Re: decrypt and trusting certs
- From: "Albrecht Dreß" <albrecht dress arcor de>
- To: mdiener futurelab ch, albrecht dress arcor de
- Cc: balsa-list gnome org
- Subject: Re: decrypt and trusting certs
- Date: Fri, 5 Oct 2012 10:08:29 +0200 (CEST)
Dear Michael:
> I checked again and yes, Balsa is not compiled with S/MIME support enabled on Debian wheezy. But that's no problem. Check out the source, change the flag and pack it again.
O.k., didn't know that...
> There seems to be no error in the gpg me log. I see that balsa is using gpg and not gpg2, might this cause some errors?
Gpgme should transparently handle both, but I recommend to de-install gpg and use only gpg2.
> I added all these entries (I had disable-crl-checks in my config file) but it didn't change the behaviour. For example when I click on your mail no pop-ups are shown and when I try to validate the certificate (with the validate button) I get the following error on the console:
>
> ** Message: could not retrieve the key with fingerprint 9FFF6E9CD027FFD1: GPGME: End of file
I use a gpg key - do you have the
keyserver hkp://subkeys.pgp.net # or some other server
keyserver-options auto-key-retrieve
use-agent
options set in ~/.gnupg/gpg.conf? Do you use a proxy, which is configured properly? Please do also check if the environment variable GPG_AGENT_INFO points to your running gpg-agent.
You might try to run
gpg2 --refresh-keys
or
gpg2 --search-keys 'albrecht dress arcor de'
as to check if the gpg2 key server setup works.
> Now when I go to the console and run gpgsm -k --with-validation I get a ton of error messages from dirmngr. A lot of them stating command LOOKUP failed: Not found. And a lot of my certificates are marked with Configuration Error or Not Trusted, however, I was never asked if I want to trust them or not (and yes, I do have allow-mark-trusted in my gpg-agent.conf).
I must admit that I (although I wrote the Balsa crypto code) have very few experience with the S/MIME stuff - I use gpg... This looks as if the gpgsm/dirmngr setup is somehow broken/incomplete. Did you try to run gpgsm from the console, i.e. try to sign, encrypt, decrypt, or verify a file?
As I mentioned in my previous mail, Balsa simply talks to gpgme which in turn calls the crypto apps. Thus, if anything fails, in 90% of the cases this is caused by the underlying infrastructure.
> Atatched you can find the gpgme log. Since today (after isntalling gpg2) I can't seem to be able to sign mails anymore. You can see in the gpgme log that there is a "general error".
Strange. However, as you're talking to gpgsm, this is *not* related to gpg2. I again guess it's something related to your gpgsm/dirmngr setup.
> Thanks a lot for the help, Albrecht! I really appreciate that!
You're welcome. I'll be out for vacation for a few days, btw, without access to the internet. So please be patient if I don't answer quickly...
Cheers, Albrecht.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]