Using Kleopatra to enrypt file with X.509

I’m trying to encrypt a file using the explorer context menu. After I selected my X.509 certificate, I get the message that the encryption failed. Details show “File Exists”. The file does of course not yet exist. Selecting a GPG certificate, it works.

Does anyone have an Idea?

I have the exact problem in Gpg4win 2.2.0

I have same problem - using context menu of GpgEX on ‘filename.txt’. All seems to progress ok with a temporary file ‘filename.txt.p7m.XC3292’ visible in the directory but the process fails after 7 minutes. ‘Details’ indicates that the file exists - but the encrypted version doesn’t. The ‘GnuPG Audit LogViewer- Kleopatra’ has two entries which don’t mean much to me –

  • unknown operation
  • Dirmngr usable - yes

I have more and more the impression that Kleopatra is broken when it comes to X509 operations. Since putting an X509 cert on Kleopatra, it takes Kleopatra 10 to 20 minutes after launch to display any certificates (including Gpg certs.). I use a valid CACert certificate and I have complied the best I can with all instructions I have been able to find in the documentation regarding X509 but I cannot get Kleopatra to recognise the CAcert root certificate as ‘trusted’.

The help documentation for Kleopatra has information which doesn’t well line up with what I see in Kleopatra dialogues.

I have a thread on this forum on my issues with X509 and it has not produced any useful ideas. Maybe we should just forget about X509 and Gpg4win ?

During the many efforts I’ve made over the past weeks to get X509 working correctly under Gpg4win and with Kleopatra, I discovered a copy of the file ‘trustlist.txt’ (written by Kleopatra, I imagine) in a directory different from that specified in the supplied document HOWTO-SMIME.en.txt for Windows 7.

It may well be that Gpg4win is not well constructed with respect to directory locations in Windows 7 for X509. This would explain the lengthy times experienced when using Kleopatra before success or failure of a task - ie the system is unable to find some element required and one has to wait for a ‘time-out’. All works well when limited to gpg certs.

Does anyone have the means to check out this idea ?

It is not an Win7 problem. Same mistake in XP. So must be a general design problem. Probably we should adress the hole problem to the g10CodeGmbH the designers of the gpgsm.exe file.
When I find a little time I’ll get in contact wit them.

There are currently (2.2.1) problem with Cacert CRLs with X509 (see other discussions).
Ideally this should be fixed on Cacert’s end.

If it works when disabling crls and it is a cacert cert, then this is the defect.
If it is a different one, we need to check.

One diagnosis tool is: Try the command line gpgsm if kleo does not work.
Then it is acually kleo.