[kdepim-users] Cannot select S/MIME signing certificate

Anne Wilson cannewilson at googlemail.com
Sat Apr 17 21:14:06 BST 2010


On Saturday 17 April 2010 17:44:46 Ingo Klöcker wrote:
> On Saturday 17 April 2010, Anne Wilson wrote:
> > On Saturday 17 April 2010 14:06:37 Thomas Olsen wrote:
> > > On Saturday 17 April 2010 14:08:01 Anne Wilson wrote:
> > > > On Friday 16 April 2010 19:23:55 Ingo Klöcker wrote:
> > > > > The certificate is no OpenPGP key but an S/MIME certificate.
> > > > 
> > > > It seems to display the same way in KMail.  Is there any setting
> > > > that shows the difference?
> > > 
> > > In the header it shows up as a application/pkcs7-signature
> > > attachment. I don't think there are anyway KMail will show it in
> > > the GUI.
> 
> I think this is done deliberately as the difference doesn't really
> matter for the end user.
> 
> > > > Also, how do you manually import such a certificate?
> > > 
> > > I received a pkcs12 certificate (whatever that is) and imported it
> > > like this:
> > > 
> > > gpgsm --import certificate.pkcs12
> > > 
> > > You should be able to do it in Kleopatra but it didn't recognize
> > > the file type; maybe it just expected a p12 extension - dunno.
> > 
> > OK, thanks.  Well, kleopatra is now running and appears to be
> > importing certificates, and that includes Thomas' that started this
> > thread.
> 
> Well, the point with S/MIME certificates (used for signing) is that
> usually you do not need to import them as they are included with every
> signed messages. You only need to import your own S/MIME certificates
> and probably some root certificates.
> 
> I'm not exactly sure how encryption (where you need the recipient's
> certificate) is done, but IIRC this is usually done by fetching the
> certificate via LDAP or some other protocol. The certificates are not
> stored locally. This would anyway not make much sense because everybody
> using S/MIME seriously will force an online validity check of the
> certificate on every usage via OCSP.
> 
> Those are probably more details than you wanted to know. 

Not at all

> The point I
> wanted to make is that in the most common use cases S/MIME and OpenPGP
> work completely differently. More or less the only thing they have in
> common is that both use public key encryption for signing and encrypting
> email.
> 
OK, thanks.  I need to do more reading

Anne
-- 
KDE Community Working Group
New to KDE Software? - get help from http://userbase.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kdepim-users/attachments/20100417/23dd8e35/attachment.sig>
-------------- next part --------------
_______________________________________________
KDE PIM users mailing list
kdepim-users at kde.org
https://mail.kde.org/mailman/listinfo/kdepim-users


More information about the kdepim-users mailing list