gpgsm and Kmail and X509 certificates

Graeme Nichols gnichols at tpg.com.au
Fri Sep 21 04:47:17 CEST 2007


Hello Werner,

Werner Koch wrote:
> On Thu, 20 Sep 2007 02:49, gnichols at tpg.com.au said:
> 
>> [graeme at barney ~]$ gpgsm -K
>> /home/graeme/.gnupg/pubring.kbx
>> -------------------------------
>> gpgsm: DBG: connection to agent established
>> secmem usage: 0/16384 bytes in 0 blocks
>> [graeme at barney ~]$
>>> this should show you your own certificates
>> It didn't as you can see.
> 
> With own certificates I meant, Your certifciate plus your private key.
> 
> Did you import the key at all?

Yes, I did. It said that one key was imported, key was good and all 
that. The key name was gnichols at tpg.com.au.crt. I have never been able 
to import my key in *.p12 format. I normally renew my key and install it 
into Firefox automatically then back it up to floppy in *.p12 format. 
Trying to then import that backup into gpgsm results in the following:

[graeme at barney ~]$ gpgsm --import My_Certificate120308.p12
gpgsm: gpgsm: GPG_TTY has not been set - using maybe bogus default
gpgsm: gpg-protect-tool: canceled by user
gpgsm: gpg-protect-tool: cancelled
gpgsm: total number processed: 0
secmem usage: 0/16384 bytes in 0 blocks
[graeme at barney ~]$
> 
>> [graeme at barney ~]$ gpgsm --passwd gnichols at tpg.com.au
>> gpgsm: DBG: connection to agent established
>> gpgsm: error changing passphrase: No such file or directory
> 
> That means that your private key does not exists.  To manually check
> this do:
> 
>   gpgsm --dump-key 2D:0D:02:D5:2E:0F:D9:C7:31:48:C8:A2:63:13:6F:AD:C7:21:27:34
> 
> Youy will notice a line
> 
>   keygrip: <40-hex-digits>

Yes. That worked, thank you.
> 
> then check whether a file
> 
>   ~/.gnupg/private-keys-v1.d/<40-hex-digits>.key
> 
> exists. It does not and this is the reason you see "No such file or
> directory" (Well, it should better read "No such secret key").

No. there are no files in the ~/.gnupg/private-keys-v1.d/ directory.
> 
> You need to get your private key as a pkcs#12 file and import it into
> gpgsm
> 
>   gpgsm --import foo.p12

Does not work as you can see above. Is the backup of my certificate from 
Mozilla in *.p12 format the same as getting it from CACert in *.p12 format?

Thank you very much for your patience and help. Please bear with me 
until I get this fixed if you will.

-- 

----------------------------------------------------------------------
Kind regards,

Graeme.
----------------------------------------------------------------------
Download my GnuPG public key from:-
http://www.users.tpg.com.au/gnichols/graemenichols.pub
----------------------------------------------------------------------

Each of us bears his own Hell.
		-- Publius Vergilius Maro (Virgil)



More information about the Gnupg-users mailing list