Can I use my Microsoft Outlook S/MIME certificate with gpgsm.exe ?

Dan Bryant dkbryant at gmail.com
Wed Mar 13 09:03:31 CET 2019


So I work for a large company that has their own internal CA and
maintains their own set of S/MIME certificates.  We periodically have
to re-enroll in S/MIME and import the certificate into Microsoft
Outlook to have encrypt / sign functionality.  This time when I
enrolled for my recent certificate, I went ahead and added my S/MIME
to gpgsm.  Import looked good (I guess), but I'm unable to sign.  I've
looked at the public and private keys and it looks like the whole
chain is imported.  Kleopatra also has them showing up in the right
hierarchical order.  I apologize for clipping some of my command
output but our company is rather paranoid about publicly publishing
internal key data, even public key data.

$ gpgsm --version --verbose
gpgsm (GnuPG) 2.2.11
libgcrypt 1.8.4
libksba 1.3.5
<clip>

$ gpgsm --import sMIME.pfx
<clip>
gpgsm: total number processed: 4
gpgsm:              unchanged: 3
gpgsm:       secret keys read: 1
gpgsm:  secret keys unchanged: 1

$ echo hi | gpgsm --sign --armor --default-key 0x64208E9A
--disable-crl-checks --disable-policy-checks
gpgsm: error creating signature: No value <KSBA>



More information about the Gnupg-users mailing list