error signing data: Not trusted
Werner Koch
wk at gnupg.org
Tue Aug 26 10:36:14 CEST 2025
On Fri, 22 Aug 2025 01:21, Patrick Ben Koetter said:
> My S/MIME key is valid until 2027 and the key's cert is imported into gpgsm as
> well. What is it I'm missing? The CA cert? Can I / must I set a trust for a
> (CA) cert? Any help to debug is very much welcome as I don't really know what
Yes you need to assign trust to the Root-CA cert. Unless the
"no-allow-mark-trusted" option is set in gpg-agent.conf you should see a
prompt to verify the fingerprint of the Root CA's certificate. If that
option is set you need to insert it yourself into ~/.gnupg/trustlist.txt
- there is a comment at the top explaining it. Rules for GnuPG
(VS-)Desktop are a bit different; see the respecitive FAQ.
I would suggest to run
gpgsm --list-chain --with-validation <user-id>
This should give enough hints on what is going on.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250826/5d36659e/attachment-0001.sig>
More information about the Gnupg-users
mailing list