can't encrypt with public key from sectigo (former comodo)

Ingo Klöcker kloecker at kde.org
Wed Feb 6 18:03:43 CET 2019


On Mittwoch, 6. Februar 2019 10:30:04 CET Uwe Brauer wrote:
> With this certificate:
> Encrypting and signing still works in thunderbird

Thunderbird probably uses the certificate bundle provided by your 
distribution.

> But I tried the following in the command line
> 
> gpgsm --encrypt -r 0xCC6EDB92 epg-error.txt
> 
> And obtain
> 
> gpgsm: Note: non-critical certificate policy not allowed
> gpgsm: dirmngr cache-only key lookup failed: Not found
> gpgsm: issuer certificate {09C0F2FC0BDA94DB5FFE2BDFA89942CFC9E0AD00} not
> found using authorityKeyIdentifier gpgsm: dirmngr cache-only key lookup
> failed: Not found
> gpgsm: issuer certificate not found
> gpgsm: issuer certificate: #/CN=Sectigo RSA Client Authentication and Secure
> Email CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB gpgsm:
> can't encrypt to '0xCC6EDB92': Missing issuer certificate
> 
> How can I solve that issue?

Add the CA certifcate of Sectigo to ~/.gnupg/trustlist.txt .

gpgsm explicitly does not use the certificate bundles provided by the 
distributions.

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190206/3e787323/attachment.sig>


More information about the Gnupg-users mailing list