Gpg: bad passphrase in apache error logs

I’m thinking that my gpg errors are all stemming from the fact that RT
is may be reading my configs wrong. I’m not 100% yet but that’s what
my first thought is after staring at this for 2 days now.

I’m getting this in my apache error logs…

[Mon Aug 25 20:50:28 2008] [info]:
<rt-3.8.0-19558-1219697428-138.46-3-0@> #46/454 - Scrip 3 On
Create Autoreply To Requestors (/usr/local/rt-3.8.0/bin/…/lib/RT/
Action/SendEmail.pm:302)
[Mon Aug 25 20:50:29 2008] [warning]: gpg: WARNING: unsafe ownership
on homedir “/usr/local/rt-3.8.0/var/data/gpg” (/usr/local/rt-3.8.0/
bin/…/lib/RT/Crypt/GnuPG.pm:546)

[Mon Aug 25 20:50:29 2008] [error]: gpg: no default secret key: bad
passphrase
gpg: [stdin]: sign+encrypt failed: bad passphrase (/usr/local/rt-3.8.0/
bin/…/lib/RT/Crypt/GnuPG.pm:547)
[Mon Aug 25 20:50:29 2008] [error]: BAD PASSPHRASE: Bad passphrase for
helpdesk2@.com (/usr/local/rt-3.8.0/bin/…/lib/RT/Interface/
Email.pm:697)

[Mon Aug 25 20:50:29 2008] [info]:
<rt-3.8.0-19558-1219697428-827.46-4-0@> #46/454 - Scrip 4 On
Create Notify AdminCcs (/usr/local/rt-3.8.0/bin/…/lib/RT/Action/
SendEmail.pm:302)
[Mon Aug 25 20:50:29 2008] [info]:
<rt-3.8.0-19558-1219697428-827.46-4-0@> No recipients found.
Not sending. (/usr/local/rt-3.8.0/bin/…/lib/RT/Interface/Email.pm:337)
[Mon Aug 25 20:50:29 2008] [info]: Ticket 46 created in queue
’General’ by charlier@.com (/usr/local/rt-3.8.0/bin/…/lib/RT/
Ticket_Overlay.pm:659)

I have set the homedir to var/data/gpg and I have given that directory
775 permissions. It seems like it is creating the temp file that it
uses to store the key as I get errors if I put my permissions to
restrictive but when I set it to this it seems okay.

Here’s my latest RT_SiteConfig.PM

Set(%GnuPG, Enable=>1, OutgoingMessagesFormat=>RFC,
EncryptDataInDb=>0,);
Set(%GnuPGOptions, ‘–homedir’=>‘var/data/gpg’, ‘–
passphrase’=>‘password’,);

The only other thing I can think of is that I’m creating the gpg key
wrong. What I’m doing is this.

As root, I run gpg --gen-key

For Name I put in 'helpdesk2’
For email I put in 'helpdesk2@(removed).com’
For comment I leave it blank.

Next I put in the passphrase, which at this point is overly simple to
make sure I’m not spelling things funky.

I add my users public key to the public key ring for that user and
then I grab the contents of the .gnupg directory and copy them over to
var/data/gpg

Hoping someone can throw me a bone here, I’m officially stuck.

Charlie