Re: [rt-users] GPG Auto Key Retrieval

Tue, 30 Jul 2013 09:10:45 -0700 

On Tue, Jul 30, 2013 at 11:18:38AM -0400, Christopher Costa wrote:
>    I have been able to get GPG integrated with RT using manually installed 
> public keys, but I'm
>    now trying to get auto key retrieval to work. The RT documentation 
> suggests (to me, anyway)
>    that this is possible. I haven't had any luck getting it working, and I'm 
> curious if any other
>    users have, and would have any tips. I've configured RT this way in 
> RT_SiteConfig:

You say you've tested without outgoing emails, have you tested with an
incoming mail from an unknown user?

Also, ensure that your logging is set to debug, not just error.

-kevin

>    Set(%GnuPG,
>    Enable => 1,
>    OutgoingMessagesFormat => "RFC", # Inline
>    AllowEncryptDataInDB => 0,
>    RejectOnMissingPrivateKey => 1,
>    RejectOnBadData => 1,
>    );
> 
>    Set(%GnuPGOptions,
>    homedir => q{var/data/gpg},
>    keyserver => 'xxxx://xxx.xxx.xxx.xxx',
>    'always-trust' => undef,
>    'auto-key-locate' => 'keyserver',
>    'keyserver-options' => 'auto-key-retrieve',
>    );
> 
>    However, when I attempt to send an email to somebody who doesn't already 
> have a key on the
>    keyring, I get this error in the UI:
> 
>    User XXXXXXXXXX has a problem. There is no key suitable for encryption.
>    Select a key you want to use for encryption: No usable keys.
> 
>    and in the rt.log I see this:
> 
>    [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No public key
>    (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)
>    [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No public key
>    (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)
>    [Tue Jul 30 13:24:51 2013] [error]: gpg: error reading key: No public key
>    (/opt/rtdev/sbin/../lib/RT/Crypt/GnuPG.pm:2163)
> 
>    It *appears* that RT is checking the keyring, and erroring out if it 
> doesn't find a key, which
>    is not what I expected to happened (I was expecting the key would be 
> retrieved automatically
>    at the time of encryption).
>    I have executed gpg from the command line with these options, and I can 
> retrieve a user key
>    automatically and encrypt a file. So I am pretty sure the problem isn't 
> with the keyserver, or
>    the options themselves. I'm holding out hope that I'm simply doing 
> something wrong within RT,
>    and that there is some other setting I've overlooked.
> 
>    Thanks!
>    Chris

Attachment: pgpEGVQquATxr.pgp
Description: PGP signature

Reply via email to