Setting up wks/ error parsing submission email

Fabian A. Santiago fsantiago at
Thu Dec 20 22:35:43 CET 2018

On 2018-12-20 16:19, Daniel Kahn Gillmor wrote:
> On Thu 2018-12-20 15:38:04 -0500, Fabian A. Santiago wrote:
>> On 2018-12-20 15:08, Daniel Kahn Gillmor wrote:
>>> what is the output of:
>>>     gpg --list-secret-keys 0xFAD6496868B818DD
>> output of your requested command:
>> sec   rsa3072 2018-12-14 [SC] [expires: 2020-12-13]
>>        89CFCD21743DBDD5EB5ABC973879E79EC3420092
>> uid           [ultimate] test123 <test123 at>
>> ssb   rsa3072 2018-12-14 [E] [expires: 2020-12-13]
>> yes i am (running as root). this is from the "client" PC submitting 
>> the
>> key itself. on the email server side this is all being processed as a
>> local user / not root.
> It's a little bit odd for the root user to be running a local e-mail
> account.  i'm fine to continue debugging like this, but i would
> generally advise you to only check (and interact with) mail from a
> non-root account.
> I'm perplexed.  I don't know how to square that with your earlier 
> report
> of:
>     /usr/lib/gnupg/gpg-wks-client --receive --send < sample2.txt
>     gpg-wks-client: t2body for level 0
>     gpg-wks-client: t2body for level 1
>     gpg-wks-client: t2body for level 2
>     gpg-wks-client: t2body for level 2
>     gpg-wks-client: new 'application/vnd.gnupg.wks' message part
>     gpg-wks-client: t2body for level 1
>     gpg-wks-client: gpg: Signature made Thu Dec 20 09:41:21 2018 EST
>     gpg-wks-client: gpg:                using RSA key
> 672DC8471CEA6025761161FE05C53C82C753F2B6
>     gpg-wks-client: gpg:                issuer 
> "key-submission at"
>     gpg-wks-client: gpg: Good signature from
> "key-submission at" [unknown]
>     gpg-wks-client: gpg: WARNING: Using untrusted key!
>     gpg-wks-client: DBG: Fixme: Verification result is not used
>     gpg-wks-client: wkd data found
>     gpg-wks-client: draft version 2 requested
>     gpg-wks-client: gpg: decryption failed: No secret key
>     gpg-wks-client: error running '/usr/bin/gpg': exit status 2
>     gpg-wks-client: decryption failed: General error
>     gpg-wks-client: decryption failed: General error
>     gpg-wks-client: processing mail failed: General error
> Can you try to extract text from the application/vnd.gnupg.wks part of
> sample2.txt -- starting at the "BEGIN PGP MESSAGE" line and going
> through the "END PGP MESSAGE" line (inclusive!) -- and save it to a 
> file
> ciphertext.wks ?  Then do:
>     gpg --output cleartext.wks --decrypt ciphertext.wks
> does that work?  If not, are there specific errors?  full transcripts
> (including the commands run, shell prompts, error messages, etc) are
> always helpful.
> Sorry to not have any clearer answers for you immediately.
> If you're up for giving me an account on the system i can try to
> replicate the problem you're describing and see whether i can make it
> happen myself.  Feel free to mail me offlist about credentials if 
> that's
> the case.
>         --dkg

here you go:

root at deviltracks:~# /usr/lib/gnupg/gpg-wks-client --receive --send < 
gpg-wks-client: t2body for level 0
gpg-wks-client: processing mail failed: Unexpected message

that doesn't seem to work when i cut out just the pgp message portion. 
also see attached snippet file.

i understand about the root thing. in production root isn't used.

as for you having an account, would you be needing it on the test 
"client", email server, or both? i will contact you later after i'm off 
my day job and we can set something up if you wish. i should also state 
this is by no means critical. i'm just experimenting for my own personal 
use. so any help is greatly appreciated and i don't really mind how long 
it takes.



Fabian S.

OpenPGP:  0xE05BF5EEFDD6549DAD3EDF64AE4E3D03B4F2DF29
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp_snippet.txt
Type: application/pgp
Size: 921 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list