using gpgsm

Aleksandar Milivojevic alex at milivojevic.org
Wed Dec 21 21:23:26 CET 2005


I've downloaded GnuPG 1.9.20, just to do some testing with S/MIME, considering
it as replacement for openssl tools once stable version is out.

However, have some trouble with using it.

I was able to import CA certificate, and importing other certificates seems to
work too (almost).

I wasn't able to import my private key (with certificate) from PKCS#12 file. 
I've generated the PKCS#12 file using:

openssl pkcs12 -export -in file.crt -inkey file.key -out file.p12

This is what I get when running gpgsm:

$ gpgsm --import file.p12
Secure memory is not locked into core
gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION!
gpgsm: It is only intended for test purposes and should NOT be
gpgsm: used in a production environment or with production keys!
gpgsm: gpgsm: GPG_TTY has not been set - using maybe bogus default
gpgsm: gpg-protect-tool: Secure memory is not locked into core
gpgsm: gpg-protect-tool: gpg-agent is not available in this session
gpgsm: gpg-protect-tool: error while asking for the passphrase: Invalid digest
algorithm
gpgsm: error running `/srv/test/libexec/gpg-protect-tool': exit status 2
gpgsm: total number processed: 0

I've also attempted to use -keypbe and -certpbe options to openssl to specify
different algorithms to use (for example PBE-SHA1-3DES), but no luck.  Gpgsm
simply fails to process those file.

I was able to import the certificate separately from the PEM encoded file
(file.crt from openssl example above).  So I know that certificate is good. 
But not really usefull if I can't get gpgsm to import the private key too.

Attempting to generate new private key using --gen-key hasn't worked eiter (this
function is not yet available from the commandline).

Another question is about support for non US-ASCII characters in certificates
(something tells me you might be getting lot of these questions).  I've
received one certificate that has some accented letters in CN and OU.  After
importing it, and then doing "gpgsm --list-keys", the output shows the Subject
without CN and OU (only O, L, ST and C are displayed).  Is this certificate
unusable with gpgsm, or is this just displaying issue (gpgsm simply not
displaying attributes that have accented characters in them).


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.




More information about the Gnupg-users mailing list