Simon Josefsson <[EMAIL PROTECTED]> writes: > I'm trying to sign something using gpgsm and a smartcard, but here is > what happens: ... > Where do I put the CRL that will be checked? > > Alternatively, how can I tell gpgsm/dirmngr to not check any CRL?
I solved this myself, sorry for the noise. For the record: Use --disable-crl-checks to disable CRL checks. Also, you must put the CA fingerprint in your trustlist.txt: [EMAIL PROTECTED]:~$ cat /home/jas/.gnupg/trustlist.txt 15:32:B4:BA:5A:8A:79:88:CA:26:42:83:59:1B:A3:A2:1C:0B:CC:24 S [EMAIL PROTECTED]:~$ Then signing works: [EMAIL PROTECTED]:~$ echo foo | gpgsm --sign -u BD:5F:80:DE:63:03:4E:C9:E2:84:1E:63:09:55:2E:34:5C:5F:22:6F --disable-crl-checks > foo gpgsm: CRLs not checked due to --disable-crl-checks option gpgsm: DBG: adding certificates at level 1 gpgsm: signature created [EMAIL PROTECTED]:~$ I can't parse the output using GnuTLS 'certtool', but OpenSSL appears to handle it, so I suppose it may be a bug in GnuTLS. /Simon _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
