Can I use my Microsoft Outlook S/MIME certificate with gpgsm.exe ?

[Dan Bryant]

So I work for a large company that has their own internal CA and
maintains their own set of S/MIME certificates.  We periodically have
to re-enroll in S/MIME and import the certificate into Microsoft
Outlook to have encrypt / sign functionality.  This time when I
enrolled for my recent certificate, I went ahead and added my S/MIME
to gpgsm.  Import looked good (I guess), but I'm unable to sign.  I've
looked at the public and private keys and it looks like the whole
chain is imported.  Kleopatra also has them showing up in the right
hierarchical order.  I apologize for clipping some of my command
output but our company is rather paranoid about publicly publishing
internal key data, even public key data.

$ gpgsm --version --verbose
gpgsm (GnuPG) 2.2.11
libgcrypt 1.8.4
libksba 1.3.5


$ gpgsm --import sMIME.pfx

gpgsm: total number processed: 4
gpgsm:  unchanged: 3
gpgsm:   secret keys read: 1
gpgsm:  secret keys unchanged: 1

$ echo hi | gpgsm --sign --armor --default-key 0x64208E9A
--disable-crl-checks --disable-policy-checks
gpgsm: error creating signature: No value 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Newbie: Installing Build Dependencies to gnupg-2.2.13 update from gnupg 2.0.22 on Ubuntu 14.04 LTS failed

[David]

On Wed, 27 Feb 2019 at 23:16, Oscar Carlsson via Gnupg-users
 wrote:
>
> And in future emails, try to [...] use pastebin like
> services and/or attach logs instead of adding them inline like this.

Why is that suggested?

If someone posts hundreds of kilobytes or more, I agree,
but in this case I argue the opposite, for these reasons.
Providing the information inline has several advantages:
1) all information is available in one place.
2) it's easy to quote/reference in email replies.
3) it's less work for the responders who don't have to cut
and paste from other places.
4) it avoids running pastebin javascript.
5) it preserves the integrity of the email archive, so that the
conversation can help future readers, particularly when pastebin sites
are ephemeral and/or provide only temporary storage.
6) some mailing lists strip attachments.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Newbie: Installing Build Dependencies to gnupg-2.2.13 update from gnupg 2.0.22 on Ubuntu 14.04 LTS failed

[Peter Lebbing]

On 13/03/2019 14:21, David wrote:
> If someone posts hundreds of kilobytes or more, I agree,
> but in this case I argue the opposite, for these reasons.

I fully agree. In fact, I much prefer someone include a lot of
information and maybe include too much than that the person trying to
help has to ask for more information. The one thing that would have made
the mail even better was if shell output was put between markers like
this:

--8<---cut here---start->8---
Terminal contents
--8<---cut here---end--->8---

Some mail clients auto-format this, which makes the e-mail more
readable, but even without special formatting it helps a /lot/ with the
flow.

> 4) it avoids running pastebin javascript.

In fact, Werner refuses to look at pastes on sites that require
JavaScript. That means you lose out on the expertise of the person who
knows the most about GnuPG! :-)

7) This is an FSF mailing list. Solely relying on libre services is much
preferred in any case. Suggesting people use non-free software quickly
ends up in the "not allowed here" territory!

Back on topic, I /do/ completely agree with Oscar Carlsson that it is
rather futile to compile stuff for an OS that will be unsupported in a
few weeks. Running an unsupported OS should not be done in almost every
instance. Running security software like GnuPG on an unsupported OS is
an enormous red flag and defeats the purpose of GnuPG IMNSHO.

My 2 cents,

Peter.

PS: I found it ironic that the person admonishing someone to be concise
was the one who forgot to trim the quotes per list rules :-P. This is
tongue in cheek and should not be taken seriously.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users