On Fri, 23 Feb 2018 19:21, j...@netbsd.org said: > ATM (with gpgsm (GnuPG) 2.2.4) , due to [1], gpgsm cannot sign > certificate for which a public key has been imported but without an > associated private key to it (disregarding the self-signing
What you here is to create CSR (Certifciate Signing Request) for a new certificate. This involves a signature done with the private key for the public key in that CSR. > gpgsm: line 1: error getting key by keygrip 'D3513A1E...48E0BDB6D35': > No such file or directory > gpgsm: error creating certificate request: No such file or directory You simply don't have that key. What you enter there is the key grip For example: $ gpgsm --with-keygrip -K 0x05B0DC50 ID: 0x05B0DC50 S/N: 2A821ECCEBFE1AFF Issuer: /CN=The STEED Self-Signing Nonthority Subject: /CN=John Steed aka: st...@itv.example.org.uk validity: 2011-12-06 20:30:46 through 2063-04-05 17:00:00 key type: 1024 bit RSA fingerprint: EC:6E:9C:33:24:6A:6F:04:FC:98:89:9A:5A:25:73:9E:05:B0:DC:50 keygrip: 254C073ED986EE4EA5F8059A753DAC1FFD245999 If you enter the value in the last line at the prompt, the very same key would be used for a new certificate. > Would it make sense to relax the test in [1] and allow certificate > creation when we are not issuing a self-sign cert? That would violate the standard for creating a CSR. Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpyRg5owxJag.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users