How to join pubring.kbx and pubring.gpg?
dgouttegattat at incenp.org
Fri Jun 16 11:32:15 CEST 2017
On 06/16/2017 10:27 AM, Binarus wrote:
> Unfortunately, I didn't find any hint on how to extract that key. It is
> in the certificate for sure, and I think I will eventually be able to
> dump it after playing some time with OpenSSL, but then I eventually
> won't know how to integrate it into Enigmail / gpg4win.
Well, there is the Monkeysphere's pem2openpgp tool , but AFAIK it
only works with *private* keys, not public keys.
> Furthermore, I am still not sure if this is just a matter of
> transforming the key or if the whole software / data exchange protocol
> depends on the sort of key. In other words, even if I would manage to
> extract the key and to integrate it into the Enigmail / gpg4win world,
> would the communication partner be able to decrypt the respective messages?
No. You would generate an OpenPGP-encrypted message that your partner
won't be able to decrypt using their S/MIME software. They would need an
OpenPGP implementation (be it GnuPG or any other one).
> The bottom line seems to be that I can't use Enigmail / gpg4win to
> exchange email with communication partners which provide their keys in
> form of certificates. This does not make much sense since there is a
> strong trend among the big companies to provide only PGP certificates
> instead of PGP keys.
You seem to be confused between OpenPGP certificates and X.509
certificates, and I think this is the root of your problem.
Let me try to explain.
There are two completely independent standard for e-mail encryption and
signing: OpenPGP and S/MIME.
Each standard uses its own formats. OpenPGP uses OpenPGP certificates
(which are called "public key" out of habit, but they really are
certificates), and S/MIME uses X.509 certificates.
Both partners in a conversation have to use the same standard, either
OpenPGP or S/MIME (of course they can use *any* software implementing
the same standard, because that's what standards are all about).
Now what you got from your partner is a X.509 certificate, which means
that said partner is using S/MIME, not OpenPGP.
There's no many options here: you and your partner must agree on the
standard you use for your communications. Either you convince your
partner to switch to OpenPGP when he is communicating with you, or you
switch yourself to S/MIME when you're communicating with him.
> Slightly off-topic: Does anybody eventually know if and when Enigmail /
> gpg4win will support certificates?
Thunderbird already supports S/MIME and X.509 certificates natively, you
do not need Enigmail for that.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users