[GpgME] signing w/ protocol CMS -> 'Nich implementiert'?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[GpgME] signing w/ protocol CMS -> 'Nich implementiert'?

Albrecht Dreß
Hi all,

I develop the crypto functions for a MUA (Balsa) using GpgME and ran into an issue when I try to sign a S/MIME (CMS) message: the function gpgme_op_sign() returns (in German locale) the error "Nich implementiert".  The output of running the application with GPGME_DEBUG=6 is attached.

Decryption and signature verification as well as listing the signer certificates for CMS using GpgME works just fine.

GpgSM and the key are also fine, i.e. I can successfully run 'gpgsm --sign --local-user 0x6F1DDFCA some_file > signature' on the command line.

My system is a 64-bit Ubuntu 16.04 LTS, with gpgme 1.6.0 and gpgsm 2.1.11.

BTW, I implemented these functions years ago, and iirc, S/MIME signing worked fine using GpgME those days (I typically use gpg keys, so I cannot recall when...).

Any insight would be highly appreciated!

Thanks in advance,
Albrecht.
_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

gpgsm.log (9K) Download Attachment
attachment1 (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [GpgME] signing w/ protocol CMS -> 'Nich implementiert'?

Albrecht Dreß
Hi Werner:

Am 13.07.17 10:00 schrieb(en) Werner Koch:
> > GPGME 2017-07-12 21:04:33 <0x7f17ad8f5a80>  gpgme_op_sign:476: error: Nich implementiert <GPGME>
>
> Did you set a passphrase callback?  This is not available for gpgsm.

Yes.  And setting it to NULL for GPGME_PROTOCOL_CMS immediately solves the issue.

Maybe I'm too dumb, but I didn't find this behavior being mentioned in the manual.  And, to be honest, I don't understand why the sign operation should throw an error if a callback has been defined.  Wouldn't it be sufficient to just ignore it, as with gpg if pinentry is available?

Thanks a lot for your help,
best,
Albrecht.
_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

attachment0 (484 bytes) Download Attachment
Loading...