On Sunday 20 May 2007 16:54, Jure Varlec wrote: > Hm, installing dirmngr should at least get rid of the "Not enough > information to check signature" problem. *shrugs* > I suggest you start kwatchgnupg, it listens on the gnupg socket and > displays all messages your apps send through there. It's the only way I > found to see what's actually going on, because kmail's and kleopatra's > error messages couldn't be less informative. > > Hopefully, that should give a clue as to what to do next.
Thanks again Jure, I am getting this much now when I try to look at a message sent to me encrypted and signed with a cacert.org certificate: ============================================================ [client at fd 4 connected] 4 - 2007-05-20 17:41:09 gpgsm[9033.0x80806a0] DBG: -> Home: ~/.gnupg 4 - 2007-05-20 17:41:09 gpgsm[9033.0x80806a0] DBG: -> Config: /home/michael/.gnupg/gpgsm.conf 4 - 2007-05-20 17:41:09 gpgsm[9033.0x80806a0] DBG: -> AgentInfo: /tmp/gpg-IOOUO2/S.gpg-agent:7251:1 4 - 2007-05-20 17:41:09 gpgsm[9033.0x80806a0] DBG: -> DirmngrInfo: [not set] 4 - 2007-05-20 17:41:09 gpgsm[9033.0x80806a0] DBG: -> GNU Privacy Guard's S/M server 1.9.21 ready 4 - 2007-05-20 17:41:09 gpgsm[9033.0x80806a0] DBG: <- OPTION display=:0.0 4 - 2007-05-20 17:41:09 gpgsm[9033.0x80806a0] DBG: -> OK 4 - 2007-05-20 17:41:09 gpgsm[9033.0x80806a0] DBG: <- OPTION lc-ctype=C 4 - 2007-05-20 17:41:09 gpgsm[9033.0x80806a0] DBG: -> OK 4 - 2007-05-20 17:41:09 gpgsm[9033.0x80806a0] DBG: <- OPTION lc-messages=C 4 - 2007-05-20 17:41:09 gpgsm[9033.0x80806a0] DBG: -> OK 4 - 2007-05-20 17:41:10 gpgsm[9033.0x80806a0] DBG: <- INPUT FD=15 4 - 2007-05-20 17:41:10 gpgsm[9033.0x80806a0] DBG: -> OK 4 - 2007-05-20 17:41:10 gpgsm[9033.0x80806a0] DBG: <- OUTPUT FD=19 4 - 2007-05-20 17:41:10 gpgsm[9033.0x80806a0] DBG: -> OK 4 - 2007-05-20 17:41:10 gpgsm[9033.0x80806a0] DBG: <- DECRYPT 4 - 2007-05-20 17:41:10 gpgsm[9033]: unsupported algorithm `1.2.840.113549.3.2' 4 - 2007-05-20 17:41:10 gpgsm[9033]: (this is the RC2 algorithm) 4 - 2007-05-20 17:41:10 gpgsm[9033.0x80806a0] DBG: -> S ERROR decrypt.algorithm 50331732 1.2.840.113549.3.2 4 - 2007-05-20 17:41:10 gpgsm[9033.0x80806a0] DBG: -> S DECRYPTION_FAILED 4 - 2007-05-20 17:41:10 gpgsm[9033]: message decryption failed: Unsupported algorithm 4 - 2007-05-20 17:41:10 gpgsm[9033.0x80806a0] DBG: -> ERR 50331732 Unsupported algorithm 4 - 2007-05-20 17:41:10 gpgsm[9033.0x80806a0] DBG: <- BYE 4 - 2007-05-20 17:41:10 gpgsm[9033.0x80806a0] DBG: -> OK closing connection [client at fd 4 disconnected] ============================================================ I notice two things above; a)the DirmngrInfo: [not set] is telling me that the dirmngr has not been set yet - is this OK? and, b)gpgsm spits feathers when it sees the RC2 algorithm?! When I try to compose a message and select to use a cacert.org certificate I am getting these messages: ============================================================ 4 - 2007-05-20 17:49:28 gpgsm[9059]: DBG: connection to agent established 4 - 2007-05-20 17:49:28 gpgsm[9059]: can't connect to the dirmngr - trying fall back 4 - 2007-05-20 17:49:28 gpgsm[9059]: no running dirmngr - starting `/usr/bin/dirmngr' 4 - 2007-05-20 17:49:28 gpgsm[9059]: DBG: connection to dirmngr established ============================================================ which shows me that dirmngr is being brought up when required - probably the previous message about not being set is nothing to worry about then. Then I am getting dirmngr trying to connect to cacert.org to verify the certificate I am going to use: =========================================================== 6 - 2007-05-20 17:49:30 dirmngr[9060.0x8080078] DBG: -> INQUIRE SENDISSUERCERT 6 - 2007-05-20 17:49:30 dirmngr[9060.0x8080078] DBG: <- [ 44 20 30 82 07 3d 30 82 05 25 32 35 a0 03 02 01 02 02 01 00 30 25 30 44 06 09 [snip...] 6 - 2007-05-20 17:49:30 dirmngr[9060.0x8080078] DBG: <- [ 44 20 31 1e 30 1c 06 03 55 04 0b 13 15 68 74 74 70 3a 2f 2f 77 77 77 2e 63 61 63 65 72 74 2e 6f 72 67 31 22 30 20 06 03 55 04 03 13 19 43 41 20 43 65 72 74 [snip...] 6 - 2007-05-20 17:49:30 dirmngr[9060.0x8080078] DBG: <- END 6 - 2007-05-20 17:49:30 dirmngr[9060]: using OCSP responder `http://ocsp.cacert.org' 6 - 2007-05-20 17:49:31 dirmngr[9060]: OCSP responder at `http://ocsp.cacert.org' status: success 6 - 2007-05-20 17:49:31 dirmngr[9060.0x8080078] DBG: -> S ONLY_VALID_IF_CERT_VALID D6A20C9D62F2892DABCA9B67[snip] 6 - 2007-05-20 17:49:31 dirmngr[9060]: certificate status is: good (this=20070516T061242 next=20070520T165947) 6 - 2007-05-20 17:49:31 dirmngr[9060]: OCSP responder returned a non-current status 6 - 2007-05-20 17:49:31 dirmngr[9060]: now: 20070520T165931 this_update: 20070516T061242 6 - 2007-05-20 17:49:31 dirmngr[9060]: command ISVALID failed: Time conflict 6 - 2007-05-20 17:49:31 dirmngr[9060.0x8080078] DBG: -> ERR 167772199 Time conflict 4 - 2007-05-20 17:49:31 gpgsm[9059]: response of dirmngr: ec=10.39 4 - 2007-05-20 17:49:31 gpgsm[9059.0x80806a0] DBG: -> D crs:i:2048:1:CC3E6023C[snip...] 6F6D,CN=CAcert WoT User::%0Auid:i:::::::::: %0Auid:i::::::::::%0A 4 - 2007-05-20 17:49:32 gpgsm[9059.0x80806a0] DBG: -> OK [client at fd 7 connected] =========================================================== What's this "Time conflict" about? My cert is valid from 2007-04-23 to 2007-10-20. Shall I disable "Validate Certificates Online" in Kmail's crypto preferences? Is CRL preferable? Grateful for your views on the above and any more suggestions. :) -- Regards, Mick
pgpoSQunWXzpp.pgp
Description: PGP signature
