[rt-users] GPG Auto Key Retrieval

Christopher Costa christopher.costa at gmail.com
Tue Jul 30 11:18:38 EDT 2013 

Hello,

I have been able to get GPG integrated with RT using manually installed
public keys, but I'm now trying to get auto key retrieval to work.  The RT
documentation suggests (to me, anyway) that this is possible.  I haven't
had any luck getting it working, and I'm curious if any other users have,
and would have any tips.  I've configured RT this way in RT_SiteConfig:

Set(%GnuPG,
    Enable => 1,
    OutgoingMessagesFormat => "RFC", # Inline
    AllowEncryptDataInDB   => 0,
    RejectOnMissingPrivateKey => 1,
    RejectOnBadData           => 1,
);

Set(%GnuPGOptions,
    homedir => q{var/data/gpg},
    keyserver => 'xxxx://xxx.xxx.xxx.xxx',
    'always-trust' => undef,
    'auto-key-locate' => 'keyserver',
    'keyserver-options' => 'auto-key-retrieve',
);

However, when I attempt to send an email to somebody who doesn't already
have a key on the keyring, I get this error in the UI:

User XXXXXXXXXX has a problem. There is no key suitable for encryption.
Select a key you want to use for encryption: No usable keys.

and in the rt.log I see this:

[Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No public key
(/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)
[Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No public key
(/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)
[Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No public key
(/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)

It *appears* that RT is checking the keyring, and erroring out if it
doesn't find a key, which is not what I expected to happened (I was
expecting the key would be retrieved automatically at the time of
encryption).

I have executed gpg from the command line with these options, and I can
retrieve a user key automatically and encrypt a file.  So I am pretty sure
the problem isn't with the keyserver, or the options themselves.  I'm
holding out hope that I'm simply doing something wrong within RT, and that
there is some other setting I've overlooked.

Thanks!
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130730/74f624c5/attachment.htm>

More information about the rt-users mailing list