Problem with x.509 certificate and OpenPGP Card

Michael Freischlad freischlad at
Tue Oct 23 17:22:54 CEST 2012

Dear all,

I've got a OpenPGP Card 2.0 and would like to use it with Thunderbird 
for signing and encrypting mails via s/mime. I'm running latest version 
of gpg2 (2.0.19) on a Windows 7 machine.
What I did so far:
1) Set up of OpenPGP Card with gpg2 (changed name, generated keys). No 
Problems so far, Card works fine.
2) Generated Certification Request with gpgsm. Also worked fine.
3) signed request with a new generated own rootCA in xca
4) Transfer of certificate to the card with gpg2 --card-edit (writecert 
3 < cert.crt). Still everything worked good.
I now thought it'll be everything to do. So I terminated gpg-agent.exe 
in task manager and started Thunderbird (already with PKCS#11 
configured). Right after opening the certificates dialog my Smart Card 
PIN is requested by the PKCS#11 driver. But there is no x.509 
certificate shown.
I tried to import the certificates (root and signed certificate) with 
gpgsm --import but with no effect. Also reboots, card reader 
disconnection, restart of thunderbird in every possible combination did 
not work.

What am I doing wrong?

Thanks and regards,

More information about the Gnupg-users mailing list