S/MIME which certificate format

Marco Moock mm at dorfdsl.de
Fri Jun 6 21:33:21 CEST 2025 

Am 13.05.2025 um 15:32:56 Uhr schrieb Werner Koch:

> Takeaway is that we can handle an empty subject but that return an
> error.  I just fixed this for for master and 2.4.
> See https://dev.gnupg.org/T7171

I was able to import the certificate, but I still have issues importing
my private key (and only this).
Importing the public certificate is now working.

I was able to import it completely as p12 after exporting (backup) it
from Thunderbird.

Although, if I want to only import my private key (exported by
gpgsm with --export-secret-key-p8), I get an error with the
issuer check.

I cannot provide you the private key, maybe can you create your own
private key/cert/CA without a subject to test.

I am trying to import the stuff that I exported from gpgsm before.
I am using opensuse tumbleweed for testing.

m at ryz:~$ cat /tmp/gpg 
test at localhost:~> gpgsm --armor --export-secret-key-p8 0x520AB3F9 > gpg-priv-out
test at localhost:~> gpg ^C
test at localhost:~> gpgsm --delete-key 0xDAB9AD8E 0x520AB3F9 0x966573C5
test at localhost:~> gpgsm --delete-key 0x6CEE184C 0x64D8E349
test at localhost:~> gpgsm --list-keys
test at localhost:~> gpgsm --import gpg-priv-out 
gpgsm: no issuer found in certificate
gpgsm: Grundlegende Zertifikatprüfungen fehlgeschlagen - nicht importiert
gpgsm: no issuer found in certificate
gpgsm: Grundlegende Zertifikatprüfungen fehlgeschlagen - nicht importiert
gpgsm: ksba_cert_hash failed: Kein Wert
gpgsm: gesamte verarbeitete Anzahl: 2
gpgsm:                        nicht importiert: 2
[GNUPG:] FAILURE gpgsm-exit 50331649
test at localhost:~> gpgsm --version
gpgsm (GnuPG) 2.5.7
libgcrypt 1.11.1
libksba 1.6.7
Copyright (C) 2025 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
 
Home: /home/test/.gnupg
Unterstützte Verfahren:
Cipher: 3DES, AES128, AES192, AES256, SERPENT128, SERPENT192, SERPENT256, SEED, CAMELLIA128, CAMELLIA192, CAMELLIA256
Pubkey: RSA, ECC, ECC
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224, WHIRLPOOL
test at localhost:~>
m at ryz:~$ 
 
Is there still an issue or do I use it wrong?

-- 
Gruß
Marco

Send unsolicited bulk mail to 1747143176muell at cartoonies.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250606/a6168c75/attachment.sig>

More information about the Gnupg-users mailing list