Re: gpgsm --verify
Am 02.05.18 um 07:35 schrieb Werner Koch: On Tue, 1 May 2018 10:55, stefan.cl...@posteo.de said: openssl cms -verify -in original.eml > message.txt && \ openssl cms -cmsout -in original.eml | \ sed "1,4d" | base64 -d > file.sig && \ gpgsm --verify file.sig message.txt Adding --verbose to the gpgsm invocation may give you additional hints. IIRC, "--debug x509" may be helpful to. Is file.sig a valid CMS file; that is can you parse it with dumpasn1 or the openssl sub-command? BTW, gpgsm has an option --assume-base64 so that you don't need the base64 tool. Thank you very much for the additional information, much appreciated! Yes, file.sig can be parsed with dumpasn1. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgsm --verify
Am 02.05.18 um 07:35 schrieb Werner Koch: On Tue, 1 May 2018 10:55, stefan.cl...@posteo.de said: openssl cms -verify -in original.eml > message.txt && \ openssl cms -cmsout -in original.eml | \ sed "1,4d" | base64 -d > file.sig && \ gpgsm --verify file.sig message.txt Adding --verbose to the gpgsm invocation may give you additional hints. IIRC, "--debug x509" may be helpful to. Is file.sig a valid CMS file; that is can you parse it with dumpasn1 or the openssl sub-command? BTW, gpgsm has an option --assume-base64 so that you don't need the base64 tool. Thank you very much for the addional information, much appreciated! Yes, file.sig can be parsed with dumpasn1. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgsm --verify
On Tue, 1 May 2018 10:55, stefan.cl...@posteo.de said: > openssl cms -verify -in original.eml > message.txt && \ > openssl cms -cmsout -in original.eml | \ > sed "1,4d" | base64 -d > file.sig && \ > gpgsm --verify file.sig message.txt Adding --verbose to the gpgsm invocation may give you additional hints. IIRC, "--debug x509" may be helpful to. Is file.sig a valid CMS file; that is can you parse it with dumpasn1 or the openssl sub-command? BTW, gpgsm has an option --assume-base64 so that you don't need the base64 tool. Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgp4dTK6pYfQI.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgsm --verify
Am 23.04.18 um 08:50 schrieb Stefan Claas: Am 23.04.18 um 08:36 schrieb Werner Koch: On Sun, 22 Apr 2018 20:26, stefan.cl...@posteo.de said: i was wondering when receiving an S/MIME message created with Thunderbird, how do i properly verify the message with gpgsm? You need to de-compose the S/MIME message to get the CMS objects. Despit ethe name, gpgsm does not known about S/MIME (or MIME at all) and thus can't parse it. That is actually the same as with PGP/MIME which can't be handled directly by gpg [1]. In gnupg/tools/ you can find a basic MIME parser but it is not well documented and only used for manual testing. Thank you very much for the information! I will check out the MIME parser. Just for the record... I was not able to successfully compile the parser and did therefore the following: I saved in Thunderbird my original message from this thread. Edited out the additional headers the list server has added, so that the saved message looks like this: [snip] Sender: "Gnupg-users" <gnupg-users-boun...@gnupg.org> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="ms070707040603000709040508" This is a cryptographically signed message in MIME format. --ms070707040603000709040508 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Content-Language: de-DE Hi all, i was wondering when receiving an S/MIME message created with Thunderbird, how do i properly verify the message with gpgsm? As an example i sign now this message and would appreciate any tips! P.S. when i do a verify on a Thunderbird S/MIME message i always get: gpgsm: enabled debug flags: ipc gpgsm: ksba_cms_parse failed: Dateiende secmem usage: 0/16384 bytes in 0 blocks Best regards Stefan --ms070707040603000709040508 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC [snip] pfXbwE0DHTM+Fp8xjnGXHBD+8Jfp/R5pAVZehZXh6UYzFMjdS6LzWWM+c2/M9Cum2GS49Q8d g82Q6zqwFZp4LvVf --ms070707040603000709040508-- and for de-composing the message i used openssl, so that i had the content ready to be verified by gpgsm. IMHO not the smartest way, i assume, but for me as a Mac dummie it works. openssl cms -verify -in original.eml > message.txt && \ openssl cms -cmsout -in original.eml | \ sed "1,4d" | base64 -d > file.sig && \ gpgsm --verify file.sig message.txt Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgsm --verify
Am 23.04.18 um 08:36 schrieb Werner Koch: On Sun, 22 Apr 2018 20:26, stefan.cl...@posteo.de said: i was wondering when receiving an S/MIME message created with Thunderbird, how do i properly verify the message with gpgsm? You need to de-compose the S/MIME message to get the CMS objects. Despit ethe name, gpgsm does not known about S/MIME (or MIME at all) and thus can't parse it. That is actually the same as with PGP/MIME which can't be handled directly by gpg [1]. In gnupg/tools/ you can find a basic MIME parser but it is not well documented and only used for manual testing. Thank you very much for the information! I will check out the MIME parser. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgsm --verify
On Sun, 22 Apr 2018 20:26, stefan.cl...@posteo.de said: > i was wondering when receiving an S/MIME > message created with Thunderbird, how do > i properly verify the message with gpgsm? You need to de-compose the S/MIME message to get the CMS objects. Despit ethe name, gpgsm does not known about S/MIME (or MIME at all) and thus can't parse it. That is actually the same as with PGP/MIME which can't be handled directly by gpg [1]. In gnupg/tools/ you can find a basic MIME parser but it is not well documented and only used for manual testing. Salam-Shalom, Werner [1] Actually encrypted PGP/MIME messages can be directly decrypted gpg due to a pecularity of the PGP/MIME format. -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpkpgi45X8Z4.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgsm --verify
Am 22.04.18 um 20:26 schrieb Stefan Claas: Hi all, i was wondering when receiving an S/MIME message created with Thunderbird, how do i properly verify the message with gpgsm? As an example i sign now this message and would appreciate any tips! P.S. when i do a verify on a Thunderbird S/MIME message i always get: gpgsm: enabled debug flags: ipc gpgsm: ksba_cms_parse failed: Dateiende secmem usage: 0/16384 bytes in 0 blocks Mmmhh. My send folder in Thunderbird shows that the message is signed and the posting in the Mailing List does not show the little envelope with the red dot in Thunderbird*. :-( *Yeah, it's a GnuPG Mailing List... :-P Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpgsm --verify
Hi all, i was wondering when receiving an S/MIME message created with Thunderbird, how do i properly verify the message with gpgsm? As an example i sign now this message and would appreciate any tips! P.S. when i do a verify on a Thunderbird S/MIME message i always get: gpgsm: enabled debug flags: ipc gpgsm: ksba_cms_parse failed: Dateiende secmem usage: 0/16384 bytes in 0 blocks Best regards Stefan smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpgsm --verify back to back gpgsm --gen-key
On Tue, 18 Oct 2016 15:09, meno.ab...@adviser.com said: > # gpgsm --batch --gen-key < gpgsm-keygen | gpgsm —verify gpgsm create a certificate signing request (CSR) but "gpgsm --verify: verifies CMS signed data - these are entirely different things. The CSR must be given to a CA so that the CA can generate a certificate for you. With that certificate you can signed data (using "gpgsm --sign") which anyone can later verify with "gpgsm --verify" Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpl6mkle5Tvk.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users