[rt-users] GnuPG problems with message decryption

Ruslan Zakirov ruz at bestpractical.com
Fri Feb 24 11:30:41 EST 2012


Hi,

I don't see other option except to put $RT::Logger->debug(...) calls
in lib/RT/Crypt/GnuPG.pm.

On Thu, Feb 23, 2012 at 11:22, Martin Drašar <drasar at ics.muni.cz> wrote:
> Dne 22.2.2012 21:48, Ruslan Zakirov napsal(a):
>
>>> I have this in the log:
>>>>
>>>> [Tue Feb 21 15:34:09 2012] [debug]: Found encrypted inline part
>>>> (/home/RT/RT-4.0.5/sbin/../lib/RT/Crypt/GnuPG.pm:906)
>>>> [Tue Feb 21 15:34:09 2012] [debug]: [GNUPG:] ENC_TO 26B34A0AE44C6E92 1 0
>>>> [GNUPG:] USERID_HINT 26B34A0AE44C6E92 CSIRT-MU
>>>> DEVEL<rt at rt-devel.ics.muni.cz>
>>>> [GNUPG:] NEED_PASSPHRASE 26B34A0AE44C6E92 023D741AB8EF2A3A 1 0
>>>> [GNUPG:] MISSING_PASSPHRASE
>>>> [GNUPG:] BAD_PASSPHRASE 26B34A0AE44C6E92
>>>> [GNUPG:] ENC_TO 110B534B28C8D875 1 0
>>>> [GNUPG:] NO_SECKEY 110B534B28C8D875
>>>> [GNUPG:] BEGIN_DECRYPTION
>>>> [GNUPG:] DECRYPTION_FAILED
>>>> [GNUPG:] END_DECRYPTION
>>>> (/home/RT/RT-4.0.5/sbin/../lib/RT/Crypt/GnuPG.pm:1417)
>>>> [Tue Feb 21 15:34:09 2012] [error]: gpg: cancelled by user
>>>> gpg: encrypted with 2048-bit RSA key, ID 28C8D875, created 2010-12-30
>>>>       "Martin Drasar<drasar at ics.muni.cz>"
>>>> gpg: encrypted with 2048-bit RSA key, ID E44C6E92, created 2012-02-21
>>>>       "CSIRT-MU DEVEL<rt at rt-devel.ics.muni.cz>"
>>>> gpg: public key decryption failed: bad passphrase
>>>> gpg: decryption failed: secret key not available
>>>> (/home/RT/RT-4.0.5/sbin/../lib/RT/Crypt/GnuPG.pm:1419)
>>>> [Tue Feb 21 15:34:09 2012] [debug]: Found GnuPG protected parts
>>>> (/home/RT/RT-4.0.5/sbin/../lib/RT/Interface/Email/Auth/GnuPG.pm:240)
>>>> [Tue Feb 21 15:34:09 2012] [debug]: Error during verify/decrypt
>>>> operation
>>>> (/home/RT/RT-4.0.5/sbin/../lib/RT/Interface/Email/Auth/GnuPG.pm:244)
>>>> [Tue Feb 21 15:34:09 2012] [error]: Had a problem during decrypting and
>>>> verifying
>>>> (/home/RT/RT-4.0.5/sbin/../lib/RT/Interface/Email/Auth/GnuPG.pm:102)
>>>
>>>
>>> This is happening with RT-4.0.5 as well as 3.8.7.
>>>
>>> Any thoughts?
>>
>>
>> Have you read the log? It's pretty clear. Message is encrypted for two
>> recipients. You have required key in the keyring, but you didn't
>> provide passphrase. You either use passphraseless keys, use gpg-agent
>> or set passphrase in RT config.
>>
>
> Hi, Ruslan,
>
> I have definitely read the log. Several times...
> As I have said, I am using the gpg-agent and in my configuration the
> gpg-agent happily provides a password for RT when signing the message (the
> same operation as decrypting) but fails in this case, i.e. there is some
> problem when retrieving the passphrase for decrypting purposes using
> gpg-agent. It can either be a configuration error or a bug - I will probably
> hunt it down someday no matter what it is, but it would help me to hear
> whether there is someone who actually has it working in a setup like mine.
>
>
> Martin
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * Boston  March 5 & 6, 2012



-- 
Best regards, Ruslan.



More information about the rt-users mailing list