[rt-users] GPG Auto Key Retrieval
Christopher Costa
christopher.costa at gmail.com
Tue Jul 30 14:19:29 EDT 2013
It looks as if testing inbound email to RT might not be a simple chore in
my environment so for now I'm going to focus on outbound email. I do have
debug logging enabled. Is there is someplace else worth looking? Am I
misunderstanding how auto key retrieval is supposed to work with outbound
mail?
On Tue, Jul 30, 2013 at 12:18 PM, Christopher Costa <
christopher.costa at gmail.com> wrote:
> Hi Kevin,
>
> Thus far my focus has been on getting outgoing email to work (that's our
> primary need). I will make every effort to test inbound email ASAP.
>
>
> On Tue, Jul 30, 2013 at 12:09 PM, Kevin Falcone <falcone at bestpractical.com
> > wrote:
>
>> On Tue, Jul 30, 2013 at 11:18:38AM -0400, Christopher Costa wrote:
>> > I have been able to get GPG integrated with RT using manually
>> installed public keys, but I'm
>> > now trying to get auto key retrieval to work. The RT documentation
>> suggests (to me, anyway)
>> > that this is possible. I haven't had any luck getting it working,
>> and I'm curious if any other
>> > users have, and would have any tips. I've configured RT this way in
>> RT_SiteConfig:
>>
>> You say you've tested without outgoing emails, have you tested with an
>> incoming mail from an unknown user?
>>
>> Also, ensure that your logging is set to debug, not just error.
>>
>> -kevin
>>
>> > Set(%GnuPG,
>> > Enable => 1,
>> > OutgoingMessagesFormat => "RFC", # Inline
>> > AllowEncryptDataInDB => 0,
>> > RejectOnMissingPrivateKey => 1,
>> > RejectOnBadData => 1,
>> > );
>> >
>> > Set(%GnuPGOptions,
>> > homedir => q{var/data/gpg},
>> > keyserver => 'xxxx://xxx.xxx.xxx.xxx',
>> > 'always-trust' => undef,
>> > 'auto-key-locate' => 'keyserver',
>> > 'keyserver-options' => 'auto-key-retrieve',
>> > );
>> >
>> > However, when I attempt to send an email to somebody who doesn't
>> already have a key on the
>> > keyring, I get this error in the UI:
>> >
>> > User XXXXXXXXXX has a problem. There is no key suitable for
>> encryption.
>> > Select a key you want to use for encryption: No usable keys.
>> >
>> > and in the rt.log I see this:
>> >
>> > [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No
>> public key
>> > (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)
>> > [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No
>> public key
>> > (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)
>> > [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No
>> public key
>> > (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)
>> >
>> > It *appears* that RT is checking the keyring, and erroring out if it
>> doesn't find a key, which
>> > is not what I expected to happened (I was expecting the key would be
>> retrieved automatically
>> > at the time of encryption).
>> > I have executed gpg from the command line with these options, and I
>> can retrieve a user key
>> > automatically and encrypt a file. So I am pretty sure the problem
>> isn't with the keyserver, or
>> > the options themselves. I'm holding out hope that I'm simply doing
>> something wrong within RT,
>> > and that there is some other setting I've overlooked.
>> >
>> > Thanks!
>> > Chris
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130730/bad71b39/attachment.htm>
More information about the rt-users
mailing list