Announcements and discussions for Gnus, the GNU Emacs Usenet newsreader
 help / color / mirror / Atom feed
* Signing a message with S/MIME in Gnus?
@ 2022-11-02  9:29 Angel de Vicente
  2022-11-02 19:09 ` Jens Lechtenboerger
  0 siblings, 1 reply; 11+ messages in thread
From: Angel de Vicente @ 2022-11-02  9:29 UTC (permalink / raw)
  To: info-gnus-english

[-- Attachment #1: Type: text/plain, Size: 2141 bytes --]

Hello,

anyone here familiar with Gnus + S/MIME + gnupg?

A few days back I decided to set up my environment to sign messages I
send out, and to be able to verify signatures of messages I receive.

Doing it with pgp was quite easy, and got it working in no time, but
S/MIME is giving me a real headache, most probably because I'm
misunderstanding something or because I lack some basic knowledge on how
certificates are meant to be used.

I imported my certificate with 'gpgsm --import <cert.p12>' and "gpgsm
-K" shows that the certificate got imported correctly:

,----
| $ gpgsm -K
| /home/angelv/.gnupg/pubring.kbx
| -------------------------------
|            ID: 0xFD3C585C
|           S/N: 07A6ED8580BD2114605C7B37AB7B8919
|         (dec): 10171334757275596790721797340316535065
|        Issuer: /CN=AC FNMT Usuarios/OU=Ceres/O=FNMT-RCM/C=ES
|       Subject: /CN=DE VICENTE GARRIDO ANGEL MANUEL - ....
`----

My ~/.gnupg/gpgsm.con just contains:

,----
| disable-crl-checks
`----

and with that, I can sign a file in the command line without problems:

,----
| $ gpgsm --sign test.txt >ciphertext
| gpgsm: Note: non-critical certificate policy not allowed
| gpgsm: Note: non-critical certificate policy not allowed
| gpgsm: Note: non-critical certificate policy not allowed
| gpgsm: CRLs not checked due to --disable-crl-checks option
| gpgsm: DBG: adding certificates at level -2
| gpgsm: signature created
`----

But when I try to sign a message from Gnus I always get a message saying
"No sign key for <angel.de.vicente@iac.es>; skip it? (y or n)"

What do I have to configure in Emacs/Gnus so that it will know that my
e-mail address is linked to the same certificate used in the command
line?

By the way, I'm using the following:

,----
| ArchLinux
| Emacs version: 28.2  (2022-09-12)
| Gnus  version: 5.13
| GnuPG version: 2.2.40
`----

Any pointers/help greatly appreciated
-- 
Ángel de Vicente                 -- (GPG: 0x64D9FDAE7CD5E939)
 Research Software Engineer (Supercomputing and BigData)
 Instituto de Astrofísica de Canarias (https://www.iac.es/en)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 702 bytes --]

^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2022-11-04 18:12 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-02  9:29 Signing a message with S/MIME in Gnus? Angel de Vicente
2022-11-02 19:09 ` Jens Lechtenboerger
2022-11-02 20:51   ` Angel de Vicente
2022-11-03  7:09     ` Jens Lechtenboerger
2022-11-03  7:21       ` Angel de Vicente
2022-11-03 15:28         ` Angel de Vicente
2022-11-03 17:52           ` GH
2022-11-03 18:32             ` Angel de Vicente
2022-11-04 18:11           ` Angel de Vicente
2022-11-03 18:55         ` Jens Lechtenboerger
2022-11-03 19:25           ` Emanuel Berg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).