Gregory Heytings <ghe@...
2014-07-26 17:33:13 GMT
I try to sign emails with Alpine (latest version, 2.11).
I created a "free email certificate" on the Comodo website, and I exported
that certificate (from within Google Chrome) as a PKCS12 file <email>.p12
with a password <p12-pass>.
This file apparently contains two keys: a private key and a certificate (=
public key?). I tried various ways to extract these two keys, and I put
them respectively in the ~/.alpine-smime/private and
I converted that .p12 file into a .pem file, with the command "openssl
pkcs12 -in <email>.p12 -out <email>.pem", with a passphrase <pem-pass>.
Then I tried to:
1. Use the .pem file as a .key file, after changing its extension, as
indicated in the Alpine "Notes on Configuration and Preferences".
2. Use the .pem file as a .key file *and* a .crt file.
3. Extract the two keys by hand from the .pem file, the certificate in
<email>.crt and the private key in <email>.key.
4. Same as 3, but keep the "Bag Attributes" lines before the keys.
I am asked to type the <pem-pass> when I send an email, and the signing
process seems to work. But when I read the message I just sent, or the
message that the recipient gets, I keep having "Couldn't verify S/MIME
signature: certificate verify error" messages, with a "This message was
cryptographically signed but the signature could not be verified." in the
I also tried to extract the keys directly from the <email>.p12 file, with
various recipes found on the Internet, but without success (I get the same
error messages than above):
1. "openssl pkcs12 -nocerts -in <email>.p12 -out <email>.key" and "openssl
pkcs12 -clcerts -nokeys -in <email>.p12 -out <email>.crt"
2. Same as 1, after manually removing the "Bag Attributes" lines before
3. "openssl pkcs12 -nocerts -in <email>.p12 -out <email>.key" and "openssl
pkcs12 -clcerts -in <email>.p12 -out <email>.crt"
4. Same as 3, after manually removing the "Bag Attributes" lines before
the keys, and removing the private key that remained in the .crt file
5. "openssl pkcs12 -in <email>.p12 -out <email>.key" and "openssl x509 -in
<email>.key -inform PEM -out <email>.crt"
Obviously I am doing something wrong and/or I misunderstand something...
but what should I do to get this working?
Many thanks in advance,