Page MenuHomePhorge

Can't use smime keys in kmail
Closed, ResolvedPublic8 Story Points

Description

A self-signed smime certificate cannot be trusted in kleopatra and it is consequently not selectable for encryption or signing. We need to figure out if this applies only to self signed certificates or if that is a general problem.

Details

Ticket Type
Task

Related Objects

Event Timeline

mollekopf claimed this task.
mollekopf raised the priority of this task from to High.
mollekopf updated the task description. (Show Details)
mollekopf added projects: Restricted Project, Restricted Project, KDE PIM.
mollekopf changed Ticket Type from Task to Task.
mollekopf added subscribers: knauss, mollekopf.
  • you need to create a PCKS12 for import into kleopatra

http://serverfault.com/questions/103263/can-i-create-my-own-s-mime-certificate-for-email-encryption

  • that PCKS12 can be imported via kleopatra,but the trusted issuer is not set to ulimate after import
Marking it has trusted can be done by manually editing the
file ~/.gnupg/trustlist.txt (there are instructions on the top) or by
putting a line "allow-mark-trusted" into ~/.gnupg/gpg-agent.conf" and
giving gpg-agent a HUP.  With allow-mark-trusted active, gpg-agent will
ask you whether you trust that root certificate and insert it for you
into the trustlist.txt.

https://lists.gnupg.org/pipermail/gnupg-users/2009-February/035754.html

  • the docu to kleopatra also metion these things:

https://docs.kde.org/stable4/en/kdepim/kleopatra/menucertificates.html

till now i did not get my self signed certificate shown as trust ulimate :(

knauss moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Aug 18 2015, 2:01 PM

I could trust my root certificate, but then not the subcertificates...

is the trust ultimate? so if you look to keydetails "trusted issue: yes" ?

mollekopf moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Aug 21 2015, 10:44 AM

The problem was the CRL checking that is broken with no certificate revocation list in the certificate. The workaround is to disable CRL checking.

mollekopf moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.