[haukem]

The service checks if the name in your PGP key matches the name in your identity card and signs your PGP key if it matches. I think it also checks if you can receive mails on the mail address in your PGP key.

You can then use your PGP key to sign or encrypt emails or sign your git commits or other stuff you can do with PGP keys. Others who trust this signing service then known that this key really belongs to someone with your name.

[hannob]

> Others who trust this signing service then known that this key really belongs to someone with your name.

Yeah, but who are these others?

I mean I know how PGP key signing is supposed to work. But that all is entirely hypothetical.

It would be meaningful if e.g. there would be a requirement for gov agencies to accept communication with such keys with the same value as written communication. But "some fictional people may care about this signature" is meaningless.

[c00lio]

There are no official uses.

Government agencies are required to accept de-mail, which is a proprietary email-like service. However, rollout has been nonexistent even among government agencies such that you cannot practically use it anywhere, they are a decade behind their rollout plan. The system itself is design-by-committee fugly, insecure and plain weird. You have to get an account with a commercial provider, all of which have closed down by now. PGP/GPG cannot be used with de-mail (except if you copy&paste the ascii-armored ciphertext into the software), and de-mail encryption is intentionally breakable anyways (officially "to scan for viruses").

The eID/ePA "elektronischer Personalausweis" electronic RFID passport which you need to use is another such weird proprietary waste of taxpayer money, accepted nowhere because it doesn't follow any standards and using the RFID function (e.g. as a bank for opening an account) costs tens of thousands per year just for the certificate you need. So nobody uses it and nobody enables the RFID functionality. Therefore the govt got the brilliant idea (among other, far less pleasant ideas such as requiring it for certain payouts) to offer free signatures on GPG/PGP keys using the ePA.

[realityking]

There’s a few decent uses for eID. I used it in the past year to submit my tax declaration (Elster), to change the bank account for car taxes (Zoll Portal), and get an overview of my government retirement insurance. All of these would be possible without the eID but generally involve getting a snail mail letter as authentication.

That is rather slim picking considering all other government interactions and especially private business interactions I did where it could’ve been useful but I’m glad I could do all least some stuff online.

[Eduard]

E. G. git commits can be signed with PGP.