Hello! When using gpgsm to encrypt a file, what is the primarily intended recipient format?
gpgsm -e -r xxxx file_to_be_encrypted.ext What to put in place of xxxx? Certificate were imported using gpgsm --import cert.pem, it shows in gpgsm --list-keys. Certificate is self signed and the only filed containing useful information is CN, there are some other fields containing junk. There is no e-mail address specified. Tried to specify user-IDs as told here: http://www.gnupg.org/documentation/manuals/gnupg-devel/Specify-a-User-ID.html#how-to-specify-a-user-id None of these methods worked, errors were as follows: By key ID. (#1 in list) Assumed that first entry in --list-keys, named ID is that, it was 0xD56CAEDD executing: gpgsm -e -r 0xD56CAEDD file.ext produced this error: gpgsm: can't encrypt to `0xD56CAEDD': No value By fingerprint. (#2 in list) Fingerprint was last entry in --list-keys, and it was 81:4A:73:CC:AB:BC:41:D3:D7:99:0F:A3:C0:75:AB:E0:D5:6C:AE:DD executing: gpgsm -e -r 81:4A:73:CC:AB:BC:41:D3:D7:99:0F:A3:C0:75:AB:E0:D5:6C:AE:DD file.ext produced error: gpgsm: can't encrypt to `0x81:4A:73:CC:AB:BC:41:D3:D7:99:0F:A3:C0:75:AB:E0:D5:6C :AE:DD': Invalid name removing 0x in beginnig of fingerprint, did change nothing By exact match on OpenPGP user ID. (#3 in list) Does not applies here, because does not applies to X509 certificates By exact match on an email address. (#4 in list) Does not applies here, because certificate does not contains an email address. By word match. (#5 in list) Only rememberable word there were CN (cert), executing: gpgsm -e -r +cert file.ext produced error: ../../gnupg2-2.0.17/kbx/keybox-search.c:858: oops; should never get here ../../gnupg2-2.0.17/kbx/keybox-search.c:858: oops; should never get here gpgsm: can't encrypt to `+cert': No public key By exact match on the subject's DN. (#6 in list) As specified in the list, subjects DN string was extracted from output of: gpgsm --list-keys --with-colons It was: CN=cert,OU=key_usage,O=no_specified,L=bez_ca,ST=undefined_type,C=lv executing: gpgsm -e -r /CN=cert,OU=key_usage,O=no_specified,L=bez_ca,ST=undefined_type,C=lv file.ext produced error: gpgsm: can't encrypt to `/CN=cert,OU=key_usage,O=no_specified,L=bez_ca,ST=undef ined_type,C=lv': No value By exact match on the issuer's DN. (#7 in list) Since this is a self signed certificate, DN string is the same. (except for # in front of string) Error was exactly the same as in previous case. By exact match on serial number and issuer's DN. (#8 in list) executing: gpgsm -e -r #01/CN=cert,OU=key_usage,O=no_specified,L=bez_ca,ST=undefined_type,C=lv file.ext produced error: gpgsm: can't encrypt to `#01/CN=cert,OU=key_usage,O=no_specified,L=bez_ca,ST=un defined_type,C=lv': No value By keygrip. (#9 in list) Keygrip obtained by --dump-cert was: 3992799455D8CCCFECA75FE1BD7708D8A7E2EFD6 executing: gpgsm -e -r &3992799455D8CCCFECA75FE1BD7708D8A7E2EFD6 file.ext produced error: gpgsm: missing argument for option "-r" '3992799455D8CCCFECA75FE1BD7708D8A7E2EFD6' is not recognized as an internal or external command, operable program or batch file. By substring match. (#10 in list) Tried on CN. Executing: gpgsm -e -r cert file.ext produced error: gpgsm: can't encrypt to `cert': No value If using partial substring (with * in beginning), error were the same: gpgsm -e -r *cert file.ext gpgsm: can't encrypt to `*cert': No value These were all 10 specified methods. Output of --list-keys: ID: 0xD56CAEDD S/N: 01 Issuer: /CN=cert/OU=key_usage/O=no_specified/L=bez_ca/ST=undefined_type/C=lv Subject: /CN=cert/OU=key_usage/O=no_specified/L=bez_ca/ST=undefined_type/C=lv validity: 2010-12-04 18:14:32 through 2011-12-04 06:33:15 key type: 1024 bit RSA chain length: none fingerprint: 81:4A:73:CC:AB:BC:41:D3:D7:99:0F:A3:C0:75:AB:E0:D5:6C:AE:DD Output of --dump-cert: ID: 0xD56CAEDD S/N: 01 Issuer: CN=cert,OU=key_usage,O=no_specified,L=bez_ca,ST=undefined_type,C=lv Subject: CN=cert,OU=key_usage,O=no_specified,L=bez_ca,ST=undefined_type,C=lv sha1_fpr: 81:4A:73:CC:AB:BC:41:D3:D7:99:0F:A3:C0:75:AB:E0:D5:6C:AE:DD md5_fpr: FB:F8:0D:AA:1F:2F:F9:F8:28:40:7E:B7:49:DB:7F:F3 certid: 3A409A4E9141A06D70B234CC5716FAEF282A3477.01 keygrip: 3992799455D8CCCFECA75FE1BD7708D8A7E2EFD6 notBefore: 2010-12-04 18:14:32 notAfter: 2011-12-04 06:33:15 hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) keyType: 1024 bit RSA subjKeyId: [none] authKeyId: [none] keyUsage: [none] extKeyUsage: [none] policies: [none] chainLength: [none] crlDP: [none] authInfo: [none] subjInfo: [none] Is there a way for recipient just specify a certificate file in pem format? (Without using keyring.) Is it possible to import pem format private keys? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
