handling S/MIME messages with gpgsm

Werner Koch wk at gnupg.org
Mon Oct 24 09:13:51 CEST 2005

On Fri, 21 Oct 2005 15:03:46 +0200, Joost van Baal said:

> I am having troubles getting S/MIME emails (or CMS blobs) processed by
> GPGME.  (Since GPGME uses libksba, it _should_ be able to handle these,
> I guess).

Yes, it does.

> For instance, when creating a detached-signed S/MIME email message,
> splitting the body off, and de-base64-ing the signature with

>  recode /Base64 < sig.base64 > sig.CMS

I don't know what kind of recode this is.  I usually use mimencode -u,

> , calling gpgsm gives:

>  gpgsm --verify sig.CMS body.txt

>  gpgsm: Signature made 2005-10-21 11:40:54 using certificate ID 090E2BFC
>  gpgsm: invalid signature: message digest attribute does not match calculated one

You did something wrong when parsing the orginal message.  For
example, you need to make sure that CR,LF are used.  Use gpgsm's
option --debug 512 to create dump files with the actual data hashed
(i.e. signed).  Check them.

>  gpgsm: unsupported algorithm `1.2.840.113549.3.2'
>  gpgsm: (this is the RC2 algorithm)
>  gpgsm: message decryption failed: Unsupported algorithm <GpgSM>

Well, unsupported. 

> Unfortunately I can't check this operation with openssl, since I have no
> way to export the private key from the keystore to a .pem-file, suitable
> for import to openssl...

gpgsm --export-secret-key-p12

(you better get the latest gpgsm versions because we fixed a couple of
bugs recently.

> Any pointers or clues are very welcome.  If more information about my
> setup is needed, I gladly supply these.

Check out how Mutt does it.  In particular the file crypt-gpgme.c from
the 1.5.x series or the CVS head.  There is also a tool named
tools/gpgparsemail.c in GnuPG 1.9 - it does S/MIME verification.



More information about the Gnupg-users mailing list