GPG4Win not working AT ALL with x509 certs

anon97176174 · December 23, 2015, 10:26am

I created a self-signed certificate with decryption key (a p12 or pfx file type), using openssl, and the resulting certificate is able to be imported into GPG4Win, and I can read the details of it by doubleclicking on it in the list. However it will not sign or encrypt ANYTHING. It will not work with files or clipboard content, in either the act of encrypting, or signing anything. I don’t know about decryption or verifying signatures, because I have to be able to encrypt or sign something, before I’m able to test the other functions. But basically my copy of GPG4Win is not working AT ALL with x509 certs. Every time I try to encrypt or sign anything, the error I get is
xxxxxx failed: No value

Where xxxxxx is either Encryption or Signing (depending on what you were trying to do at the time).

This is a MAJOR bug, that should go straight to the top of the priority list for the developers. I’m surprised that nobody else has reported it yet.

bernhard · January 22, 2016, 10:54am

Hi Animedude,

in our tests Gpg4win works with CMS and x509 keys.
It probably has to do with your setup or the used certificates.

A good way to start analysing your situation is to try the command line
http://wiki.gnupg.org/TroubleShooting

gpgsm -k
and
gpgsm -K
should list your certs and secret keys.

Then try gpgsm -e -r YOURNAME hello.txt
and add “-vvv --debug-all” if it does not work.

Note that for x509 to work you usually need
a) a certificate revocation information, e.g. a crl distribution point
with a current crl. You can switch this off of course
using --disable-crl-checks
b) a trusted root certificate (which is not that easy to configure),
see http://wiki.gnupg.org/X.509

Best Regards,
Bernhard