Quoting Werner Koch <[EMAIL PROTECTED]>:
On Wed, 21 Dec 2005 14:23:26 -0600, Aleksandar Milivojevic said:
gpgsm: gpgsm: GPG_TTY has not been set - using maybe bogus default
gpgsm: gpg-protect-tool: Secure memory is not locked into core
gpgsm: gpg-protect-tool: gpg-agent is not available in this session
You need to start gpg-agent first; importing p12 files is not possible
with an on-demand loaded gpg-agent.
gpg-agent --daemon /bin/sh
is probably the easiest way for testing this. Within this shell run
the import again. Use exit to sto the agent then.
Hint: Running just gpg-agent will show whether an agent is available.
It was two things. The gpg-agent was the first one. The second one was the
pinentry program (I didn't have one). After downloading and installing it, I
was able to import PKCS#12 file. Might be good idea if configure script was
checking if pinentry is installed and complaining if it wasn't, like for other
dependencies.
Another question is about support for non US-ASCII characters in
certificates
(something tells me you might be getting lot of these questions). I've
received one certificate that has some accented letters in CN and OU. After
importing it, and then doing "gpgsm --list-keys", the output shows
the Subject
without CN and OU (only O, L, ST and C are displayed). Is this certificate
gpgsm always displays utf-8 thus they may look weir depending on
your locale setting.
The thing is, it wasn't displaying them at all. As if they were not there.
Example (removed non-relevant lines from output):
$ echo $LANG
en_US.UTF-8
$ openssl x509 -noout -text -in test.crt
Subject: C=CA, ST=Quebec, L=Montreal,
O=\x00T\x00e\x00s\x00t\x00_\x00I\x00m\x00p\x00r\x00i\x00m\x00e\x00u\x00r,
OU=\x00T\x00e\x00s\x00t\x00_\x00I\x00m\x00p\x00r\x00i\x00m\x00e\x00u\x00r,
CN=\x00T\x00e\x00s\x00t\x00_\x00I\x00m\x00p\x00r\x00i\x00m\x00e\x00u\x00r
$ gpgsm --import test.crt
$ gpgsm --list-keys
Subject: /L=Montreal/ST=Quebec/C=CA
As you can see, the CN, O and OU attributes are missing in output. Only the
"clean US-ASCII" C, ST and L are present. Openssl displayed them all
using hex
notation (they look weir, but they are there). I know that gpgsm imported the
certificate correctly (if I export it into a file, and then run openssl x509
-text on it, it displays correct Subject). If I import that same certificate
into Windows machine, it is also displayed correctly (this time no weir
stuff).
BTW, the certificate in this example is almost unselectable using
gpgsm. The CN
is in UTF-8, but when I looked closer into it, it doesn't really contain any
non-US-ASCII characters. It just reads "Test_Imprimeur" (just remove
all those
"\x00"). However if I do 'gpgsm --list-keys CN=Test_Imprimeur', nothing is
displayed.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
