Kmail and signing

Aldo Latino aldolat at gmail.com
Tue Mar 2 21:24:35 GMT 2021 

In data martedì 2 marzo 2021 20:46:42 CET, Ingo Klöcker ha scritto:
> [...]
> How did you do this? Did you set the S/MIME certificate, but not the OpenPGP
> key in your identity?

I have setup both my OpenPGP key and my S/MIME certificate. They are both 
active in my Kmail identity. Also, I have chosen S/MIME as preferred format.

> [...]
> No idea. Could be a bug or an incorrect configuration.

I could be wrong, but I think I have setup all correctly. :-)

> [...]
> IMO it's not okay, because I would never store my OpenPGP passphrase in
> KWallet. In fact, I protect my KWallet with an OpenPGP key. Of course,
> that's just my preference.

Ok, I was wrong. I thought that my passphrases were stored in KWallet... I've 
taken a look and no passphrase is stored in the KWallet. 

My KWallet too is encrypted with my OpenPGP key, and this key is stored in my 
YubiKey. After the desktop appears, I am instantly requested by Kontact to 
open the wallet and I enter the PIN that protects the YubiKey. After having 
opened the wallet (i.e., after having decrypted the wallet), Kontact/Kmail 
doesn't ask me for any passphrase. When I write an email, Kmail signs the 
email and sends it.

So, now the situation is clear:
1) the OpenPGP key is stored in the YubiKey, which is unblocked at the session 
start by entering the PIN. So, when I write an email, Kmail doesn't ask me for 
any passphrase;
2) the S/MIME certificate is not stored in the YubiKey, so the first time I use 
it in the session, Kmail asks me for the long passphrase and then Kmail (or 
another program) caches it. I should see if I can have both the OpenPGP key 
and the S/MIME certificate in my Yubikey, which is very convenient to use.

> [...]
> I don't know. What pinentry application (the thingy that asks for your
> passphrase) are you using?

I have currently three pinentry packages installed:
- pinentry-curses
- pinentry-gnome3
- pinentry-qt

I don't know why I have three packages installed.

Thanks,
Aldo

-- 
Aldo Latino
aldolat at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kdepim-users/attachments/20210302/2d633360/attachment.sig>

More information about the kdepim-users mailing list