<div dir="ltr"><div>Hi Kevin,<br><br></div>Thus far my focus has been on getting outgoing email to work (that's our primary need). I will make every effort to test inbound email ASAP.<br></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Tue, Jul 30, 2013 at 12:09 PM, Kevin Falcone <span dir="ltr"><<a href="mailto:falcone@bestpractical.com" target="_blank">falcone@bestpractical.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Tue, Jul 30, 2013 at 11:18:38AM -0400, Christopher Costa wrote:<br>
> I have been able to get GPG integrated with RT using manually installed public keys, but I'm<br>
> now trying to get auto key retrieval to work. The RT documentation suggests (to me, anyway)<br>
> that this is possible. I haven't had any luck getting it working, and I'm curious if any other<br>
> users have, and would have any tips. I've configured RT this way in RT_SiteConfig:<br>
<br>
</div>You say you've tested without outgoing emails, have you tested with an<br>
incoming mail from an unknown user?<br>
<br>
Also, ensure that your logging is set to debug, not just error.<br>
<span class="HOEnZb"><font color="#888888"><br>
-kevin<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
> Set(%GnuPG,<br>
> Enable => 1,<br>
> OutgoingMessagesFormat => "RFC", # Inline<br>
> AllowEncryptDataInDB => 0,<br>
> RejectOnMissingPrivateKey => 1,<br>
> RejectOnBadData => 1,<br>
> );<br>
><br>
> Set(%GnuPGOptions,<br>
> homedir => q{var/data/gpg},<br>
> keyserver => 'xxxx://xxx.xxx.xxx.xxx',<br>
> 'always-trust' => undef,<br>
> 'auto-key-locate' => 'keyserver',<br>
> 'keyserver-options' => 'auto-key-retrieve',<br>
> );<br>
><br>
> However, when I attempt to send an email to somebody who doesn't already have a key on the<br>
> keyring, I get this error in the UI:<br>
><br>
> User XXXXXXXXXX has a problem. There is no key suitable for encryption.<br>
> Select a key you want to use for encryption: No usable keys.<br>
><br>
> and in the rt.log I see this:<br>
><br>
> [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No public key<br>
> (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)<br>
> [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No public key<br>
> (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)<br>
> [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No public key<br>
> (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)<br>
><br>
> It *appears* that RT is checking the keyring, and erroring out if it doesn't find a key, which<br>
> is not what I expected to happened (I was expecting the key would be retrieved automatically<br>
> at the time of encryption).<br>
> I have executed gpg from the command line with these options, and I can retrieve a user key<br>
> automatically and encrypt a file. So I am pretty sure the problem isn't with the keyserver, or<br>
> the options themselves. I'm holding out hope that I'm simply doing something wrong within RT,<br>
> and that there is some other setting I've overlooked.<br>
><br>
> Thanks!<br>
> Chris<br>
</div></div></blockquote></div><br></div>