Kmail and smime

Sebastian Gödecke simpsonetti at googlemail.com
Mon Mar 2 07:22:39 GMT 2026 

I send an email from my business account to the list with the
recommended settings.

Am Fr., 27. Feb. 2026 um 16:06 Uhr schrieb Ingo Klöcker <kloecker at kde.org>:
>
> On Freitag, 27. Februar 2026 14:58:11 Mitteleuropäische Normalzeit Sebastian
> Gödecke wrote:
> > Am Fr., 27. Feb. 2026 um 14:53 Uhr schrieb Ingo Klöcker <kloecker at kde.org>:
> > > On Freitag, 27. Februar 2026 12:49:10 Mitteleuropäische Normalzeit
> > > Sebastian>
> > > Gödecke wrote:
> > > > Am Fr., 27. Feb. 2026 um 12:23 Uhr schrieb Ingo Klöcker
> <kloecker at kde.org>:
> > > > > On Freitag, 27. Februar 2026 11:46:12 Mitteleuropäische Normalzeit
> > > > > Sebastian>
> > > > >
> > > > > Gödecke wrote:
> > > > > > Hi,
> > > > > > i've a smime cert and try to use it with Kontakt/Kmail. It is
> > > > > > imported
> > > > > > in Kleopatra and there is everything okay.
> > > > > > So i set it up in kmail to use this cert and when i try to write an
> > > > > > email, my email will be added with this smime.p7s and has the
> > > > > > signitar. So i send my mail, have to type my password for this cert
> > > > > > and then it will be sent. So i try it now to send it to me and then
> > > > > > it's a red sign, and it says: The signature is invalid: Incorrect
> > > > > > signature
> > > > >
> > > > > I think it would be best if you could send a signed message to this
> > > > > mailing list.
> > > >
> > > > Well, with my other (business) email i'm not here on the list!?
> > >
> > > That doesn't matter. Your message will be held for moderation, but I can
> > > approve it.
> >
> > okay i just send to the list.
>
> Thanks!
>
> The error "Bad signature" is misleading. The problem is that the certificate of
> the root CA is not available. You can see this when you click on the
> certificate ID next to "Signature created with certificate". This should open
> Kleopatra. When you click on "Trust Chain Details" you can see that it says
> "Issuer Certificate Not Found (CN=HARICA Client RSA Root CA 2021,O=Hellenic
> Academic and Research Institutions CA,C=GR)".
>
> By default, GnuPG doesn't include the root CA certificate in the signature. You
> can change this as follows:
> In Kleopatra open the configuration dialog (Settings->Configure Kleopatra...).
> Click on GnuPG System and then on S/MIME. For the option "Number of
> certificates to include" you should see the value "-2" (which means "include
> all certificates except for the root certificate"). Change this value to "-1"
> (which means "include all certificates").
>
> This should fix the problem for all future emails that you sign with your
> certificate.
>
> Regards,
> Ingo



-- 
Mit freundlichen Grüßen
Sebastian Gödecke

More information about the kdepim-users mailing list