decrypt message

[marouitaa1988]

Hello
I have a problem deciphering the messages I am receiving in fact the PGP key pair is generated, when one sends me a message encrypted with my public key, receive I have this
gpg: no private key to decrypt this message found!

And when i see in my log i've got this 'error OTRS-CGI-10 /etc/ssl/certs not writable!'

I'm working with OTRS3.0.6 with UBUNTU server.
Help plz

[crythias]

If you've posted this before, you don't need to keep posting it. You may want to bump it, but ...
If the folder isn't writable... fix that problem, at least long enough to add your cert, then put permissions back the way it was.

[marouitaa1988]

Ok thank you for the replay.

I've changed the permissions now of the /etc/ssl/certs.And The system OTRS can not decipher the messages.
i have :
'gpg: No private key found to decrypt this message!'

What i have to do?

[jojo]

PGP (gnpg) ist not S/MIME, so you are mixing up these two. You need to import the private gnupg key via admin frontend

[qt_zetroc]

Hi All,

I followed the manual at http://doc.otrs.org/3.0/en/html/configure-pgp.html but it still giving me the same error (gpg: No private key found to decrypt this message!)

I also tried hard coding the below code to Config.pm file of OTRS, but seems not working.

# --------------------------------------------------- #
# PGP settings (supports gpg) #
# --------------------------------------------------- #
$Self->{PGP} = 1;
$Self->{'PGP::Bin'} = '/usr/bin/gpg';
$Self->{'PGP::Options'} = '--homedir /opt/otrs/.gnupg/ --batch --no-tty --yes';

$Self->{'PGP::Key::Password'}->{'E2BEE90D'} = 'password1!';
I have entered correctly the private key and password at Crypt::PGP>PGP::Key::Password

I can see all the public keys at Admin>PGP Keys and able to send encrypted message. My problem is when customer sends encrypted email with my public key, I am getting the above error and they message was not decrypted by OTRS using his private key.

Anyone can help me out?Many Thanks in advance.

[jojo]

Did you import your private key? Is it visible in admin pgp area? Is the mail encrypted with customers private key and you public one?

[qt_zetroc]

1. Did you import your private key? Kindly advise how to do this? What I done is to put it inside Crypt::PGP>PGP::Key::Password
2. Is it visible in admin pgp area? Only public keys of OTRS and customers are visible at Admin page. Do I need to import to the admin page?
3. Is the mail encrypted with customers private key and you public one? AFAIK, it was encrypted by customers private key and send to OTRS. Isn't it OTRS should be able to decrypt the message? Just like when someone sends an encrypted email, the receiver can still decrypt it using own passphrase. Correct me if I am wrong.

Many thanks for the swift reply!

[jojo]

you need to import the private key in the PGP admin area as it is needed to encrypt, sign and decrypt.

[qt_zetroc]

For import the private key in the PGP admin area :
A. Kindly confirm which admin area are you referring,
1.) Admin>PGP Keys
2.) Sysconfig>Framework>Crypt::PGP>PGP::Key::Password

Thank you!

[crythias]

The first one.

[qt_zetroc]

Thanks a lot!

I think I have figure this out and got it working. I have re-done the process and was able to see private key on the list.

However when sending HTML format email it is still displaying the encrypted message.

From: customer@company.com
To: otrs@company.com
Attachment: PGPexch.htm.pgp, 3.1 KBytes
====================================================================
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.9 (MingW32)

hQEMAz9/9yf3tsAeAQgAgZqCJNIO8gx9gAdzgNgjHKPI2+ry7ylvBwfKUDKOzYzz

====================================================================

I have tried using plain text format email and OTRS was able to decryt the message eventhough the customer's public key is not yet in the list. The decypted message was seen in ticket zoom.

Please advise if this is OTRS limitation or need to tweak some settings.

[qt_zetroc]

Any related topic sending encrypted HTML format emails ?

Many Thanks for the assistance!

[jojo]

I assume that someone copied the encypted text to the email edit window and the email client used this text to send a HTML mail.

So this is not a valid encrypted email.

You should use:
- Plaintext Mail
- Encryption of the attachments of the mail, as HTML is handled as an attachment by mail clients

[qt_zetroc]

Thanks jojo,

I already figured out the issue. It is because of our Email (Anti virus/filtering) partner. It is scanning and appending a note under the emails.