A friend of mine asked if I could send him encrypted mail using X.509,
rather than OpenPGP which I normally use.
Apparently, gpgsm is used for X.509, and shows up in kmail so I figure
the capabilities are there.
Google is useful, but all I found were problems. gpgsm-gencert.sh is
supposedly the method to use to make a key, but the documentation is
so sparse as to make it impossible for someone that doesn't already
know how to use it. The documentation on GnuPG.org is merely the man
pages.
Would someone have a pointer to a real example for generating a key,
or at least decent instructions?
Curt-
- --
The Magistrate, enrobed in taxes, condemns the thief in stolen rags.
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
01-23-2010, 05:35 PM
Curt Howland
x.509 gpgsm and kmail
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday 23 January 2010, Curt Howland was heard to say:
> Hi, Debian Users.
>
> A friend of mine asked if I could send him encrypted mail using
> X.509, rather than OpenPGP which I normally use.
Ok, to continue the discussion, it turns out that (DN)
means "Distinguished Names" the _best_ description of "Distinguished
Names" that I found was Microsoft's:
And once I'd put in "CN=Curt Howland" the keygen process worked. One
of the problems is that the --list-keys display doesn't use the
term "Name (DN)" anywhere, so there's no way to know what field is
being referred to in the keygen question.
Next step is importing and using the key, but what a mess. The
original PGP was easier to use than this, maybe because it wasn't
written by people who already know what they're doing.
Second System Syndrome.
Curt-
- --
The Magistrate, enrobed in taxes, condemns the thief in stolen rags.
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
01-23-2010, 08:25 PM
Alex Samad
x.509 gpgsm and kmail
On Sat, Jan 23, 2010 at 01:35:23PM -0500, Curt Howland wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Saturday 23 January 2010, Curt Howland was heard to say:
> > Hi, Debian Users.
> >
> > A friend of mine asked if I could send him encrypted mail using
> > X.509, rather than OpenPGP which I normally use.
have a look at cacert.org, create a cert there, I believe there is a
form to fill in.
I haven't heard about gsgsm, but do a look up on smime, I believe mutt
can handle gpg + smime.
smine uses x509 certs
>
> Ok, to continue the discussion, it turns out that (DN)
> means "Distinguished Names" the _best_ description of "Distinguished
> Names" that I found was Microsoft's:
>
> http://msdn.microsoft.com/en-us/library/aa366101(VS.85).aspx
>
> And once I'd put in "CN=Curt Howland" the keygen process worked. One
> of the problems is that the --list-keys display doesn't use the
> term "Name (DN)" anywhere, so there's no way to know what field is
> being referred to in the keygen question.
>
> Next step is importing and using the key, but what a mess. The
> original PGP was easier to use than this, maybe because it wasn't
> written by people who already know what they're doing.
>
> Second System Syndrome.
>
> Curt-
>
> - --
> The Magistrate, enrobed in taxes, condemns the thief in stolen rags.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iQEVAwUBS1tBay9Y35yItIgBAQJJ2gf+Nt887oJiIteVWXUGdq 9XgZY9M4N0OZAL
> T3ZyMWsOjn+G7iYFMfO0edGZ/DOsiTuPtuBB3+FdcK75+fgJ2Yah8PMgwwtqCkKK
> y5C/RqKLimUNVgvfySWcpsGUKfKm8516uRh+o7dx8OBLDeWRFxMr8u 1mlNZIhJaZ
> DFDh2xVUKvnxFr3J+PeiOyG4ygzhUCNErbG8vUN0VggqsYc/HGeR3puRipEFZ8H1
> Qeq5L3FTUNXl25u7UJ3kKiEdqu1iwdcgWDc9IvtrbP4opSmcdz fTp8c5Ef6c2utA
> SHm6oPXBQ32kpV0PpDNny7iMpt3oGN+NBLVVr2bwpa+4icPRXB RrLw==
> =2P5T
> -----END PGP SIGNATURE-----
>
>
--
The Tree of Learning bears the noblest fruit, but noble fruit tastes bad.
x.509 gpgsm and kmail
