How to use gpgsm?

mouse008's Avatar

mouse008

16 Jul, 2017 04:10 AM

My goal is to use gpgsm to manually construct and parse/process S/MIME objects/files. Also, I want to use the keys (and the certs) on my smartcard. One complicating fact may be that the card is both PIV and OpenPGP-capable - it's a Yubikey.

I can do that with OpenSSL (and it works), but the process is rather cumbersome. With gpgsm it seems much easier: just type something like gpgsm -ear [email blocked] < plaintext.txt > output.pem.

In fact, however, I cannot even --learn-card, because it looks like gpgsm expects a PIV-like token, and does not do anything useful with an OpenPGP token.

$ gpgsm --debug-level basic --learn-card
gpgsm: enabled debug flags: ipc
gpgsm: DBG: chan_3 <- OK Pleased to meet you
gpgsm: DBG: connection to agent established
gpgsm: DBG: chan_3 -> RESET
gpgsm: DBG: chan_3 <- OK
gpgsm: DBG: chan_3 -> OPTION ttyname=/dev/ttys003
gpgsm: DBG: chan_3 <- OK
gpgsm: DBG: chan_3 -> OPTION ttytype=xterm-256color
gpgsm: DBG: chan_3 <- OK
gpgsm: DBG: chan_3 -> OPTION display=/private/tmp/com.apple.launchd.GKERl8HsOA/org.macosforge.xquartz:0
gpgsm: DBG: chan_3 <- OK
gpgsm: DBG: chan_3 -> OPTION lc-ctype=en_US.UTF-8
gpgsm: DBG: chan_3 <- OK
gpgsm: DBG: chan_3 -> OPTION lc-messages=en_US.UTF-8
gpgsm: DBG: chan_3 <- OK
gpgsm: DBG: chan_3 -> GETINFO version
gpgsm: DBG: chan_3 <- D 2.1.21
gpgsm: DBG: chan_3 <- OK
gpgsm: DBG: chan_3 -> OPTION allow-pinentry-notify
gpgsm: DBG: chan_3 <- OK
gpgsm: DBG: chan_3 -> SCD GETINFO version
gpgsm: DBG: chan_3 <- D 2.1.21
gpgsm: DBG: chan_3 <- OK
gpgsm: DBG: chan_3 -> LEARN --send
gpgsm: DBG: chan_3 <- S PROGRESS learncard k 0 0
gpgsm: DBG: chan_3 <- S PROGRESS learncard k 0 0
gpgsm: DBG: chan_3 <- S PROGRESS learncard k 0 0
gpgsm: DBG: chan_3 <- S KEY-TIME 3 1452558194
gpgsm: DBG: chan_3 <- S KEY-TIME 2 1280446657
gpgsm: DBG: chan_3 <- S KEY-TIME 1 1451869133
gpgsm: DBG: chan_3 <- S KEY-FPR 3 FE2AC36ECFF7490348DD6F4E43EEB185FD3F6BEE
gpgsm: DBG: chan_3 <- S KEY-FPR 2 20805D50EC69217C2E7AB789D3C79381E5A4FF45
gpgsm: DBG: chan_3 <- S KEY-FPR 1 7ACC2166010FCD10AAB754656C34A49741E90902
gpgsm: DBG: chan_3 <- S LOGIN-DATA . . . . .
gpgsm: DBG: chan_3 <- S DISP-SEX 1
gpgsm: DBG: chan_3 <- S DISP-LANG en
gpgsm: DBG: chan_3 <- S DISP-NAME . . . . . .
gpgsm: DBG: chan_3 <- S EXTCAP gc=1+ki=1+fc=1+pd=0+mcl3=1216+aac=0+sm=2+si=0+dec=0+bt=0
gpgsm: DBG: chan_3 <- S APPTYPE OPENPGP
gpgsm: DBG: chan_3 <- S SERIALNO <valid Yubico OpenPGP applet ID>
gpgsm: DBG: chan_3 <- S READER Yubico Yubikey NEO OTP+U2F+CCID
gpgsm: DBG: chan_3 <- S KEYPAIRINFO 552188B2CDE62E39CCAC7F9EB9291EF02B833965 OPENPGP.3
gpgsm: DBG: chan_3 <- S KEYPAIRINFO 809CF6FC11A51D0EB4949FA841796F417CD71C72 OPENPGP.2
gpgsm: DBG: chan_3 <- S KEYPAIRINFO BE8588700B7454C50D4C0E5AC080837AED0112AB OPENPGP.1
gpgsm: DBG: chan_3 <- OK
secmem usage: 0/16384 bytes in 0 blocks
$ 
$ gpgsm --debug-level advanced -ear [email blocked] < tst-doc.txt 
gpgsm: enabled debug flags: x509 ipc
gpgsm: can't encrypt to '[email blocked]': No public key
secmem usage: 0/16384 bytes in 0 blocks
$

It may well be that I'm doing something wrong. Could you please let me know how one is supposed to use gpgsm (maybe it's only for invocations by GPGMail?), and whether you can make it possible to use gpgsm with a dual-applet smartcard like Yubikey (when both PIV and OpenPGP applets are provisioned with the appropriate keys)?

Thanks!

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac