How to join pubring.kbx and pubring.gpg?

Binarus lists at binarus.de
Fri Jun 16 15:04:13 CEST 2017


On 16.06.2017 11:32, Damien Goutte-Gattat wrote:

> Well, there is the Monkeysphere's pem2openpgp tool [1], but AFAIK it
> only works with *private* keys, not public keys.

Most articles / tutorials I came across during my research were dealing
with private keys ... that should have made me mistrustful on its own.

> No. You would generate an OpenPGP-encrypted message that your partner
> won't be able to decrypt using their S/MIME software. They would need an
> OpenPGP implementation (be it GnuPG or any other one).

This is where I have been mislead. Of course, I already knew that S/MIME
and PGP are both widely used, but totally different, and it was also
clear to me that a recipient who uses S/MIME has no way to decrypt PGP
messages, and vice versa.

There were three things which pulled me on the wrong track:

1) My new communication partner claimed that they supported S/MIME as
well as PGP, making the impression that I could choose which one I would
like to use. I told him that I would like to use PGP (as I've always
done in similar cases in the past) and not S/MIME.

2) My new communication partner claimed (even in written form) that the
certificate they provided to me was a "PGP certificate". Well, we all
probably know the level of technical knowledge in big companies'
customer support ... I should have been warned.

3) I would never have come to the idea that GnuPG handles S/MIME
certificates. Obviously, gpgsm is part of GnuPG, and obviously, it can
handle the certificate which I have been given. Thus, I have been quite
sure that it indeed must have been some sort of "PGP certificate",
because I couldn't imagine that a part of GnuPG software could deal with
S/MIME certificates.

So GnuPG seems to be in the process of becoming an S/MIME software, a
thing which I would have heavily denied until now if somebody would have
asked me.

These three reasons made me strongly believe that the certificate I have
been given actually was a thing like PGP key in a "modern" format. So I
was convinced that I could convert it to the usual PGP key format somehow.

(Sidenote: The naming of that utility of course finally makes sense now
... I have done gpgsm <some options> and have wondered about the name of
that program more than one time :-)

> You seem to be confused between OpenPGP certificates and X.509
> certificates, and I think this is the root of your problem.

Not at the level of general understanding, but having been heavily
mislead in this case (see above) ...

> Thunderbird already supports S/MIME and X.509 certificates natively, you
> do not need Enigmail for that.

Yes, I have configured Thunderbird often in all sorts of environment and
therefore often have come across the S/MIME configuration window. So I
knew it was in there, but I did not use it until now.

The actual cause of my problem, as you have already stated, is quite
simple: I just did not know nor assume nor even consider that the
certificate I have been given could be an S/MIME certificate. Now that I
know that, I am quite confident that I will be able to configure and use
S/MIME properly.

Once again, a big thanks for all the help and for your time!

Regards,

Binarus




More information about the Gnupg-users mailing list