Hello, Akib Azmain Turja writes: > Angel de Vicente writes: >> but now I got an e-mail from someone using S/MIME, and despite reading >> that GnuPG should be able to handle S/MIME certificates, I'm not sure >> how to do it. Is there something similar to `epa-search-keys` but for >> certificates? I guess since we are dealing with certificates here, I >> don't need to get the individual certificate of this person, but just >> the certificate for the Certification Authority, but how to find the >> certificate, and how to do the equivalent of the signing above, so trust >> will go from "undefined" to "full"? This part I found how to do. Basically Gnus+GnuPG already imported the certificate for me, which I could verify by doing "gpgsm -k", and then I just had to set the root CA as trustworthy in the file "~/.gnupg/trustlist.txt" With that, I now get (trust full) for this person. ,---- | [[S/MIME Signed Part:Good signature from | DD733F6DFA9EBA0303F699xxxxxxxxxxxxxxxxxx /CN=xxxxx xxxxxx xxxxxx | xxxxxxxx/O=Instituto de Astrofisica de Canarias/STREET=Calle Vía | Láctea, s\x2fn/ST=Santa Cruz de Tenerife/C=ES (trust full)]] `---- Actually, it looks like S/MIME is much more convenient than GPG, since I only have to deal with giving trust to the root CA, and then all certificates given by that CA will have full trust immediately? Maybe when digital certificates were not so common, PGP/MIME was a better option, but now it looks like S/MIME should be easier for key/certificates management? (I have one day of experience with this, so don't take my word for it :-) ) > How did you make Gnus display those nice messages? My Gnus doesn't do > that (but ask me for password for decrypting mails). I think you get those by setting gnus-buttonized-mime-types: '(gnus-buttonized-mime-types '("multipart/encrypted" "multipart/signed")) Cheers, -- Ángel de Vicente -- (GPG: 0x64D9FDAE7CD5E939) Research Software Engineer (Supercomputing and BigData) Instituto de Astrofísica de Canarias (https://www.iac.es/en)