[rt-users] GPG Auto Key Retrieval

Christopher Costa christopher.costa at gmail.com
Tue Jul 30 12:18:55 EDT 2013


Hi Kevin,

Thus far my focus has been on getting outgoing email to work (that's our
primary need).  I will make every effort to test inbound email ASAP.


On Tue, Jul 30, 2013 at 12:09 PM, Kevin Falcone
<falcone at bestpractical.com>wrote:

> On Tue, Jul 30, 2013 at 11:18:38AM -0400, Christopher Costa wrote:
> >    I have been able to get GPG integrated with RT using manually
> installed public keys, but I'm
> >    now trying to get auto key retrieval to work. The RT documentation
> suggests (to me, anyway)
> >    that this is possible. I haven't had any luck getting it working, and
> I'm curious if any other
> >    users have, and would have any tips. I've configured RT this way in
> RT_SiteConfig:
>
> You say you've tested without outgoing emails, have you tested with an
> incoming mail from an unknown user?
>
> Also, ensure that your logging is set to debug, not just error.
>
> -kevin
>
> >    Set(%GnuPG,
> >    Enable => 1,
> >    OutgoingMessagesFormat => "RFC", # Inline
> >    AllowEncryptDataInDB => 0,
> >    RejectOnMissingPrivateKey => 1,
> >    RejectOnBadData => 1,
> >    );
> >
> >    Set(%GnuPGOptions,
> >    homedir => q{var/data/gpg},
> >    keyserver => 'xxxx://xxx.xxx.xxx.xxx',
> >    'always-trust' => undef,
> >    'auto-key-locate' => 'keyserver',
> >    'keyserver-options' => 'auto-key-retrieve',
> >    );
> >
> >    However, when I attempt to send an email to somebody who doesn't
> already have a key on the
> >    keyring, I get this error in the UI:
> >
> >    User XXXXXXXXXX has a problem. There is no key suitable for
> encryption.
> >    Select a key you want to use for encryption: No usable keys.
> >
> >    and in the rt.log I see this:
> >
> >    [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No public
> key
> >    (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)
> >    [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No public
> key
> >    (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)
> >    [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No public
> key
> >    (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)
> >
> >    It *appears* that RT is checking the keyring, and erroring out if it
> doesn't find a key, which
> >    is not what I expected to happened (I was expecting the key would be
> retrieved automatically
> >    at the time of encryption).
> >    I have executed gpg from the command line with these options, and I
> can retrieve a user key
> >    automatically and encrypt a file. So I am pretty sure the problem
> isn't with the keyserver, or
> >    the options themselves. I'm holding out hope that I'm simply doing
> something wrong within RT,
> >    and that there is some other setting I've overlooked.
> >
> >    Thanks!
> >    Chris
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130730/7652371d/attachment.htm>


More information about the rt-users mailing list