[Alpine-info] Signing with S/MIME.

Carlos E. R. robin.listas at telefonica.net
Sat Nov 18 17:50:41 PST 2023

Previous message: [Alpine-info] Signing with S/MIME.
Next message: [Alpine-info] Signing with S/MIME.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

El 2023-11-18 a las 18:08 -0700, Eduardo Chappa escribió:

> On Sat, 18 Nov 2023, Carlos E. R. wrote:

>

>> There is something not clear. The help text says:

>>

>> «After you have exported these certificates and keys, you can use the

>> import command in Alpine, from the S/MIME configuration screen, to import

>> these certificates into Alpine. They will be available for use as soon as

>> you import them.»

>>

>>

>> I suppose these are the import commands. But what is "container"?

>>

>> ---------------------------------------------------------------------------------------------------------------------------

>> Be careful with the following commands, they REPLACE contents in the

>> target

>> ---------------------------------------------------------------------------------------------------------------------------

>>

>> Transfer public certs FROM directory TO container

>> Transfer private keys FROM directory TO container

>> Transfer CA certs FROM directory TO container

>>

>> Transfer public certs FROM container TO directory

>> Transfer private keys FROM container TO directory

>> Transfer CA certs FROM container TO directory

>

> Hello Carlos,

>

> those commands allow you to move certificates between places. A container

> is a file that contains lots of certificates. Like a folder is to email. In a

> container you will find certificates one after the other. The most common

> method today is to have a one-file-per-certificate, so it can be easily

> managed (deleted or replaced, for example). Take a look at the commands under

> this section

Ah, I see.

>

> -----------------------------

> Manage your own certificates

> -----------------------------

>

> Manage Public Certificates

> Manage Private Keys

> Manage Certificate Authorities

I assume these three are for self signed certificates, so they don't apply
to me.

>> So I just copied:

>>

>> MAIL at ADDRESS.key -> ~/.alpine-smime/private/

>> MAIL at ADDRESS.crt -> ~/.alpine-smime/public/

>> certificate-ca.crt -> ~/.alpine-smime/ca/ (is this name correc?)

>

> copy MAIL at ADDRESS.crt to ~/.alpine-smime/ca/ also.

Ah. Done. But doesn't help.

>

> Do you mind sharing "ls -lR ~/.alpine-smime" with me if this does not work?

Sure, will mail that in private after this mail.

>

> Another thing to check. Here is some of the content of my keys:

>

> private/eduardo.chappa at gmx.com.key:

> -----BEGIN ENCRYPTED PRIVATE KEY-----

> MIIFHDBOBgkqhkiG................

> ............ lots of lines .....

> ....j8jdgft+RnzyFXw==

> -----END ENCRYPTED PRIVATE KEY-----

>

Bag Attributes
localKeyID: 5B 4E 86 ...
friendlyName: ROBIN....
Key Attributes: <No Attributes>
- -----BEGIN ENCRYPTED PRIVATE KEY-----
M

>

> public/eduardo.chappa at gmx.com.crt:

> -----BEGIN CERTIFICATE-----

> MIIEBzCCAu+gAwIBAg...............

> ............... lots of lines....

> ....b+WcluD75bqpF1qI9ph2GZLqUiZKK

> -----END CERTIFICATE-----

Bag Attributes
localKeyID: 5B 4E 86 ...
friendlyName: ROBIN...
subject=C = ES, serialNumber = ID..., GN = CARLOS, SN = ROBIN..., CN = ROBIN...

issuer=C = ES, O = FNMT-RCM, OU = Ceres, CN = AC FNMT Usuarios

- -----BEGIN CERTIFICATE-----
MI

>

> ca/eduardo.chappa at gmx.com.crt: same as public/eduardo.chappa at gmx.com.crt.

/home/cer/.alpine-smime/ca/certificate-ca.crt

Bag Attributes: <Empty Attributes>
subject=C = ES, O = FNMT-RCM, OU = Ceres, CN = AC FNMT Usuarios

issuer=C = ES, O = FNMT-RCM, OU = AC RAIZ FNMT-RCM

- -----BEGIN CERTIFICATE-----
M

>

> I hope this helps.

Thanks, but still not there...

For the record, it fails also in Thunderbird, but in Alpine I don't know
yet if I have it configured properly.

same error code as this bug:
<https://bugzilla.mozilla.org/show_bug.cgi?id=1756413>
It seems RSA-PSS certificates are not supported.

There's also this:
<https://bugzilla.mozilla.org/show_bug.cgi?id=1364339>

Same certificate works in Firefox. It is an official certificate used to
identify against the administration, tax forms and such. To get one, we
have to go in person to their offices and get properly identified by some
official, but otherwise it is gratis IIRC.

- --
Cheers
Carlos E. R.

(from openSUSE 15.5 (Laicolasse))

-----BEGIN PGP SIGNATURE-----

iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZVlp8Rwccm9iaW4ubGlz
dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVlYwAnRo0RZxezkqFwOBUZycY
PoOi0i14AJ9jiVbw+z6UybF2EWtpDg+jyYraKA==
=5LA/
-----END PGP SIGNATURE-----

Previous message: [Alpine-info] Signing with S/MIME.
Next message: [Alpine-info] Signing with S/MIME.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Alpine-info mailing list