You were correct, Peter. I haven't had a chance to verify on Ubuntu yet, but on Windows the following steps did the trick:
- there was no 'trusted-certs' directory in my existing home directory (C:\users\dave\appdata\Roaming\gnupg\), so I created one. I also went ahead and created a 'logs' directory. - I added the line "log-file C:\Users\dave\AppData\Roaming\gnupg\logs\dirmngrlog.txt" to my dirmngr.conf file to capture what I wanted - I saved a copy of the root cert with fingerprint 02FAF3E291435468607857694DF5E45B68851868 to a DER-encoded file with .crt extension to the 'trusted-certs' directory. - I executed the 'gpgsm --list-keys --with-validation --debug-all' command, and all keys were shown to be good. I've attached the debug output from the command as well as the dirmngrlog.txt file that was generated in case it is of interest. (As an aside, you may notice that I've installed version 2.1.18 since the last output was provided). I don't fully understand everything that is shown in these files, but it sure seems to me like you were exactly right - dirmngr did not know to trust that root cert, so it couldn't verify that the CRL was signed by a trustworthy party. Once I told dirmngr that the root cert could be trusted, it could verify the CRL. I've since been able to encrypt data using this key, so things are looking good. I can't thank you enough - this has been extremely helpful. Thanks! Dave -----Original Message----- From: Peter Lebbing [mailto:pe...@digitalbrains.com] Sent: Tuesday, February 21, 2017 10:13 AM To: David Gray <d...@davidegray.com>; NIIBE Yutaka <gni...@fsij.org> Cc: gnupg-users@gnupg.org Subject: Re: Problems with cert validation via CRL On 21/02/17 13:20, David Gray wrote: > I'm no expert, but when I look at the debug info (attached to original > email), it appears that gpgsm is able to get the crl that my cert > points to but it may be having trouble parsing it. Reading that part made me think it couldn't find the issuer of the CRL: > dirmngr[3184.0]: error fetching certificate by subject: Configuration > error > dirmngr[3184.0]: CRL issuer certificate > {92616B82E1A2A0AA4FEC67F1C2A3F7B48000C1EC} not found When I fetch the CRL we're talking about, OpenSSL tells me about it: > Certificate Revocation List (CRL): > Version 2 (0x1) > Signature Algorithm: sha256WithRSAEncryption > Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA > Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA > Last Update: Feb 20 16:07:34 2017 GMT > Next Update: Feb 24 16:07:34 2017 GMT > CRL extensions: > X509v3 Authority Key Identifier: > > keyid:92:61:6B:82:E1:A2:A0:AA:4F:EC:67:F1:C2:A3:F7:B4:80:00:C1:EC > > X509v3 CRL Number: > 822 The issuer is the certificate that gpgsm knows about: > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > e0:23:cb:15:12:83:53:89:ad:61:6e:7a:54:67:6b:21 > Signature Algorithm: sha256WithRSAEncryption > Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, > CN=AddTrust External CA Root > Validity > Not Before: Dec 22 00:00:00 2014 GMT > Not After : May 30 10:48:38 2020 GMT > Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA > Limited, CN=COMODO SHA-256 Client Authentication and Secure Email CA [...] > X509v3 extensions: > X509v3 Authority Key Identifier: > > keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A > > X509v3 Subject Key Identifier: > > 92:61:6B:82:E1:A2:A0:AA:4F:EC:67:F1:C2:A3:F7:B4:80:00:C1:EC > [...] > SHA1 > Fingerprint=59:B8:25:FC:08:86:0B:04:B3:92:CC:25:FE:C4:8C:76:07:53:B6:8 > 9 I suspect that even though gpgsm knows about it, dirmngr might not, hence the failing CRL verification. I think you need to feed the certificate to dirmngr as well. Whether this is actually the reason you're having problems, I don't know. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
C:\Users\dave>gpgsm --list-keys --with-validation --debug-all
gpgsm: reading options from 'C:\Users\dave\AppData\Roaming\gnupg\gpgsm.conf'
gpgsm: enabled debug flags: x509 mpi crypto memory cache memstat hashing ipc
C:\Users\dave\AppData\Roaming\gnupg\pubring.kbx
-----------------------------------------------
ID: 0x0753B689
S/N: 00E023CB1512835389AD616E7A54676B21
Issuer: /CN=AddTrust External CA Root/OU=AddTrust External TTP
Network/O=AddTrust AB/C=SE
Subject: /CN=COMODO SHA-256 Client Authentication and Secure Email
CA/O=COMODO CA Limited/L=Salford/ST=Greater Manchester/C=GB
validity: 2014-12-22 00:00:00 through 2020-05-30 10:48:38
key type: 2048 bit RSA
key usage: digigpgsm: DBG: looking for parent certificate
gpgsm: DBG: found via authid and keyid
gpgsm: DBG: got issuer's certificate:
gpgsm: DBG: BEGIN Certificate 'issuer':
gpgsm: DBG: serial: 01
gpgsm: DBG: notBefore: 2000-05-30 10:48:38
gpgsm: DBG: notAfter: 2020-05-30 10:48:38
gpgsm: DBG: issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP
Network,O=AddTrust AB,C=SE
gpgsm: DBG: subject: CN=AddTrust External CA Root,OU=AddTrust External TTP
Network,O=AddTrust AB,C=SE
gpgsm: DBG: hash algo: 1.2.840.113549.1.1.5
gpgsm: DBG: SHA1 Fingerprint:
02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
gpgsm: DBG: END Certificate
gpgsm: DBG: signature value: 28 37 3A 73 69 67 2D 76 61 6C 28 33 3A 72 73 61 28
31 3A 73 32 35 36 3A 1B 2A 6E AC 55 C1 3A AB 88 C5 D8 ED CD 55 F3 AA 6B 61 2B
C0 09 10 23 99 0F C5 66 6A 6F B1 F5 B4 B5 77 5E 0F 02 61 00 DF 7D 05 FE 12 B3
A4 80 80 00 FC FB 1D 5B 6A 72 02 0A 41 BC 05 BA C1 58 D5 26 C2 EA D5 4D 84 FB
FE 82 98 CF 58 1B E3 22 63 9C 52 F8 BB 05 36 AB 7D 58 A5 DE AB 3B 63 E5 DA D5
73 EF EC E0 FB 7B E2 A3 FF F0 42 23 9C CA B6 8D 4D 3E E4 4B 18 03 B2 A8 2D D4
D8 BB 42 4B 90 69 85 10 DB A6 37 34 E8 7B E0 01 10 A5 9C CA 3A C7 9F 4F 88 34
6E 8A 65 D0 1A 8A BB A9 DC CA CA 36 D1 F4 FC C2 64 29 35 AF D6 B1 A7 71 11 D2
03 43 B1 8F 3E 9A EC 9E 32 53 F4 76 92 CA 86 34 07 B9 2C CA E6 1C 4A D8 99 0D
C1 86 E2 90 92 FB 5A 42 6A 23 21 10 E9 65 C7 F5 D5 BB 7E EA 8C 85 20 02 62 EA
D1 3A 07 2C 59 C5 99 33 F2 38 89 E5 B6 E9 16 7A 1F 79 14 F6 4A 10 1A 26 FA 7C
8A FB 9B 29 29 28 34 3A 68 61 73 68 36 3A 73 68 61 32 35 36 29 29
gpgsm: DBG: encoded hash: 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF 00 30 31 30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 69 72
4F 59 E4 41 04 2E 57 84 2A 9B 9E 78 AA 7D E9 9A 55 53 22 C1 A0 55 20 ED A0 F0
B0 3E 00 8A
DBG: rsa_verify
data:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffff003031300d06096086480165030402010500042069 \
DBG:
724f59e441042e57842a9b9e78aa7de99a555322c1a05520eda0f0b03e008a
DBG: rsa_verify
sig:+1b2a6eac55c13aab88c5d8edcd55f3aa6b612bc0091023990fc5666a6fb1f5b4 \
DBG:
b5775e0f026100df7d05fe12b3a4808000fcfb1d5b6a72020a41bc05bac158d5 \
DBG:
26c2ead54d84fbfe8298cf581be322639c52f8bb0536ab7d58a5deab3b63e5da \
DBG:
d573efece0fb7be2a3fff042239ccab68d4d3ee44b1803b2a82dd4d8bb424b90 \
DBG:
698510dba63734e87be00110a59cca3ac79f4f88346e8a65d01a8abba9dccaca \
DBG:
36d1f4fcc2642935afd6b1a77111d20343b18f3e9aec9e3253f47692ca863407 \
DBG:
b92ccae61c4ad8990dc186e29092fb5a426a232110e965c7f5d5bb7eea8c8520 \
DBG:
0262ead13a072c59c59933f23889e5b6e9167a1f7914f64a101a26fa7c8afb9b
DBG: rsa_verify
n:+b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c \
DBG:
7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8ca \
DBG:
bf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c \
DBG:
0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38 \
DBG:
078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44 \
DBG:
e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db \
DBG:
14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7 \
DBG:
a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a27
DBG: rsa_verify e:+010001
DBG: rsa_verify
cmp:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffff003031300d06096086480165030402010500042069 \
DBG:
724f59e441042e57842a9b9e78aa7de99a555322c1a05520eda0f0b03e008a
DBG: rsa_verify => Good
gpgsm: DBG: gcry_pk_verify: Success
gpgsm: no running gpg-agent - starting 'C:\Program Files
(x86)\GnuPG\bin\gpg-agent.exe'
gpgsm: waiting for the agent to come up ... (5s)
gpgsm: waiting for the agent to come up ... (4s)
gpgsm: DBG: chan_0x000000c4 <- OK Pleased to meet you
gpgsm: connection to agent established
gpgsm: DBG: chan_0x000000c4 -> RESET
gpgsm: DBG: chan_0x000000c4 <- OK
gpgsm: DBG: chan_0x000000c4 -> GETINFO version
gpgsm: DBG: chan_0x000000c4 <- D 2.1.18
gpgsm: DBG: chan_0x000000c4 <- OK
gpgsm: DBG: chan_0x000000c4 -> OPTION allow-pinentry-notify
gpgsm: DBG: chan_0x000000c4 <- OK
gpgsm: DBG: chan_0x000000c4 -> ISTRUSTED
02FAF3E291435468607857694DF5E45B68851868
gpgsm: DBG: chan_0x000000c4 <- S TRUSTLISTFLAG relax
gpgsm: DBG: chan_0x000000c4 <- OK
talSignature certSign crlSign
ext key usage: clientAuth (suggested), emailProtection (suggested)
policies: 2.5.29.32.0:N:
chain length: 0
fingerprint: 59:B8:25:FC:08:86:0B:04:B3:92:CC:25:FE:C4:8C:76:07:53:B6:89
[Note: non-critical certificate policy not allowed]
[validation model used: shell]
[certificate is good]
ID: 0x68851868
S/N: 01
Issuer: /CN=AddTrust External CA Root/OU=AddTrust External TTP
Network/O=AddTrust AB/C=SE
Subject: /CN=AddTrust External CA gpgsm: DBG: chan_0x000000c4 ->
ISTRUSTED 02FAF3E291435468607857694DF5E45B68851868
gpgsm: DBG: chan_0x000000c4 <- S TRUSTLISTFLAG relax
gpgsm: DBG: chan_0x000000c4 <- OK
Root/OU=AddTrust External TTP Network/O=AddTrust AB/C=SE
validity: 2000-05-30 10:48:38 through 2020-05-30 10:48:38
key type: 2048 bit RSA
key usage: certSign crlSign
chain length: unlimited
fingerprint: 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
[validation model used: shell]
[certificate is good]
ID: 0x2F5900E9
S/N: 3FAADAD7DD3F946B114321153B76F88C
Issuer: /CN=COMODO SHA-256 Client Authentication and Secure Email
CA/O=COMODO CA Limited/L=Sagpgsm: DBG: looking for parent certificate
gpgsm: DBG: found via authid and keyid
gpgsm: DBG: got issuer's certificate:
gpgsm: DBG: BEGIN Certificate 'issuer':
gpgsm: DBG: serial: 00E023CB1512835389AD616E7A54676B21
gpgsm: DBG: notBefore: 2014-12-22 00:00:00
gpgsm: DBG: notAfter: 2020-05-30 10:48:38
gpgsm: DBG: issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP
Network,O=AddTrust AB,C=SE
gpgsm: DBG: subject: CN=COMODO SHA-256 Client Authentication and Secure
Email CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
gpgsm: DBG: hash algo: 1.2.840.113549.1.1.11
gpgsm: DBG: SHA1 Fingerprint:
59:B8:25:FC:08:86:0B:04:B3:92:CC:25:FE:C4:8C:76:07:53:B6:89
gpgsm: DBG: END Certificate
gpgsm: DBG: signature value: 28 37 3A 73 69 67 2D 76 61 6C 28 33 3A 72 73 61 28
31 3A 73 32 35 36 3A 52 A8 1C AC FA 1E 95 57 05 89 78 CA 7A 65 78 AF D3 95 67
07 45 DE 63 7D C8 AD A9 9E CD C0 75 59 55 13 B5 B5 C4 F8 81 68 BA D2 91 25 49
2E 84 E2 6D 87 1D 96 E0 A5 89 C6 80 34 74 CB D0 F3 BF 00 3A 47 A0 FE BF A0 0F
9C 78 93 2A 94 FF 94 CD B7 BB 14 26 D9 35 10 24 59 2E 39 3E F0 CB 52 F8 B1 26
EC D3 80 1D 94 83 70 21 60 8D 70 90 C2 57 7F E4 48 62 F8 8D F3 3D F7 AD C3 EC
F6 AF 63 E4 17 FB B8 A6 63 F4 A8 6A 2B 7F 48 83 D7 79 E7 AC 53 5B 2B D2 EB 4F
9F 3B DA 36 D2 CA 4D 5D AA FD 05 16 BD 2C 37 71 95 86 34 EA 8E D1 6A 61 87 18
5A EA 35 C6 B3 0E B8 08 6A E0 D5 95 37 98 BC A8 4F 7C EE 42 3C B7 B4 DD 37 C0
1C EA 45 37 03 03 20 AF 1C 14 CA 62 60 11 CA FD 7B 06 05 02 37 55 F9 18 6E 8F
5B C6 0E 5A C3 B4 E9 7A BF 38 A9 D8 90 D0 4F 89 DF 67 41 A5 86 5E C5 8F A2 AF
B3 FF 74 29 29 28 34 3A 68 61 73 68 36 3A 73 68 61 32 35 36 29 29
gpgsm: DBG: encoded hash: 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF 00 30 31 30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 31 FB
01 7E 8E CA 59 1E EE 26 5F 91 5C F3 12 E5 0D 10 9F 61 D3 4E 33 E3 62 9B 4F 4D
36 83 09 2D
DBG: rsa_verify
data:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffff003031300d06096086480165030402010500042031 \
DBG:
fb017e8eca591eee265f915cf312e50d109f61d34e33e3629b4f4d3683092d
DBG: rsa_verify
sig:+52a81cacfa1e9557058978ca7a6578afd395670745de637dc8ada99ecdc07559 \
DBG:
5513b5b5c4f88168bad29125492e84e26d871d96e0a589c6803474cbd0f3bf00 \
DBG:
3a47a0febfa00f9c78932a94ff94cdb7bb1426d9351024592e393ef0cb52f8b1 \
DBG:
26ecd3801d94837021608d7090c2577fe44862f88df33df7adc3ecf6af63e417 \
DBG:
fbb8a663f4a86a2b7f4883d779e7ac535b2bd2eb4f9f3bda36d2ca4d5daafd05 \
DBG:
16bd2c3771958634ea8ed16a6187185aea35c6b30eb8086ae0d5953798bca84f \
DBG:
7cee423cb7b4dd37c01cea4537030320af1c14ca626011cafd7b0605023755f9 \
DBG:
186e8f5bc60e5ac3b4e97abf38a9d890d04f89df6741a5865ec58fa2afb3ff74
DBG: rsa_verify
n:+89b10dda7a53194e70521dbc56a60626b7b849e096e751abf1f05a134915a3b4 \
DBG:
8c1b60bc7a5142a7798ca422df17614e91d576230a14d34a027fb61d09806ea5 \
DBG:
043dd9babb16fea187a92e435243167caf3250c8a64f5ae908d8cf93259c7b88 \
DBG:
e83064e6a4f85680fd2a2414331799ac44e5698ba346064bc233d4e9409f06b0 \
DBG:
b1ac9340b9b508933a9c2a53a310db3d20613c55038ed94e7625022129faa37c \
DBG:
71764feee15f81e9fb5480dbc37b3552b784de223d2c302d317f59bd5237b033 \
DBG:
692d43ebfad6a5f1977767518cd9ee27ebbca50738768ca4a938ffdf8cf503ac \
DBG:
49becaf773993a0f32ab9c953a133d0e463a57746150bec6403fcbe4e29fa221
DBG: rsa_verify e:+010001
DBG: rsa_verify
cmp:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffff003031300d06096086480165030402010500042031 \
DBG:
fb017e8eca591eee265f915cf312e50d109f61d34e33e3629b4f4d3683092d
DBG: rsa_verify => Good
gpgsm: DBG: gcry_pk_verify: Success
gpgsm: no running Dirmngr - starting 'C:\Program Files
(x86)\GnuPG\bin\dirmngr.exe'
gpgsm: waiting for the dirmngr to come up ... (5s)
gpgsm: DBG: chan_0x00000200 <- # Home: C:\Users\dave\AppData\Roaming\gnupg
gpgsm: DBG: chan_0x00000200 <- # Config:
C:\Users\dave\AppData\Roaming\gnupg\dirmngr.conf
gpgsm: DBG: chan_0x00000200 <- OK Dirmngr 2.1.18 at your service
gpgsm: connection to the dirmngr established
gpgsm: DBG: chan_0x00000200 -> GETINFO version
gpgsm: DBG: chan_0x00000200 <- D 2.1.18
gpgsm: DBG: chan_0x00000200 <- OK
gpgsm: DBG: chan_0x00000200 -> OPTION audit-events=1
gpgsm: DBG: chan_0x00000200 <- OK
gpgsm: DBG: chan_0x00000200 -> ISVALID
685A02B9E2BD4B5EE1FA51739B8882AEA38FB3C8.3FAADAD7DD3F946B114321153B76F88C
gpgsm: DBG: chan_0x00000200 <- INQUIRE SENDCERT
gpgsm: DBG: chan_00000200 -> [ 44 20 30 82 05 3b 30 82 04 23 a0 03 02 01 02 02
...(982 byte(s) skipped) ]
gpgsm: DBG: chan_00000200 -> [ 44 20 74 69 6f 6e 61 6e 64 53 65 63 75 72 65 45
...(361 byte(s) skipped) ]
gpgsm: DBG: chan_0x00000200 -> END
gpgsm: DBG: chan_0x00000200 <- INQUIRE SENDCERT_SKI
92616B82E1A2A0AA4FEC67F1C2A3F7B48000C1EC /CN=COMODO SHA-256 Client
Authentication and Secure Email CA,O=COMODO CA Limited,L=Salford,ST=Greater
Manchester,C=GB
gpgsm: DBG: chan_00000200 -> [ 44 20 30 82 04 af 30 82 03 97 a0 03 02 01 02 02
...(982 byte(s) skipped) ]
gpgsm: DBG: chan_00000200 -> [ 44 20 55 f3 aa 6b 61 2b c0 09 10 23 99 0f c5 66
...(233 byte(s) skipped) ]
gpgsm: DBG: chan_0x00000200 -> END
gpgsm: DBG: chan_0x00000200 <- INQUIRE SENDCERT_SKI
ADBD987A34B426F7FAC42654EF03BDE024CB541A /CN=AddTrust External CA
Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
gpgsm: DBG: chan_00000200 -> [ 44 20 30 82 04 36 30 82 03 1e a0 03 02 01 02 02
...(982 byte(s) skipped) ]
gpgsm: DBG: chan_00000200 -> [ 44 20 36 be 13 25 30 44 e6 bd 63 7e 79 7b a7 09
...(114 byte(s) skipped) ]
gpgsm: DBG: chan_0x00000200 -> END
gpgsm: DBG: chan_0x00000200 <- INQUIRE ISTRUSTED
02FAF3E291435468607857694DF5E45B68851868
gpgsm: DBG: chan_0x000000c4 -> ISTRUSTED
02FAF3E291435468607857694DF5E45B68851868
gpgsm: DBG: chan_0x000000c4 <- S TRUSTLISTFLAG relax
gpgsm: DBG: chan_0x000000c4 <- OK
gpgsm: DBG: chan_0x00000200 -> D 1
gpgsm: DBG: chan_0x00000200 -> END
gpgsm: DBG: chan_0x00000200 <- INQUIRE ISTRUSTED
02FAF3E291435468607857694DF5E45B68851868
gpgsm: DBG: chan_0x000000c4 -> ISTRUSTED
02FAF3E291435468607857694DF5E45B68851868
gpgsm: DBG: chan_0x000000c4 <- S TRUSTLISTFLAG relax
gpgsm: DBG: chan_0x000000c4 <- OK
gpgsm: DBG: chan_0x00000200 -> D 1
gpgsm: DBG: chan_0x00000200 -> END
gpgsm: DBG: chan_0x00000200 <- OK
lford/ST=Greater Manchester/C=GB
Subject: /EMail=d...@davidegray.com
aka: d...@davidegray.com
validity: 2017-01-02 00:00:00 through 2018-01-02 23:59:59
key type: 2048 bit RSA
key usage: digitalSignature keyEncipherment
ext key usage: emailProtection (suggested), 1.3.6.1.4.1.6449.1.3.5.2 (suggested)
policies: 1.3.6.1.4.1.6449.1.2.1.1.1:N:
fingerprint: 4A:53:A9:E6:51:32:23:DF:B4:7D:B8:A3:19:F1:3E:A3:2F:59:00:E9
[Note: non-critical certificate policy not allowed]
[Note: ngpgsm: DBG: looking for parent certificate
gpgsm: DBG: found via authid and keyid
gpgsm: DBG: got issuer's certificate:
gpgsm: DBG: BEGIN Certificate 'issuer':
gpgsm: DBG: serial: 01
gpgsm: DBG: notBefore: 2000-05-30 10:48:38
gpgsm: DBG: notAfter: 2020-05-30 10:48:38
gpgsm: DBG: issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP
Network,O=AddTrust AB,C=SE
gpgsm: DBG: subject: CN=AddTrust External CA Root,OU=AddTrust External TTP
Network,O=AddTrust AB,C=SE
gpgsm: DBG: hash algo: 1.2.840.113549.1.1.5
gpgsm: DBG: SHA1 Fingerprint:
02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
gpgsm: DBG: END Certificate
gpgsm: DBG: signature value: 28 37 3A 73 69 67 2D 76 61 6C 28 33 3A 72 73 61 28
31 3A 73 32 35 36 3A 1B 2A 6E AC 55 C1 3A AB 88 C5 D8 ED CD 55 F3 AA 6B 61 2B
C0 09 10 23 99 0F C5 66 6A 6F B1 F5 B4 B5 77 5E 0F 02 61 00 DF 7D 05 FE 12 B3
A4 80 80 00 FC FB 1D 5B 6A 72 02 0A 41 BC 05 BA C1 58 D5 26 C2 EA D5 4D 84 FB
FE 82 98 CF 58 1B E3 22 63 9C 52 F8 BB 05 36 AB 7D 58 A5 DE AB 3B 63 E5 DA D5
73 EF EC E0 FB 7B E2 A3 FF F0 42 23 9C CA B6 8D 4D 3E E4 4B 18 03 B2 A8 2D D4
D8 BB 42 4B 90 69 85 10 DB A6 37 34 E8 7B E0 01 10 A5 9C CA 3A C7 9F 4F 88 34
6E 8A 65 D0 1A 8A BB A9 DC CA CA 36 D1 F4 FC C2 64 29 35 AF D6 B1 A7 71 11 D2
03 43 B1 8F 3E 9A EC 9E 32 53 F4 76 92 CA 86 34 07 B9 2C CA E6 1C 4A D8 99 0D
C1 86 E2 90 92 FB 5A 42 6A 23 21 10 E9 65 C7 F5 D5 BB 7E EA 8C 85 20 02 62 EA
D1 3A 07 2C 59 C5 99 33 F2 38 89 E5 B6 E9 16 7A 1F 79 14 F6 4A 10 1A 26 FA 7C
8A FB 9B 29 29 28 34 3A 68 61 73 68 36 3A 73 68 61 32 35 36 29 29
gpgsm: DBG: encoded hash: 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF 00 30 31 30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 69 72
4F 59 E4 41 04 2E 57 84 2A 9B 9E 78 AA 7D E9 9A 55 53 22 C1 A0 55 20 ED A0 F0
B0 3E 00 8A
DBG: rsa_verify
data:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffff003031300d06096086480165030402010500042069 \
DBG:
724f59e441042e57842a9b9e78aa7de99a555322c1a05520eda0f0b03e008a
DBG: rsa_verify
sig:+1b2a6eac55c13aab88c5d8edcd55f3aa6b612bc0091023990fc5666a6fb1f5b4 \
DBG:
b5775e0f026100df7d05fe12b3a4808000fcfb1d5b6a72020a41bc05bac158d5 \
DBG:
26c2ead54d84fbfe8298cf581be322639c52f8bb0536ab7d58a5deab3b63e5da \
DBG:
d573efece0fb7be2a3fff042239ccab68d4d3ee44b1803b2a82dd4d8bb424b90 \
DBG:
698510dba63734e87be00110a59cca3ac79f4f88346e8a65d01a8abba9dccaca \
DBG:
36d1f4fcc2642935afd6b1a77111d20343b18f3e9aec9e3253f47692ca863407 \
DBG:
b92ccae61c4ad8990dc186e29092fb5a426a232110e965c7f5d5bb7eea8c8520 \
DBG:
0262ead13a072c59c59933f23889e5b6e9167a1f7914f64a101a26fa7c8afb9b
DBG: rsa_verify
n:+b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c \
DBG:
7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8ca \
DBG:
bf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c \
DBG:
0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38 \
DBG:
078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44 \
DBG:
e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db \
DBG:
14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7 \
DBG:
a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a27
DBG: rsa_verify e:+010001
DBG: rsa_verify
cmp:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:
ffffffffffffffffffffff003031300d06096086480165030402010500042069 \
DBG:
724f59e441042e57842a9b9e78aa7de99a555322c1a05520eda0f0b03e008a
DBG: rsa_verify => Good
gpgsm: DBG: gcry_pk_verify: Success
gpgsm: DBG: chan_0x000000c4 -> ISTRUSTED
02FAF3E291435468607857694DF5E45B68851868
gpgsm: DBG: chan_0x000000c4 <- S TRUSTLISTFLAG relax
gpgsm: DBG: chan_0x000000c4 <- OK
on-critical certificate policy not allowed]
[validation model used: shell]
[certificate is good]
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 0/16384 bytes in 0 blocks2017-02-21 18:58:47 dirmngr[7752] permanently loaded certificates: 0 2017-02-21 18:58:47 dirmngr[7752] runtime cached certificates: 0 2017-02-21 18:58:49 dirmngr[7752] error getting data from cache file: Unknown error 2017-02-21 18:58:49 dirmngr[7752] certificate cached 2017-02-21 18:58:49 dirmngr[7752] Note: non-critical certificate policy not allowed 2017-02-21 18:58:49 dirmngr[7752] certificate cached 2017-02-21 18:58:49 dirmngr[7752] root certificate is not marked trusted 2017-02-21 18:58:49 dirmngr[7752] fingerprint=02FAF3E291435468607857694DF5E45B68851868 2017-02-21 18:58:49 dirmngr[7752] DBG: BEGIN Certificate 'issuer': 2017-02-21 18:58:49 dirmngr[7752] DBG: serial: 01 2017-02-21 18:58:49 dirmngr[7752] DBG: notBefore: 2000-05-30 10:48:38 2017-02-21 18:58:49 dirmngr[7752] DBG: notAfter: 2020-05-30 10:48:38 2017-02-21 18:58:49 dirmngr[7752] DBG: issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE 2017-02-21 18:58:49 dirmngr[7752] DBG: subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE 2017-02-21 18:58:49 dirmngr[7752] DBG: hash algo: 1.2.840.113549.1.1.5 2017-02-21 18:58:49 dirmngr[7752] DBG: SHA1 fingerprint: 02FAF3E291435468607857694DF5E45B68851868 2017-02-21 18:58:49 dirmngr[7752] DBG: END Certificate
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
