Results 1 to 6 of 6

Thread: KMail and S/MIME

  1. #1

    Default KMail and S/MIME

    Hi,

    I cannot use s/mime with kmail in a right way. I have imported the certificate with Kleopatra and I can choose the certificate in kmail. The command

    Code:
    gpgsm --list-secret-keys
    returns the following:

    Code:
    /home/user/.gnupg/pubring.kbx
    ----------------------------
               ID: 0xIDIDIDIDI
              S/N: NUMBER
           Issuer: /CN=XXXXXXX CA - G02/OU=ZIH/O=XXXXXXX/C=DE/EMail=XXXXXXX
          Subject: /CN=Firstname Lastname/O=XXXXXXXXX/C=DE
              aka: EMAIL
         validity: 2016-09-21 HH:MM:SS through 2019-07-09 HH:MM:SS
         key type: 2048 bit RSA
        key usage: digitalSignature nonRepudiation keyEncipherment
    ext key usage: clientAuth (suggested), emailProtection (suggested)
         policies: POLICIES
      fingerprint: FINGERPRINT
    The problem is, when I send a signed mail, the recipient get a mail with an invalid signature.

    What can I do?

    Thanks in advance

  2. #2
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,306
    Blog Entries
    2

    Default Re: KMail and S/MIME

    If your friend sends you a signed message, can you open it?
    Try another mail client to try to isolate if the problem is the mail client or perhaps even the certificate you're using.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  3. #3

    Default Re: KMail and S/MIME

    Is the issuing CA publicly recognized or, at least, recognized by the recipient's mail client? If the receiving side does not trust the certificate chain or has not explicitly set your cert to trusted, then it will flag your signature invalid.

  4. #4
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,306
    Blog Entries
    2

    Default Re: KMail and S/MIME

    Quote Originally Posted by markdd View Post
    Is the issuing CA publicly recognized or, at least, recognized by the recipient's mail client? If the receiving side does not trust the certificate chain or has not explicitly set your cert to trusted, then it will flag your signature invalid.
    S-MIME does not need to be a signed certificate.
    S-MIME is not asymmetric,, it's symmetric encryption which means that a certificate must be manually exchanged which is then used to encrypt/decrypt messages.
    The "authoritativeness" isn't provided by a CA, it's provided by the trusted exchange of the certificate.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  5. #5

    Default Re: KMail and S/MIME

    I have tested the certificate in another e-mail program. Signing works perfectly there. I also signed a file with Kleopatra and the S/MIME certificate and then verified this signature. That also worked very well. It seems as if KMail changes the mail text after signing it.

  6. #6

    Default Re: KMail and S/MIME

    I found another interesting aspect in the error. I can encrypt and decrypt e-mails. Only the signing does not work.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •