Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How can I convert or import S/MIME to PGP ring?

518 views
Skip to first unread message

Neil Jones

unread,
Feb 3, 2007, 9:31:26 AM2/3/07
to
Hello everyone,

A friend of my sent his public key as a smime.p7s file. I want to add
it to the GPG ring. When I double clicked on the file, the certificate
was added to the MS Outlook certificate store. However, I use
GPG/Enigmail on Windows (mostly) and Linux. Is there any way to import
this file to my GPG ring?

Thank you in advance for any help.

NJ

Allen Kistler

unread,
Feb 3, 2007, 10:54:29 AM2/3/07
to
Neil Jones wrote:
> A friend of my sent his public key as a smime.p7s file. I want to add
> it to the GPG ring. When I double clicked on the file, the certificate
> was added to the MS Outlook certificate store. However, I use
> GPG/Enigmail on Windows (mostly) and Linux. Is there any way to import
> this file to my GPG ring?

No. X.509 and PGP/GPG are completely separate things.

Neil Jones

unread,
Feb 4, 2007, 11:39:00 AM2/4/07
to

Thank you for replying. How can I use the smime.p7s file to encrypt a
message before sending it to him?

Thank you once again.

NJ

Doug McIntyre

unread,
Feb 4, 2007, 6:52:07 PM2/4/07
to

>Thank you once again.

He wasn't completely accurate. GPG v1.4 has no idea what S/MIME is.
But GPG 2.0 (and previously to that, the 1.9x tree) does know how to
handle both OpenPGP as well as S/MIME. The two trees are staying
seperate now, so they'll have both versions available for some time.

With the GPG v2.x stuff, gpgsm will let you add S/MIME keys, and
encrypt it. You'll have to have a seperate S/MIME key as well as your
existing RSA/DSA key.

Alternatively, with the right magic incantations, openssl can do S/MIME
encryption with a given key (ie. recent enough versions of mutt use
openssl to deal with S/MIME encrypted email).

Allen Kistler

unread,
Feb 6, 2007, 12:14:01 PM2/6/07
to

In general, open the email in a client that understands S/MIME, import
his certificate, compose email to him in the same client.

You've already done the first two things. With Outlook, there are
extras tricks required, particular to Outlook. First, you have to
create a contact entry for him in your personal address book and include
his certificate. Do that by exporting his cert from the Internet
Settings control panel, then re-import it when you create the address
book entry. Next, you need to create your own X.509 cert and import it
into the Windows cert store. Outlook won't let you send encrypted mail
unless you also have a cert to sign/receive email, even if you never use it.

Or you can just use Thunderbird or something else that doesn't require
jumping through unnecessary hoops.

0 new messages