gpgsm --verify
Stefan Claas
stefan.claas at posteo.de
Tue May 1 10:55:52 CEST 2018
Am 23.04.18 um 08:50 schrieb Stefan Claas:
> Am 23.04.18 um 08:36 schrieb Werner Koch:
>> On Sun, 22 Apr 2018 20:26, stefan.claas at posteo.de said:
>>
>>> i was wondering when receiving an S/MIME
>>> message created with Thunderbird, how do
>>> i properly verify the message with gpgsm?
>> You need to de-compose the S/MIME message to get the CMS objects.
>> Despit ethe name, gpgsm does not known about S/MIME (or MIME at all) and
>> thus can't parse it. That is actually the same as with PGP/MIME which
>> can't be handled directly by gpg [1].
>>
>> In gnupg/tools/ you can find a basic MIME parser but it is not well
>> documented and only used for manual testing.
>>
> Thank you very much for the information!
>
> I will check out the MIME parser.
Just for the record...
I was not able to successfully compile the parser and did
therefore the following:
I saved in Thunderbird my original message from this thread.
Edited out the additional headers the list server has added,
so that the saved message looks like this:
[snip]
Sender: "Gnupg-users" <gnupg-users-bounces at gnupg.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha-256; boundary="------------ms070707040603000709040508"
This is a cryptographically signed message in MIME format.
--------------ms070707040603000709040508
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Language: de-DE
Hi all,
i was wondering when receiving an S/MIME
message created with Thunderbird, how do
i properly verify the message with gpgsm?
As an example i sign now this message
and would appreciate any tips!
P.S. when i do a verify on a Thunderbird
S/MIME message i always get:
gpgsm: enabled debug flags: ipc
gpgsm: ksba_cms_parse failed: Dateiende
secmem usage: 0/16384 bytes in 0 blocks
Best regards
Stefan
--------------ms070707040603000709040508
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
[snip]
pfXbwE0DHTM+Fp8xjnGXHBD+8Jfp/R5pAVZehZXh6UYzFMjdS6LzWWM+c2/M9Cum2GS49Q8d
g82Q6zqwFZp4LvVfAAAAAAAA
--------------ms070707040603000709040508--
and for de-composing the message i used openssl, so that i had the
content ready to be verified by gpgsm. IMHO not the smartest way,
i assume, but for me as a Mac dummie it works.
openssl cms -verify -in original.eml > message.txt && \
openssl cms -cmsout -in original.eml | \
sed "1,4d" | base64 -d > file.sig && \
gpgsm --verify file.sig message.txt
Regards
Stefan
More information about the Gnupg-users
mailing list