handling S/MIME messages with gpgsm

Joost van Baal J.E.vanBaal+gnupg-users at uvt.nl
Fri Oct 21 15:03:46 CEST 2005 

Hi,

[Please honor Mail-Followup-To and Cc me on replies: I am not subscribed
to this list.]

Summary: please tell me how to handle S/MIME decryption and verification
with gpgsm.

I am working on integrating PGP and S/MIME with the Mailman mailing list
manager, see http://non-gnu.uvt.nl/pub/mailman/ .  I am considering
using GPGME for this, with the pyme python interface.

I am having troubles getting S/MIME emails (or CMS blobs) processed by
GPGME.  (Since GPGME uses libksba, it _should_ be able to handle these,
I guess).

For instance, when creating a detached-signed S/MIME email message,
splitting the body off, and de-base64-ing the signature with

 recode /Base64 < sig.base64 > sig.CMS

, calling gpgsm gives:

 gpgsm --verify sig.CMS body.txt

 gpgsm: Signature made 2005-10-21 11:40:54 using certificate ID 090E2BFC
 gpgsm: invalid signature: message digest attribute does not match calculated one

.  Feeding the complete message to openssl leads to a fine verification:

 openssl smime -verify -CAfile CA/ca-cert.pem mail.msg

 Verification successful

Decrypting a de-base64-ed S/MIME message fails too:

 gpgsm --decrypt < encrypt.CMS

 gpgsm: unsupported algorithm `1.2.840.113549.3.2'
 gpgsm: (this is the RC2 algorithm)
 gpgsm: message decryption failed: Unsupported algorithm <GpgSM>

Unfortunately I can't check this operation with openssl, since I have no
way to export the private key from the keystore to a .pem-file, suitable
for import to openssl...

My setup allows me to encrypt and decrypt .pem files, using pyme's
op_encrypt() and op_decrypt() routines.

Any pointers or clues are very welcome.  If more information about my
setup is needed, I gladly supply these.

Thanks, Bye,

Joost

-- 
Joost van Baal                            http://abramowitz.uvt.nl/
                                                 Tilburg University
j.e.vanbaal at uvt.nl                                  The Netherlands

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: Digital signature
Url : /pipermail/attachments/20051021/c9a819f0/attachment-0001.pgp

More information about the Gnupg-users mailing list