[kdepim-users] Cannot select S/MIME signing certificate

Ingo Klöcker kloecker at kde.org
Sat Apr 17 17:44:46 BST 2010


On Saturday 17 April 2010, Anne Wilson wrote:
> On Saturday 17 April 2010 14:06:37 Thomas Olsen wrote:
> > On Saturday 17 April 2010 14:08:01 Anne Wilson wrote:
> > > On Friday 16 April 2010 19:23:55 Ingo Klöcker wrote:
> > > > The certificate is no OpenPGP key but an S/MIME certificate.
> > > 
> > > It seems to display the same way in KMail.  Is there any setting
> > > that shows the difference?
> > 
> > In the header it shows up as a application/pkcs7-signature
> > attachment. I don't think there are anyway KMail will show it in
> > the GUI.

I think this is done deliberately as the difference doesn't really 
matter for the end user.


> > > Also, how do you manually import such a certificate?
> > 
> > I received a pkcs12 certificate (whatever that is) and imported it
> > like this:
> > 
> > gpgsm --import certificate.pkcs12
> > 
> > You should be able to do it in Kleopatra but it didn't recognize
> > the file type; maybe it just expected a p12 extension - dunno.
> 
> OK, thanks.  Well, kleopatra is now running and appears to be
> importing certificates, and that includes Thomas' that started this
> thread.

Well, the point with S/MIME certificates (used for signing) is that 
usually you do not need to import them as they are included with every 
signed messages. You only need to import your own S/MIME certificates 
and probably some root certificates.

I'm not exactly sure how encryption (where you need the recipient's 
certificate) is done, but IIRC this is usually done by fetching the 
certificate via LDAP or some other protocol. The certificates are not 
stored locally. This would anyway not make much sense because everybody 
using S/MIME seriously will force an online validity check of the 
certificate on every usage via OCSP.

Those are probably more details than you wanted to know. The point I 
wanted to make is that in the most common use cases S/MIME and OpenPGP 
work completely differently. More or less the only thing they have in 
common is that both use public key encryption for signing and encrypting 
email.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kdepim-users/attachments/20100417/b80a8ec4/attachment.sig>
-------------- next part --------------
_______________________________________________
KDE PIM users mailing list
kdepim-users at kde.org
https://mail.kde.org/mailman/listinfo/kdepim-users


More information about the kdepim-users mailing list