Issuing non self-signed certificate without having the private key in gpgsm keyring
wk at gnupg.org
Wed Feb 28 15:35:28 CET 2018
On Fri, 23 Feb 2018 19:21, jym at NetBSD.org said:
> ATM (with gpgsm (GnuPG) 2.2.4) , due to , gpgsm cannot sign
> certificate for which a public key has been imported but without an
> associated private key to it (disregarding the self-signing
What you here is to create CSR (Certifciate Signing Request) for a new
certificate. This involves a signature done with the private key for
the public key in that CSR.
> gpgsm: line 1: error getting key by keygrip 'D3513A1E...48E0BDB6D35':
> No such file or directory
> gpgsm: error creating certificate request: No such file or directory
You simply don't have that key. What you enter there is the key grip
$ gpgsm --with-keygrip -K 0x05B0DC50
Issuer: /CN=The STEED Self-Signing Nonthority
Subject: /CN=John Steed
aka: steed at itv.example.org.uk
validity: 2011-12-06 20:30:46 through 2063-04-05 17:00:00
key type: 1024 bit RSA
If you enter the value in the last line at the prompt, the very same key
would be used for a new certificate.
> Would it make sense to relax the test in  and allow certificate
> creation when we are not issuing a self-sign cert?
That would violate the standard for creating a CSR.
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 227 bytes
Desc: not available
More information about the Gnupg-users