gpgsm and Kmail and X509 certificates
Graeme Nichols
gnichols at tpg.com.au
Sun Sep 23 04:10:26 CEST 2007
Werner Koch wrote:
> On Fri, 21 Sep 2007 04:47, gnichols at tpg.com.au said:
<snip>
> Obvious if the p12 file import failed and you didn't create a
> certificate requests with gpgsm.
I ran gpgsm-gencert.sh script and selected 2. Existing key thinking that
I could use my existing x509 cert. I was then asked for Keygrip. I
entered that and then asked for Name (DN) and this is where my ignorance
really shows. What is the DN? Is it a Domain Name? The script failed
with the wrong info for DN (I tried my email address and name)
Now this is the strange and confusing part, gnichols at tpg.com.au.crt
*did* install OK. It is also listed in Kleopatra's key listing. See
following:
[graeme at barney ~]$ gpgsm --import gnichols at tpg.com.au.crt
gpgsm: certificate is good
gpgsm: total number processed: 1
gpgsm: unchanged: 1
secmem usage: 0/16384 bytes in 0 blocks
Certificate imported OK.
[graeme at barney ~]$ gpgsm --list-secret-keys
/home/graeme/.gnupg/pubring.kbx
-------------------------------
gpgsm: DBG: connection to agent established
secmem usage: 0/16384 bytes in 0 blocks
[graeme at barney ~]$
No certificate listed :-(
Kleopatra's key listing is in the attachment.
> PKCS#12 is a weird format and it is possible that GnuPG will not be able
> to parse it. However, currently I have no open bugs on this so it
> should work. The error message would be different from what the one you
> got.
[graeme at barney ~]$ GPG_TTY="tty"
[graeme at barney ~]$ export GPG_TTY
[graeme at barney ~]$ gpgsm --import My_Certificate120308.p12
gpgsm: gpg-protect-tool: canceled by user
gpgsm: gpg-protect-tool: cancelled
gpgsm: total number processed: 0
secmem usage: 0/16384 bytes in 0 blocks
[graeme at barney ~]$
I have followed the instructions in the
http://kontact.kde.org/kmail/kmail-pgpmime-howto.php HowTo and I still
get errors. e.g., the command echo "test" | gpg -ase -r 0xDD3AAA7D | gpg
which should open a graphical password dialog two times. First for
signing (gpg -ase) and then for decryption (| gpg) gives the following
error;
[graeme at barney .gnupg]$ echo "test" | gpg -ase -r 0xDD3AAA7D | gpg
gpg: NOTE: old default options file `/home/graeme/.gnupg/options' ignored
gpg: NOTE: old default options file `/home/graeme/.gnupg/options' ignored
You need a passphrase to unlock the secret key for
user: "Graeme Nichols (Graeme) <gnichols at tpg.com.au>"
1024-bit DSA key, ID DD3AAA7D, created 2002-11-08
gpg: cancelled by user
gpg: no default secret key: bad passphrase
gpg: [stdin]: sign+encrypt failed: bad passphrase
gpg: processing message failed: eof
[graeme at barney .gnupg]$
The pinentry file is /usr/bin/pinentry. This doesn't seem to work at all.
Also, what config files should I have in ~/.gnupg? There is a whole heap
of config files most of which I think are not necessary. Left over from
earlier versions of gpg.
I am beginning to think that I should remove gpg and kdepim and
re-install to ensure that all dependencies are met. If I do this what
gpg packages do I need to re-install for X509 support?
Another problem that I just thought of that could be causing problems is
that my earlier versions fo gpg were built from a tarball. The Fedora 7
gpg files have been installed from an rpm binary package. Maybe there
are old gpg files lying about causing problems. If that could be the
case where should I look for old gpg files?
Thanks again for your patience.
--
----------------------------------------------------------------------
Kind regards,
Graeme.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Kleopatra-keylisting1.png.gz
Type: application/x-gzip
Size: 40063 bytes
Desc: not available
Url : /pipermail/attachments/20070923/405762ca/attachment-0001.bin
More information about the Gnupg-users
mailing list