smimesign and gpgsm compability

[savely-krasovsky]

It's seems for me that signatures made by smimesign cannot be verified by gpgsm. gpgsm uses for ID string like this 0x85B45FC2 and smimesign just cert fingerprint. So gpgsm simply cannot found this cert:

gpgsm: Signature made 2022-08-02 08:31:38 UTC
gpgsm:                using rsa1024 key 1330B26E34290E780CF1B34E14E0D06F85B45FC2
gpgsm: certificate not found: No public key
gpgsm: certificate #7C0015897CCB1524C0A9128ADE00000015897C/CN=test,DC=test
gpgsm: checking the CRL failed: Not found
gpgsm: invalid certification chain: Not found

[savely-krasovsky]

Oh, after a day of research I've understood that gnusm DOES NOT use system-wide cert storage and you need to manually import root cert to gpgsm.

$ gpgsm --import ca.crt

You also need to create ~/.gnupg/trustlist.txt file with fingerprint of your CA:

2B:00:80:0B:B7:A7:62:E6:9B:D4:11:27:7F:CF:5C:59:14:65:C3:25 S