gpgsm doesn't import SMIME key from browser (no error message)

Robert Wenner robert.wenner at atsec.com
Wed Feb 15 00:11:47 CET 2006


Hi,

I followed the steps described in 
http://www.gnupg.org/aegypten/development.en.html#howto_import_external_certs
to import my private Thwate S/MIME key into Ägypten for use in KMail.
Everything seemed fine, but the new key is not shown in the 
list from gpgsm -K. It shows only the old (expired) key.
I get no error message on importing and $? is 0, though.
If I move my existing keys from /home/robert/.gnupg/private-keys-v1.d/ 
before importing, gpgsm -K shows no keys at all.

Below is what I did and version information of the programs.
What am I missing here?

Cheers,

Robert

--- cut here ---

robert at sauerbraten:~> openssl pkcs12 -in certbundle.p12 -out certbundle.pem -nodes
Enter Import Password:
MAC verified OK
robert at sauerbraten:~> openssl pkcs12 -in certbundle.pem -export -out certkey.p12 -nocerts -nodes
Enter Export Password:
Verifying - Enter Export Password:
robert at sauerbraten:~> gpgsm --call-protect-tool --p12-import --store certkey.p12
gpg-protect-tool: 2584 bytes of RC2 encrypted text
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
gpg-protect-tool: 1224 bytes of 3DES encrypted text
gpg-protect-tool: keygrip: C9B644CD7A2326E1199D386A84A59AD557901F83
gpg-protect-tool: secret key stored as `/home/robert/.gnupg/private-keys-v1.d/C9B644CD7A2326E1199D386A84A59AD557901F83.key'
robert at sauerbraten:~> gpgsm -K
gpgsm: NOTE: THIS IS A DEVELOPMENT VERSION!
gpgsm: It is only intended for test purposes and should NOT be
gpgsm: used in a production environment or with production keys!
/home/robert/.gnupg/pubring.kbx
-------------------------------
gpgsm: DBG: connection to agent established
Serial number: 0DC685
       Issuer: /CN=Thawte Personal Freemail Issuing CA/O=Thawte Consulting (Pty) Ltd./C=ZA
      Subject: /CN=Thawte Freemail Member/EMail=robert.wenner at atsec.com
          aka: robert.wenner at atsec.com
     validity: 2005-01-10 17:14:40 through 2006-01-10 17:14:40
     key type: 2048 bit RSA
  fingerprint: DC:84:69:6E:58:AB:11:41:8C:F3:DD:B4:39:99:78:A2:E7:94:5A:38

secmem usage: 0/16384 bytes in 0 blocks


--- cut here ---

robert at sauerbraten:~> gpgsm --version
gpgsm (GnuPG) 1.9.14
Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
robert at sauerbraten:~> gpg --version
gpg (GnuPG) 1.4.2
Copyright (C) 2005 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512
Compression: Uncompressed, ZIP, ZLIB, BZIP2
robert at sauerbraten:~> gpg-agent --version
gpg-agent (GnuPG) 1.9.14
Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.



More information about the Gnupg-users mailing list