Fixed. Details ahead. On Thursday 16 November 2006 07:27, Werner Koch wrote: > On Thu, 16 Nov 2006 01:15, [EMAIL PROTECTED] said: > > Nope, still the same error: > > gpgsm: error creating signature: No value <KSBA> > > It would be helpfukl to see the actual output. If you don't want that > to appear on a public list, send it me by private mail.
After showing the certification chain to Werner, the error source was identified (gpgsm --dump-chain YOUR_KEY_ID). The root CA I'm using is bogus because its missing a basic contraint: chainLength: [none] However this did not showed up on gpgsm --dump-cert --with-validation. I said certificate was good. The workaround is to look up the fingerprint (sha1_fpr) of the offending key. In the case of /CN=GTE CyberTrust Global Root/OU=GTE CyberTrust Solutions, Inc./O=GTE Corporation/C=US the fingerprint is 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74 And the making sure that ~/.gnupg/trustlist.txt contains this line: 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74 S relax which tells to ignore the fact that chainLength is not a number nor "unlimited" like it should. BTW, this does not work with gnupg <= 1.9.16. In fact, I went through to version 2.0.0. There it works! Just a side note, I had to use just one character for my passphrase that protects the imported certificate, because anything longer would fail the check afterwards during retrieval. I didn't gave it too much attention yet... Werner, thanks a lot for your help! Pedro -- Angulo Sólido - Tecnologias de Informação http://angulosolido.pt _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
