On Fri, 23 Feb 2018 19:21, j...@netbsd.org said: > ATM (with gpgsm (GnuPG) 2.2.4) , due to [1], gpgsm cannot sign > certificate for which a public key has been imported but without an > associated private key to it (disregarding the self-signing
What you here is to create CSR (Certifciate Signing Request) for a new
certificate. This involves a signature done with the private key for
the public key in that CSR.
> gpgsm: line 1: error getting key by keygrip 'D3513A1E...48E0BDB6D35':
> No such file or directory
> gpgsm: error creating certificate request: No such file or directory
You simply don't have that key. What you enter there is the key grip
For example:
$ gpgsm --with-keygrip -K 0x05B0DC50
ID: 0x05B0DC50
S/N: 2A821ECCEBFE1AFF
Issuer: /CN=The STEED Self-Signing Nonthority
Subject: /CN=John Steed
aka: st...@itv.example.org.uk
validity: 2011-12-06 20:30:46 through 2063-04-05 17:00:00
key type: 1024 bit RSA
fingerprint: EC:6E:9C:33:24:6A:6F:04:FC:98:89:9A:5A:25:73:9E:05:B0:DC:50
keygrip: 254C073ED986EE4EA5F8059A753DAC1FFD245999
If you enter the value in the last line at the prompt, the very same key
would be used for a new certificate.
> Would it make sense to relax the test in [1] and allow certificate
> creation when we are not issuing a self-sign cert?
That would violate the standard for creating a CSR.
Shalom-Salam,
Werner
--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpyRg5owxJag.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
