On Fri, 21 Oct 2005 15:03:46 +0200, Joost van Baal said: > I am having troubles getting S/MIME emails (or CMS blobs) processed by > GPGME. (Since GPGME uses libksba, it _should_ be able to handle these, > I guess).
Yes, it does. > For instance, when creating a detached-signed S/MIME email message, > splitting the body off, and de-base64-ing the signature with > recode /Base64 < sig.base64 > sig.CMS I don't know what kind of recode this is. I usually use mimencode -u, > , calling gpgsm gives: > gpgsm --verify sig.CMS body.txt > gpgsm: Signature made 2005-10-21 11:40:54 using certificate ID 090E2BFC > gpgsm: invalid signature: message digest attribute does not match calculated > one You did something wrong when parsing the orginal message. For example, you need to make sure that CR,LF are used. Use gpgsm's option --debug 512 to create dump files with the actual data hashed (i.e. signed). Check them. > gpgsm: unsupported algorithm `1.2.840.113549.3.2' > gpgsm: (this is the RC2 algorithm) > gpgsm: message decryption failed: Unsupported algorithm <GpgSM> Well, unsupported. > Unfortunately I can't check this operation with openssl, since I have no > way to export the private key from the keystore to a .pem-file, suitable > for import to openssl... gpgsm --export-secret-key-p12 (you better get the latest gpgsm versions because we fixed a couple of bugs recently. > Any pointers or clues are very welcome. If more information about my > setup is needed, I gladly supply these. Check out how Mutt does it. In particular the file crypt-gpgme.c from the 1.5.x series or the CVS head. There is also a tool named tools/gpgparsemail.c in GnuPG 1.9 - it does S/MIME verification. Shalom-Salam, Werner _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
