gpgsm --sign with smartcard?
Simon Josefsson
simon at josefsson.org
Fri Apr 20 14:03:42 CEST 2007
Simon Josefsson <simon at josefsson.org> writes:
> I'm trying to sign something using gpgsm and a smartcard, but here is
> what happens:
...
> Where do I put the CRL that will be checked?
>
> Alternatively, how can I tell gpgsm/dirmngr to not check any CRL?
I solved this myself, sorry for the noise.
For the record:
Use --disable-crl-checks to disable CRL checks. Also, you must put
the CA fingerprint in your trustlist.txt:
jas at mocca:~$ cat /home/jas/.gnupg/trustlist.txt
15:32:B4:BA:5A:8A:79:88:CA:26:42:83:59:1B:A3:A2:1C:0B:CC:24 S
jas at mocca:~$
Then signing works:
jas at mocca:~$ echo foo | gpgsm --sign -u BD:5F:80:DE:63:03:4E:C9:E2:84:1E:63:09:55:2E:34:5C:5F:22:6F --disable-crl-checks > foo
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: DBG: adding certificates at level 1
gpgsm: signature created
jas at mocca:~$
I can't parse the output using GnuTLS 'certtool', but OpenSSL appears
to handle it, so I suppose it may be a bug in GnuTLS.
/Simon
More information about the Gnupg-users
mailing list