gpgsm and Kmail and X509 certificates

Graeme Nichols gnichols at tpg.com.au
Thu Sep 20 02:49:36 CEST 2007


Hello Werner,

Werner Koch wrote:
> On Wed, 19 Sep 2007 07:56, gnichols at tpg.com.au said:
> 
>> When configuring Kmail I click on Settings --> Configure Kmail then 
>> Security and I am presented with 5 tabs, two of which are Crypto 
>> Backends and S/MIME Validation. What do I put into these fields? The 
>> Crypto Backends --> Configure fields and the S/MIME Validation fields?
> 
> The defaults should be fine for now.

OK. Good.
> 
>> trouble... I cannot enter my certificates into these fields. If I click 
>> on 'change' I get an error 'An error occurred while fetching the keys 
>> from the backend: General Error' and 'No backends found for listing 
>> keys. Check your installation.'
> 
> On the command line enter
> 
>   gpgsm -K

Output is:

[graeme at barney ~]$ gpgsm -K
/home/graeme/.gnupg/pubring.kbx
-------------------------------
gpgsm: DBG: connection to agent established
secmem usage: 0/16384 bytes in 0 blocks
[graeme at barney ~]$
> 
> this should show you your own certificates

It didn't as you can see.

> 
>   gpgsm -k

Output follows:

[graeme at barney ~]$ gpgsm -k
/home/graeme/.gnupg/pubring.kbx
-------------------------------
Serial number: 00
        Issuer: /CN=CA Cert Signing 
Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org
       Subject: /CN=CA Cert Signing 
Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org
      validity: 2003-03-30 12:29:49 through 2033-03-29 12:29:49
      key type: 4096 bit RSA
  chain length: unlimited
   fingerprint: 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33

Serial number: 32D18D
        Issuer: /CN=6R-Ca 
1:PN/NameDistinguisher=1/O=Regulierungsbeh?orde f?ur Telekommunikation 
und Post/C=DE
       Subject: /CN=6R-Ca 
1:PN/NameDistinguisher=1/O=Regulierungsbeh?orde f?ur Telekommunikation 
und Post/C=DE
      validity: 2001-02-01 09:52:17 through 2005-06-01 09:52:17
      key type: 1024 bit RSA
     key usage: certSign crlSign
   fingerprint: EA:8D:99:DD:36:AA:2D:07:1A:3C:7B:69:00:9E:51:B9:4A:2E:E7:60

Serial number: 2A
        Issuer: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
       Subject: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
      validity: 2005-08-03 15:30:36 through 2007-12-31 15:09:23
      key type: 1024 bit RSA
     key usage: certSign
      policies: 1.3.36.8.1.1:N:
  chain length: unlimited
   fingerprint: 31:C9:D2:E6:31:4D:0B:CC:2C:1A:45:00:A6:6B:97:98:27:18:8E:CD

Serial number: 02
        Issuer: /CN=9R-CA 1:PN/O=Regulierungsbeh?rde f?r 
Telekommunikation und Post/C=DE
       Subject: /CN=9R-CA 1:PN/O=Regulierungsbeh?rde f?r 
Telekommunikation und Post/C=DE
      validity: 2004-11-25 14:59:11 through 2007-12-31 14:56:59
      key type: 1024 bit RSA
     key usage: certSign
      policies: 1.3.36.8.1.1:N:
  chain length: unlimited
   fingerprint: 75:9A:4A:CE:7C:DA:7E:89:1B:B2:72:4B:E3:76:EA:47:3A:96:97:24

Serial number: 2D
        Issuer: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
       Subject: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
      validity: 2005-08-03 18:09:49 through 2007-12-31 18:04:28
      key type: 1024 bit RSA
     key usage: certSign
      policies: 1.3.36.8.1.1:N:
  chain length: unlimited
   fingerprint: A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D

Serial number: 01
        Issuer: /CN=8R-CA 1:PN/O=Regulierungsbeh?rde f?r 
Telekommunikation und Post/C=DE
       Subject: /CN=8R-CA 1:PN/O=Regulierungsbeh?rde f?r 
Telekommunikation und Post/C=DE
      validity: 2004-11-25 14:10:37 through 2007-12-31 14:04:03
      key type: 1024 bit RSA
     key usage: certSign
      policies: 1.3.36.8.1.1:N:
  chain length: unlimited
   fingerprint: 42:6A:F6:78:30:E9:CE:24:5B:EF:41:A2:C1:A8:51:DA:C5:0A:6D:F5

Serial number: 00C48C8D
        Issuer: /CN=7R-CA 
1:PN/NameDistinguisher=1/O=Regulierungsbeh?orde f?ur Telekommunikation 
und Post/C=DE
       Subject: /CN=7R-CA 
1:PN/NameDistinguisher=1/O=Regulierungsbeh?orde f?ur Telekommunikation 
und Post/C=DE
      validity: 2001-10-15 11:15:15 through 2006-02-15 11:15:15
      key type: 1024 bit RSA
     key usage: certSign crlSign
   fingerprint: DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B

Serial number: 00B95F
        Issuer: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
       Subject: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
           aka: info at d-trust.net
           aka: (uri http://www.d-trust.net)
      validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54
      key type: 2048 bit RSA
     key usage: certSign crlSign
      policies: 1.3.6.1.4.1.4788.2.30.1:N:
  chain length: unlimited
   fingerprint: E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:37:23:96:B1:4A:2E:5C

Serial number: 00B960
        Issuer: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
       Subject: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
           aka: info at d-trust.net
           aka: (uri http://www.d-trust.net)
      validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54
      key type: 2048 bit RSA
     key usage: certSign crlSign
      policies: 1.3.6.1.4.1.4788.2.30.1:N:
  chain length: unlimited
   fingerprint: 98:2A:75:67:0F:F8:28:4A:94:E0:9D:23:D8:E7:62:C8:BD:A4:54:04

Serial number: 00DF749F80AA51F0EDC0CB1FC183E97EE2
        Issuer: /CN=S-TRUST Qualified Root CA 2006-001:PN/O=Deutscher 
Sparkassen Verlag GmbH/L=Stuttgart/ST=Baden-Wuerttemberg (BW)/C=DE
       Subject: /CN=S-TRUST Qualified Root CA 2006-001:PN/O=Deutscher 
Sparkassen Verlag GmbH/L=Stuttgart/ST=Baden-Wuerttemberg (BW)/C=DE
      validity: 2006-01-01 00:00:00 through 2010-12-30 23:59:59
      key type: 2048 bit RSA
     key usage: certSign crlSign
  chain length: 1
   fingerprint: 7D:DC:76:1C:FD:AF:4C:E0:3A:B5:3A:DD:C9:FA:13:35:19:A3:DE:C9

Serial number: 03FCBA
        Issuer: /CN=CA Cert Signing 
Authority/OU=http:\x2f\x2fwww.cacert.org/O=Root CA/EMail=support at cacert.org
       Subject: /CN=CAcert WoT User/EMail=gnichols at tpg.com.au
           aka: gnichols at tpg.com.au
      validity: 2007-09-02 03:15:25 through 2008-02-29 03:15:25
      key type: 2048 bit RSA
ext key usage: emailProtection (suggested), clientAuth (suggested), 
1.3.6.1.4.1.311.10.3.4 (suggested), serverGatedCrypto.ms (suggested), 
serverGatedCrypto.ns (suggested)
   fingerprint: 2D:0D:02:D5:2E:0F:D9:C7:31:48:C8:A2:63:13:6F:AD:C7:21:27:34

secmem usage: 0/16384 bytes in 0 blocks
[graeme at barney ~]$
> 
> shows all certificates.  Are there any error messages?

No. My certificate is the last one. All the others were already there.
> 
>> have successfully imported my X509 certificate  into gpgsm and it is 
>> listed when executing gpgsm --list-keys.
> 
> -k is an alias for --list-keys.  However you need to use -K (or
> --list-secret-keys)
> 
>> Another error I get if I try and send a signed email from Kmail is: 
>> 'Signing failed. Bad passphrase' I don't really understand this one as 
>> it used to work before I upgraded to F7 from F6.
> 
> Is the gpg-agent running and a pinentry installed?  Check on the command
> line with
> 
>   gpgsm --passwd <your-user-id>

Output follows:
[graeme at barney ~]$ gpgsm --passwd gnichols at tpg.com.au
gpgsm: DBG: connection to agent established
gpgsm: error changing passphrase: No such file or directory
secmem usage: 0/16384 bytes in 0 blocks
[graeme at barney ~]$

Looks like gpg-agent is running but no pinentry. Is that correct?
Pinentry-0.7.2-14.fc7 is installed. I have looked through the pinentry 
--help output but I don't really know what it is I have to do/set/enter 
or whatever. I'm pretty ignorant in this area. I have looked at the 
website http://www.gnupg.org/aegypten/ but I am still confused.

What should I do now?


-- 

----------------------------------------------------------------------
Kind regards,

Graeme.
----------------------------------------------------------------------
Download my GnuPG public key from:-
http://www.users.tpg.com.au/gnichols/graemenichols.pub
----------------------------------------------------------------------

A would-be disciple came to Nasrudin's hut on the mountain-side. 
Knowing that every action of such an enlightened one is significant, the 
seeker watched the teacher closely.  "Why do you blow on your hands?" 
"To warm myself in the cold."  Later, Nasrudin poured bowls of hot soup 
for himself and the newcomer, and blew on his own.  "Why are you doing 
that, Master?" "To cool the soup."  Unable to trust a man who uses the 
same process to arrive at two different results -- hot and cold -- the 
disciple departed.



More information about the Gnupg-users mailing list