gpgsm --sign with smartcard?

Simon Josefsson simon at
Fri Apr 20 14:03:42 CEST 2007

Simon Josefsson <simon at> writes:

> I'm trying to sign something using gpgsm and a smartcard, but here is
> what happens:
> Where do I put the CRL that will be checked?
> Alternatively, how can I tell gpgsm/dirmngr to not check any CRL?

I solved this myself, sorry for the noise.

For the record:

Use --disable-crl-checks to disable CRL checks.  Also, you must put
the CA fingerprint in your trustlist.txt:

jas at mocca:~$ cat /home/jas/.gnupg/trustlist.txt
15:32:B4:BA:5A:8A:79:88:CA:26:42:83:59:1B:A3:A2:1C:0B:CC:24 S
jas at mocca:~$

Then signing works:

jas at mocca:~$ echo foo | gpgsm --sign -u BD:5F:80:DE:63:03:4E:C9:E2:84:1E:63:09:55:2E:34:5C:5F:22:6F --disable-crl-checks > foo
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: DBG: adding certificates at level 1
gpgsm: signature created
jas at mocca:~$

I can't parse the output using GnuTLS 'certtool', but OpenSSL appears
to handle it, so I suppose it may be a bug in GnuTLS.


More information about the Gnupg-users mailing list