GnuPG public and private keys problem

RTIR
1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear all,
I have my RTIR successfully installed and running, but it won’t
recognize the GnuPG public and private key for every users created. Here
is my configurations parameter from /opt/rt3/etc/RT_Siteconfig.pm :

Set( %GnuPG,
~ Enable => 1,
~ OutgoingMessagesFormat => ‘RFC’, # Inline
~ AllowEncryptDataInDB => 0,
);

Set(%GnuPGOptions,
~ homedir => ‘/opt/rt3/var/data/gpg’,
~ keyserver => ‘hkp://pgp.mit.edu:11371’,
~ ‘auto-key-locate’ => ‘keyserver’,
~ ‘auto-key-retrieve’ => 1,
);

Here is the directory permission for the gpg --homedir:
drwxr-xr-x 3 root www 512 Mar 6 12:50 gpg

And the /opt/rt3/var/data/gpg contents are:
total 16
drwxr-xr-x 3 root www 512 Mar 6 12:50 .
drwxr-xr-x 4 root www 512 Mar 4 17:58 …
drw-r–r-- 2 root www 512 Mar 5 16:22 private-keys-v1.d

  • -rw-r–r-- 1 root www 1166 Mar 5 16:22 pubring.gpg
  • -rw-r–r-- 1 root www 1166 Mar 5 16:22 pubring.gpg~
  • -rw-r–r-- 1 root www 600 Mar 5 16:22 random_seed
  • -rw-r–r-- 1 root www 1315 Mar 5 16:22 secring.gpg
  • -rw-r–r-- 1 root www 1280 Mar 5 16:22 trustdb.gpg

I am running RTIR on FreeBSD 6.3 + Apache1.3 + mod_perl1.x + Postgresql8.1.

Is there anything that I overlooked or is there any specific place i can
dump all the keys i need?

Thanks.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHz6gayGS9PS1C9nERAkOzAJ9zur18FRDDRX+N7ts1x3BoKZnd1gCdH1ui
84RA7XavDN675nlXDMgRjO4=
=Y0aM
-----END PGP SIGNATURE-----

2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OK, thanks for your reply. I made some directory and files permission as
suggested, but the problem is still there. I am not very sure if the
directory /opt/rt3/var/data/gpg owner is root:www or something else
because RTIR was installed based on default configuration options during
./configure except for --with-database-type=Pg, --with-db-rt-user=RT,

  • –with-db-pass=PASSWD. So, everything is working OK except the GnuPG
    keys part.

I looked for /var/log/httpd-error.log and it seems like there is no
indication of errors had occurred.

Thanks.

Dennis Lemckert wrote:
|
| I think the problem lies in the permissions. A private key should be
| readable dor the USER only, so rw-r–r-- is too much…
|
| I have rwx------ on the gpg directory itself for the owner of RTIR itself
|
| and all my keydata is rw------- for the same user.
|
| So… to give you your own table back:
|
| ~ And the /opt/rt3/var/data/gpg contents are:
| ~ total 16
| ~ drwx------ 3 root www 512 Mar 6 12:50 .
| ~ drwxr-xr-x 4 root www 512 Mar 4 17:58 …
| ~ drw-r–r-- 2 root www 512 Mar 5 16:22 private-keys-v1.d
| ~ -rw------- 1 root www 1166 Mar 5 16:22 pubring.gpg
| ~ -rw------- 1 root www 1166 Mar 5 16:22 pubring.gpg~
| ~ -rw------- 1 root www 600 Mar 5 16:22 random_seed
| ~ -rw------- 1 root www 1315 Mar 5 16:22 secring.gpg
| ~ -rw------- 1 root www 1280 Mar 5 16:22 trustdb.gpg
|
|
| works for me.
|
| Good luck
|
|
|
| Nasir wrote:
|
| | And the /opt/rt3/var/data/gpg contents are:
| | total 16
| | drwxr-xr-x 3 root www 512 Mar 6 12:50 .
| | drwxr-xr-x 4 root www 512 Mar 4 17:58 …
| | drw-r–r-- 2 root www 512 Mar 5 16:22 private-keys-v1.d
| | -rw-r–r-- 1 root www 1166 Mar 5 16:22 pubring.gpg
| | -rw-r–r-- 1 root www 1166 Mar 5 16:22 pubring.gpg~
| | -rw-r–r-- 1 root www 600 Mar 5 16:22 random_seed
| | -rw-r–r-- 1 root www 1315 Mar 5 16:22 secring.gpg
| | -rw-r–r-- 1 root www 1280 Mar 5 16:22 trustdb.gpg
| |
| | I am running RTIR on FreeBSD 6.3 + Apache1.3 + mod_perl1.x +
| Postgresql8.1.
| |
| | Is there anything that I overlooked or is there any specific place i can
| | dump all the keys i need?
| |
| | Thanks.
| _______________________________________________
| Rtir mailing list
| Rtir@lists.bestpractical.com
| The rtir Archives
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHz8C6yGS9PS1C9nERAqV2AJ93Gz3Wkw8jgdfUn+xbevnkt50dDQCdE2G2
uh5l8imMzqcNedhUavJRjW0=
=WR65
-----END PGP SIGNATURE-----

3

GPG homedir must be writeable and readable by user you run apache
under. As far as I can see you run apache under www, so all files must
be writeable and readable by apache in gpg homedir, otherwise RT/RTIR
server wouldn’t be able to import keys from keyserver.

Also, your config is incorrect:
Set(%GnuPGOptions,
~ homedir => ‘/opt/rt3/var/data/gpg’,
~ keyserver => ‘hkp://pgp.mit.edu:11371’,
~ ‘auto-key-locate’ => ‘keyserver’,
~ ‘auto-key-retrieve’ => 1,
here ^
);

‘auto-key-retrieve’ is sub-option of keyserver-options, so you should
use something like:
Set(%GnuPGOptions,
homedir => ‘/opt/rt3/var/data/gpg’,
keyserver => ‘hkp://pgp.mit.edu:11371’,
‘auto-key-locate’ => ‘keyserver’,
‘keyserver-options’ => ‘auto-key-retrieve’,
);On Thu, Mar 6, 2008 at 1:00 PM, Nasir mnasir@cybersecurity.org.my wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OK, thanks for your reply. I made some directory and files permission as
suggested, but the problem is still there. I am not very sure if the
directory /opt/rt3/var/data/gpg owner is root:www or something else
because RTIR was installed based on default configuration options during
./configure except for --with-database-type=Pg, --with-db-rt-user=RT,

  • –with-db-pass=PASSWD. So, everything is working OK except the GnuPG
    keys part.

I looked for /var/log/httpd-error.log and it seems like there is no
indication of errors had occurred.

Thanks.

Dennis Lemckert wrote:
|
| I think the problem lies in the permissions. A private key should be
| readable dor the USER only, so rw-r–r-- is too much…
|
| I have rwx------ on the gpg directory itself for the owner of RTIR itself
|
| and all my keydata is rw------- for the same user.
|
| So… to give you your own table back:
|
| ~ And the /opt/rt3/var/data/gpg contents are:
| ~ total 16
| ~ drwx------ 3 root www 512 Mar 6 12:50 .

| ~ drwxr-xr-x 4 root www 512 Mar 4 17:58 …
| ~ drw-r–r-- 2 root www 512 Mar 5 16:22 private-keys-v1.d
| ~ -rw------- 1 root www 1166 Mar 5 16:22 pubring.gpg
| ~ -rw------- 1 root www 1166 Mar 5 16:22 pubring.gpg~
| ~ -rw------- 1 root www 600 Mar 5 16:22 random_seed
| ~ -rw------- 1 root www 1315 Mar 5 16:22 secring.gpg
| ~ -rw------- 1 root www 1280 Mar 5 16:22 trustdb.gpg
|
|
| works for me.
|
| Good luck

|
|
|
| Nasir wrote:
|
| | And the /opt/rt3/var/data/gpg contents are:
| | total 16
| | drwxr-xr-x 3 root www 512 Mar 6 12:50 .
| | drwxr-xr-x 4 root www 512 Mar 4 17:58 …
| | drw-r–r-- 2 root www 512 Mar 5 16:22 private-keys-v1.d
| | -rw-r–r-- 1 root www 1166 Mar 5 16:22 pubring.gpg
| | -rw-r–r-- 1 root www 1166 Mar 5 16:22 pubring.gpg~
| | -rw-r–r-- 1 root www 600 Mar 5 16:22 random_seed
| | -rw-r–r-- 1 root www 1315 Mar 5 16:22 secring.gpg
| | -rw-r–r-- 1 root www 1280 Mar 5 16:22 trustdb.gpg
| |
| | I am running RTIR on FreeBSD 6.3 + Apache1.3 + mod_perl1.x +
| Postgresql8.1.
| |
| | Is there anything that I overlooked or is there any specific place i can
| | dump all the keys i need?
| |
| | Thanks.

| _______________________________________________
| Rtir mailing list
| Rtir@lists.bestpractical.com
| The rtir Archives
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHz8C6yGS9PS1C9nERAqV2AJ93Gz3Wkw8jgdfUn+xbevnkt50dDQCdE2G2
uh5l8imMzqcNedhUavJRjW0=
=WR65

-----END PGP SIGNATURE-----

Rtir mailing list
Rtir@lists.bestpractical.com
The rtir Archives

Best regards, Ruslan.

4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just got these error messages related to my GNUPG problem when i
change Apache+mod_perl to Apache+FastCGI to run RTIR:

[Thu Mar 13 15:00:16 2008] [notice] Apache/2.0.61 (FreeBSD)
mod_fastcgi/2.4.2 configured – resuming normal operations
[Thu Mar 13 15:00:16 2008] [warn] FastCGI: server
“/opt/rt3/bin/mason_handler.fcgi” started (pid 1905)
[Thu Mar 13 15:00:17 2008] [warn] FastCGI: server
“/opt/rt3/bin/mason_handler.fcgi” started (pid 1906)
[Thu Mar 13 15:00:18 2008] [warn] FastCGI: server
“/opt/rt3/bin/mason_handler.fcgi” started (pid 1907)
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
“/opt/rt3/bin/mason_handler.fcgi” stderr: readline() on closed
filehandle GEN27 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1991., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
“/opt/rt3/bin/mason_handler.fcgi” stderr: readline() on closed
filehandle GEN28 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
“/opt/rt3/bin/mason_handler.fcgi” stderr: readline() on closed
filehandle GEN29 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
“/opt/rt3/bin/mason_handler.fcgi” stderr: readline() on closed
filehandle GEN30 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
“/opt/rt3/bin/mason_handler.fcgi” stderr: readline() on closed
filehandle GEN43 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1991., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
“/opt/rt3/bin/mason_handler.fcgi” stderr: readline() on closed
filehandle GEN44 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
“/opt/rt3/bin/mason_handler.fcgi” stderr: readline() on closed
filehandle GEN45 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
“/opt/rt3/bin/mason_handler.fcgi” stderr: readline() on closed
filehandle GEN46 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12

Any useful hints?

Ruslan Zakirov wrote:
| GPG homedir must be writeable and readable by user you run apache
| under. As far as I can see you run apache under www, so all files must
| be writeable and readable by apache in gpg homedir, otherwise RT/RTIR
| server wouldn’t be able to import keys from keyserver.
|
| Also, your config is incorrect:
| Set(%GnuPGOptions,
| ~ homedir => ‘/opt/rt3/var/data/gpg’,
| ~ keyserver => ‘hkp://pgp.mit.edu:11371’,
| ~ ‘auto-key-locate’ => ‘keyserver’,
| ~ ‘auto-key-retrieve’ => 1,
| here ^
| );
|
| ‘auto-key-retrieve’ is sub-option of keyserver-options, so you should
| use something like:
| Set(%GnuPGOptions,
| homedir => ‘/opt/rt3/var/data/gpg’,
| keyserver => ‘hkp://pgp.mit.edu:11371’,
| ‘auto-key-locate’ => ‘keyserver’,
| ‘keyserver-options’ => ‘auto-key-retrieve’,
| );
|
|| On Thu, Mar 6, 2008 at 1:00 PM, Nasir mnasir@cybersecurity.org.my wrote:
| OK, thanks for your reply. I made some directory and files permission as
| suggested, but the problem is still there. I am not very sure if the
| directory /opt/rt3/var/data/gpg owner is root:www or something else
| because RTIR was installed based on default configuration options during
| ./configure except for --with-database-type=Pg, --with-db-rt-user=RT,
| - --with-db-pass=PASSWD. So, everything is working OK except the GnuPG
| keys part.
|
| I looked for /var/log/httpd-error.log and it seems like there is no
| indication of errors had occurred.
|
| Thanks.
|
| Dennis Lemckert wrote:
| |
| | I think the problem lies in the permissions. A private key should be
| | readable dor the USER only, so rw-r–r-- is too much…
| |
| | I have rwx------ on the gpg directory itself for the owner of RTIR
itself
| |
| | and all my keydata is rw------- for the same user.
| |
| | So… to give you your own table back:
| |
| | ~ And the /opt/rt3/var/data/gpg contents are:
| | ~ total 16
| | ~ drwx------ 3 root www 512 Mar 6 12:50 .
|
| | ~ drwxr-xr-x 4 root www 512 Mar 4 17:58 …
| | ~ drw-r–r-- 2 root www 512 Mar 5 16:22 private-keys-v1.d
| | ~ -rw------- 1 root www 1166 Mar 5 16:22 pubring.gpg
| | ~ -rw------- 1 root www 1166 Mar 5 16:22 pubring.gpg~
| | ~ -rw------- 1 root www 600 Mar 5 16:22 random_seed
| | ~ -rw------- 1 root www 1315 Mar 5 16:22 secring.gpg
| | ~ -rw------- 1 root www 1280 Mar 5 16:22 trustdb.gpg
| |
| |
| | works for me.
| |
| | Good luck
|
| |
| |
| |
| | Nasir wrote:
| |
| | | And the /opt/rt3/var/data/gpg contents are:
| | | total 16
| | | drwxr-xr-x 3 root www 512 Mar 6 12:50 .
| | | drwxr-xr-x 4 root www 512 Mar 4 17:58 …
| | | drw-r–r-- 2 root www 512 Mar 5 16:22 private-keys-v1.d
| | | -rw-r–r-- 1 root www 1166 Mar 5 16:22 pubring.gpg
| | | -rw-r–r-- 1 root www 1166 Mar 5 16:22 pubring.gpg~
| | | -rw-r–r-- 1 root www 600 Mar 5 16:22 random_seed
| | | -rw-r–r-- 1 root www 1315 Mar 5 16:22 secring.gpg
| | | -rw-r–r-- 1 root www 1280 Mar 5 16:22 trustdb.gpg
| | |
| | | I am running RTIR on FreeBSD 6.3 + Apache1.3 + mod_perl1.x +
| | Postgresql8.1.
| | |
| | | Is there anything that I overlooked or is there any specific
place i can
| | | dump all the keys i need?
| | |
| | | Thanks.
|
| | _______________________________________________
| | Rtir mailing list
| | Rtir@lists.bestpractical.com
| | The rtir Archives
| |
|
~ _______________________________________________
~ Rtir mailing list
~ Rtir@lists.bestpractical.com
~ The rtir Archives
|>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH2NOcyGS9PS1C9nERAn5RAJ94M4/eWIrKSkteMVebpg02D71hUgCfSBS+
bdVrVYNwEpZUlHpJW50o1ao=
=qqww
-----END PGP SIGNATURE-----