You guys are great! Within 24 hours, I received complete answers
to all of my questions. So I now know that:
(1) the PKI setup of "Robert Bosch GmbH" uses obsolete key types,
but does _not_ contain a (known) major security flaw. This
means that they will have to change their product at some
time in the future but are not going to do any emergency
product switch within the next few weeks. (As a result of
this, I will have to find a solution that interoperates with
their current setup.)
(2) it should be possible to interoperate to their PKI with
OpenPGP products (maybe after some fiddling);
(3) I can import their keys without self-signature not only into
older PGP versions, but also into an up-to-date GnuPG
version.
Thanks a lot to all who helped! (Lars, Lutz, Vedaal, Ian and
Konrad)
- Wolfgang Redtenbacher
---------------------------------------------------------------------
Redtenbacher Software Tel.: +49 7159 17046
Roemerstr. 11/1 Fax: +49 7159 17047
D-71272 Renningen e-mail: wolfgang(_at_)redtenbacher(_dot_)de
---------------------------------------------------------------------