smime_keys doesn't work on 1.5.x for me
Hello!
Can someone help me with importing thawte free email smime certificate into
mutt ? I'm getting error trying to do that on mutt-1.5.12 :
$ smime_keys init
$ smime_keys add_p12 cert.p12
NOTE: This will ask you for two passphrases:
1. The passphrase you used for exporting
2. The passphrase you wish to secure your private key with.
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
Couldn't identify root certificate!
No root and no intermediate certificates. Can't continue. at
/usr/local/bin/smime_keys line 668.
Thanks for your help.
--
Anatoly Pugachev
# -*-muttrc-*-
## The following options are only available if you have
## compiled in S/MIME support
# If you compiled mutt with support for both PGP and S/MIME, PGP
# will be the default method unless the following option is set
set smime_is_default
# Uncoment this if you don't want to set labels for certificates you add.
# unset smime_ask_cert_label
# Passphrase expiration
set smime_timeout=300
# Global crypto options -- these affect PGP operations as well.
set crypt_autosign = no
set crypt_replyencrypt = no
set crypt_replysign = no
set crypt_replysignencrypted = no
set crypt_verify_sig = no
# Section A: Key Management.
# The (default) keyfile for signing/decrypting. Uncomment the following
# line and replace the keyid with your own.
set smime_default_key="12345678.0"
# Uncommen to make mutt ask what key to use when trying to decrypt a message.
# It will use the default key above (if that was set) else.
# unset smime_decrypt_use_default_key
# Path to a file or directory with trusted certificates
set smime_ca_location="~/.smime/ca-bundle.crt"
# Path to where all known certificates go. (must exist!)
set smime_certificates="~/.smime/certs"
# Path to where all private keys go. (must exist!)
set smime_keys="~/.smime/keys"
# These are used to extract a certificate from a message.
# First generate a PKCS#7 structure from the message.
set smime_pk7out_command="openssl smime -verify -in %f -noverify -pk7out"
# Extract the included certificate(s) from a PKCS#7 structure.
set smime_get_cert_command="openssl pkcs7 -print_certs -in %f"
# Extract the signer's certificate only from a S/MIME signature (sender
verification)
set smime_get_signer_cert_command="openssl smime -verify -in %f -noverify
-signer %c -out /dev/null"
# This is used to get the email address the certificate was issued to.
set smime_get_cert_email_command="openssl x509 -in %f -noout -email"
# Add a certificate to the database using smime_keys.
set smime_import_cert_command="smime_keys add_cert %f"
# Sction B: Outgoing messages
# Algorithm to use for encryption.
# valid choices are rc2-40, rc2-64, rc2-128, des, des3
set smime_encrypt_with="des3"
# Encrypt a message. Input file is a MIME entity.
set smime_encrypt_command="openssl smime -encrypt -%a -outform DER -in %f %c"
# Sign.
set smime_sign_command="openssl smime -sign -signer %c -inkey %k -passin stdin
-in %f -certfile %i -outform DER"
#Section C: Incoming messages
# Decrypt a message. Output is a MIME entity.
set smime_decrypt_command="openssl smime -decrypt -passin stdin -inform DER
-in %f -inkey %k -recip %c"
# Verify a signature of type multipart/signed
set smime_verify_command="openssl smime -verify -inform DER -in %s %C -content
%f"
# Verify a signature of type application/x-pkcs7-mime
set smime_verify_opaque_command="openssl smime -verify -inform DER -in %s %C"
# Section D: Alternatives
# Sign. If you wish to NOT include the certificate your CA used in signing
# your public key, use this command instead.
# set smime_sign_command="openssl smime -sign -signer %c -inkey %k -passin
stdin -in %f -outform DER"
#
# In order to verify the signature only and skip checking the certificate
chain:
#
# set smime_verify_command="openssl smime -verify -inform DER -in %s -content
%f -noverify"
# set smime_verify_opaque_command="openssl smime -verify -inform DER -in %s
-noverify"
#