S/MIME certs and GPG

Sauman Mahata sauman at gmail.com
Tue Jun 2 09:34:11 CEST 2009


Hi,
I'm having problems using S/MIME certificates in GPG. After importing my
keys into gpg(they appear in Kleopatra when I'm done), signing and
encrypting with S/MIME is unsuccessful. Using Kleopatra's system tray
Clipboard function to sign with the S/MIME cert gives me the error:
*Signing Failed: General Error*

And using Kleopatra's Clipboard function to encrypt with the S/MIME cert
gives the following error:
*Encryption Failed: Not Found*

I'm using Gpg4Win 1.9.16 BETA and the certs are issued by my CA(Windows
Server 2008, Exchange Server).

So far (after much effort) I have managed to export the certs(private and
public keys) via Internet Explorer (.pfx files) and using OpenSSL, convert
the bundle into .pem and extract the key, issuer cert and user cert.

The method I go through to get the cert into gpg is as follows:

gpgsm --call-protect-tool --p12-import --store charliekey.p12

gpgsm --import

(after which I copy+paste the details from the pem file from Bag Attributes
to ---END CERTIFICATE--- for the issuer cert and then repeated for the
user's cert)

However, the secret key does not show in --list-secret-keys. It shows
however if I do this:
gpgsm --import charliesign.pfx
Output:

gpgsm: gpg-protect-tool: 1240 bytes of 3DES encrypted text

gpgsm: gpg-protect-tool: 2728 bytes of RC2 encrypted text

gpgsm: gpg-protect-tool: processing certBag

gpgsm: gpg-protect-tool: processing certBag

gpgsm: gpg-protect-tool: keygrip: 8069846C970B7CC3FADEBE2B7995400817694359

gpgsm: gpg-protect-tool: AllowSetForegroundWindow(2188) failed: Access is
denied.

gpgsm:

gpgsm: gpg-protect-tool: AllowSetForegroundWindow(3116) failed: Access is
denied.

gpgsm:

gpgsm: gpg-protect-tool: NOTE: you should run 'diskperf -y' to enable the
disk statistics

gpgsm: gpg-protect-tool: NOTE: you should run 'diskperf -y' to enable the
disk statistics

gpgsm: gpg-protect-tool: NOTE: you should run 'diskperf -y' to enable the
disk statistics

gpgsm: gpg-protect-tool: NOTE: you should run 'diskperf -y' to enable the
disk statistics

gpgsm: gpg-protect-tool: secret key stored as `C:\Documents and
Settings\user\Application
Data\gnupg\private-keys-v1.d\8069846C970B7CC3FADEBE2B7995400817694359.key'

gpgsm: total number processed: 2

gpgsm:              unchanged: 2

As can be seen in the output, the secret key has been stored, and shows when
I type gpgsm --list-secret-keys.
Importing the pfx works in xp, but does not work in Vista. Does anyone know
why my secret key can't be imported? I might have been doing something
wrong.
The command I use to extract the secret key is:
 openssl pkcs12 -in charliebundle.pem -export -out charliekey.p12 -nocerts
-nodes

Also, I have read that after importing the certs I have to make them
trusted. How do I do so? I cannot find the file  ~/.gnupg/trustlist.txt
mentioned in these tutorials.

Any help is much appreciated!

Thanks!

Regards,
Sauman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090602/44af7aef/attachment-0001.htm>


More information about the Gnupg-users mailing list