On Mon, Jun 23, 2003 at 11:58:49PM +0100, Pigeon wrote: > On Wed, Jun 18, 2003 at 12:15:09PM -0400, Derrick 'dman' Hudson wrote: > > On Tue, Jun 17, 2003 at 11:32:14PM +0100, Pigeon wrote: > > | With a dialup, it would be rather useful to be able to do this from the MTA > > | rather than the MUA. > > > > True. > > > > | Unfortunately /usr/share/doc/exim/spec.txt.gz contains no references > > | to either gpg or pgp. Am I really out of luck for built-in > > | solutions? > > > > No, but you are out of luck (AFAIK) for ready-made solutions. > > > > What you can do is instruct exim to pass all messages through a pipe > > as it delivers them. In your system filter put > > unseen pipe "/usr/local/bin/gpg-key-retrieve" > > (read the exim manual for setting up a system filter; it really is > > quite trivial) > > Yeah, you sorted me out with exim filters some time ago actually, > thanks! All mail comes through my only user, so I'm running it from > ~/.forward to keep all my mail filtering in one place. > > > Then create the program "gpg-key-retrieve". It needs to parse enough > > of the message to determine the key's id and then merely run the gpg > > command to retrieve it. > > This little hack seems to work, both for single messages and for > digests. It's not totally immune against getting the odd key that you > don't need, but I don't think that's a major problem. > > #!/bin/bash > LOGFILE="/home/pigeon/mail/debug/getakey.log" > KEYSERVER="pgp.mit.edu" > TMPFILE=`mktemp -t getakey.XXXXXXXXXX` || exit 1 > TMPGPG=`mktemp -t getakey.gpg.XXXXXXXXXX` > if [ $? -ne 0 ]; then > rm -f $TMPFILE > exit 1 > fi > sed -n -e '/^-----BEGIN PGP SIGNATURE-----$/,/^-----END PGP SIGNATURE-----$/p' > $TMPFILE 2>/dev/null > if [ -s $TMPFILE ]; then > gpg --verify --keyserver $KEYSERVER $TMPFILE /dev/null > $TMPGPG 2>&1 > grep 'requesting key' $TMPGPG > /dev/null 2>&1 && (echo -n 'Key requested at '; 822-date; cat $TMPGPG) >> $LOGFILE > fi > rm -f $TMPFILE > rm -f $TMPGPG This appears to have shown up some 'unexpected behaviour' on the part of gpg. It appears to import the keys OK (as long as the keyserver itself has them, of course), but randomly loses some of them... I have entries in the log file such as: Key requested at Tue, 24 Jun 2003 15:42:10 +0100 gpg: Signature made Tue Jun 24 14:40:30 2003 BST using DSA key ID 9D395550 gpg: requesting key 9D395550 from pgp.mit.edu ... gpg: key 9D395550: public key imported gpg: Total number processed: 1 gpg: imported: 1 gpg: BAD signature from "Hugh Saunders (_.:|CYE-SC|:._) <hugh@mjr.org>" (the "BAD signature" is because my script is "verifying" /dev/null) yet gpg --list-keys | grep 9D395550 gives no result, and mutt can't check the signed email. Other keys with identical log entries have been imported correctly and work fine. Doing find / -name '*gpg*' and ...'*ring*' doesn't find any spurious keyring files in places where they shouldn't be - there's nothing outside ~/.gnupg. Anyone got any idea where the missing keys have gone, and why? -- Pigeon Be kind to pigeons Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F
Attachment:
pgp3GIDvBUIFY.pgp
Description: PGP signature