gpgsm and Kmail and X509 certificates

Werner Koch wk at
Fri Sep 21 08:22:08 CEST 2007

On Fri, 21 Sep 2007 04:47, gnichols at said:

> [graeme at barney ~]$ gpgsm --import My_Certificate120308.p12
> gpgsm: gpgsm: GPG_TTY has not been set - using maybe bogus default
> gpgsm: gpg-protect-tool: canceled by user

You system is not correctly installed.  The QT based pinentry might work
even without knowing the tty, but I am not sure about this.  The GTK and
curses based pinentries definitely need to know the tty.  Thus you
should put this into your .bashrc or whatever sets up the environment
for a session (gpg-agent does not need to known GPG_TTY):

 export GPG_TTY

> No. there are no files in the ~/.gnupg/private-keys-v1.d/ directory.

Obvious if the p12 file import failed and you didn't create a
certificate requests with gpgsm.

> Does not work as you can see above. Is the backup of my certificate from 
> Mozilla in *.p12 format the same as getting it from CACert in *.p12 format?


PKCS#12 is a weird format and it is possible that GnuPG will not be able
to parse it.  However, currently I have no open bugs on this so it
should work.  The error message would be different from what the one you



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list