New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verify signature for S/Mime? #3567
Comments
I have noticed the same thing and have not yet found a solution. Tried also
|
Found a solution which works:
|
@marvinwankersteen: How about importing the certificates authorities into gpgsm database and keep using gpgme instead of legacy smime_*? gpgsm --import /etc/ssl/certs/ca-certificates.crt |
Thanks for the hint. I didn't know that you have to import the CAs into gpgsm beforehand. I'm new to neomutt. The import worked, but the verification is still not possible. Same error. |
Yeah, the usage of gpgsm is poorly documented... If I have to make a guess, I would assume you/gpg does not trust the root certificate. After importing the root certificate in gpgsm you must assign a trust to it (by default it is untrusted, which lets the verification fail). This can be done in different ways, please see section "setting up trust" in https://www.claws-mail.org/faq/index.php/S/MIME_howto on the two ways to do that (automatically via gpg-agent or by editing trustlist.txt) To rule out that it is a problem with gpgsm itself you can do the following steps to verify an email "by hand" with gpgsm command line: Verify E-Mail using gpgsm (and openssl)How to verify a signature of an e-mail using gpgsm on the console Save the full MIME-Message/E-Mail via neomutt:
SignatureSignature can be saved using neomutt's Alternatively, we can use openssl
The sed deletes the MIME-header. Payload/BodyThe body is a bit trickier as neomutt a) seems to convert CRLF to LF on *nix, which tampers with the mail. To extract the body, we utilise openssl:
Verifying with gpgsm
( AppendixAn entry for ~/.gnupg/trustlist.txt looks like:
where
|
@rayfordshire: Thank you very much for the instructions and explanation. I have not found this in detail anywhere, not even in the documentation. This should be included, especially for beginners. Since I basically "have to" trust all CAs, which are all in
The S/MIME-signed mails can then be verified, even without these settings. I found another hint for debugging gpgsm:
Perhaps this will help some of you with troubleshooting if this doesn't work. |
I added following lines to mine muttrc file
I can sign using mine pgp key, and verify others signatures, but when trying to verify email signed with S/Mime neomutt give me
Invoking S/MIME
and after some timeS/MIME signature could NOT be verified
What i'm missing to verify S/Mime signatures with gpgme?
I installed neomutt from Fedora COPR
The text was updated successfully, but these errors were encountered: