Does gpgsm support ECDSA-with-sha256 signature?

Ingo Klöcker kloecker at kde.org
Sun Feb 6 16:04:25 CET 2022


On Sonntag, 6. Februar 2022 08:07:21 CET Borden via Gnupg-users wrote:
> According to dev.gnupg.org <https://dev.gnupg.org/T4092>, EC support has
> been in gpgsm for a while now. However, I cannot import an EC
> certificate/key pair (generated by CPanel via COMODO) into gpgsm . This is
> a bummer because Kleopatra is basically a gpgsm frontend.
[snip]
> However, when I subsequently import the CA bundle, gpgsm does not mark my
> certfiicate as certified, implying that there's some breakage in the trust
> chain.
[snip]
> If  anybody wants to play with this, I've uploaded the CA bundle to
> https://paste.debian.net/1229750/ and my certificate to
> https://paste.debian.net/1229751/ . Both links will expire on 9 February
> 2022.

gpgsm 2.3.4 imports those two files without any warnings.

After marking the "COMODO ECC Certification Authority" root certificate as 
trusted with Kleopatra, the "cse.emmarhodes.ca" is listed as certified (after 
pressing F5 to reload the certificates -> seems to be an update problem).

The necessary changes may not have been backported to GnuPG 2.2.x.

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220206/61153ad6/attachment-0001.sig>


More information about the Gnupg-users mailing list