Bug 336032

Summary: Cant sign via SMIME, encrypting works
Product: [Applications] kmail2 Reporter: Robin Dieker <Robin>
Component: cryptoAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED UNMAINTAINED    
Severity: major CC: enrico.tagliavini
Priority: NOR    
Version: 4.13   
Target Milestone: ---   
Platform: Kubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Robin Dieker 2014-06-10 10:27:40 UTC 
I am not able to sign my outgoing Mails. After I imported the certificate I am able to select it to ENCRYPT messages but It does not show up when I try to select a certificate for SIGNING the messages.

Reproducible: Always

Steps to Reproduce:
1. open KMail
2. Import your certificate (used Kleopatra)
3. go to KMail (Kontact) settings, Identities, Edit, Cryptography
4. select a certificate for encryption: WORKS
5. try to select a certificate for singing: DOES NOT WORK (does not show any certificate)
Actual Results:  
there was no certificate showing up

Expected Results:  
I should be able to select the same certficate for signing the message

After installing Kubuntu there was an error message that there was no crypto application installed so I installed Kleopatra and imported my mail certificates from there

I am using the free Comodo Mail Service
Comment 1 Enrico Tagliavini 2014-06-24 07:16:28 UTC 
Exact same problem with a totally different system: gentoo linux, kde 4.12.5 using S/MIME. I have an x509 certificate released by 

CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE

and it is trusted in Kleopatra.  The main purpose of this certificate is email signing:

        X509v3 extensions:
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.22177.300.1.1.4.3.1
                Policy: 1.3.6.1.4.1.22177.300.2.1.4.3.1

            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, E-mail Protection
            X509v3 Subject Key Identifier: 
                42:52:05:06:6B:6E:A0:B9:59:CB:CA:2A:A0:EB:62:8C:BC:2E:63:A3
            X509v3 Authority Key Identifier: 
                keyid:B0:C1:BB:68:35:7F:E2:D6:41:9C:1A:71:AF:E0:FC:41:34:CD:C3:A8

            X509v3 Subject Alternative Name: 
                email:<hidden>
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://cdp1.pca.dfn.de/classic-unitue-ca/pub/crl/g_cacrl.crl

                Full Name:
                  URI:http://cdp2.pca.dfn.de/classic-unitue-ca/pub/crl/g_cacrl.crl

            Authority Information Access: 
                CA Issuers - URI:http://cdp1.pca.dfn.de/classic-unitue-ca/pub/cacert/g_cacert.crt
                CA Issuers - URI:http://cdp2.pca.dfn.de/classic-unitue-ca/pub/cacert/g_cacert.crt
Comment 2 Enrico Tagliavini 2014-07-03 18:43:06 UTC 
Maybe I found the source of the problem. gpg-agent is not running. Configuring KDE to automatically start the agent during startup fixed the issue. For more details see comment 8 of bug #324424 .

If this is the case kmail should complain about missing gpg-agent when opening the dialog to select the S/MIME certificate
Comment 3 Denis Kurz 2016-09-24 18:20:18 UTC 
This bug has only been reported for versions before 4.14, which have been unsupported for at least two years now. Can anyone tell if this bug still present?

If noone confirms this bug for a Framework-based version of kmail2 (version 5.0 or later, as part of KDE Applications 15.12 or later), it gets closed in about three months.
Comment 4 Denis Kurz 2017-01-07 22:03:29 UTC 
Just as announced in my last comment, I close this bug. If you encounter it again in a recent version (at least 5.0 aka 15.08), please open a new one unless it already exists. Thank you for all your input.