[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

gpg randomly losing keys [was: Re: signature and missing key]



On Mon, Jun 23, 2003 at 11:58:49PM +0100, Pigeon wrote:
> On Wed, Jun 18, 2003 at 12:15:09PM -0400, Derrick 'dman' Hudson wrote:
> > On Tue, Jun 17, 2003 at 11:32:14PM +0100, Pigeon wrote:
> > | With a dialup, it would be rather useful to be able to do this from the MTA
> > | rather than the MUA.
> > 
> > True.
> > 
> > | Unfortunately /usr/share/doc/exim/spec.txt.gz contains no references
> > | to either gpg or pgp.  Am I really out of luck for built-in
> > | solutions?
> > 
> > No, but you are out of luck (AFAIK) for ready-made solutions.
> > 
> > What you can do is instruct exim to pass all messages through a pipe
> > as it delivers them.  In your system filter put
> >     unseen pipe "/usr/local/bin/gpg-key-retrieve"
> > (read the exim manual for setting up a system filter; it really is
> > quite trivial)
> 
> Yeah, you sorted me out with exim filters some time ago actually,
> thanks! All mail comes through my only user, so I'm running it from
> ~/.forward to keep all my mail filtering in one place.
> 
> > Then create the program "gpg-key-retrieve".  It needs to parse enough
> > of the message to determine the key's id and then merely run the gpg
> > command to retrieve it.
> 
> This little hack seems to work, both for single messages and for
> digests. It's not totally immune against getting the odd key that you
> don't need, but I don't think that's a major problem.
> 
> #!/bin/bash
> LOGFILE="/home/pigeon/mail/debug/getakey.log"
> KEYSERVER="pgp.mit.edu"
> TMPFILE=`mktemp -t getakey.XXXXXXXXXX` || exit 1
> TMPGPG=`mktemp -t getakey.gpg.XXXXXXXXXX`
> if [ $? -ne 0 ]; then
>   rm -f $TMPFILE
>   exit 1
> fi
> sed -n -e '/^-----BEGIN PGP SIGNATURE-----$/,/^-----END PGP SIGNATURE-----$/p' > $TMPFILE 2>/dev/null
> if [ -s $TMPFILE ]; then
>   gpg --verify --keyserver $KEYSERVER $TMPFILE /dev/null > $TMPGPG 2>&1
>   grep 'requesting key' $TMPGPG > /dev/null 2>&1 && (echo -n 'Key requested at '; 822-date; cat $TMPGPG) >> $LOGFILE
> fi
> rm -f $TMPFILE
> rm -f $TMPGPG

This appears to have shown up some 'unexpected behaviour' on the part
of gpg.

It appears to import the keys OK (as long as the keyserver itself has
them, of course), but randomly loses some of them...

I have entries in the log file such as:

Key requested at Tue, 24 Jun 2003 15:42:10 +0100
gpg: Signature made Tue Jun 24 14:40:30 2003 BST using DSA key ID 9D395550
gpg: requesting key 9D395550 from pgp.mit.edu ...
gpg: key 9D395550: public key imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: BAD signature from "Hugh Saunders (_.:|CYE-SC|:._) <hugh@mjr.org>"

(the "BAD signature" is because my script is "verifying" /dev/null)

yet gpg --list-keys | grep 9D395550 gives no result, and mutt can't
check the signed email.

Other keys with identical log entries have been imported correctly and
work fine.

Doing find / -name '*gpg*' and ...'*ring*' doesn't find any spurious
keyring files in places where they shouldn't be - there's nothing
outside ~/.gnupg.

Anyone got any idea where the missing keys have gone, and why?

-- 
Pigeon

Be kind to pigeons
Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F

Attachment: pgpWlKYH0zF6o.pgp
Description: PGP signature


Reply to: