Hi, On 10/25/2013 02:22 AM, r.ted.byers@gmail.com wrote:
When I opened your email, Kmail, in Kontact (which I configured on Suse 12.3 only yesterday), it told me to 'please wait' while it checks the validity of your signature. But moments later, it told me that it had insufficient information to check the validity of your signature. Does that mean that there is something wrong with your signature, or might
My guess would be that KDE does not have the CA-certificate for the FINeID cards installed and therefore cannot verify the authenticity. Thunderbird has the same issue, but the CAcert can be downloaded from fineid.fi. See http://www.fineid.fi/default.aspx?id=596
I have made a mistake in configuring Kmail, or would it be something else? Yesterday I also installed Thunderbird on my Ubuntu 12.04 machine (newer and faster hardware than my Suse box), but Thunderbird proved to be painfully slow. While Thunderbird was easier to set up than Kmail, I won't be using it unless I can discover why it is so slow.
Try disabling the trackerbird add-on in TB. I sent another email to the list yesterday regarding problems with TB and IMAP and it turned out to be trackerbird.
And I have questions about your FINeID card. Do you know how widespread such cards are in Europe?
I know for sure about Finland, Estonia, Italy, Austria and Germany. There's also an EU draft about electronic ID cards.
You say that you can use it for web authentication, but do you know how websites would process the certificate it must be providing and where they'd locate the other files, such as the CRL (or does your government have a website set up, with the URL provided in the crt file, from which websites can retrieve the files related to the crt, that they can use to access the validity of the crt file)?
The majority of the Finnish websites use a unified identification service against which you can also authenticate with online-banking codes. CRL info is here: http://www.fineid.fi/default.aspx?docid=2330&action=publish#Revocationlists Here is a tutorial for implementing FINeID authentication for the Drupal CMS - which includes the configuration of Apache 2: https://www.zeip.eu/node/2
Do you have any favourite websites that explain how to set up email signing, and even encryption, beginning with the process of creating the CSR and signing it using openssl?
Nope. No favorite website.
All of the sites I have found so far, WRT openssl, focus on server side certificates, to be deployed in your favourite web server - it is my understanding that a CA can be configured o sign both server side and client side certificates, and that the latter can be used both for website authentication and encrypting/signing email, but finding useful material for figuring out how to do it has been frustrating inthe extreme.
If you are talking about your off-the-shelf X.509 or p12 mail certificate, it's the same way as you create a certificate for your webserver. The difference is that the common name (CN) is your email-address while for an https-server, the common name is the server's FQDN. However, that's not only lots of typing but also relatively useless because to verify your certificate, every recipient would have to install your CA certificate. The better way is to use a free certificate provider, such as Comodo (http://www.comodo.com/home/email-security/free-email-certificate.php). Theit CA certificates are usually preinstalled in all big OSs and mailclients. --Stefan -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface