[kdepim-users] S/MIME in KMail

Tue Jan 29 22:18:00 GMT 2008

On Tuesday 29 January 2008, Roman Odaisky wrote:
> Greetings,
>
> How does one add an S/MIME certificate to KMail? I followed any
> possible HOWTOs to no success. Right now, Kleopatra shows three
> certificates: mine and two ones that belong to the CA, KMail sees
> them but when I try to send a message it says, "Signing failed:
> General error".
>
> KWatchGnuPG gives a lot of messages, of which these seem the most
> relevant:
>
> gpgsm[11807]: after checking the fingerprint, you may want to add it
> manually to the list of trusted certificates.
> gpgsm[11807]: interactive marking as trusted not enabled in gpg-agent
> gpgsm[11807.0] DBG: -> ERR 67108962 Not trusted
>
> So, as far as I understand, it does not trust the CA that was used to
> sign the certificate. How do I make GPG trust the issuer?

One way to do this is to add
  allow-mark-trusted
to your gpg-agent.conf. From 'man gpg-agent':
  --allow-mark-trusted
    Allow  clients  to mark keys as trusted, i.e. put them into the
    `trustlist.txt' file.  This is by default not allowed to make it
    harder for users to inadvertly accept Root-CA keys.

Afterwards you should be able to mark the root certificate as trusted in 
Kleopatra (i.e. the Certificate Manager).

> Another strange thing is that gpgsm -k lists the three entries, while
> gpg -k lists nothing.
>
> Am I missing something incredibly simple?

As the name suggest gpgsm is GnuPG for S/MIME. gpg only knows about 
OpenPGP.

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kdepim-users/attachments/20080129/466f5b42/attachment.sig>
-------------- next part --------------
_______________________________________________
KDE PIM users mailing list
kdepim-users at kde.org
https://mail.kde.org/mailman/listinfo/kdepim-users