[neomutt-users] S/MIME signature verification

Weining Duan wn.duan at gmail.com
Sun Dec 9 21:02:29 CET 2018


On Sat, Dec 08, 2018 at 01:36:14PM -0800, Ian Zimmerman wrote:
> Do you have a ~/.gnupg/gpgsm.conf file?  Can you share it?

Yes. I've got a gpgsm.conf file, with only one line:


This option disables CRL (Certificate Revocation List) check, which I believe
does not affect the behavior of gpgsm greatly.

> For GPG, if a key is not present in the local system it is automatically
> fetched from a keyserver; that keyserver is specified in
> ~/.gnupg/gpg.conf .  Is there a similar mechanism for gpgsm?  If yes,
> what keyserver is commonly used?

This and further questions are related to X.509 certificate mechanism, which
works differently in terms of key exchange protocol as gpg. So there is no
keyserver or `--recv-keys` involved in gpgsm.

As far as I know, usually the public key is attached to the SMIME signed
message, then you can get the key directly from the message itself.
My understanding on this subject is limited and may go wrong here.

IMO, neomutt works fine on this part according to your description and your
questions are actually gpg related. You may consider sending your questions
to GnuPG's mailing list.

> Thanks for your explanations.  You see, I have only ever used GPG, and I
> have no idea about SMIME.

You're welcome. Same as you, I don't have much experience with SMIME either :)


Weining Duan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3325 bytes
Desc: not available
URL: <http://mailman.neomutt.org/pipermail/neomutt-users-neomutt.org/attachments/20181210/c7172204/attachment.bin>

More information about the neomutt-users mailing list