using gpgsm

Aleksandar Milivojevic alex at milivojevic.org
Thu Dec 29 21:52:43 CET 2005 

Quoting Werner Koch <wk at gnupg.org>:

> On Wed, 21 Dec 2005 14:23:26 -0600, Aleksandar Milivojevic said:
>
>> gpgsm: gpgsm: GPG_TTY has not been set - using maybe bogus default
>> gpgsm: gpg-protect-tool: Secure memory is not locked into core
>> gpgsm: gpg-protect-tool: gpg-agent is not available in this session
>
> You need to start gpg-agent first; importing p12 files is not possible
> with an on-demand loaded gpg-agent.
>
>  gpg-agent --daemon /bin/sh
>
> is probably the easiest way for testing this.  Within this shell run
> the import again.  Use exit to sto the agent then.
>
> Hint:  Running just gpg-agent will show whether an agent is available.

It was two things.  The gpg-agent was the first one.  The second one was the
pinentry program (I didn't have one).  After downloading and installing it, I
was able to import PKCS#12 file.  Might be good idea if configure script was
checking if pinentry is installed and complaining if it wasn't, like for other
dependencies.

>> Another question is about support for non US-ASCII characters in 
>> certificates
>> (something tells me you might be getting lot of these questions).  I've
>> received one certificate that has some accented letters in CN and OU.  After
>> importing it, and then doing "gpgsm --list-keys", the output shows 
>> the Subject
>> without CN and OU (only O, L, ST and C are displayed).  Is this certificate
>
> gpgsm always displays utf-8 thus they may look weir depending on
> your locale setting.

The thing is, it wasn't displaying them at all.  As if they were not there.

Example (removed non-relevant lines from output):

$ echo $LANG
en_US.UTF-8

$ openssl x509 -noout -text -in test.crt
        Subject: C=CA, ST=Quebec, L=Montreal,
O=\x00T\x00e\x00s\x00t\x00_\x00I\x00m\x00p\x00r\x00i\x00m\x00e\x00u\x00r,
OU=\x00T\x00e\x00s\x00t\x00_\x00I\x00m\x00p\x00r\x00i\x00m\x00e\x00u\x00r,
CN=\x00T\x00e\x00s\x00t\x00_\x00I\x00m\x00p\x00r\x00i\x00m\x00e\x00u\x00r

$ gpgsm --import test.crt

$ gpgsm --list-keys
      Subject: /L=Montreal/ST=Quebec/C=CA

As you can see, the CN, O and OU attributes are missing in output.  Only the
"clean US-ASCII" C, ST and L are present.  Openssl displayed them all 
using hex
notation (they look weir, but they are there).  I know that gpgsm imported the
certificate correctly (if I export it into a file, and then run openssl x509
-text on it, it displays correct Subject).  If I import that same certificate
into Windows machine, it is also displayed correctly (this time no weir 
stuff).

BTW, the certificate in this example is almost unselectable using 
gpgsm.  The CN
is in UTF-8, but when I looked closer into it, it doesn't really contain any
non-US-ASCII characters.  It just reads "Test_Imprimeur" (just remove 
all those
"\x00").  However if I do 'gpgsm --list-keys CN=Test_Imprimeur', nothing is
displayed.


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the Gnupg-users mailing list