[rt-users] GPG Auto Key Retrieval
Kevin Falcone
falcone at bestpractical.com
Tue Jul 30 12:09:29 EDT 2013
On Tue, Jul 30, 2013 at 11:18:38AM -0400, Christopher Costa wrote:
> I have been able to get GPG integrated with RT using manually installed public keys, but I'm
> now trying to get auto key retrieval to work. The RT documentation suggests (to me, anyway)
> that this is possible. I haven't had any luck getting it working, and I'm curious if any other
> users have, and would have any tips. I've configured RT this way in RT_SiteConfig:
You say you've tested without outgoing emails, have you tested with an
incoming mail from an unknown user?
Also, ensure that your logging is set to debug, not just error.
-kevin
> Set(%GnuPG,
> Enable => 1,
> OutgoingMessagesFormat => "RFC", # Inline
> AllowEncryptDataInDB => 0,
> RejectOnMissingPrivateKey => 1,
> RejectOnBadData => 1,
> );
>
> Set(%GnuPGOptions,
> homedir => q{var/data/gpg},
> keyserver => 'xxxx://xxx.xxx.xxx.xxx',
> 'always-trust' => undef,
> 'auto-key-locate' => 'keyserver',
> 'keyserver-options' => 'auto-key-retrieve',
> );
>
> However, when I attempt to send an email to somebody who doesn't already have a key on the
> keyring, I get this error in the UI:
>
> User XXXXXXXXXX has a problem. There is no key suitable for encryption.
> Select a key you want to use for encryption: No usable keys.
>
> and in the rt.log I see this:
>
> [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No public key
> (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)
> [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No public key
> (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)
> [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No public key
> (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)
>
> It *appears* that RT is checking the keyring, and erroring out if it doesn't find a key, which
> is not what I expected to happened (I was expecting the key would be retrieved automatically
> at the time of encryption).
> I have executed gpg from the command line with these options, and I can retrieve a user key
> automatically and encrypt a file. So I am pretty sure the problem isn't with the keyserver, or
> the options themselves. I'm holding out hope that I'm simply doing something wrong within RT,
> and that there is some other setting I've overlooked.
>
> Thanks!
> Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 235 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130730/22854b44/attachment.sig>
More information about the rt-users
mailing list