So I work for a large company that has their own internal CA and maintains their own set of S/MIME certificates. We periodically have to re-enroll in S/MIME and import the certificate into Microsoft Outlook to have encrypt / sign functionality. This time when I enrolled for my recent certificate, I went ahead and added my S/MIME to gpgsm. Import looked good (I guess), but I'm unable to sign. I've looked at the public and private keys and it looks like the whole chain is imported. Kleopatra also has them showing up in the right hierarchical order. I apologize for clipping some of my command output but our company is rather paranoid about publicly publishing internal key data, even public key data.
$ gpgsm --version --verbose gpgsm (GnuPG) 2.2.11 libgcrypt 1.8.4 libksba 1.3.5 <clip> $ gpgsm --import sMIME.pfx <clip> gpgsm: total number processed: 4 gpgsm: unchanged: 3 gpgsm: secret keys read: 1 gpgsm: secret keys unchanged: 1 $ echo hi | gpgsm --sign --armor --default-key 0x64208E9A --disable-crl-checks --disable-policy-checks gpgsm: error creating signature: No value <KSBA> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
