cannot encrypt: x509 Unusable public key

passegua · May 19, 2016, 11:20am

when try encrypt using a x509 certificate (my own) I get:
unusable public key, why?
Thanks

passegua · May 19, 2016, 11:53am

I see this is a 3 years old problem, still not solved?

https://forum.gnupg.org/t/using-kleopatra-to-enrypt-file-with-x-509/2270

Thanks.

bernhard · May 19, 2016, 6:51pm

Hi Dan,
there are several reasons why a pubcert would not be usable.

First thing to check is if you have set up the root certificates properly:
https://wiki.gnupg.org/X.509

Second thing to check would be if the revocation list information can be fetched.

Sorry that x.509 is a bit hard to set up, you probably need some experience with configuration
files and gpgsm can help you to diagnose situations.

Best,
Bernhard

bernhard · May 19, 2016, 6:51pm

The problem you are refering to, most likely is a different one.

passegua · May 20, 2016, 7:10am

You wrote: “Sorry that x.509 is a bit hard to set up, you probably need some experience with configuration
files and gpgsm can help you to diagnose situations.”

Thanks, but what’s gpgsm?

passegua · May 20, 2016, 11:23am

I’ve read what you quote and checked the S/Mime setting as Validate certificates using CRLs.
Indeed it take a long time to Validate, but when I try to encrypt, after about 30 minutes I get a different error (see attachment) “File exists”!

What does it means?

Obviously I checked twice if that file was already there and I try again 3 times. Same error message.

passegua · May 20, 2016, 11:40am

Googling in the forum archive I’ve found:
https://wald.intevation.org/tracker/?func=detail&atid=126&aid=6570&group_id=11

that this is a >4 years old bug

too bad

bernhard · May 24, 2016, 7:30am

Hi Dan,
sorry so see that it still does not work for you.
Sometimes the analysis of a defect is difficult, it is made harder
because we cannot directly access a machine where the problem is reproduced.

(We did fix major old defects that we knew about. So it is unlikely that you are
running into the precise same problem. It may be that what you can see is similiar,
but that does not mean it has the same cause.)

“gpgsm.exe” is the command line tool to handle operations with x.509 keys and certificates.
It outputs more diagnostics which is usefull for service technicians to help to find
out what the problem may be (so as a regular you should not need it.)

See https://wiki.gnupg.org/TroubleShooting
gpgsm -k will show that certificates that GnuPG knows about.

Best Regards,
Bernhard