Fwd: KMail does not decrypt SMIME

[Bernhard Reiter]

On Wednesday 18 April 2007 21:40, Ingo Klöcker wrote:
> I'm forwarding your message to gpa-dev at gnupg.org where the GnuPG experts
> reside.

> ----------  Forwarded Message  ----------
> Subject: KMail does not decrypt SMIME
> Date: Tuesday 17 April 2007 21:39
> From: M Hoeller <M_Hoeller at nurfuerspam.de>
> To: kmail-devel at kde.org

> I have a problem to decrypt Mails which are encrypted with SMIME /
> x.509.
>
> I have: successfully set up OpenPGP to en- and decrypt and have
> validated this with others.
>
> Also I can sign and encrypt mails with my x.509 certificat from
> CAcert.org. Others can decrypt the mails I have encrypted and signed.
>
> BUT i can not decrypt mails which others have encrypted with x.509.
> I always get the message: message decryption failed: unsupported
> algorithm RC2. I have attatched the log from gpgsm.
>
> I use gpgsm 1.9.22 which does not support RC2 due to patent issues,
> and RC2 is outdated anyway. I have KMail 1.9.6 with kde 3.5.6 release
> 64.1 and a openSUSE 10.2.
>
> Since one of the senders use Thunderbird 1.5.0.10 I come to the
> impression that it is NOT that I receive RC2 (Thunderbird in this
> version does not send RC2 but 3DES afaik).
> On the other hand gpgsm throws the error only when the algorithm is
> truely indentyvied:
>
> Look at the error handling code:
>               rc = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
>               log_error ("unsupported algorithm `%s'\n", algoid?
> 		algoid:"?");
>               if (algoid && !strcmp (algoid, "1.2.840.113549.3.2"))
>                 log_info (_("(this is the RC2 algorithm)\n"));
>
>
> How everI have also to look at my configuration and this is still a
> miracle to me.
>
> Is there some where step by step how to install / check
> kmail/kleopatra and the gpgME setup? I have used guessing to set up
> and this is never good. On the other hand I did not find a good
> source of information.

To further track down this problem, you should try to seperate
the the problem between frontend (KMail) and cryptoback end.
Try to save the smime.p7m that you have got to a file with KMail
and then decode it with gpgsm --decrypt -v 
on the command line. If this does also not work, you know that
KMail is out of the picture.


> One of the questions is if I should use the dirmgr or gpg-agent? 

Both. 
gpg-agent does the secret key work and might cache your passphrase for 
instance.
dirmngr fetches the public certification revocation lists.


> I also commit that I have poor knowledge here and that I want to get
> this improved, though I really did not find single place which
> describes how the things link to gether.

http://www.gnupg.org/aegypten/ (and aegpyten2).

>
> Here is the data I am refering to:
>
> User-Agent: Thunderbird 1.5.0.10 (X11/20070306)
> MIME-Version: 1.0
> X-Enigmail-Version: 0.94.0.0
> OpenPGP: id=BDD13B90; url=http://tinyurl.com/5d8mm
> Content-Type: application/x-pkcs7-mime; name="smime.p7m"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="smime.p7m"
> Content-Description: S/MIME Encrypted Message
>
> gpgsm log:
>
> 4 - 2007-04-16 21:32:46 gpgsm[7623.0x8084a98] DBG: <- DECRYPT
> 4 - 2007-04-16 21:32:46 gpgsm[7623]: unsupported algorithm
> `1.2.840.113549.3.2'
> 4 - 2007-04-16 21:32:46 gpgsm[7623]: (Dies ist der RC-2 Algorithmus)

The problem could be on the Thunderbird side as well,
if they do not use rc-2, why are they using this oid?

Bernhard

-- 
Managing Director - Owner: www.intevation.net       (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1310 bytes
Desc: not available
Url : /pipermail/attachments/20070419/455bcbc4/attachment-0001.bin