missing root certificate, SMIME spanish government
Werner Koch
wk at gnupg.org
Mon Jun 3 12:22:12 CEST 2019
On Sat, 1 Jun 2019 14:49, oub at mat.ucm.es said:
> Well but if I import the key, then I don't need to add it to the
> trustedlist file
The trustlist.txt list those certificates which are valid as root
certificates. Importing a certificate does not add it to this list for
obvious reasons: All kind of certificates are imported all the time
without the user noticing (e.g. those sent as part of an S/MIME mail).
Root certificates are the trust anchor and thus we need the user's consent
to use them in such a way.
By default gpgsm asks you whether a certificate, which technically can
act as root certificate, shall be granted the trusted status (i.e. used
as a root certificate by being added to trustlist.txt). You can change
this default by adding "no-allow-mark-trusted" to gpg-agent.conf.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190603/d4df17ef/attachment.sig>
More information about the Gnupg-users
mailing list