using belgium EID with gnupg 2.0.1

Luc Willems willems.luc at pandora.be
Wed Dec 6 11:11:17 CET 2006 

hello all , 

i'm trying to import my belgium eID card but it only imports the belgium Root CA

this is the output i get
luc at lieve:~/.gnupg> gpgsm --learn-card
gpgsm[6605]: can't connect to `/tmp/gpg-GXgusb/S.gpg-agent': No such file or directory
gpgsm: can't connect to the agent - trying fall back
gpgsm[6605]: can't connect to `/home/luc/.gnupg/S.gpg-agent': No such file or directory
gpgsm: no running gpg-agent - starting one
gpgsm: DBG: connection to agent established
gpgsm: issuer certificate {C2EAD603ED8E2ED59FA26D27D21E3826FC8024AC} not found using authorityKeyIdentifier
gpgsm: issuer certificate (#/2.5.4.5=#323030363033,CN=Citizen CA,C=BE) not found
gpgsm: issuer certificate missing - storing as ephemeral
gpgsm: issuer certificate {C2EAD603ED8E2ED59FA26D27D21E3826FC8024AC} not found using authorityKeyIdentifier
gpgsm: issuer certificate (#/2.5.4.5=#323030363033,CN=Citizen CA,C=BE) not found
gpgsm: issuer certificate missing - storing as ephemeral
gpgsm: issuer certificate {10F00C569B61EA573AB635976D9FDDB9148EDBE6} not found using authorityKeyIdentifier
gpgsm: issuer certificate (#/CN=Belgium Root CA,C=BE) not found
gpgsm: issuer certificate missing - storing as ephemeral
gpgsm: certificate imported
secmem usage: 0/16384 bytes in 0 blocks
luc at lieve:~/.gnupg> gpgsm --list-keys
/home/luc/.gnupg/pubring.kbx
----------------------------
Serial number: 580B056C5324DBB25057185FF9E5A650
       Issuer: /CN=Belgium Root CA/C=BE
      Subject: /CN=Belgium Root CA/C=BE
     validity: 2003-01-26 23:00:00 through 2014-01-26 23:00:00
     key type: 2048 bit RSA
    key usage: certSign crlSign
     policies: 2.16.56.1.1.1:N:
 chain length: unlimited
  fingerprint: DF:DF:AC:89:47:BD:F7:52:64:A9:23:3A:C1:0E:E3:D1:28:33:DA:CC

if have the following gpg-agent.conf

# GPGConf disabled this option here at Wed 06 Dec 2006 10:14:02 AM CET
# allow-mark-trusted
###+++--- GPGConf ---+++###
ignore-cache-for-signing
allow-mark-trusted
debug-level basic
log-file socket:///home/luc/.gnupg/log-socket
###+++--- GPGConf ---+++### Wed 06 Dec 2006 10:51:20 AM CET
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.

but for some reason it doesn't trust the root and citizen CA. I also didn't got a question to trust the
CA certificates ?
How can i fix this ?

Also , the current scdaemon fails most of the time with my acr38 card reader. i'm using the pcsc driver
but most of the time i get Card errors. The card works fine with firefox and thunderbird which uses the belgium pkcs11 library


	greetings,
	luc

More information about the Gnupg-users mailing list