GnuPG to create CSR

Ali Hassan Hamed Al Ajmi (eChannels) AliAjmi at
Thu Feb 9 06:59:05 CET 2017

I got the issue.

Firewall was blocking the "dirmngr" from communicating with CA to validate x.509 certificates. I have solved that by disabling it. However,
I am trying to use gpgsm from command line to do encryption/decryption & signing/verifying. I stuck with how to pass the passphrase in command line. I tried to use the option : passphrase-fd but I am getting this error:

gpgsm --batch --passphrase-fd 0 --decrypt "C:\Test\POC.txt.p7m"
gpgsm: invalid option "--passphrase-fd"

Is this a bug in the tool ( on windows/ linux). Or it is not supported

anyone could help me on that.
The idea is to use the tool on a server where no-human-interaction is required.

-----Original Message-----
From: Daniel Kahn Gillmor [mailto:dkg at]
Sent: Saturday, February 04, 2017 7:09 AM
To: Ali Hassan Hamed Al Ajmi (eChannels) <AliAjmi at>; gnupg-users at
Cc: Naveen Rajghatta (Risk Management) <navin at>; Subash S (IT) <Subash at>
Subject: RE: GnuPG to create CSR

On Tue 2017-01-31 07:05:45 -0500, Ali Hassan Hamed Al Ajmi (eChannels) wrote:

> Thanks for your response,
> I have successfully created the CSR and send it to internal CA
> (Microsoft CA) team. They sent me the certificate. I have used
> Kleopatra UI to import the created certificate after save it in a file
> (attaching sample file). Using same Kleopatra UI, I have also imported
> root & intermediate certificates for the CA. looks like attached
> img(kleopatra.png): We I tried to encrypt or sign any file, it shows
> this error (attached error.png)
> Is there anything wrong I have done?
> Or it is just because Kleopatra does not support X.509 certificate created by Microsoft CA?

I'm sorry, i don't know the answer here, as this is a platform i don't use myself.  hopefully someone else on the list here who uses GnuPG on Windows and Kleopatra can give you some feedback or suggestions for how to debug further.


"Disclaimer! This email message is intended for the named recipient only. If you are not the intended recipient and if you have received this message by error, please immediately notify us through E-Mail at notify at and please delete this message from your system. E-mail communications are insecure and capable of interception and corruption, bank muscat would not be liable for incorrect, incomplete transmission, loss or damage on this account or delayed receipt of this e-mail."

More information about the Gnupg-users mailing list