LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-05-2007, 10:57 AM   #1
Autumnlord
LQ Newbie
 
Registered: Sep 2007
Posts: 2

Rep: Reputation: 0
S/MIME Digital Signature Issue. Linux Newbie.


Hello all. Im determined to cut the strings from Microsoft to Linux. Im a MCSE but my new job has a ton of Linux boxes. Im intrigued by the product so I have redone my Laptop in Fedora Core 5. I love the software but have one small issue. I have to be able to send email encrypted and digitally signed. Ill list the info below.

Issuing Agent: Verisign
Type of Certificate: VeriSign Class 1 Individual Subscriber CA - G2
SSL Client Certificate
SSL Server Certificate
Email Signer Certificate
Email Recipient Certificate

Operating version: Fedora Core 5

Email Client: Evolution 2.6.0

When I try to send an encrypted email it works just fine. However, if I try to send an encrypted with a signature or a signature alone I get the following error message.

Could not create message.

Because "Cannot add SMIMEEncKeyPrefs attribute", you may need to select different mail options.


Im not sure how to trouble shoot this issue. Any help you can provide would be greatly appreciated.

Thank you
 
Old 09-06-2007, 07:21 AM   #2
Nick_Battle
Member
 
Registered: Dec 2006
Location: Bracknell, UK
Distribution: SUSE 13.1
Posts: 159

Rep: Reputation: 33
The discussion here: http://bugzilla.gnome.org/show_bug.cgi?id=273233

...suggests it's because you've not explicitly said you trust the CA that signed the key.

"Go into the Certificate settings, and over to Authorities. Edit the trust
settings for CACert to say you trust them for signing email keys."

HTH,
-nick
 
Old 09-06-2007, 12:00 PM   #3
Autumnlord
LQ Newbie
 
Registered: Sep 2007
Posts: 2

Original Poster
Rep: Reputation: 0
Ok, that was done, what next?

I ensured that the cert was indeed trusted, and it is. I have tried various other mail clients to try and see if it was an Evolution error. Doesnt seem to be, it seems to be fairly universal. Ive tried two operating systems, OpenSues and this version of Fedora Core 5. I can sure use an experts help. If I cant get this signature to work Im gonna have to scrap the conversion to Linux. Thanks in advance.
 
Old 09-07-2007, 02:52 AM   #4
Nick_Battle
Member
 
Registered: Dec 2006
Location: Bracknell, UK
Distribution: SUSE 13.1
Posts: 159

Rep: Reputation: 33
Hmmm. By way of an experiment, could you try getting another key pair to see if that works - you can get a free one at www.cacert.org. I know you probably need to use the one particular key pair you have a problem with, but it may give some clue.

What other email clients did you try. Different Linux distributions are unlikely to be different (it's more likely to be an application problem).

Just to be absolutely clear, you did add trust to the CA certificate, not (just) your own certificate, right?

I think it's true that X.509 certificates can carry permissions about what they're allowed to be used for (authentication, signing, encryption). Do you know that the certificate is allowed to be used for signing? If not, it will never work (though the error message is very inappropriate, if that's the case!).

Cheers,
-nick
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: digital signature LXer Syndicated Linux News 0 07-30-2006 08:54 AM
Digital Signature Hardware/Software for Linux? tongar Linux - Hardware 0 01-28-2006 02:14 PM
MIME issue on Apache / mandrake 10 good_boy Linux - Networking 0 06-30-2004 07:19 AM
apt GPG Signature Issue blaroe Fedora 2 01-13-2004 10:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration