[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-redhat-users
Subject:    kde-redhat-users Digest, Vol 17, Issue 2
From:       kde-redhat-users-request () lists ! sourceforge ! net
Date:       2007-10-04 19:07:40
Message-ID: mailman.440.1191524860.501.kde-redhat-users () lists ! sourceforge ! net
[Download RAW message or body]

Send kde-redhat-users mailing list submissions to
	kde-redhat-users@lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/kde-redhat-users
or, via email, send a message with subject or body 'help' to
	kde-redhat-users-request@lists.sourceforge.net

You can reach the person managing the list at
	kde-redhat-users-owner@lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of kde-redhat-users digest..."


Today's Topics:

   1. Re: kdepim enterprise (Graeme Nichols)

[Attachment #4 (multipart/digest)]

[Attachment #6 (message/rfc822)]



Hello Rex,

I have managed to sort out the bug in Kmail re X509 certificates. The bug is
not in Kmail per see. It is the inability of gpgsm to import the X509
certificate and extract the key. Apparently this is well known by Werner and
confirmed by the author of the work-around. See following:

No. there are no files in the ~/.gnupg/private-keys-v1.d/ directory.


Obvious if the p12 file import failed and you didn't create a
certificate requests with gpgsm.

> Does not work as you can see above. Is the backup of my certificate from
> Mozilla in *.p12 format the same as getting it from CACert in *.p12 format?


Yes.

PKCS#12 is a weird format and it is possible that GnuPG will not be able
to parse it.  However, currently I have no open bugs on this so it
should work.  The error message would be different from what the one you
got.



Salam-Shalom,

   Werner



There is a work-around at

http://gnupg.org/aegypten/development.en.html

Two conditions *must* be met for it to all work.

1. gpg-agent *must* be running *before* Kmail and gnupg are started.
2. The work-around *must* be followed to get the key from the X509
certificate bundle.

I hope this helps others. It has been a real struggle to get this
information. My thanks to Ingo and Andreas from the kdepim-users list for
pointing me in the right direction.

Regards,

Graeme.

On 30/09/2007, Rex Dieter <rdieter@math.unl.edu> wrote:
>
>  Rex Dieter wrote:
>
> Graeme Nichols wrote:
>
> Rex, will this new version of KDEPIM & Kmail work with X509 certificates?
> The current KDEPIM (3.5.7-3.fc7) does not work with X509 certificates.
> When receiving an email signed with an X509 certificate the certificate/keys
> are not imported into the application automatically as happens with
> Thunderbird et.al. which means that encrypting to the sender will not work
> (I also have the latest gnupg2 for F7 installed (gnupg2-2.0.6-2.fc7) but
> the combination does not work as reported above. gpgsm, part of gnupg2, also
> does not import X509 certificates in *.p12 format either but will in the
> form <email address>.crt. I don't know if that is part of the problem.
> Please correct me if I have this all wrong.
>
> I can't confirm/deny, I've never used x509 certs.  Please file the issue @
> bugzilla.redhat.com against Fedora/kdepim
>
>  On second thought, ask on the kdepim-users ml to confirm expected
> behavior,
> https://mail.kde.org/mailman/listinfo/kdepim-users
> and when/if bug-ness is detected, send it upstream to bugs.kde.org.
>
> -- Rex
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> kde-redhat-users mailing list
> kde-redhat-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/kde-redhat-users
>
>


-- 
Kind Regards,

Graeme.

[Attachment #9 (text/html)]

Hello Rex,<br><br>I have managed to sort out the bug in Kmail re X509 certificates. \
The bug is not in Kmail per see. It is the inability of gpgsm to import the X509 \
certificate and extract the key. Apparently this is well known by Werner and \
confirmed by the author of the work-around. See following:<br><br><blockquote \
type="cite" style="color: rgb(204, 0, 0);"><pre>No. there are no files in the \
~/.gnupg/private-keys-v1.d/ directory.<br></pre></blockquote><pre><br>Obvious if the \
p12 file import failed and you didn&#39;t create a <br>certificate requests with \
gpgsm.<br><br></pre><blockquote type="cite" style="color: rgb(204, 0, 0);"><pre><span \
class="moz-txt-citetags">&gt; </span>Does not work as you can see above. Is the \
backup of my certificate from  <br><span class="moz-txt-citetags">&gt; </span>Mozilla \
in *.p12 format the same as getting it from CACert in *.p12 \
format?<br></pre></blockquote><pre><br>Yes. <br><br>PKCS#12 is a weird format and it \
is possible that GnuPG will not be able <br>to parse it.  However, currently I have \
no open bugs on this so it<br>should work.  The error message would be different from \
what the one you<br>got.<br><br><br><br>Salam-Shalom,<br><br>   \
Werner</pre><br><br>There is a work-around at  <br><pre><a \
class="moz-txt-link-freetext" \
href="http://gnupg.org/aegypten/development.en.html">http://gnupg.org/aegypten/development.en.html</a></pre>Two \
conditions *must* be met for it to all work.<br><div><span class="gmail_quote"> \
<br>1. gpg-agent *must* be running *before* Kmail and gnupg are started.<br>2. The \
work-around *must* be followed to get the key from the X509 certificate bundle. \
<br><br>I hope this helps others. It has been a real struggle to get this \
information. My thanks to Ingo and Andreas from the kdepim-users list for pointing me \
in the right direction.<br><br>Regards,<br><br>Graeme.<br><br> On 30/09/2007, <b \
class="gmail_sendername"> Rex Dieter</b> &lt;<a href="mailto:rdieter@math.unl.edu" \
target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">rdieter@math.unl.edu</a>&gt; \
wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, \
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">




  

<div bgcolor="#ffffff" text="#000000"><div><span>
Rex Dieter wrote:
<blockquote type="cite">
  
  
Graeme Nichols wrote:
  <blockquote type="cite">Rex, will this new version of KDEPIM &amp; Kmail work with
X509 certificates? The current KDEPIM (3.5.7-3.fc7) does not work with
X509 certificates. When receiving an email signed with an X509
certificate the certificate/keys are not imported into the application
automatically as happens with Thunderbird <a href="http://et.al" target="_blank" \
onclick="return top.js.OpenExtLink(window,event,this)">et.al</a>. which means that \
encrypting to the sender will not work (I also have the latest gnupg2 for F7 \
installed (gnupg2-2.0.6-2.fc7) but the combination does not work as reported
above. gpgsm, part of gnupg2, also does not import X509 certificates in
*.p12 format either but will in the form &lt;email address&gt;.crt. I
don&#39;t know if that is part of the problem. Please correct me if I have
this all wrong. <br>
  </blockquote>
I can&#39;t confirm/deny, I&#39;ve never used x509 certs.&nbsp; Please file the
issue @ <a href="http://bugzilla.redhat.com" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">bugzilla.redhat.com</a> against \
Fedora/kdepim<br>  <br>
</blockquote></span></div>
On second thought, ask on the kdepim-users ml to confirm expected
behavior, <br>
<a href="https://mail.kde.org/mailman/listinfo/kdepim-users" target="_blank" \
onclick="return top.js.OpenExtLink(window,event,this)">https://mail.kde.org/mailman/listinfo/kdepim-users</a><br>
 and when/if bug-ness is detected, send it upstream to <a href="http://bugs.kde.org" \
target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">bugs.kde.org</a>.<br> <br>
-- Rex<br>
</div>

<br>-------------------------------------------------------------------------<br>This \
SF.net email is sponsored by: Microsoft<br>Defy all challenges. Microsoft(R) Visual \
Studio 2005.<br><a href="http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/" \
target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">

http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/</a><br>_______________________________________________<br>kde-redhat-users \
mailing list<br><a href="mailto:kde-redhat-users@lists.sourceforge.net" \
target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">

kde-redhat-users@lists.sourceforge.net</a><br><a \
href="https://lists.sourceforge.net/lists/listinfo/kde-redhat-users" target="_blank" \
onclick="return top.js.OpenExtLink(window,event,this)">https://lists.sourceforge.net/lists/listinfo/kde-redhat-users
 </a><br><br></blockquote></div><br><br clear="all"><br>-- <br>Kind \
Regards,<br><br>Graeme.


--===============1696090514==--

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

_______________________________________________
kde-redhat-users mailing list
kde-redhat-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/kde-redhat-users

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic