Hello everyone!
preamble:
I have browsed the forum before creating this new post.
Related posts are:
viewtopic.php?f=62&t=29203&p=118045&hil ... ey#p118045
viewtopic.php?f=62&t=29203&p=118042&hil ... ey#p118042
viewtopic.php?f=62&t=7904&p=31340&hilit ... Key#p31340
How ever, non of those were every conclusively resolved, so her's yet an other post about PGP that is not fully working.
The Webserver run's as otrs user, the directory and file permissions on ~.gnupg (/opt/otrs/.gnupg) are fine, no warnings.
So far, I can receive encrypted and signed mails in OTRS. They are beeing decrypted and or the signature status is validated.
I also can send encrypted mails out of OTRS, which can be decrypted later in the recipients mailbox.
What I can't, is sign an outgoing email.
My PGP keyring holds the public and private key of the queue's associated emailaddress as well as the public key of the recipients emailaddress.
When I noticed, that the signing does not work, even though I have associated the queue's email address correct private key in the queue's settings to auto sign outgoing mails, I did some debugging.
The first I've noticed was in /var/log/syslog
[Kernel::System::Crypt::PGP::Sign][Line:249]: Can't sign with Key KEYID (twice each time I send a mail).
Next I went to the terminal and tried to sign (as user otrs) using that key, a test text file, which also worked.
I am literally at the end of my knowledge and would be more then grateful, if someone could help!
thank you in advance!
Felix J
SOLVED: Can't sign with Key
Moderator: crythias
-
- Znuny newbie
- Posts: 6
- Joined: 28 Jan 2022, 15:53
- Znuny Version: 5.0.6
- Real Name: Felix Joussein
SOLVED: Can't sign with Key
Last edited by felixj on 19 Aug 2022, 09:04, edited 1 time in total.
-
- Znuny newbie
- Posts: 6
- Joined: 28 Jan 2022, 15:53
- Znuny Version: 5.0.6
- Real Name: Felix Joussein
Re: Can't sign with Key
Hi everyone again, good Morning and good new Week!
I wonder, this post is now 1 Month old. Isn't there any one out there, that faces this problems and is eager to solve it with me?
It would awesome to have a working GPG environment - and to me it seams feasible to solve it, how ever I am not familiar with the OTRS API and rather a perl noob then a veteran, so if anyone could give me a help on how I could further debug the problem, that would be awesome!
for now, regards,
Felix
I wonder, this post is now 1 Month old. Isn't there any one out there, that faces this problems and is eager to solve it with me?
It would awesome to have a working GPG environment - and to me it seams feasible to solve it, how ever I am not familiar with the OTRS API and rather a perl noob then a veteran, so if anyone could give me a help on how I could further debug the problem, that would be awesome!
for now, regards,
Felix
-
- Moderator
- Posts: 391
- Joined: 30 Jan 2008, 02:26
- Znuny Version: All of them ^^
- Real Name: Hannes
- Company: Znuny|OTTERHUB
Re: Can't sign with Key
Hi Felix,
it is not used that often, especially with the "just sign" case.
The interesting thing about this is that there should be some more error context after your log message.
Assuming that you are in 6.0 and want to sign an outgoing email.
The error is printed here:
https://github.com/znuny/Znuny/blob/rel ... GP.pm#L301
and should contain the original error message from gpg.
It is called from the E-Mail object:
https://github.com/znuny/Znuny/blob/rel ... il.pm#L321
Can you open the log on the shell and check if there is more output in your OTRS log or in the Apache error log?
If your gnugpg has its own log, this would be nice to have also.
You could also try to print out the params for Line 293
If you are sure this is a bug, feel free to open an issue on GitHub and refer to this post.
Johannes
it is not used that often, especially with the "just sign" case.
The interesting thing about this is that there should be some more error context after your log message.
Assuming that you are in 6.0 and want to sign an outgoing email.
The error is printed here:
https://github.com/znuny/Znuny/blob/rel ... GP.pm#L301
and should contain the original error message from gpg.
It is called from the E-Mail object:
https://github.com/znuny/Znuny/blob/rel ... il.pm#L321
Can you open the log on the shell and check if there is more output in your OTRS log or in the Apache error log?
If your gnugpg has its own log, this would be nice to have also.
You could also try to print out the params for Line 293
and pass it into gnugpg... maybe this helps a bit more.{$Quiet --passphrase-fd 0 -o $FileSign --default-key $QuotedKey $SigType $DigestAlgorithm $Filename};
If you are sure this is a bug, feel free to open an issue on GitHub and refer to this post.
Johannes
-
- Znuny newbie
- Posts: 6
- Joined: 28 Jan 2022, 15:53
- Znuny Version: 5.0.6
- Real Name: Felix Joussein
Re: Can't sign with Key
Thank your for your debugging tips.
As I am currently involved in an other project, I have no time to dive down in to that at the moment, but I will get back to it soon and let you know, what I found out.
regards,
Felix
As I am currently involved in an other project, I have no time to dive down in to that at the moment, but I will get back to it soon and let you know, what I found out.
regards,
Felix
-
- Znuny newbie
- Posts: 6
- Joined: 28 Jan 2022, 15:53
- Znuny Version: 5.0.6
- Real Name: Felix Joussein
Re: Can't sign with Key
Hi there,
just want to let you know, I still was on OTRS5s.
Upgrading was due to some hacks I did over the time strenuous, but in the end, I managed to upgrade to Znuny LTS.
Signing and encrypting works now out of the box, so I mark this tread as solved!
regards,
Félix
just want to let you know, I still was on OTRS5s.
Upgrading was due to some hacks I did over the time strenuous, but in the end, I managed to upgrade to Znuny LTS.
Signing and encrypting works now out of the box, so I mark this tread as solved!
regards,
Félix