GnuPG problems with message decryption

Hello,

I have a question for anyone experienced with using gpg with gpg agent.

My situation is as follows:

  • I have configured the RT and GPG according to this manual:
    http://wiki.rediris.es/rtirwg/Public_GPGConfig
  • The RT is able to verify signatures on incoming mail and is able to
    sign mails
  • It is however not able to decrypt incoming mails, which is strange
    considering the signing and the decryption are practically identical
    processes

I have this in the log:

[Tue Feb 21 15:34:09 2012] [debug]: Found encrypted inline part (/home/RT/RT-4.0.5/sbin/…/lib/RT/Crypt/GnuPG.pm:906)
[Tue Feb 21 15:34:09 2012] [debug]: [GNUPG:] ENC_TO 26B34A0AE44C6E92 1 0
[GNUPG:] USERID_HINT 26B34A0AE44C6E92 CSIRT-MU DEVEL rt@rt-devel.ics.muni.cz
[GNUPG:] NEED_PASSPHRASE 26B34A0AE44C6E92 023D741AB8EF2A3A 1 0
[GNUPG:] MISSING_PASSPHRASE
[GNUPG:] BAD_PASSPHRASE 26B34A0AE44C6E92
[GNUPG:] ENC_TO 110B534B28C8D875 1 0
[GNUPG:] NO_SECKEY 110B534B28C8D875
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_FAILED
[GNUPG:] END_DECRYPTION (/home/RT/RT-4.0.5/sbin/…/lib/RT/Crypt/GnuPG.pm:1417)
[Tue Feb 21 15:34:09 2012] [error]: gpg: cancelled by user
gpg: encrypted with 2048-bit RSA key, ID 28C8D875, created 2010-12-30
"Martin Drasar drasar@ics.muni.cz"
gpg: encrypted with 2048-bit RSA key, ID E44C6E92, created 2012-02-21
"CSIRT-MU DEVEL rt@rt-devel.ics.muni.cz"
gpg: public key decryption failed: bad passphrase
gpg: decryption failed: secret key not available (/home/RT/RT-4.0.5/sbin/…/lib/RT/Crypt/GnuPG.pm:1419)
[Tue Feb 21 15:34:09 2012] [debug]: Found GnuPG protected parts (/home/RT/RT-4.0.5/sbin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:240)
[Tue Feb 21 15:34:09 2012] [debug]: Error during verify/decrypt operation (/home/RT/RT-4.0.5/sbin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:244)
[Tue Feb 21 15:34:09 2012] [error]: Had a problem during decrypting and verifying (/home/RT/RT-4.0.5/sbin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:102)

This is happening with RT-4.0.5 as well as 3.8.7.

Any thoughts?

Thank you,
Martin

Hello,

I have a question for anyone experienced with using gpg with gpg agent.

My situation is as follows:

  • I have configured the RT and GPG according to this manual:
    http://wiki.rediris.es/rtirwg/Public_GPGConfig
  • The RT is able to verify signatures on incoming mail and is able to
    sign mails
  • It is however not able to decrypt incoming mails, which is strange
    considering the signing and the decryption are practically identical
    processes

I have this in the log:

[Tue Feb 21 15:34:09 2012] [debug]: Found encrypted inline part (/home/RT/RT-4.0.5/sbin/…/lib/RT/Crypt/GnuPG.pm:906)
[Tue Feb 21 15:34:09 2012] [debug]: [GNUPG:] ENC_TO 26B34A0AE44C6E92 1 0
[GNUPG:] USERID_HINT 26B34A0AE44C6E92 CSIRT-MU DEVEL rt@rt-devel.ics.muni.cz
[GNUPG:] NEED_PASSPHRASE 26B34A0AE44C6E92 023D741AB8EF2A3A 1 0
[GNUPG:] MISSING_PASSPHRASE
[GNUPG:] BAD_PASSPHRASE 26B34A0AE44C6E92
[GNUPG:] ENC_TO 110B534B28C8D875 1 0
[GNUPG:] NO_SECKEY 110B534B28C8D875
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_FAILED
[GNUPG:] END_DECRYPTION (/home/RT/RT-4.0.5/sbin/…/lib/RT/Crypt/GnuPG.pm:1417)
[Tue Feb 21 15:34:09 2012] [error]: gpg: cancelled by user
gpg: encrypted with 2048-bit RSA key, ID 28C8D875, created 2010-12-30
“Martin Drasar drasar@ics.muni.cz
gpg: encrypted with 2048-bit RSA key, ID E44C6E92, created 2012-02-21
“CSIRT-MU DEVEL rt@rt-devel.ics.muni.cz
gpg: public key decryption failed: bad passphrase
gpg: decryption failed: secret key not available (/home/RT/RT-4.0.5/sbin/…/lib/RT/Crypt/GnuPG.pm:1419)
[Tue Feb 21 15:34:09 2012] [debug]: Found GnuPG protected parts (/home/RT/RT-4.0.5/sbin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:240)
[Tue Feb 21 15:34:09 2012] [debug]: Error during verify/decrypt operation (/home/RT/RT-4.0.5/sbin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:244)
[Tue Feb 21 15:34:09 2012] [error]: Had a problem during decrypting and verifying (/home/RT/RT-4.0.5/sbin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:102)

This is happening with RT-4.0.5 as well as 3.8.7.

Any thoughts?

Have you read the log? It’s pretty clear. Message is encrypted for two
recipients. You have required key in the keyring, but you didn’t
provide passphrase. You either use passphraseless keys, use gpg-agent
or set passphrase in RT config.

Thank you,
Martin

RT Training Sessions (http://bestpractical.com/services/training.html)

  • Boston March 5 & 6, 2012

Best regards, Ruslan.

Dne 22.2.2012 21:48, Ruslan Zakirov napsal(a):

I have this in the log:

[Tue Feb 21 15:34:09 2012] [debug]: Found encrypted inline part (/home/RT/RT-4.0.5/sbin/…/lib/RT/Crypt/GnuPG.pm:906)
[Tue Feb 21 15:34:09 2012] [debug]: [GNUPG:] ENC_TO 26B34A0AE44C6E92 1 0
[GNUPG:] USERID_HINT 26B34A0AE44C6E92 CSIRT-MU DEVELrt@rt-devel.ics.muni.cz
[GNUPG:] NEED_PASSPHRASE 26B34A0AE44C6E92 023D741AB8EF2A3A 1 0
[GNUPG:] MISSING_PASSPHRASE
[GNUPG:] BAD_PASSPHRASE 26B34A0AE44C6E92
[GNUPG:] ENC_TO 110B534B28C8D875 1 0
[GNUPG:] NO_SECKEY 110B534B28C8D875
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_FAILED
[GNUPG:] END_DECRYPTION (/home/RT/RT-4.0.5/sbin/…/lib/RT/Crypt/GnuPG.pm:1417)
[Tue Feb 21 15:34:09 2012] [error]: gpg: cancelled by user
gpg: encrypted with 2048-bit RSA key, ID 28C8D875, created 2010-12-30
“Martin Drasardrasar@ics.muni.cz
gpg: encrypted with 2048-bit RSA key, ID E44C6E92, created 2012-02-21
“CSIRT-MU DEVELrt@rt-devel.ics.muni.cz
gpg: public key decryption failed: bad passphrase
gpg: decryption failed: secret key not available (/home/RT/RT-4.0.5/sbin/…/lib/RT/Crypt/GnuPG.pm:1419)
[Tue Feb 21 15:34:09 2012] [debug]: Found GnuPG protected parts (/home/RT/RT-4.0.5/sbin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:240)
[Tue Feb 21 15:34:09 2012] [debug]: Error during verify/decrypt operation (/home/RT/RT-4.0.5/sbin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:244)
[Tue Feb 21 15:34:09 2012] [error]: Had a problem during decrypting and verifying (/home/RT/RT-4.0.5/sbin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:102)

This is happening with RT-4.0.5 as well as 3.8.7.

Any thoughts?

Have you read the log? It’s pretty clear. Message is encrypted for two
recipients. You have required key in the keyring, but you didn’t
provide passphrase. You either use passphraseless keys, use gpg-agent
or set passphrase in RT config.

Hi, Ruslan,

I have definitely read the log. Several times…
As I have said, I am using the gpg-agent and in my configuration the
gpg-agent happily provides a password for RT when signing the message
(the same operation as decrypting) but fails in this case, i.e. there is
some problem when retrieving the passphrase for decrypting purposes
using gpg-agent. It can either be a configuration error or a bug - I
will probably hunt it down someday no matter what it is, but it would
help me to hear whether there is someone who actually has it working in
a setup like mine.

Martin

Hi,

I don’t see other option except to put $RT::Logger->debug(…) calls
in lib/RT/Crypt/GnuPG.pm.On Thu, Feb 23, 2012 at 11:22, Martin Drašar drasar@ics.muni.cz wrote:

Dne 22.2.2012 21:48, Ruslan Zakirov napsal(a):

I have this in the log:

[Tue Feb 21 15:34:09 2012] [debug]: Found encrypted inline part
(/home/RT/RT-4.0.5/sbin/…/lib/RT/Crypt/GnuPG.pm:906)
[Tue Feb 21 15:34:09 2012] [debug]: [GNUPG:] ENC_TO 26B34A0AE44C6E92 1 0
[GNUPG:] USERID_HINT 26B34A0AE44C6E92 CSIRT-MU
DEVELrt@rt-devel.ics.muni.cz
[GNUPG:] NEED_PASSPHRASE 26B34A0AE44C6E92 023D741AB8EF2A3A 1 0
[GNUPG:] MISSING_PASSPHRASE
[GNUPG:] BAD_PASSPHRASE 26B34A0AE44C6E92
[GNUPG:] ENC_TO 110B534B28C8D875 1 0
[GNUPG:] NO_SECKEY 110B534B28C8D875
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_FAILED
[GNUPG:] END_DECRYPTION
(/home/RT/RT-4.0.5/sbin/…/lib/RT/Crypt/GnuPG.pm:1417)
[Tue Feb 21 15:34:09 2012] [error]: gpg: cancelled by user
gpg: encrypted with 2048-bit RSA key, ID 28C8D875, created 2010-12-30
“Martin Drasardrasar@ics.muni.cz
gpg: encrypted with 2048-bit RSA key, ID E44C6E92, created 2012-02-21
“CSIRT-MU DEVELrt@rt-devel.ics.muni.cz
gpg: public key decryption failed: bad passphrase
gpg: decryption failed: secret key not available
(/home/RT/RT-4.0.5/sbin/…/lib/RT/Crypt/GnuPG.pm:1419)
[Tue Feb 21 15:34:09 2012] [debug]: Found GnuPG protected parts
(/home/RT/RT-4.0.5/sbin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:240)
[Tue Feb 21 15:34:09 2012] [debug]: Error during verify/decrypt
operation
(/home/RT/RT-4.0.5/sbin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:244)
[Tue Feb 21 15:34:09 2012] [error]: Had a problem during decrypting and
verifying
(/home/RT/RT-4.0.5/sbin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:102)

This is happening with RT-4.0.5 as well as 3.8.7.

Any thoughts?

Have you read the log? It’s pretty clear. Message is encrypted for two
recipients. You have required key in the keyring, but you didn’t
provide passphrase. You either use passphraseless keys, use gpg-agent
or set passphrase in RT config.

Hi, Ruslan,

I have definitely read the log. Several times…
As I have said, I am using the gpg-agent and in my configuration the
gpg-agent happily provides a password for RT when signing the message (the
same operation as decrypting) but fails in this case, i.e. there is some
problem when retrieving the passphrase for decrypting purposes using
gpg-agent. It can either be a configuration error or a bug - I will probably
hunt it down someday no matter what it is, but it would help me to hear
whether there is someone who actually has it working in a setup like mine.

Martin

RT Training Sessions (http://bestpractical.com/services/training.html)

  • Boston March 5 & 6, 2012

Best regards, Ruslan.