Daiki Ueno writes: > Well, S/MIME may have several different formats (see RFC2633 3.8). As > of now Gnus' gpgsm backend does not handle all of them. In summary: > > * sign using multipart/signed - supported > * verify using multipart/signed - supported > * verify using application/x-pkcs7-mime - not supported > * encrypt using application/pkcs7-mime - supported > * decrypt using application/pkcs7-mime - not supported > > Other combinations of operations and formats such as: > > * sign using application/pkcs7-mime > * decrypt using application/octet-stream > > are not even supported by the OpenSSL backend. Thank you for that overview. > By the way, for those who are interested in playing around gpgsm, I > wrote a short instruction to setup gpgsm with CAcert's client > certificates. After the setup, you can use it from Gnus with: > > (setq mml-smime-use 'epg) > > 0. Install gpgsm, dirmngr, etc. [...] This works! Thank you for that HOWTO, it is very helpful. As you state above, signing and verifying with mulipart/signed works without problems. I can also encrypt, but not decrypt with application/pkcs7-mime. I only noted one problem: I often get signed mails which have a protocol "application/x-pkcs7-signature", instead of "application/pkcs7-signature". I usually get those "x-pkcs7-signature" from people using MS Exchange. It isn't even mentioned in the RFC - is this a standard? Otherwise, they don't seem to be different in any way from those messages with a "pkcs7-signature" part. Anyway, I attached a patch for mml-smime.el which also checks for "x-pkcs7-signature". I'm not familiar with this part of Gnus, so I'd appreciate any comments regarding this issue. Regards, David