gpgsm doesn't recognize certs are related to secret keys

Peter S. May psmay at halfgeek.org
Tue Mar 13 18:11:44 CET 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I've extracted some Thawte and CAcert keys and certs from my browser and
imported them into gpgsm.  ls -l ~/.gnupg/private-keys-v1.d/ lists the
three private keys that I imported, and all of the corresponding certs
show up in --list-keys:

$ gpgsm --list-keys psmay
/home/psmay/.gnupg/pubring.kbx
- ----------------------------
Serial number: 067A86EB7BA000EF5E6F6341D8070D7E
       Issuer: /CN=Thawte Personal Freemail Issuing CA/O=Thawte
Consulting (Pty) Ltd./C=ZA
      Subject: /CN=Peter Samuel May/EMail=psmay at halfgeek.org/GN=Peter
Samuel/SN=May
          aka: psmay at halfgeek.org
     validity: 2006-10-09 18:39:01 through 2007-10-09 18:39:01
     key type: 2048 bit RSA
  fingerprint: 96:D2:E8:44:1D:7B:31:8B:C8:CC:07:ED:E3:A0:C2:73:41:A3:56:E9

Serial number: 02C4AD
       Issuer: /CN=CA Cert Signing
Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org
      Subject: /EMail=me at psmay.com/EMail=psmay at halfgeek.org
          aka: psmay at halfgeek.org
          aka: me at psmay.com
     validity: 2006-10-12 14:24:50 through 2007-10-12 14:24:50
     key type: 2048 bit RSA
  fingerprint: 43:F3:E6:0B:1B:25:4E:BA:3A:69:DA:56:8E:F8:35:08:CD:4B:A7:52

Serial number: 02C5B0
       Issuer: /CN=CA Cert Signing
Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org
      Subject: /CN=Peter Samuel
May/EMail=me at psmay.com/EMail=psmay at halfgeek.org
          aka: psmay at halfgeek.org
          aka: me at psmay.com
     validity: 2006-10-13 05:52:09 through 2007-10-13 05:52:09
     key type: 2048 bit RSA
  fingerprint: 26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8

(The CAs' certs also show up when I don't qualify this with my name.)

However, it doesn't seem to realize that it has the secret keys for
these certs:

$ gpgsm --list-secret-keys
/home/dro/.gnupg/pubring.kbx
- ----------------------------
$

And since it doesn't, I also can't use the private keys:

$ gpgsm --local-user
26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8 --sign somefile
gpgsm: can't sign using
`26:D3:A8:D9:00:F0:C9:A1:AE:38:3C:25:39:C0:D6:31:29:95:44:F8': No secret key

Anyone have any ideas?

Thanks
PSM
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF9ttMei6R+3iF2vwRCpSmAKCtzXFUV7aTvcX2ARdKrx356EYJwwCfdjNg
UG4JdsPUQkIkEBBaA/jZxfA=
=peA+
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list