On Sunday 20 of May 2007 16:47:00 Mick wrote: > On Sunday 20 May 2007 13:53, Jure Varlec wrote: > > On Sunday 20 of May 2007 13:24:09 Mick wrote: > > > Hi All, > > > > > > I am trying to get to grips with OpenSSL Certs in Kmail. I have > > > created a CA and then created and signed with it a certificate for my > > > email account (crt). Finally, I exported it as a pkcs12 bundle and > > > tried to import it as smime into Konqueror & Kmail. All went seemingly > > > well, except for: > > > > > > 1. When I tried to specify which cert to use in > > > Kmail/Indentity/Cryptography I can see my imported Cert, but as I > > > select it a red X comes up on the key symbol. I assume then that it is > > > not suitable for smime > > > signatures/encryption? > > > 2. When I run gpgsm -K I get: > > > =========================================== > > > [snip] > > > validity: 2007-05-19 18:12:12 through 2010-05-18 18:12:12 > > > key type: 4096 bit RSA > > > key usage: [error: No value] > > > chain length: [error: No value] > > > =========================================== > > > > > > which is different to another certificate I have obtained from > > > www.cacert.org: =========================================== > > > validity: 2007-04-23 13:49:42 through 2007-10-20 13:49:42 > > > key type: 2048 bit RSA > > > ext key usage: emailProtection (suggested), clientAuth (suggested), > > > 1.3.6.1.4.1.311.10.3.4 (suggested), serverGatedCrypto.ms (suggested), > > > serverGatedCrypto.ns (suggested) > > > =========================================== > > > > > > Any ideas what I need to do to make this certificate valid for use by > > > Kmail? > > > > > > PS. I am not sure if the above errors mean that there is anything wrong > > > with my certificate, as opposed to Kmail & Kleopatra. Any certificate > > > signed messages that I receive are not verified in Kmail - all I get > > > is: ==================================================== > > > Not enough information to check signature. [Details] > > > > > > Status: No status information available. > > > ==================================================== > > > > > > If I press on [Details] Kleopatra pops up showing my cert. Selecting > > > Verify just shows "done". > > > > > > Have you managed to make smime work with Kmail at all? > > > > Hello > > > > Heh, I dealt with a similar problem about a week ago. I'm not sure I'll > > ever understand all these certificate issues that seem to crop up on just > > about all platforms I ever used. > > > > As, for the solution, it seem Kleopatra wants app-crypt/dirmngr, emerging > > it solved my problem. I'm not sure why relevant KDE apps don't depend on > > it. > > Thanks Jure, I'm afraid it didn't help in my case. :( > > When I try to sign a message with my cacert.org certificate it fails > with: "Signing failed: General error". Adding my selfsigned certificate > also fails (but his may have something to do with the way I generated the > certificate, rather than Kmail). This is sooo complicated compared to > GnuPG. > > Anything else I could try?
Hm, installing dirmngr should at least get rid of the "Not enough information to check signature" problem. *shrugs* I suggest you start kwatchgnupg, it listens on the gnupg socket and displays all messages your apps send through there. It's the only way I found to see what's actually going on, because kmail's and kleopatra's error messages couldn't be less informative. Hopefully, that should give a clue as to what to do next. Regards Jure
signature.asc
Description: This is a digitally signed message part.