Hello, Jens Lechtenboerger writes: >> But when I try to sign a message from Gnus I always get a message saying >> "No sign key for ; skip it? (y or n)" > > I use this: > (setq mml-secure-smime-sign-with-sender t) I already had that, but it looks like the part it was missing was that the certificate I was using didn't have my e-mail address, so Gnus (via gpgsm) would not find the right certificate to use. Importing another certificate where the e-mail address was present solved that problem. > And more: https://gitlab.com/lechten/defaultencrypt That looks great, I'll have a look, becuase my SMIME setting is so far much worse than my PGP one (my goal was to be able just to sign messages, so I'll stop here for now, but later I want to make sure I also get working the encryption/decryption part). > Your CA links your e-mail address to your public key, both of which > are recorded inside the certificate. Gnus cannot do this. Your > output did not show whether the certificate really contains the > e-mail address that you used... The first certificate I was using didn't. When I used a second certificate with the mail address in it all was good. But here is a question. To send messages to this group I use another e-mail address (which is not present in any of the certificates). There is no way for me, then, to sign messages to this group with S-MIME? I was hoping to use "Smime Keys", which according to the documentation looks like the right way, but my attempts so far were not successful. ,---- | Show Value Smime Keys | Map mail addresses to a file containing Certificate (and private key). Hide | The file is assumed to be in PEM format. You can also associate additional | certificates to be sent with every message to each address. `---- Thanks, -- Ángel de Vicente -- (GPG: 0x64D9FDAE7CD5E939) Research Software Engineer (Supercomputing and BigData) Instituto de Astrofísica de Canarias (https://www.iac.es/en)