Re: decrypt and trusting certs

From: "Albrecht Dreß" <albrecht dress arcor de>
To: mdiener futurelab ch, albrecht dress arcor de
Cc: balsa-list gnome org
Subject: Re: decrypt and trusting certs
Date: Fri, 5 Oct 2012 10:08:29 +0200 (CEST)

Dear Michael:

> I checked again and yes, Balsa is not compiled with S/MIME support enabled on Debian wheezy. But that's no problem. Check out the source, change the flag and pack it again.

O.k., didn't know that...

> There seems to be no error in the gpg me log. I see that balsa is using gpg and not gpg2, might this cause some errors?

Gpgme should transparently handle both, but I recommend to de-install gpg and use only gpg2.

> I added all these entries (I had disable-crl-checks in my config file) but it didn't change the behaviour. For example when I click on your mail no pop-ups are shown and when I try to validate the certificate (with the validate button) I get the following error on the console:
> 
> ** Message: could not retrieve the key with fingerprint 9FFF6E9CD027FFD1: GPGME: End of file

I use a gpg key - do you have the

keyserver hkp://subkeys.pgp.net   # or some other server
keyserver-options auto-key-retrieve
use-agent

options set in ~/.gnupg/gpg.conf?  Do you use a proxy, which is configured properly?  Please do also check if the environment variable GPG_AGENT_INFO points to your running gpg-agent.

You might try to run

gpg2 --refresh-keys

or

gpg2 --search-keys 'albrecht dress arcor de'

as to check if the gpg2 key server setup works.

> Now when I go to the console and run gpgsm -k --with-validation I get a ton of error messages from dirmngr. A lot of them stating command LOOKUP failed: Not found. And a lot of my certificates are marked with Configuration Error or Not Trusted, however, I was never asked if I want to trust them or not (and yes, I do have allow-mark-trusted in my gpg-agent.conf).

I must admit that I (although I wrote the Balsa crypto code) have very few experience with the S/MIME stuff - I use gpg...  This looks as if the gpgsm/dirmngr setup is somehow broken/incomplete.  Did you try to run gpgsm from the console, i.e. try to sign, encrypt, decrypt, or verify a file?

As I mentioned in my previous mail, Balsa simply talks to gpgme which in turn calls the crypto apps.  Thus, if anything fails, in 90% of the cases this is caused by the underlying infrastructure.

> Atatched you can find the gpgme log. Since today (after isntalling gpg2) I can't seem to be able to sign mails anymore. You can see in the gpgme log that there is a "general error".

Strange.  However, as you're talking to gpgsm, this is *not* related to gpg2.  I again guess it's something related to your gpgsm/dirmngr setup.

> Thanks a lot for the help, Albrecht! I really appreciate that!

You're welcome.  I'll be out for vacation for a few days, btw, without access to the internet.  So please be patient if I don't answer quickly...

Cheers, Albrecht.

Follow-Ups:
- Re: decrypt and trusting certs
  - From: Michael Diener

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]