gpgsm recipient format

yyy yyy at yyy.id.lv
Wed Aug 10 13:13:29 CEST 2011 

Hello!

When using gpgsm to encrypt a file, what is the primarily
intended recipient format?

gpgsm -e -r xxxx file_to_be_encrypted.ext

What to put in place of xxxx?

Certificate were imported using gpgsm --import cert.pem,
it shows in gpgsm --list-keys. Certificate is self signed and
the only filed containing useful information is CN, there are
some other fields containing junk. There is no e-mail address
specified. Tried to specify user-IDs as told here:
http://www.gnupg.org/documentation/manuals/gnupg-devel/Specify-a-User-ID.html#how-to-specify-a-user-id
None of these methods worked, errors were as follows:

By key ID. (#1 in list)
Assumed that first entry in --list-keys, named ID is that, it was 0xD56CAEDD
executing: gpgsm -e -r 0xD56CAEDD file.ext
produced this error:
gpgsm: can't encrypt to `0xD56CAEDD': No value

By fingerprint. (#2 in list)
Fingerprint was last entry in --list-keys, and it was
81:4A:73:CC:AB:BC:41:D3:D7:99:0F:A3:C0:75:AB:E0:D5:6C:AE:DD
executing: gpgsm -e -r
81:4A:73:CC:AB:BC:41:D3:D7:99:0F:A3:C0:75:AB:E0:D5:6C:AE:DD file.ext
produced error:
gpgsm: can't encrypt to `0x81:4A:73:CC:AB:BC:41:D3:D7:99:0F:A3:C0:75:AB:E0:D5:6C
:AE:DD': Invalid name
removing 0x in beginnig of fingerprint, did change nothing

By exact match on OpenPGP user ID. (#3 in list)
Does not applies here, because does not applies to X509 certificates

By exact match on an email address. (#4 in list)
Does not applies here, because certificate does not
contains an email address.

By word match. (#5 in list)
Only rememberable word there were CN (cert), executing:
gpgsm -e -r +cert file.ext
produced error:
../../gnupg2-2.0.17/kbx/keybox-search.c:858: oops; should never get here
../../gnupg2-2.0.17/kbx/keybox-search.c:858: oops; should never get here
gpgsm: can't encrypt to `+cert': No public key

By exact match on the subject's DN. (#6 in list)
As specified in the list, subjects DN string was extracted from output
of: gpgsm --list-keys --with-colons
It was:
CN=cert,OU=key_usage,O=no_specified,L=bez_ca,ST=undefined_type,C=lv
executing:
gpgsm -e -r
/CN=cert,OU=key_usage,O=no_specified,L=bez_ca,ST=undefined_type,C=lv
file.ext
produced error:
gpgsm: can't encrypt to `/CN=cert,OU=key_usage,O=no_specified,L=bez_ca,ST=undef
ined_type,C=lv': No value

By exact match on the issuer's DN. (#7 in list)
Since this is a self signed certificate, DN string is the same.
(except for # in front of string)
Error was exactly the same as in previous case.

By exact match on serial number and issuer's DN. (#8 in list)
executing:
gpgsm -e -r
#01/CN=cert,OU=key_usage,O=no_specified,L=bez_ca,ST=undefined_type,C=lv file.ext
produced error:
gpgsm: can't encrypt to `#01/CN=cert,OU=key_usage,O=no_specified,L=bez_ca,ST=un
defined_type,C=lv': No value

By keygrip. (#9 in list)
Keygrip obtained by --dump-cert was:
3992799455D8CCCFECA75FE1BD7708D8A7E2EFD6
executing:
gpgsm -e -r &3992799455D8CCCFECA75FE1BD7708D8A7E2EFD6 file.ext
produced error:
gpgsm: missing argument for option "-r"
'3992799455D8CCCFECA75FE1BD7708D8A7E2EFD6' is not recognized as an internal or external command,
operable program or batch file.

By substring match. (#10 in list)
Tried on CN. Executing:
gpgsm -e -r cert file.ext
produced error:
gpgsm: can't encrypt to `cert': No value
If using partial substring (with * in beginning), error were the same:
gpgsm -e -r *cert file.ext
gpgsm: can't encrypt to `*cert': No value

These were all 10 specified methods.
Output of --list-keys:
           ID: 0xD56CAEDD
          S/N: 01
       Issuer: /CN=cert/OU=key_usage/O=no_specified/L=bez_ca/ST=undefined_type/C=lv
      Subject: /CN=cert/OU=key_usage/O=no_specified/L=bez_ca/ST=undefined_type/C=lv
     validity: 2010-12-04 18:14:32 through 2011-12-04 06:33:15
     key type: 1024 bit RSA
 chain length: none
  fingerprint: 81:4A:73:CC:AB:BC:41:D3:D7:99:0F:A3:C0:75:AB:E0:D5:6C:AE:DD

Output of --dump-cert:
           ID: 0xD56CAEDD
          S/N: 01
       Issuer: CN=cert,OU=key_usage,O=no_specified,L=bez_ca,ST=undefined_type,C=lv
      Subject: CN=cert,OU=key_usage,O=no_specified,L=bez_ca,ST=undefined_type,C=lv
     sha1_fpr: 81:4A:73:CC:AB:BC:41:D3:D7:99:0F:A3:C0:75:AB:E0:D5:6C:AE:DD
      md5_fpr: FB:F8:0D:AA:1F:2F:F9:F8:28:40:7E:B7:49:DB:7F:F3
       certid: 3A409A4E9141A06D70B234CC5716FAEF282A3477.01
      keygrip: 3992799455D8CCCFECA75FE1BD7708D8A7E2EFD6
    notBefore: 2010-12-04 18:14:32
     notAfter: 2011-12-04 06:33:15
     hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
      keyType: 1024 bit RSA
    subjKeyId: [none]
    authKeyId: [none]
     keyUsage: [none]
  extKeyUsage: [none]
     policies: [none]
  chainLength: [none]
        crlDP: [none]
     authInfo: [none]
     subjInfo: [none]


     
Is there a way for recipient just specify a certificate file
in pem format? (Without using keyring.)
Is it possible to import pem format private keys?

More information about the Gnupg-users mailing list