Setting up wks/ error parsing submission email

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Dec 20 22:19:57 CET 2018 

On Thu 2018-12-20 15:38:04 -0500, Fabian A. Santiago wrote:
> On 2018-12-20 15:08, Daniel Kahn Gillmor wrote:
>> what is the output of:
>> 
>>     gpg --list-secret-keys 0xFAD6496868B818DD
>
> output of your requested command:
>
> sec   rsa3072 2018-12-14 [SC] [expires: 2020-12-13]
>        89CFCD21743DBDD5EB5ABC973879E79EC3420092
> uid           [ultimate] test123 <test123 at deviltracks.net>
> ssb   rsa3072 2018-12-14 [E] [expires: 2020-12-13]
>
>
> yes i am (running as root). this is from the "client" PC submitting the 
> key itself. on the email server side this is all being processed as a 
> local user / not root.

It's a little bit odd for the root user to be running a local e-mail
account.  i'm fine to continue debugging like this, but i would
generally advise you to only check (and interact with) mail from a
non-root account.

I'm perplexed.  I don't know how to square that with your earlier report
of:

    /usr/lib/gnupg/gpg-wks-client --receive --send < sample2.txt
    gpg-wks-client: t2body for level 0
    gpg-wks-client: t2body for level 1
    gpg-wks-client: t2body for level 2
    gpg-wks-client: t2body for level 2
    gpg-wks-client: new 'application/vnd.gnupg.wks' message part
    gpg-wks-client: t2body for level 1
    gpg-wks-client: gpg: Signature made Thu Dec 20 09:41:21 2018 EST
    gpg-wks-client: gpg:                using RSA key 672DC8471CEA6025761161FE05C53C82C753F2B6
    gpg-wks-client: gpg:                issuer "key-submission at deviltracks.net"
    gpg-wks-client: gpg: Good signature from "key-submission at deviltracks.net" [unknown]
    gpg-wks-client: gpg: WARNING: Using untrusted key!
    gpg-wks-client: DBG: Fixme: Verification result is not used
    gpg-wks-client: wkd data found
    gpg-wks-client: draft version 2 requested
    gpg-wks-client: gpg: decryption failed: No secret key
    gpg-wks-client: error running '/usr/bin/gpg': exit status 2
    gpg-wks-client: decryption failed: General error
    gpg-wks-client: decryption failed: General error
    gpg-wks-client: processing mail failed: General error

Can you try to extract text from the application/vnd.gnupg.wks part of
sample2.txt -- starting at the "BEGIN PGP MESSAGE" line and going
through the "END PGP MESSAGE" line (inclusive!) -- and save it to a file
ciphertext.wks ?  Then do:

    gpg --output cleartext.wks --decrypt ciphertext.wks

does that work?  If not, are there specific errors?  full transcripts
(including the commands run, shell prompts, error messages, etc) are
always helpful.

Sorry to not have any clearer answers for you immediately.

If you're up for giving me an account on the system i can try to
replicate the problem you're describing and see whether i can make it
happen myself.  Feel free to mail me offlist about credentials if that's
the case.

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20181220/12b5f0f7/attachment.sig>

More information about the Gnupg-devel mailing list