Can't verify Thawte S/MIME message (was: decrypt PGP 8 msg)

Neil Williams linux@codehelp.co.uk
Thu Sep 11 19:49:01 2003 

--Boundary-02=_tZLY/gNQKnSjpHc
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Thursday 11 Sep 2003 2:30 am, Eugene Smiley wrote:
> > But I do not know what to do with his second part.

Nothing much - unless you also seek out a Thawte certificate or build anoth=
er=20
plugin from source.

> >> Yet it doesn't verify as S/MIME - it comes up as unknown mime
> >> type in KMail. The block is also VERY long (4.7kb), more like an
> >> attached public key rather than a signature? (yet it lacks the
> >> BEGIN/END PGP KEYBLOCK lines or comments). gpg complains of a
> >> lack of OpenPGP data when the block is saved as a file.
>
> I discussed this with Neil off-list and his assesment, correct me if I
> am wrong Neil, is that it has to do with the Kmail plugins. Maybe one

It does. The KMail cryptplug/gpgme-openpgp.so plugin, under a default build=
,=20
can't understand the Thawte portion. There's a second plugin that can be=20
built from the same source via the Aegypten project:
Thawte offers X509 S/MIME certificates. Here's a step-by-step HOWTO that I=
=20
used to get my Thawte certificate into GPGSM:=20
http://www.gnupg.org/aegypten/development.en.html

Aegypten provide a tool that links the X509 into GPG - GPGSM
http://www.gnupg.org/(en)/index.html
Project Aegypten provides Sphinx-Clients (Mutt, KMail, ...) compatible to=20
S/MIME within a GnuPG framework. Within this project a few new tools have=20
been developed, most notably "gpgsm" as the S/MIME counterpart of "gpg".

> of these days, I'll venture over to the Kmail site like he suggested.

It's more of a GnuPG issue than KMail - a case of building a second plugin=
=20
from source to go alonside gpgme-openpgp.so:

http://www.gnupg.org/aegypten/development.en.html
In the Cryptography section, add the Plug-In=20
/some/where/lib/cryptplug/gpgme-smime.so for S/MIME=20
and/or /some/where/lib/cryptplug/gpgme-openpgp.so for OpenPGP

> Ah, well I correspond with some users who use S/MIME and some who use
> PGP/GPG. I'm just too lazy to remember to switch back and forth
> between the two when I can do both. ;)

Similar. Eugene is the only person I have come across who uses Thawte and=20
OpenPGP - other users of Thawte tend to show up as 'unknown key - key not=20
available'. I might get around to it one day . . . . .

=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3

--Boundary-02=_tZLY/gNQKnSjpHc
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/YLZtiAEJSii8s+MRAlAfAKD1/rlGjVSHUfQ3EJN/hnbghdgYOwCgh7L9
FVm9zTqH+eGl5Ad719NHjdI=
=IrKv
-----END PGP SIGNATURE-----

--Boundary-02=_tZLY/gNQKnSjpHc--