: /CN=S-TRUST Qualified Root CA 2006-001:PN

/O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart

/ST=Baden-Wuerttemberg (BW)/C=DE

validity: 2006-01-01 00:00:00 through 2010-12-30 23:59:59

key type: 2048 bit RSA

key usage: certSign crlSign

chain length: 1

#[checked: 2007-01-31 by phone 0711-782-0 Mr. Brommer] 7D:DC:76:1C:FD:AF:4C:E0:3A:B5:3A:DD:C9:FA:13:35:19:A3:DE:C9 de

#Serial number: 00BC098E0402E92956B8D7DE74977E26F7

Issuer: /CN=S-TRUST Qualified Root CA 2007-001:PN

/O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart

/ST=Baden-Wuerttemberg (BW)/C=DE

Subject: /CN=S-TRUST Qualified Root CA 2007-001:PN

/O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart

/ST=Baden-Wuerttemberg (BW)/C=DE

validity: 2007-01-01 00:00:00 through 2011-12-30 23:59:59

key type: 2048 bit RSA

key usage: certSign crlSign

chain length: 1

#[checked: 2007-01-31 by phone 0711-782-0 Mr. Brommer] 7A:3C:1B:60:2E:BD:A4:A1:E0:EB:AD:7A:BA:4F:D1:43:69:A9:39:FC de

ID: 0xA8FEA3CA

S/N: 00B3963E0E6C2D65125853E970665402E5

Issuer: /CN=S-TRUST Qualified Root CA 2008-001:PN

/O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE

Subject: /CN=S-TRUST Qualified Root CA 2008-001:PN

/O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE

validity: 2008-01-01 00:00:00 through 2012-12-30 23:59:59

key type: 2048 bit RSA

key usage: certSign crlSign

chain length: 1

#[checked: 2007-12-13 via received ZIP file with qualified signature from

/CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag

/C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg]

C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA de

ID: 0x3A7D979B

S/N: 00C4216083F35C54F67B09A80C3C55FE7D

Issuer: /CN=S-TRUST Qualified Root CA 2008-002:PN

/O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE

Subject: /CN=S-TRUST Qualified Root CA 2008-002:PN

/O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE

validity: 2008-01-01 00:00:00 through 2012-12-30 23:59:59

key type: 2048 bit RSA

key usage: certSign crlSign

chain length: 1

#[checked: 2007-12-13 via received ZIP file with qualified signature from

/CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag

/C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg"]

D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B de

#*******************************************

End of file

#*******************************************