Press Release: Gpg4win Approved for VS-NfD

Posted on January 7, 2020 by Heike Jurzik

Erkrath, January 7, 2020. On November 15, 2019, the Federal Office for Information Security (BSI) issued its approval recommendation for Gpg4win, version 3.x, and Gpg4KDE. These tools are now authorized for the secure transfer and processing of classified national information up to the security classification level of VS-NfD (Classified – FOR OFFICIAL USE ONLY), RESTREINT UE/EU RESTRICTED, and NATO RESTRICTED (BSI-VSA-10400, BSI-VSA-10412).

The Windows software Gpg4win (GNU Privacy Guard for Windows) installs an add-in that enables signing, encrypting, and decrypting emails in Microsoft Outlook. Additionally, Gpg4win allows files and folders to be encrypted and decrypted directly within the Windows Explorer. On Linux, the combination of GnuPG and KMail, the default email client for the KDE desktop environment, is approved for use. The core component on both Windows and Linux is GnuPG, software that, like the other programs mentioned, is distributed under a free license. This allowed the BSI to review and verify the source code of all components.

The approval recommendation covers both protocols: S/MIME and OpenPGP. It permits long-term secrets to be stored on users’ hard drives, provided additional security measures are implemented. This means that it is no longer strictly necessary to use an approved smart card for storing private keys. Furthermore, symmetric encryption is now supported, allowing encryption solely with a password.

Thanks to the approval recommendation, GnuPG can now replace Chiasmus, the software previously used for VS-NfD. "OpenPGP and S/MIME offer several advantages over Chiasmus," says Werner Koch, the creator and one of the lead developers of GnuPG. "You only need to exchange certificates once, and there is no need for a unique key for every communication."

About GnuPG.com

For over 20 years, GnuPG.com has been advancing the development of the GnuPG software. In addition, the company provides technical consulting and professional support (service level agreements) through the developers of Gpg4win and GnuPG.

Links:

(Diese Pressemittellung als PDF)

Update

The current approval number (as of May 31, 2024) is: BSI-VSA-10867

Unless otherwise noted, these web pages are: Copyright 2025 g10 Code GmbH. Verbatim copying and distribution is permitted in any medium, provided this notice is preserved. See the Legal Notice & Privacy Policy for details. This page was last changed on 2025-01-28.