Hey folks,
I am going nuts. I have OTRS 4.0.7 installed (from sources, working great) with apache and gnupg2-2.0.14. OTRS itsself is running awesome and productive. But fot the love of god I somewhere along the way gnupg stopped working (yes, it worked before). I am assuming the issue lies with gpg-agent and/or integration of otrs <-> gnupg <-> gpg-agent.
My installation of otrs runs inside a dedicated backend server, where otrs:otrs is uid/gid which is also the apache user. Permissions are set correctly using otrs.SetPermissions.pl, ~/.gnupg is also otrs:otrs, with no unsafe permissions:
Code: Select all
[otrs@otter .gnupg]$ pwd
/opt/otrs/.gnupg
[otrs@otter .gnupg]$ l
total 76K
drwx------ 3 otrs otrs 4.0K May 20 12:56 .
drwxr-xr-x 11 otrs otrs 4.0K May 20 12:20 ..
-rw------- 1 otrs otrs 9.1K Nov 26 12:29 gpg.conf
drwx------ 2 otrs otrs 4.0K May 12 14:39 private-keys-v1.d
-rw------- 1 otrs otrs 36K Feb 6 09:29 pubring.gpg
-rw------- 1 otrs otrs 600 May 20 12:20 random_seed
-rw------- 1 otrs otrs 7.8K Nov 26 12:29 secring.gpg
-rw------- 1 otrs otrs 1.5K Nov 26 12:29 trustdb.gpg
Code: Select all
gpg-agent --daemon --batch --use-standard-socket --log-file ~/gpg.log -vvv
Code: Select all
srwxr-xr-x 1 otrs otrs 0 May 20 12:58 S.gpg-agent
Code: Select all
May 20 13:02:07 otter OTRS-CGI-53[20119]: [Error][Kernel::System::Crypt::PGP::Sign][Line:229]: Can't sign with Key 9C6B59E1: gpg: problem with the agent: Bad passphrase#012gpg: no default secret key: General error#012gpg: signing failed: General error#012!
Code: Select all
2015-05-20 13:02:07 gpg-agent[19620] command get_passphrase failed: Bad passphrase
Code: Select all
[otrs@otter .gnupg]$ gpg -d encrypted
You need a passphrase to unlock the secret key for
user: "alpha-labs.net support <support@alpha-labs.net>"
4096-bit RSA key, ID 9C6B59E1, created 2014-06-28 (main key ID C3D31F3F)
gpg-agent[20581]: handler 0x1645410 for fd 6 started
gpg-agent[20581]: starting a new PIN Entry
gpg-agent[20581]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: encrypted with 4096-bit RSA key, ID 9C6B59E1, created 2014-06-28
"alpha-labs.net support <support@alpha-labs.net>"
gpg: public key decryption failed: General error
gpg: decryption failed: No secret key
- What's the correct gpg-agent startup command line?
- What's the correct PGP::Options for SysConfig for PGP?
- gpg-agent --use-standard-socket -vv --daemon
- --homedir /opt/otrs/.gnupg --auto-key-locate keyserver --keyserver hkp://sks.alpha-labs.net:11371/ --no-tty
Yours,