How to join pubring.kbx and pubring.gpg?

Damien Goutte-Gattat dgouttegattat at
Fri Jun 16 11:32:15 CEST 2017


On 06/16/2017 10:27 AM, Binarus wrote:
> Unfortunately, I didn't find any hint on how to extract that key. It is
> in the certificate for sure, and I think I will eventually be able to
> dump it after playing some time with OpenSSL, but then I eventually
> won't know how to integrate it into Enigmail / gpg4win.

Well, there is the Monkeysphere's pem2openpgp tool [1], but AFAIK it 
only works with *private* keys, not public keys.

> Furthermore, I am still not sure if this is just a matter of
> transforming the key or if the whole software / data exchange protocol
> depends on the sort of key. In other words, even if I would manage to
> extract the key and to integrate it into the Enigmail / gpg4win world,
> would the communication partner be able to decrypt the respective messages?

No. You would generate an OpenPGP-encrypted message that your partner 
won't be able to decrypt using their S/MIME software. They would need an 
OpenPGP implementation (be it GnuPG or any other one).

> The bottom line seems to be that I can't use Enigmail / gpg4win to
> exchange email with communication partners which provide their keys in
> form of certificates. This does not make much sense since there is a
> strong trend among the big companies to provide only PGP certificates
> instead of PGP keys.

You seem to be confused between OpenPGP certificates and X.509 
certificates, and I think this is the root of your problem.

Let me try to explain.

There are two completely independent standard for e-mail encryption and 
signing: OpenPGP and S/MIME.

Each standard uses its own formats. OpenPGP uses OpenPGP certificates 
(which are called "public key" out of habit, but they really are 
certificates), and S/MIME uses X.509 certificates.

Both partners in a conversation have to use the same standard, either 
OpenPGP or S/MIME (of course they can use *any* software implementing 
the same standard, because that's what standards are all about).

Now what you got from your partner is a X.509 certificate, which means 
that said partner is using S/MIME, not OpenPGP.

There's no many options here: you and your partner must agree on the 
standard you use for your communications. Either you convince your 
partner to switch to OpenPGP when he is communicating with you, or you 
switch yourself to S/MIME when you're communicating with him.

> Slightly off-topic: Does anybody eventually know if and when Enigmail /
> gpg4win will support certificates?

Thunderbird already supports S/MIME and X.509 certificates natively, you 
do not need Enigmail for that.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170616/94c73b60/attachment-0001.sig>

More information about the Gnupg-users mailing list