mml-smime (gpgsm), epg: problems with Outlook 2003/2010.

mml-smime (gpgsm), epg: problems with Outlook 2003/2010.

[Uwe Brauer]

[-- Attachment #1: Type: text/plain, Size: 1199 bytes --]


Hello

A couple of months ago I started to use smime, with epg, gpgsm
(certificates from comodo). I had no problems interchanging encrypted
and signed message with users of thunderbird (seamonkey), evolution,
kmail and applemail.

However I do have problems with users of outlook 2003/2010 (and these
users cannot change their mail program).

So I installed outlook 2003 in a virtualbox and indeed (after having
installed the certificates and interchange signed message) I receive the
following error message when  opening an encrypted+signed message sent
by xemacs:

"Your Digital ID name cannot be found in the underlying security system" 

So I thought this is outlook's fault. 

But then I tried out thunderbird, and outlook has no problems opening a
signed+encrypted message.

Then I tried out kmail, which also uses gpgsm, and again outlook can
open the signed+encrypted message.

So I am really puzzled. I saved the 3 messages

    -  thunderbird

    -  xemacs

    -  kmail

In thunderbird .eml format and attach them below. The difference between
kmail and xemacs is very subtle, but I fail to see any deeper reason.

Any suggestion is very welcome.

thanks

Uwe Brauer 



Uwe Brauer 



[-- Attachment #2: kmail:oub-->oub.oub.oub:_encrypt_self+sign.eml --]
[-- Type: message/rfc822, Size: 11693 bytes --]

[-- Attachment #2.1: smime.p7m --]
[-- Type: application/pkcs7-mime, Size: 8115 bytes --]

From: Uwe Brauer <oub@mat.ucm.es>
To: Uwe Brauer <oub.oub.oub@gmail.com>
Cc: oub@mat.ucm.es
Subject: kmail:oub-->oub.oub.oub: encrypt self+sign
Date: Thu, 21 Feb 2013 14:04:20 +0100
Message-ID: <201302211404.25694.oub@mat.ucm.es>

[-- Attachment #3: thunderbird:_oub-->_oub.oub.oub:_encrypt+sign.eml --]
[-- Type: message/rfc822, Size: 709 bytes --]

From: Uwe Brauer <oub@mat.ucm.es>
To: Uwe Brauer <oub.oub.oub@gmail.com>
Subject: thunderbird: oub--> oub.oub.oub: encrypt+sign
Date: Thu, 21 Feb 2013 13:56:25 +0100
Message-ID: <51261979.6080208@mat.ucm.es>

Test message.

[-- Attachment #4: Xemacs+gnus:_oub-->oub.oub.oub:_encrypt(self)+sign.eml --]
[-- Type: message/rfc822, Size: 11435 bytes --]

[-- Attachment #4.1: smime.p7m --]
[-- Type: application/pkcs7-mime, Size: 7811 bytes --]

From: Uwe Brauer <oub@mat.ucm.es>
To: Uwe Brauer <oub.oub.oub@gmail.com>
Subject: Xemacs+gnus: oub-->oub.oub.oub: encrypt(self)+sign
Date: Thu, 21 Feb 2013 14:07:53 +0100
Message-ID: <87fw0pbys6.fsf@gilgamesch.quim.ucm.es>

Re: mml-smime (gpgsm), epg: problems with Outlook 2003/2010.

[Daiki Ueno]

Uwe Brauer <oub@mat.ucm.es> writes:

> "Your Digital ID name cannot be found in the underlying security system" 
>
> So I thought this is outlook's fault. 
>
> But then I tried out thunderbird, and outlook has no problems opening a
> signed+encrypted message.
>
> Then I tried out kmail, which also uses gpgsm, and again outlook can
> open the signed+encrypted message.
>
> So I am really puzzled. I saved the 3 messages
>
>     -  thunderbird
>
>     -  xemacs
>
>     -  kmail
>
> In thunderbird .eml format and attach them below. The difference between
> kmail and xemacs is very subtle, but I fail to see any deeper reason.

I haven't had time to investigate the message contents, but perhaps it
depends on the included certificates in the messages?

Try adding "include-certs -1" to ~/.gnupg/gpgsm.conf.

epg-debug traces for kmail and xemacs messages would also be helpful.

Regards,
-- 
Daiki Ueno

Re: mml-smime (gpgsm), epg: problems with Outlook 2003/2010.

[Uwe Brauer]

[-- Attachment #1.1: Type: text/plain, Size: 1009 bytes --]

>> "Daiki" == Daiki Ueno <ueno@gnu.org> writes:

   > Uwe Brauer <oub@mat.ucm.es> writes:
   >> "Your Digital ID name cannot be found in the underlying security system" 
   >> 

   > Try adding "include-certs -1" to ~/.gnupg/gpgsm.conf.

When I do this and restart my system, epg changes its behavior when
sending encrytp+sign messages: it no longer asks me via the gpgsm
(pinentry interface) for my password, but sends the message indeed
encrypted and signed. (I'd prefer to have to write my passwd).

In any case, I opened the already sent mails, the xemacs and the kmail
one (which are in my gmail sent folder) with xemacs and wrote the
epg-debug into a file.

I did this with and without the "include-certs -1" option, so I attach 4
files.
I also noted a another misbehavior I never encountered. After I opened
these messages epg did not allow me to send encrypted message or open
other encrypted messages. I attach the bug traces in a different
message.

thanks

Uwe Brauer 


[-- Attachment #1.2: xemacs-epg-bug-include-certs-1 --]
[-- Type: application/octet-stream, Size: 8080 bytes --]

gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputJ4A_Th --decrypt -- /tmp/oub/epg-inputJ4AyJb
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: DBG: recp 0 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 0 - serial: 00D85E147DED4C5827032A83F09A2F0195
[GNUPG:] ENC_TO D005DD816DB2B254 0 0
gpgsm: error decrypting session key: No secret key
gpgsm: decrypting session key failed: No secret key
[GNUPG:] NO_SECKEY D005DD816DB2B254
gpgsm: DBG: recp 1 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 1 - serial: 00C487EFF7AD3A3420225EDDADF51FB916
[GNUPG:] ENC_TO A3404EFC75E655A5 0 0
[GNUPG:] DECRYPTION_OKAY
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputJ4AMen --verify -- /tmp/oub/epg-signatureJ4AZot -
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: option --output ignored for a detached signature
[GNUPG:] NEWSIG
gpgsm: Signature made 2013-02-21 13:07:54 using certificate ID 0x6147C786
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
[GNUPG:] GOODSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 /EMail=oub@mat.ucm.es
[GNUPG:] VALIDSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 2013-02-21 20130221T130754 20131219T235959 0 0 1 2 00
gpgsm: Good signature from "/EMail=oub@mat.ucm.es"
gpgsm:                 aka "oub@mat.ucm.es"
[GNUPG:] TRUST_FULLY 0 shell
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputJ4AY8C --decrypt -- /tmp/oub/epg-inputJ4Amyz
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: DBG: recp 0 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 0 - serial: 00D85E147DED4C5827032A83F09A2F0195
[GNUPG:] ENC_TO D005DD816DB2B254 0 0
gpgsm: error decrypting session key: No secret key
gpgsm: decrypting session key failed: No secret key
[GNUPG:] NO_SECKEY D005DD816DB2B254
gpgsm: DBG: recp 1 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 1 - serial: 00D4889328B8D838F5E9BD281B0A4FDBE1
[GNUPG:] ENC_TO F69E1EFB6147C786 0 0
[GNUPG:] DECRYPTION_OKAY
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputJ4AlGJ --verify -- /tmp/oub/epg-signatureJ4AyQP -
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: option --output ignored for a detached signature
[GNUPG:] NEWSIG
gpgsm: Signature made 2013-02-21 13:04:25 using certificate ID 0x6147C786
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
[GNUPG:] GOODSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 /EMail=oub@mat.ucm.es
[GNUPG:] VALIDSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 2013-02-21 20130221T130425 20131219T235959 0 0 1 2 00
gpgsm: Good signature from "/EMail=oub@mat.ucm.es"
gpgsm:                 aka "oub@mat.ucm.es"
[GNUPG:] TRUST_FULLY 0 shell
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputJ4AMlb --decrypt -- /tmp/oub/epg-inputJ4A_aV
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: DBG: recp 0 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 0 - serial: 00D85E147DED4C5827032A83F09A2F0195
[GNUPG:] ENC_TO D005DD816DB2B254 0 0
gpgsm: error decrypting session key: No secret key
gpgsm: decrypting session key failed: No secret key
[GNUPG:] NO_SECKEY D005DD816DB2B254
gpgsm: DBG: recp 1 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 1 - serial: 00D4889328B8D838F5E9BD281B0A4FDBE1
[GNUPG:] ENC_TO F69E1EFB6147C786 0 0
[GNUPG:] DECRYPTION_OKAY
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputJ4AZvh --verify -- /tmp/oub/epg-signatureJ4Am5n -
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: option --output ignored for a detached signature
[GNUPG:] NEWSIG
gpgsm: Signature made 2013-02-21 13:02:42 using certificate ID 0x6147C786
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
[GNUPG:] GOODSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 /EMail=oub@mat.ucm.es
[GNUPG:] VALIDSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 2013-02-21 20130221T130242 20131219T235959 0 0 1 2 00
gpgsm: Good signature from "/EMail=oub@mat.ucm.es"
gpgsm:                 aka "oub@mat.ucm.es"
[GNUPG:] TRUST_FULLY 0 shell
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputJ4AAO0 --decrypt -- /tmp/oub/epg-inputJ4AzDu
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: DBG: recp 0 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 0 - serial: 00D85E147DED4C5827032A83F09A2F0195
[GNUPG:] ENC_TO D005DD816DB2B254 0 0
gpgsm: error decrypting session key: No secret key
gpgsm: decrypting session key failed: No secret key
[GNUPG:] NO_SECKEY D005DD816DB2B254
gpgsm: DBG: recp 1 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 1 - serial: 00C487EFF7AD3A3420225EDDADF51FB916
[GNUPG:] ENC_TO A3404EFC75E655A5 0 0
[GNUPG:] DECRYPTION_OKAY
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputJ4AyXD --verify -- /tmp/oub/epg-signatureJ4A_hJ -
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: option --output ignored for a detached signature
[GNUPG:] NEWSIG
gpgsm: Signature made 2013-02-21 13:07:54 using certificate ID 0x6147C786
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
[GNUPG:] GOODSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 /EMail=oub@mat.ucm.es
[GNUPG:] VALIDSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 2013-02-21 20130221T130754 20131219T235959 0 0 1 2 00
gpgsm: Good signature from "/EMail=oub@mat.ucm.es"
gpgsm:                 aka "oub@mat.ucm.es"
[GNUPG:] TRUST_FULLY 0 shell

[-- Attachment #1.3: kmail-epg-bug-include-certs-1 --]
[-- Type: application/octet-stream, Size: 2020 bytes --]

gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputr0AgKC --decrypt -- /tmp/oub/epg-inputr0AuAz
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: DBG: recp 0 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 0 - serial: 00D85E147DED4C5827032A83F09A2F0195
[GNUPG:] ENC_TO D005DD816DB2B254 0 0
gpgsm: error decrypting session key: No secret key
gpgsm: decrypting session key failed: No secret key
[GNUPG:] NO_SECKEY D005DD816DB2B254
gpgsm: DBG: recp 1 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 1 - serial: 00D4889328B8D838F5E9BD281B0A4FDBE1
[GNUPG:] ENC_TO F69E1EFB6147C786 0 0
[GNUPG:] DECRYPTION_OKAY
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputr0AtUI --verify -- /tmp/oub/epg-signaturer0A6eO -
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: option --output ignored for a detached signature
[GNUPG:] NEWSIG
gpgsm: Signature made 2013-02-21 13:04:25 using certificate ID 0x6147C786
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
[GNUPG:] GOODSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 /EMail=oub@mat.ucm.es
[GNUPG:] VALIDSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 2013-02-21 20130221T130425 20131219T235959 0 0 1 2 00
gpgsm: Good signature from "/EMail=oub@mat.ucm.es"
gpgsm:                 aka "oub@mat.ucm.es"
[GNUPG:] TRUST_FULLY 0 shell

[-- Attachment #1.4: kmail-epg-bug-noinclude-certs --]
[-- Type: application/octet-stream, Size: 2020 bytes --]

gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputIkFiaT --decrypt -- /tmp/oub/epg-inputIkFVQN
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: DBG: recp 0 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 0 - serial: 00D85E147DED4C5827032A83F09A2F0195
[GNUPG:] ENC_TO D005DD816DB2B254 0 0
gpgsm: error decrypting session key: No secret key
gpgsm: decrypting session key failed: No secret key
[GNUPG:] NO_SECKEY D005DD816DB2B254
gpgsm: DBG: recp 1 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 1 - serial: 00D4889328B8D838F5E9BD281B0A4FDBE1
[GNUPG:] ENC_TO F69E1EFB6147C786 0 0
[GNUPG:] DECRYPTION_OKAY
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-outputIkFvkZ --verify -- /tmp/oub/epg-signatureIkF8uf -
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: option --output ignored for a detached signature
[GNUPG:] NEWSIG
gpgsm: Signature made 2013-02-21 13:04:25 using certificate ID 0x6147C786
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
[GNUPG:] GOODSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 /EMail=oub@mat.ucm.es
[GNUPG:] VALIDSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 2013-02-21 20130221T130425 20131219T235959 0 0 1 2 00
gpgsm: Good signature from "/EMail=oub@mat.ucm.es"
gpgsm:                 aka "oub@mat.ucm.es"
[GNUPG:] TRUST_FULLY 0 shell

[-- Attachment #1.5: xemacs-epg-bug-noinclude-certs --]
[-- Type: application/octet-stream, Size: 6060 bytes --]

gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-output5iFXnK --decrypt -- /tmp/oub/epg-input5iFKdE
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: DBG: recp 0 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 0 - serial: 00D85E147DED4C5827032A83F09A2F0195
[GNUPG:] ENC_TO D005DD816DB2B254 0 0
gpgsm: error decrypting session key: No secret key
gpgsm: decrypting session key failed: No secret key
[GNUPG:] NO_SECKEY D005DD816DB2B254
gpgsm: DBG: recp 1 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 1 - serial: 00C487EFF7AD3A3420225EDDADF51FB916
[GNUPG:] ENC_TO A3404EFC75E655A5 0 0
[GNUPG:] DECRYPTION_OKAY
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-output5iFkxQ --verify -- /tmp/oub/epg-signature5iFx7W -
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: option --output ignored for a detached signature
[GNUPG:] NEWSIG
gpgsm: Signature made 2013-02-21 13:07:54 using certificate ID 0x6147C786
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
[GNUPG:] GOODSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 /EMail=oub@mat.ucm.es
[GNUPG:] VALIDSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 2013-02-21 20130221T130754 20131219T235959 0 0 1 2 00
gpgsm: Good signature from "/EMail=oub@mat.ucm.es"
gpgsm:                 aka "oub@mat.ucm.es"
[GNUPG:] TRUST_FULLY 0 shell
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-output5iFLQj --decrypt -- /tmp/oub/epg-input5iF-Fd
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: DBG: recp 0 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 0 - serial: 00D85E147DED4C5827032A83F09A2F0195
[GNUPG:] ENC_TO D005DD816DB2B254 0 0
gpgsm: error decrypting session key: No secret key
gpgsm: decrypting session key failed: No secret key
[GNUPG:] NO_SECKEY D005DD816DB2B254
gpgsm: DBG: recp 1 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 1 - serial: 00D4889328B8D838F5E9BD281B0A4FDBE1
[GNUPG:] ENC_TO F69E1EFB6147C786 0 0
[GNUPG:] DECRYPTION_OKAY
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-output5iFYap --verify -- /tmp/oub/epg-signature5iFlkv -
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: option --output ignored for a detached signature
[GNUPG:] NEWSIG
gpgsm: Signature made 2013-02-21 13:04:25 using certificate ID 0x6147C786
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
[GNUPG:] GOODSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 /EMail=oub@mat.ucm.es
[GNUPG:] VALIDSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 2013-02-21 20130221T130425 20131219T235959 0 0 1 2 00
gpgsm: Good signature from "/EMail=oub@mat.ucm.es"
gpgsm:                 aka "oub@mat.ucm.es"
[GNUPG:] TRUST_FULLY 0 shell
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-output5iFk4E --decrypt -- /tmp/oub/epg-input5iFyu1
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: DBG: recp 0 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 0 - serial: 00D85E147DED4C5827032A83F09A2F0195
[GNUPG:] ENC_TO D005DD816DB2B254 0 0
gpgsm: error decrypting session key: No secret key
gpgsm: decrypting session key failed: No secret key
[GNUPG:] NO_SECKEY D005DD816DB2B254
gpgsm: DBG: recp 1 - issuer: `CN=COMODO Client Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB'
gpgsm: DBG: recp 1 - serial: 00C487EFF7AD3A3420225EDDADF51FB916
[GNUPG:] ENC_TO A3404EFC75E655A5 0 0
[GNUPG:] DECRYPTION_OKAY
gpgsm --no-tty --status-fd 1 --yes --output /tmp/oub/epg-output5iFxCL --verify -- /tmp/oub/epg-signature5iF-MR -
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: option --output ignored for a detached signature
[GNUPG:] NEWSIG
gpgsm: Signature made 2013-02-21 13:07:54 using certificate ID 0x6147C786
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: note: non-critical certificate policy not allowed
gpgsm: CRLs not checked due to --disable-crl-checks option
[GNUPG:] GOODSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 /EMail=oub@mat.ucm.es
[GNUPG:] VALIDSIG AF791B3AE3CCA0A1A9575730F69E1EFB6147C786 2013-02-21 20130221T130754 20131219T235959 0 0 1 2 00
gpgsm: Good signature from "/EMail=oub@mat.ucm.es"
gpgsm:                 aka "oub@mat.ucm.es"
[GNUPG:] TRUST_FULLY 0 shell

[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5556 bytes --]

epg problem after opening encrypted messages (was: mml-smime (gpgsm), epg: problems with Outlook 2003/2010.)

[Uwe Brauer]

[-- Attachment #1.1: Type: text/plain, Size: 111 bytes --]

>> "Daiki" == Daiki Ueno <ueno@gnu.org> writes:

Here come two traces I do not understand.

Uwe Brauer 


[-- Attachment #1.2: epg-encrypt-error --]
[-- Type: application/octet-stream, Size: 939 bytes --]

Debugger entered--Lisp error: (invalid-operation "Selecting deleted or non-existent buffer")
  signal(invalid-operation ("Selecting deleted or non-existent buffer"))
  byte-code("..." [error mml-smime-epg-secret-key-id-list password-cache-remove signal] 4)
  mml-smime-epg-sign((part (sign . "smime") (encrypt . "smime") (tag-location . 420) (contents . "Test message.\n\n")))
  mml-smime-sign((part (sign . "smime") (encrypt . "smime") (tag-location . 420) (contents . "Test message.\n\n")))
  mml-smime-sign-buffer((part (sign . "smime") (encrypt . "smime") (tag-location . 420) (contents . "Test message.\n\n")))
  mml-generate-mime-1((part (sign . "smime") (encrypt . "smime") (tag-location . 420) (contents . "Test message.\n\n")))
  mml-generate-mime()
  message-encode-message-body()
  message-send-mail(nil)
  message-send-via-mail(nil)
  message-send(nil)
  message-send-and-exit(nil)
  call-interactively(message-send-and-exit) 

[-- Attachment #1.3: epg-open-error --]
[-- Type: application/octet-stream, Size: 9493 bytes --]

[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5556 bytes --]

Re: mml-smime (gpgsm), epg: problems with Outlook 2003/2010.

[Daiki Ueno]

Uwe Brauer <oub@mat.ucm.es> writes:

>    > Try adding "include-certs -1" to ~/.gnupg/gpgsm.conf.
>
> When I do this and restart my system, epg changes its behavior when
> sending encrytp+sign messages: it no longer asks me via the gpgsm
> (pinentry interface) for my password, but sends the message indeed
> encrypted and signed. (I'd prefer to have to write my passwd).

So, those messages can now be decrypted/verified with Outlook, or not?
Otherwise it is not releated and you can forget the option.

Re: mml-smime (gpgsm), epg: problems with Outlook 2003/2010.

[Uwe Brauer]

Besides kmail uses the same gpgsm
Configuration works fine with outlook
With or without that additional option

Sent from my iPod

On 22/02/2013, at 22:00, Daiki Ueno <ueno@gnu.org> wrote:

> Uwe Brauer <oub@mat.ucm.es> writes:
>
>>> Try adding "include-certs -1" to ~/.gnupg/gpgsm.conf.
>>
>> When I do this and restart my system, epg changes its behavior when
>> sending encrytp+sign messages: it no longer asks me via the gpgsm
>> (pinentry interface) for my password, but sends the message indeed
>> encrypted and signed. (I'd prefer to have to write my passwd).
>
> So, those messages can now be decrypted/verified with Outlook, or not?
> Otherwise it is not releated and you can forget the option.

some news (was: mml-smime (gpgsm), epg: problems with Outlook 2003/2010.)

[Uwe Brauer]

[-- Attachment #1: Type: text/plain, Size: 824 bytes --]

>> "Daiki" == Daiki Ueno <ueno@gnu.org> writes:

   > Uwe Brauer <oub@mat.ucm.es> writes:
   >> > Try adding "include-certs -1" to ~/.gnupg/gpgsm.conf.
   >> 
   >> When I do this and restart my system, epg changes its behavior when
   >> sending encrytp+sign messages: it no longer asks me via the gpgsm
   >> (pinentry interface) for my password, but sends the message indeed
   >> encrypted and signed. (I'd prefer to have to write my passwd).

   > So, those messages can now be decrypted/verified with Outlook, or not?
   > Otherwise it is not releated and you can forget the option.

I just found out:

Outlook 2003 can open and read signed message from Xemacs.
Outlook 2003 can open and read encrypted message from Xemacs.
Outlook 2003 *cannot* open and read signed+encrypted message from Xemacs.


[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5556 bytes --]

Re: some news

[Daiki Ueno]

Uwe Brauer <oub@mat.ucm.es> writes:

> Outlook 2003 can open and read signed message from Xemacs.
> Outlook 2003 can open and read encrypted message from Xemacs.
> Outlook 2003 *cannot* open and read signed+encrypted message from Xemacs.

Is your KMail message really signed+encrypted?  I've just looked at
kmail-epg-bug-noinclude-certs attached to the previous reply and found
no indication that the message was encrypted.

Anyway, I'll try KMail.

Re: some news

[Uwe Brauer]

[-- Attachment #1.1: Type: text/plain, Size: 1463 bytes --]

>> "Daiki" == Daiki Ueno <ueno@gnu.org> writes:

   > Uwe Brauer <oub@mat.ucm.es> writes:
   >> Outlook 2003 can open and read signed message from Xemacs.
   >> Outlook 2003 can open and read encrypted message from Xemacs.
   >> Outlook 2003 *cannot* open and read signed+encrypted message from Xemacs.

   > Is your KMail message really signed+encrypted?  I've just looked at
   > kmail-epg-bug-noinclude-certs attached to the previous reply and found
   > no indication that the message was encrypted.


>> "Daiki" == Daiki Ueno <ueno@gnu.org> writes:

   > Uwe Brauer <oub@mat.ucm.es> writes:
   >> Outlook 2003 can open and read signed message from Xemacs.
   >> Outlook 2003 can open and read encrypted message from Xemacs.
   >> Outlook 2003 *cannot* open and read signed+encrypted message from Xemacs.

   > Is your KMail message really signed+encrypted?  I've just looked at
   > kmail-epg-bug-noinclude-certs attached to the previous reply and found
   > no indication that the message was encrypted.



I am extremely confused. When I open the message in thunderbird (or in
outlook), the icons indicate, that the message is signed+encrypted, when
I save the message in the thunderbird eml format it includes a smime.p7m
attachment.

However when I save in xemacs the message contains only a smime.p7s
attachment.

I attach both files.


PS I still don't understand why outlook can open a signed or encrypted
message but not a signed+encrypted message.


[-- Attachment #1.2: xemacs:oub-->oub.oub.oub:encrypt+sign --]
[-- Type: application/octet-stream, Size: 6409 bytes --]

--nextPart5935647.hp4vojkVXB
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Test message.

--nextPart5935647.hp4vojkVXB
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIO4TCCBJ0w
ggOFoAMCAQICEDQ96SusJzT/j8s0lPvMcFQwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0
d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wNTA2MDcwODA5MTBa
Fw0yMDA1MzAxMDQ4MzhaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNh
bHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0
dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0
aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmF
pPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJk
xIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/K2m2q
L+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNpsaguG7bUMSAs
vIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMe
oYV+9Udly/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4H0MIHxMB8GA1UdIwQYMBaAFK29mHo0tCb3
+sQmVO8DveAky1QaMB0GA1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTAOBgNVHQ8BAf8EBAMC
AQYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAIMAYGBFUdIAAwRAYDVR0fBD0wOzA5oDegNYYz
aHR0cDovL2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMDUGCCsG
AQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG
9w0BAQUFAAOCAQEAAbyc42MosPMxAcLfe91ioAGdIzEPnJJzU1HqH0z61p/Eyi9nfngzD3QWuZGH
kfWKJvpkcADYHvkLBGJQh5OB1Nr1I9s0u4VWtHA0bniDNx6FHMURFZJfhxe9rGr98cLRzIlfsXzw
PlHyNfN87GCYazor4O/fs32G67Ub9VvsonyYE9cAULnRLXPeA3h04QWFMV7LmrmdlMa5lDd1ctxE
+2fo8PolHlKn2iXpR+CgxzygTrEKNvt3SJ/vl4r7tP7jlBSog7xcLT/SYHFg7sJxggzpiDbj2iC0
o6BsqpZLuICOdcpJB/Y7FLrf3AXZn9vgsuZNoHgm5+ctbn9fxh6IFTCCBRowggQCoAMCAQICEG0Z
6qcZT2ozIuYiMnqqcd4wDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJV
VDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29y
azEhMB8GA1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZp
cnN0LUNsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwwHhcNMTEwNDI4MDAwMDAwWhcNMjAw
NTMwMTA0ODM4WjCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQ
MA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENP
TU9ETyBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAJKEhFtLV5jUXi+LpOFAyKNTWF9mZfEyTvefMn1V0HhMVbdC
lOD5J3EHxcZppLkyxPFAGpDMJ1Zifxe1cWmu5SAb5MtjXmDKokH2auGj/7jfH0htZUOMKi4rYzh3
37EXrMLaggLW1DJq1GdvIBOPXDX65VSAr9hxCh03CgJQU2yVHakQFLSZlVkSMf8JotJM3FLb3uJA
AVtIaN3FSrTg7SQfOq9xXwfjrL8UO7AlcWg99A/WF1hGFYE8aIuLgw9teiFX5jSw2zJ+40rhpVJy
ZCaRTqWSD//gsWD9Gm9oUZljjRqLpcxCm5t9ImPTqaD8zp6Q30QZ9FxbNboW86eb/8ECAwEAAaOC
AUswggFHMB8GA1UdIwQYMBaAFImCZ33EnSZwAEu0UEh83j2uBG59MB0GA1UdDgQWBBR6E04AdFvG
eGNkJ8Ev4qBbvHnFezAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADARBgNVHSAE
CjAIMAYGBFUdIAAwWAYDVR0fBFEwTzBNoEugSYZHaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VU
Ti1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmRFbWFpbC5jcmwwdAYIKwYBBQUHAQEE
aDBmMD0GCCsGAQUFBzAChjFodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVROQWRkVHJ1c3RDbGll
bnRfQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3
DQEBBQUAA4IBAQCF1r54V1VtM39EUv5C1QaoAQOAivsNsv1Kv/avQUn1G1rF0q0bc24+6SZ85kyY
wTAo38v7QjyhJT4KddbQPTmGZtGhm7VNm2+vKGwdr+XqdFqo2rHA8XV6L566k3nK/uKRHlZ0sviN
0+BDchvtj/1gOSBH+4uvOmVIPJg9pSW/ve9g4EnlFsjrP0OD8ODuDcHTzTNfm9C9YGqzO/761Mk6
PB/tm/+bSTO+Qik5g+4zaS6CnUVNqGnagBsePdIaXXxHmaWbCG0SmYbWXVcHG6cwvktJRLiQfsrR
eTjrtDP6oDpdJlieYVUYtCHVmdXgQ0BCML7qpeeU0rD+83X5f27nMIIFHjCCBAagAwIBAgIRANSI
kyi42Dj16b0oGwpP2+EwDQYJKoZIhvcNAQEFBQAwgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJH
cmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBM
aW1pdGVkMTkwNwYDVQQDEzBDT01PRE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUg
RW1haWwgQ0EwHhcNMTIxMjE5MDAwMDAwWhcNMTMxMjE5MjM1OTU5WjAfMR0wGwYJKoZIhvcNAQkB
Fg5vdWJAbWF0LnVjbS5lczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKymXpCo0nFP
H62G83h5dox7aPbTzuz8GfH8e4C+cijmx53XOQNX/WR0pc+/fZBG2HduvT/F4xjFtOL4jKI2iS5j
sjst99CjhQ+HUCYEDuOxr3h2SefOJhW+Z5z9k0t/OFYSLMlWPaWZlVTT2lploQ5waJC569/3nb5K
PgFHz3ftNHrp9QxG2ipAWx4YOHihHlUyk2fV9CyR6EMcp/ab18uAzZLesCnT2S6ncE3L/6MRwgld
AjJ9iyMARPRhxneJd9XEnqGD1vzP74kfQYzhyNvHeTz6YLdS8XdFSbi0DdItylYdxAIgYRH+/XmJ
Z4t8duvOoL45aULfJlbat+QTdlsCAwEAAaOCAd4wggHaMB8GA1UdIwQYMBaAFHoTTgB0W8Z4Y2Qn
wS/ioFu8ecV7MB0GA1UdDgQWBBTyP+vxVyPWtJNDqdcORKF0JD4A4zAOBgNVHQ8BAf8EBAMCBaAw
DAYDVR0TAQH/BAIwADAgBgNVHSUEGTAXBggrBgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4
QgEBBAQDAgUgMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBz
Oi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BTMFcGA1UdHwRQME4wTKBKoEiGRmh0dHA6Ly9jcmwuY29t
b2RvY2EuY29tL0NPTU9ET0NsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmww
gYgGCCsGAQUFBwEBBHwwejBSBggrBgEFBQcwAoZGaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09N
T0RPQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNydDAkBggrBgEFBQcwAYYY
aHR0cDovL29jc3AuY29tb2RvY2EuY29tMBkGA1UdEQQSMBCBDm91YkBtYXQudWNtLmVzMA0GCSqG
SIb3DQEBBQUAA4IBAQBJ/RSxZEiJ3RdIjKYDgyjBAOpqxTAl9l+x0GtNHu2OTfUiGPd+omJPvqZS
a21Uld/hk/cAt290axNIg5INwQKdILieCCo/EAjFFE1rTH31PWvL0iHWilmAxmtHfNi4g1xLXm9y
3qIcPMSOgZf3Jepx9PtmZYMRhqq2vxFNHQjRGXStVK3/9bd50ovzhVPI09RnHOFC/c3PJQAsy6Ta
/gyP/KbnzE0h2BaXR23+s7hQGToMiQPQTljesoABhGh4XDL+zJqwx1kidyv4h03eYiv1rURFncwO
kzaFUj3FhgnETaI1x2/gliSB2zJGlZeISiKBEAIgCy/gqQhUfd466tdzMYICWzCCAlcCAQEwgakw
gZMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1Nh
bGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTkwNwYDVQQDEzBDT01PRE8gQ2xpZW50
IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEQDUiJMouNg49em9KBsKT9vhMAkG
BSsOAwIaBQCggYcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMw
MjIxMTMwMjQyWjAjBgkqhkiG9w0BCQQxFgQUyNBk0xlbSCL9R3ShRPRISldzxiswKAYJKoZIhvcN
AQkPMRswGTALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDQYJKoZIhvcNAQEBBQAEggEAVE9BtWr0
kRG571vbsYhWj2+y5hhIOjyjUPLW1xWL+EZ3sARhddN+Tkz3CHTsDBVVdQHB+wkbe3W0gU67vziz
rEgM7Yz60xkpod4IGYCCuSPMx5qWTQ/ehHcISvKC/MkBqfRtwmel97H8SHZ1PeBHO+K+sOSsvPZT
LONZLCHjErgpf+RZnKGpD2p+V7hNZf/HBg9yfnMeptDzShXbZbnDyTQuOdP0ZMOAC+iF4KacuHCO
uiQbcPdDwvJ2l7zPcwx2jKaaq+LbWDJ2ErftgivNnySgwHayTOAnFw2IxFmdCiZzqtoSviF6Yw7r
DeSwqErcIgr4FfOF68y8OXfwCWc+/AAAAAAAAA==

--nextPart5935647.hp4vojkVXB--

[-- Attachment #1.3: kmail:oub-->oub.oub.oub:encrypt+sign.eml --]
[-- Type: message/rfc822, Size: 13684 bytes --]

[-- Attachment #1.3.1: smime.p7m --]
[-- Type: application/pkcs7-mime, Size: 8115 bytes --]

From: Uwe Brauer <oub@mat.ucm.es>
To: Uwe Brauer <oub.oub.oub@gmail.com>
Subject: kmail:oub-->oub.oub.oub: encrypt+sign
Date: Thu, 21 Feb 2013 14:01:55 +0100
Message-ID: <201302211402.52059.oub@mat.ucm.es>

[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5556 bytes --]

Re: mml-smime (gpgsm), epg: problems with Outlook 2003/2010.

[Daiki Ueno]

Uwe Brauer <oub@mat.ucm.es> writes:

> I did this with and without the "include-certs -1" option, so I attach 4
> files.

I checked those files again, and it seems that different keys are used
for encryption:

$ grep GNUPG kmail-epg-bug-noinclude-certs

[GNUPG:] ENC_TO D005DD816DB2B254 0 0
[GNUPG:] NO_SECKEY D005DD816DB2B254
[GNUPG:] ENC_TO F69E1EFB6147C786 0 0
[GNUPG:] DECRYPTION_OKAY

$ grep GNUPG xemacs-epg-bug-noinclude-certs

[GNUPG:] ENC_TO D005DD816DB2B254 0 0
[GNUPG:] NO_SECKEY D005DD816DB2B254
[GNUPG:] ENC_TO A3404EFC75E655A5 0 0
[GNUPG:] DECRYPTION_OKAY

$ gpgsm --list-keys F69E1EFB6147C786

           ID: 0x6147C786
      Subject: /EMail=oub@mat.ucm.es

$ gpgsm --list-keys A3404EFC75E655A5

           ID: 0x75E655A5
      Subject: /EMail=oub.oub.oub@gmail.com

So, with XEmacs, oub.oub.oub@gmail.com key is used.  Is the private key
is installed in Outlook?