SOLVED: Can't sign with Key

Moderator: crythias

Post Reply
felixj
Znuny newbie
Posts: 6
Joined: 28 Jan 2022, 15:53
Znuny Version: 5.0.6
Real Name: Felix Joussein

SOLVED: Can't sign with Key

Post by felixj »

Hello everyone!

preamble:
I have browsed the forum before creating this new post.
Related posts are:
viewtopic.php?f=62&t=29203&p=118045&hil ... ey#p118045
viewtopic.php?f=62&t=29203&p=118042&hil ... ey#p118042
viewtopic.php?f=62&t=7904&p=31340&hilit ... Key#p31340

How ever, non of those were every conclusively resolved, so her's yet an other post about PGP that is not fully working.
The Webserver run's as otrs user, the directory and file permissions on ~.gnupg (/opt/otrs/.gnupg) are fine, no warnings.

So far, I can receive encrypted and signed mails in OTRS. They are beeing decrypted and or the signature status is validated.
I also can send encrypted mails out of OTRS, which can be decrypted later in the recipients mailbox.
What I can't, is sign an outgoing email.

My PGP keyring holds the public and private key of the queue's associated emailaddress as well as the public key of the recipients emailaddress.

When I noticed, that the signing does not work, even though I have associated the queue's email address correct private key in the queue's settings to auto sign outgoing mails, I did some debugging.
The first I've noticed was in /var/log/syslog
[Kernel::System::Crypt::PGP::Sign][Line:249]: Can't sign with Key KEYID (twice each time I send a mail).

Next I went to the terminal and tried to sign (as user otrs) using that key, a test text file, which also worked.

I am literally at the end of my knowledge and would be more then grateful, if someone could help!

thank you in advance!
Felix J
Last edited by felixj on 19 Aug 2022, 09:04, edited 1 time in total.
felixj
Znuny newbie
Posts: 6
Joined: 28 Jan 2022, 15:53
Znuny Version: 5.0.6
Real Name: Felix Joussein

Re: Can't sign with Key

Post by felixj »

Hi everyone again, good Morning and good new Week!
I wonder, this post is now 1 Month old. Isn't there any one out there, that faces this problems and is eager to solve it with me?
It would awesome to have a working GPG environment - and to me it seams feasible to solve it, how ever I am not familiar with the OTRS API and rather a perl noob then a veteran, so if anyone could give me a help on how I could further debug the problem, that would be awesome!

for now, regards,
Felix
Johannes
Moderator
Posts: 390
Joined: 30 Jan 2008, 02:26
Znuny Version: All of them ^^
Real Name: Hannes
Company: Znuny|OTTERHUB

Re: Can't sign with Key

Post by Johannes »

Hi Felix,

it is not used that often, especially with the "just sign" case.
The interesting thing about this is that there should be some more error context after your log message.
Assuming that you are in 6.0 and want to sign an outgoing email.

The error is printed here:
https://github.com/znuny/Znuny/blob/rel ... GP.pm#L301
and should contain the original error message from gpg.

It is called from the E-Mail object:
https://github.com/znuny/Znuny/blob/rel ... il.pm#L321

Can you open the log on the shell and check if there is more output in your OTRS log or in the Apache error log?
If your gnugpg has its own log, this would be nice to have also.

You could also try to print out the params for Line 293
{$Quiet --passphrase-fd 0 -o $FileSign --default-key $QuotedKey $SigType $DigestAlgorithm $Filename};
and pass it into gnugpg... maybe this helps a bit more.

If you are sure this is a bug, feel free to open an issue on GitHub and refer to this post.

Johannes
felixj
Znuny newbie
Posts: 6
Joined: 28 Jan 2022, 15:53
Znuny Version: 5.0.6
Real Name: Felix Joussein

Re: Can't sign with Key

Post by felixj »

Thank your for your debugging tips.
As I am currently involved in an other project, I have no time to dive down in to that at the moment, but I will get back to it soon and let you know, what I found out.
regards,
Felix
felixj
Znuny newbie
Posts: 6
Joined: 28 Jan 2022, 15:53
Znuny Version: 5.0.6
Real Name: Felix Joussein

Re: Can't sign with Key

Post by felixj »

Hi there,
just want to let you know, I still was on OTRS5s.
Upgrading was due to some hacks I did over the time strenuous, but in the end, I managed to upgrade to Znuny LTS.
Signing and encrypting works now out of the box, so I mark this tread as solved!
regards,
Félix
Post Reply