Hi James, On Thursday 27 March 2014 at 21:50:16, James B. Byrne wrote: > However, gpgsm does not seem to want to deal with our certificates and I > lack the experience or knowledge to determine exactly why. So, I am here > asking for your assistance to resolve this problem. > > I started with a single certificate and key issued to myself and signed by > our CA: > > openssl pkcs12 -export -in 3F.pem -inkey 3F.key -out 3F.p12 > > I then attempted to import this into my gpg keyring via the command line > using gpgsm: > > gpgsm --import 3F.p12
> gpgsm[5321]: can't connect to `/home/byrnejb/.gnupg/S.gpg-agent': No such > file or directory > I gather from the first line of error that I should be running gpg-agent. Yes, you should run gpg-agent. It is also recommendable when using OpenPGP. Gpg-agent is the component dealing with the private certificates (that includes access to the (private) key material). It can also cache parts of this. Under some circumstances gpg-agent is started automatically, but because you may access gnupg/gpgsm functions from several applications/terminals, it makes a lot of sense to start it early. > I have read how to start this for command line sessions but I am hesitant > to do so before getting some expert help. The session manager I am using > for this is gnome-terminal running from a non-privileged gnome desktop > manager (gnome-desktop.x86_64-2.28.2). Should I start this from > .bash_profile, which would imply that a new gpg-agent would be started for > each new session window? or as some have suggested, start it from > .Xsession? or perhaps gpg-agent should not be started at all and I should > use some option on gpgsm to avoid the need for gpg-agent. info gnupg2 section Invoking GPG-AGENT is your friend. :) > In any case, I am also trying to determine how to load our CA root and CA > issuer certificates or at least make them known to gpg/gpgsm as this seems > necessary given what I have read in the man pages. See http://wiki.gnupg.org/X.509, I've linked by root certificate guide from there. Let me know how it works out for you! Bernhard -- www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member) Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998 Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
