bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#26587: 26.0.50; Gnus signs with false S/MIME key

From: Torsten Bronger
Subject: bug#26587: 26.0.50; Gnus signs with false S/MIME key
Date: Wed, 9 Oct 2019 10:58:24 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) 
Hallöchen!

Lars Ingebrigtsen writes:

> Torsten Bronger <bronger@physik.rwth-aachen.de> writes:
>
>> If I have keys for different email addresses in my gpgsm keyring, Gnus
>> signs an outgoing email using S/MIME with the first one listed by "gpgsm
>> --list-secret-keys" instead of the one actually associated with the
>> "From:" mail address.
>
> I'm unable to reproduce this bug.
>
> Could you describe, step by step, how you are composing the message to
> be signed?

When writing the message, I call (mml-secure-message-sign-smime).
The "From:" field contains "Torsten Bronger
<bronger@physik.rwth-aachen.de>".  My secret keys are:

bronger@brad:~/kfa/Zertifikate/juliabase$ gpgsm --list-secret-keys
/home/bronger/.gnupg/pubring.kbx
--------------------------------
           ID: 0x416092ED
          S/N: 1CDCFCFE038E7AD34DF1C3FC
       Issuer: /CN=DFN-Verein Global Issuing CA/OU=DFN-PKI/O=Verein zur 
Foerderung eines Deutschen Forschungsnetzes e. V./C=DE
      Subject: /CN=Torsten Bronger/O=Forschungszentrum Juelich GmbH/C=DE
          aka: t.bronger@fz-juelich.de

[...]

           ID: 0x4A86AFDB
          S/N: 213C2509C6CA74A7ED7133B8
       Issuer: /CN=DFN-Verein Global Issuing CA/OU=DFN-PKI/O=Verein zur 
Foerderung eines Deutschen Forschungsnetzes e. V./C=DE
      Subject: /CN=Torsten Bronger/OU=Fachgruppe Physik/O=RWTH Aachen/C=DE
          aka: bronger@physik.rwth-aachen.de
     validity: 2019-07-03 13:02:55 through 2022-07-02 13:02:55
     key type: 2048 bit RSA
    key usage: digitalSignature nonRepudiation keyEncipherment
ext key usage: clientAuth (suggested), emailProtection (suggested)
     policies: 
1.3.6.1.4.1.22177.300.1.1.4:N:,1.3.6.1.4.1.22177.300.1.1.4.4:N:,1.3.6.1.4.1.22177.300.2.1.4.4:N:
  fingerprint: CD:BF:CA:E9:F3:83:B9:DC:00:E4:A2:B1:8F:D8:E0:78:4A:86:AF:DB

I would like the second key to be used.  But Gnus signs the email
with the first certificate.

Regards,
Torsten.

-- 
Torsten Bronger
reply via email to
[Prev in Thread] Current Thread [Next in Thread]