GPG inbound decrypt/verify problems in RT 3.8.1

Greetings all!

I’ve been running into a very strange decrypt/verify problem with
inbound GPG mail in RT 3.8.1. The problem seems to be the same with
both PGP/MIME and inline PGP, though I’ve been mostly testing with
inline PGP. RT gets the inbound message, and all of the GPG
infrastructure appears to be set up correctly, but encrypted messages
get “NODATA 1” and “NODATA 2” back from GPG, and signed-only messages
get “BADSIG” back. However, when I look in /tmp, I can see the temp
files that RT creates with the appropriate body parts (based on their
contents and the timestamps), and when I pass them through command-line
gpg, using the same homedir and other options that I pass in my RT
config, it can decrypt/verify them just fine!

As far as I can tell from some testing, it seems that something wonky is
happening with the file handles that are getting passed around - I just
can’t figure out what! If I strip out even one character from those
temp files I found, and run them through command-line gpg, I get the
same results that RT gets.

I have verified that GPG encryption works outbound - I can send an
encrypted message from the queue, and it is encrypted with the
appropriate keys.

RT is 3.8.1, GnuPG::Interface is 0.36, gpg is 1.2.6 (working on getting
that upgraded, though it doesn’t seem a likely culprit), Apache is
2.2.9, mod_perl is 2.0.

GnuPG options in RT_SiteConfig.pm:

Set( %GnuPG,
Enable=>1,
OutgoingMessagesFormat=>‘RFC’,
AllowEncryptDataInDB=>0,
);
Set( %GnuPGOptions,
‘passphrase’=>‘mypassphrasehere’,
‘no-permission-warning’=>undef,
‘homedir’=>‘var/data/gpg’,
);
Set(@MailPlugins, ‘Auth::MailFrom’, ‘Auth::GnuPG’,
);

My GPG keyrings are in var/data/gpg relative to the RT root, and all my
command-line testing of temp files has used those same keyrings for
consistency.

Debug log entries from encrypted inbound message:

[Thu Sep 4 14:35:03 2008] [debug]: Found encrypted inline part
(/usr/local/rt-3.8.1/bin/…/local/lib/RT/Crypt/GnuPG.pm:883)
[Thu Sep 4 14:35:03 2008] [debug]: [GNUPG:] NODATA 1
[GNUPG:] NODATA 2
(/usr/local/rt-3.8.1/bin/…/local/lib/RT/Crypt/GnuPG.pm:1313)
[Thu Sep 4 14:35:03 2008] [error]: gpg: no valid OpenPGP data found.
gpg: decrypt_message failed: eof
(/usr/local/rt-3.8.1/bin/…/local/lib/RT/Crypt/GnuPG.pm:1315)
[Thu Sep 4 14:35:03 2008] [debug]: Found GnuPG protected parts
(/usr/local/rt-3.8.1/bin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:234)
[Thu Sep 4 14:35:03 2008] [debug]: Error during verify/decrypt
operation
(/usr/local/rt-3.8.1/bin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:238)
[Thu Sep 4 14:35:03 2008] [error]: Had a problem during decrypting and
verifying
(/usr/local/rt-3.8.1/bin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:97)
[Thu Sep 4 14:35:03 2008] [error]: Couldn’t process a message: No data
has been found. The reason is ‘No armored data’, No data has been found.
The reason is ‘Expected a packet, but did not found one’
(/usr/local/rt-3.8.1/bin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:204)
[Thu Sep 4 14:35:04 2008] [debug]: Converting ‘ISO-8859-1’ to 'utf-8’
for text/plain - encrypted test
(/usr/local/rt-3.8.1/bin/…/lib/RT/I18N.pm:231)

Same debug log section from signed inbound message:

[Thu Sep 4 14:35:37 2008] [debug]: Found signed inline part
(/usr/local/rt-3.8.1/bin/…/local/lib/RT/Crypt/GnuPG.pm:883)
[Thu Sep 4 14:35:37 2008] [debug]: [GNUPG:] BADSIG 96E45B46redacted Tim
Wilde twilde@redacted
(/usr/local/rt-3.8.1/bin/…/local/lib/RT/Crypt/GnuPG.pm:1313)
[Thu Sep 4 14:35:37 2008] [error]: gpg: Signature made Thu Sep 4
14:35:35 2008 GMT using DSA key ID redacted
gpg: BAD signature from “Tim Wilde twilde@redacted
(/usr/local/rt-3.8.1/bin/…/local/lib/RT/Crypt/GnuPG.pm:1315)
[Thu Sep 4 14:35:37 2008] [debug]: Found GnuPG protected parts
(/usr/local/rt-3.8.1/bin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:234)
[Thu Sep 4 14:35:37 2008] [debug]: Error during verify/decrypt
operation
(/usr/local/rt-3.8.1/bin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:238)
[Thu Sep 4 14:35:37 2008] [error]: Had a problem during decrypting and
verifying
(/usr/local/rt-3.8.1/bin/…/lib/RT/Interface/Email/Auth/GnuPG.pm:97)
[Thu Sep 4 14:35:37 2008] [debug]: Converting ‘ISO-8859-1’ to 'utf-8’
for text/plain - Subjectless message
(/usr/local/rt-3.8.1/bin/…/lib/RT/I18N.pm:231)

Note that the second message did have a subject, “signed test”, I don’t
know if the fact that RT thinks it was subjectless is relevant or not.

Is it possible that all of this has something to do with specifying the
passphrase in the config (verified multiple times to be the correct
passphrase for the secret key for the queue, by the way) rather than
using the agent?

Based on the other threads here in the archives, I hope this is all the
information needed to take a peek at this. Again, for both of the
specific messages for which I pasted debug entries here, I have files in
/tmp with the exact body content, which, when passed in to command-line
gpg, work just fine. I’m at my wit’s end, to be honest - any help or
suggestions?

Thanks,
Tim Wilde

Tim Wilde wrote:
[ snip ]

Is it possible that all of this has something to do with specifying the
passphrase in the config (verified multiple times to be the correct
passphrase for the secret key for the queue, by the way) rather than
using the agent?
[ snip ]

Greetings again all!

Ding ding ding ding, we have a winner! After far too many hours of
digging, I found something that didn’t look quite right to me, changed
it, and viola, problem solved.

The attached patch to lib/RT/Crypt/GnuPG.pm should make operation with a
passphrase specified in RT_SiteConfig.pm actually work - without it, I
don’t think it can work, at least not with gpg 1.2.6. The passphrase
needs to be deleted out of %opt before it’s passed to
_PrepareGnuPGOptions, otherwise it gets very very grumpy in ways that
don’t even come close to immediately pointing back to the real cause.

I note there was an additional section of code dealing with
$args{‘Passphrase’} right after the one I moved - I didn’t move that to
the new location, since it doesn’t seem to much matter which place it
exists. I assume the intent of GetPassphrase() is to allow for
subclassing and/or local versions of the module to do more than return
’test’ all the time? Otherwise, that code probably doesn’t need to be
there at all. :slight_smile: This should probably be mentioned in the documentation.

Finally, the area of this module that this patch modifies could use some
additional attention/cleanup - almost identical code, with very few
variations, occurs 8 times in the same source file, as far as I can
tell. It shouldn’t be too difficult to factor the options handling out
and make maintenance considerably easier.

Best Practical folks, please review and apply this patch (or an
appropriate variation thereof) to the next release so that others don’t
have to dig through these problems for as many hours as we did! Please
feel free to contact me if you have any further questions about it.

Thanks,
Tim Wilde

GnuPG.pm.patch (5.58 KB)

Tim Wilde wrote:
[ snip ]

Is it possible that all of this has something to do with specifying
the
passphrase in the config (verified multiple times to be the correct
passphrase for the secret key for the queue, by the way) rather than
using the agent?
[ snip ]

Greetings again all!

Ding ding ding ding, we have a winner! After far too many hours of
digging, I found something that didn’t look quite right to me, changed
it, and viola, problem solved.

Tim, Thanks very much for all this digging. I’ve asked Ruslan to have
a look at your patch with an eye toward applying it.

Best,
Jesse