Hi, On 06/16/2017 10:27 AM, Binarus wrote:
Unfortunately, I didn't find any hint on how to extract that key. It is in the certificate for sure, and I think I will eventually be able to dump it after playing some time with OpenSSL, but then I eventually won't know how to integrate it into Enigmail / gpg4win.
Well, there is the Monkeysphere's pem2openpgp tool [1], but AFAIK it only works with *private* keys, not public keys.
Furthermore, I am still not sure if this is just a matter of transforming the key or if the whole software / data exchange protocol depends on the sort of key. In other words, even if I would manage to extract the key and to integrate it into the Enigmail / gpg4win world, would the communication partner be able to decrypt the respective messages?
No. You would generate an OpenPGP-encrypted message that your partner won't be able to decrypt using their S/MIME software. They would need an OpenPGP implementation (be it GnuPG or any other one).
The bottom line seems to be that I can't use Enigmail / gpg4win to exchange email with communication partners which provide their keys in form of certificates. This does not make much sense since there is a strong trend among the big companies to provide only PGP certificates instead of PGP keys.
You seem to be confused between OpenPGP certificates and X.509 certificates, and I think this is the root of your problem.
Let me try to explain.There are two completely independent standard for e-mail encryption and signing: OpenPGP and S/MIME.
Each standard uses its own formats. OpenPGP uses OpenPGP certificates (which are called "public key" out of habit, but they really are certificates), and S/MIME uses X.509 certificates.
Both partners in a conversation have to use the same standard, either OpenPGP or S/MIME (of course they can use *any* software implementing the same standard, because that's what standards are all about).
Now what you got from your partner is a X.509 certificate, which means that said partner is using S/MIME, not OpenPGP.
There's no many options here: you and your partner must agree on the standard you use for your communications. Either you convince your partner to switch to OpenPGP when he is communicating with you, or you switch yourself to S/MIME when you're communicating with him.
Slightly off-topic: Does anybody eventually know if and when Enigmail / gpg4win will support certificates?
Thunderbird already supports S/MIME and X.509 certificates natively, you do not need Enigmail for that.
Damien [1] http://web.monkeysphere.info/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
