S/MIME which certificate format
Marco Moock
mm at dorfdsl.de
Tue Nov 5 17:11:35 CET 2024
Am 05.11.2024 um 13:51:12 Uhr schrieb Werner Koch:
> On Tue, 5 Nov 2024 13:12, Marco Moock said:
>
> > As the release notes say it is fixed in 2.4.6, I tried it today, but
> > doesn't work yet.
>
> Unfortunately the tracker has no information on a sample certificate
> useful for debugging. I didn't checked the mailing list though. What
> does
>
> gpgsm --show-cert zertifikat-smime/PKCS7_File/PKCS7.p7b
>
> give?
m at ryz:~$ gpgsm --show-cert zertifikat-smime/PKCS7_File/PKCS7.p7b
gpgsm: enabled debug flags: ipc
gpgsm: enabled compatibility flags:
gpgsm: ksba_cert_hash failed: Kein Wert
gpgsm: ksba_cert_hash failed: Kein Wert
gpgsm: ksba_cert_hash failed: Kein Wert
gpgsm: ksba_cert_hash failed: Kein Wert
ksba: ber-decoder: node `?': TLV length too large
File ........: zertifikat-smime/PKCS7_File/PKCS7.p7b
ID: 0xFFFFFFFF
S/N: keine
(dec): keine
Issuer: [error]
Subject: [error]
sha2_fpr:
FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF
sha1_fpr: FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF
md5_fpr: FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF certid: error
keygrip: error
notBefore: keine
notAfter: keine
hashAlgo: (null)
keyType: [error]
subjKeyId: [none]
authKeyId: [none]
keyUsage: [none]
extKeyUsage: [none]
policies: [none]
chainLength: [none]
crlDP: [none]
authInfo: [none]
subjInfo: [none]
gpgsm: secmem usage: 0/16384 bytes in 0 blocks
m at ryz:~$
Can you also extraxt the certificate and provide it as a DER or
> PEM encoded file (feel free so sent to my private address).
I got it in different formats from Sectigo.
PKCS7, PEM and plain text.
The plain text version contained no line breaks, I had to add them so
openssl could parse them.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
cd:b8:82:cf:52:a4:25:8a:4c:b6:fa:03:c4:15:dd:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo
Limited, CN=Sectigo RSA Client Authentication and Secure Email CA
Validity Not Before: Jun 10 00:00:00 2024 GMT
Not After : Jun 10 23:59:59 2026 GMT
Subject:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:92:8a:f5:bc:23:3b:e5:f1:0b:02:06:96:80:22:
a0:fb:37:5c:8f:bc:07:08:8f:e9:59:85:eb:ec:47:
46:f5:48:7f:e6:ca:00:1e:8c:7a:81:e4:3c:98:a7:
7e:33:95:7c:ae:36:52:c5:93:46:62:23:7a:66:63:
31:99:62:33:df:da:73:cc:c6:2a:e2:40:66:3d:ae:
95:0c:59:b4:5a:4a:f1:8c:5a:73:3c:d0:e1:02:ee:
fb:95:17:62:03:1c:6a:7a:b8:06:03:ee:6e:9c:c2:
75:11:c5:16:aa:11:a5:23:06:65:78:2f:5c:5f:3f:
07:95:8a:ec:c1:37:75:e6:9e:a6:1a:50:aa:b8:13:
ed:fe:cd:2b:b5:b0:ef:d8:16:b7:05:ef:38:18:3d:
25:cb:72:e4:50:29:2b:ee:f2:b3:45:eb:d5:41:93:
8b:f6:82:1b:d2:37:3c:c2:44:4a:aa:4e:3c:fc:f9:
e3:e8:52:ec:08:07:9c:8c:2f:dc:4b:ff:16:25:fa:
f1:b5:a4:4f:5b:16:5b:db:97:51:1e:70:4c:c4:aa:
35:03:ac:da:87:4f:08:ef:69:62:cd:7a:84:38:ba:
db:8b:60:27:41:eb:be:85:b5:52:f7:2a:f2:8c:b8:
d3:17:d9:fa:ad:76:46:d9:0b:1d:82:10:f5:66:9d:
b6:7a:b6:03:d0:a1:1a:bd:23:fd:24:8d:5a:9b:2d:
99:00:23:74:2f:6d:c5:fd:f3:6d:0a:d7:93:88:f7:
70:dc:80:9b:03:99:7b:3e:70:39:45:05:c1:07:a6:
c8:7a:1a:bb:73:f0:46:80:02:fb:68:16:e8:c6:2f:
e6:9a:58:35:10:4b:27:96:ae:f3:67:8a:18:dd:3b:
0b:d9:d2:67:56:b7:2d:dc:48:3b:7f:90:e7:d0:cc:
47:8e:f5:de:46:03:f9:fb:37:0b:1b:8e:d4:16:9e:
09:d5:42:5d:df:2a:09:0e:b1:54:7d:16:c4:6a:82:
f7:df:5a:3e:4f:10:82:ef:a7:70:31:32:c1:af:46:
3c:f7:c9:3d:23:76:e5:d3:7a:41:a1:01:9a:c5:42:
5c:a4:36:7f:00:f1:59:4e:5d:96:ce:25:45:6c:77:
6f:9e:cf:62:ba:d3:3a:86:6b:8d:87:86:40:cf:de:
b9:e2:b0:01:f7:96:0c:72:90:11:52:b3:8a:c6:96:
e8:33:c5:c8:45:e2:0c:e1:22:52:44:7b:3c:e2:84:
c7:5a:c2:93:7b:06:a0:e8:7b:a0:9c:d5:3e:c9:10:
fd:e2:5a:27:e4:63:a9:69:33:b4:53:21:29:da:19:
44:e6:3b:24:b9:24:0e:94:11:11:5a:ad:a1:ba:9d:
80:ac:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
09:C0:F2:FC:0B:DA:94:DB:5F:FE:2B:DF:A8:99:42:CF:C9:E0:AD:00
X509v3 Subject Key Identifier:
29:8E:85:EF:E4:89:A7:35:82:CC:93:24:FD:ED:34:9C:DC:91:5F:33
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
E-mail Protection
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.1.10.2
CPS: https://sectigo.com/SMIMECPS
Policy: 2.23.140.1.5.1.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.sectigo.com/SectigoRSAClientAuthenticationandSecureEmailCA.crl
Authority Information Access:
CA Issuers -
URI:http://crt.sectigo.com/SectigoRSAClientAuthenticationandSecureEmailCA.crt OCSP - URI:http://ocsp.sectigo.com
X509v3 Subject Alternative Name: critical
email:mm at dorfdsl.de
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
6b:ee:7e:e9:ba:44:61:29:af:f8:1e:e1:f6:45:77:b2:37:3b:
27:4b:32:19:a9:33:e8:15:2b:a5:9e:2b:98:1a:5e:3a:95:9d:
8d:04:92:1f:a8:0d:2d:8a:3b:ed:89:c7:ad:00:31:14:76:cd:
9b:06:ac:b7:90:e7:c3:64:4c:7b:44:89:7b:4f:1d:97:43:4b:
23:56:e7:91:77:42:18:28:7e:7d:f9:7c:fa:d0:f1:04:2f:fe:
b7:b3:23:2d:95:1a:d5:4d:d6:b7:67:ba:84:b5:d2:82:0c:8a:
06:c9:f4:b5:57:ef:12:d5:e9:b2:99:96:67:c4:10:b9:53:a2:
6a:d5:bf:5f:f7:9c:a1:e2:23:cc:8e:21:23:8e:5c:3c:cb:30:
c7:90:22:35:57:70:16:1b:56:e4:a8:b6:8c:b9:27:e9:e8:e8:
33:c9:b1:18:1a:ff:88:07:cf:da:e6:8e:85:4c:05:d1:87:a4:
e9:49:28:7c:f5:cf:cc:1e:9a:93:db:8f:e0:ee:cf:0f:2c:a8:
12:c4:a4:69:4b:73:06:80:57:c7:31:35:ca:a6:56:01:5d:db:
01:f2:42:ce:70:fb:03:7d:e9:a0:cb:80:b7:13:ae:9e:e1:29:
e0:c0:b4:95:e5:ae:18:a8:d8:cc:aa:f3:53:89:47:23:27:21:
db:46:8b:35
-----BEGIN CERTIFICATE-----
MIIF8zCCBNugAwIBAgIRAM24gs9SpCWKTLb6A8QV3b0wDQYJKoZIhvcNAQELBQAw
gZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE+MDwGA1UE
AxM1U2VjdGlnbyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUg
RW1haWwgQ0EwHhcNMjQwNjEwMDAwMDAwWhcNMjYwNjEwMjM1OTU5WjAAMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkor1vCM75fELAgaWgCKg+zdcj7wH
CI/pWYXr7EdG9Uh/5soAHox6geQ8mKd+M5V8rjZSxZNGYiN6ZmMxmWIz39pzzMYq
4kBmPa6VDFm0WkrxjFpzPNDhAu77lRdiAxxqergGA+5unMJ1EcUWqhGlIwZleC9c
Xz8HlYrswTd15p6mGlCquBPt/s0rtbDv2Ba3Be84GD0ly3LkUCkr7vKzRevVQZOL
9oIb0jc8wkRKqk48/Pnj6FLsCAecjC/cS/8WJfrxtaRPWxZb25dRHnBMxKo1A6za
h08I72lizXqEOLrbi2AnQeu+hbVS9yryjLjTF9n6rXZG2QsdghD1Zp22erYD0KEa
vSP9JI1amy2ZACN0L23F/fNtCteTiPdw3ICbA5l7PnA5RQXBB6bIehq7c/BGgAL7
aBboxi/mmlg1EEsnlq7zZ4oY3TsL2dJnVrct3Eg7f5Dn0MxHjvXeRgP5+zcLG47U
Fp4J1UJd3yoJDrFUfRbEaoL331o+TxCC76dwMTLBr0Y898k9I3bl03pBoQGaxUJc
pDZ/APFZTl2WziVFbHdvns9iutM6hmuNh4ZAz9654rAB95YMcpARUrOKxpboM8XI
ReIM4SJSRHs84oTHWsKTewag6HugnNU+yRD94lon5GOpaTO0UyEp2hlE5jskuSQO
lBERWq2hup2ArDcCAwEAAaOCAc8wggHLMB8GA1UdIwQYMBaAFAnA8vwL2pTbX/4r
36iZQs/J4K0AMB0GA1UdDgQWBBQpjoXv5ImnNYLMkyT97TSc3JFfMzAOBgNVHQ8B
Af8EBAMCBaAwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDBDBQBgNV
HSAESTBHMDoGDCsGAQQBsjEBAgEKAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3Nl
Y3RpZ28uY29tL1NNSU1FQ1BTMAkGB2eBDAEFAQMwWgYDVR0fBFMwUTBPoE2gS4ZJ
aHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBQ2xpZW50QXV0aGVudGlj
YXRpb25hbmRTZWN1cmVFbWFpbENBLmNybDCBigYIKwYBBQUHAQEEfjB8MFUGCCsG
AQUFBzAChklodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FDbGllbnRB
dXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCMGCCsGAQUFBzABhhdo
dHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAbBgNVHREBAf8EETAPgQ1tbUBkb3JmZHNs
LmRlMA0GCSqGSIb3DQEBCwUAA4IBAQBr7n7pukRhKa/4HuH2RXeyNzsnSzIZqTPo
FSulniuYGl46lZ2NBJIfqA0tijvticetADEUds2bBqy3kOfDZEx7RIl7Tx2XQ0sj
VueRd0IYKH59+Xz60PEEL/63syMtlRrVTda3Z7qEtdKCDIoGyfS1V+8S1emymZZn
xBC5U6Jq1b9f95yh4iPMjiEjjlw8yzDHkCI1V3AWG1bkqLaMuSfp6OgzybEYGv+I
B8/a5o6FTAXRh6TpSSh89c/MHpqT24/g7s8PLKgSxKRpS3MGgFfHMTXKplYBXdsB
8kLOcPsDfemgy4C3E66e4SngwLSV5a4YqNjMqvNTiUcjJyHbRos1
-----END CERTIFICATE-----
--
Gruß
Marco
Send unsolicited bulk mail to 1730811072muell at cartoonies.org
More information about the Gnupg-users
mailing list