From owner-freebsd-questions@FreeBSD.ORG Mon Jan 25 07:24:17 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 06D7A106566C for ; Mon, 25 Jan 2010 07:24:17 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from outbound-mail-111.bluehost.com (outbound-mail-111.bluehost.com [69.89.18.7]) by mx1.freebsd.org (Postfix) with SMTP id CED7E8FC12 for ; Mon, 25 Jan 2010 07:24:16 +0000 (UTC) Received: (qmail 31384 invoked by uid 0); 25 Jan 2010 07:24:16 -0000 Received: from unknown (HELO box543.bluehost.com) (74.220.219.143) by outboundproxy3.bluehost.com with SMTP; 25 Jan 2010 07:24:16 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=apotheon.com; h=Date:From:To:Subject:Message-ID:Mail-Followup-To:References:Mime-Version:Content-Type:Content-Disposition:In-Reply-To:User-Agent:X-Identified-User; b=BEZt5QkV3IElCO1B43wwik3Dj4gdZZHGmSETzcxNBMvpzq2gKqXauWjWYY+cSOFGYC1uSIRk2IhYpuauGiMnUyI5EYxdATJ5UrqbldwnBCJ82jljMBXjllQL6fp9gT7g; Received: from c-24-8-180-234.hsd1.co.comcast.net ([24.8.180.234] helo=kukaburra.hydra) by box543.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1NZJJ0-0000tE-Sj for freebsd-questions@freebsd.org; Mon, 25 Jan 2010 00:24:16 -0700 Received: by kukaburra.hydra (sSMTP sendmail emulation); Mon, 25 Jan 2010 00:16:06 -0700 Date: Mon, 25 Jan 2010 00:16:06 -0700 From: Chad Perrin To: freebsd-questions@freebsd.org Message-ID: <20100125071606.GA1628@guilt.hydra> Mail-Followup-To: freebsd-questions@freebsd.org References: <20100123061958.73f3bc31@scorpio.seibercom.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/04w6evG8XlLl3ft" Content-Disposition: inline In-Reply-To: <20100123061958.73f3bc31@scorpio.seibercom.net> User-Agent: Mutt/1.4.2.3i X-Identified-User: {2737:box543.bluehost.com:apotheon:apotheon.org} {sentby:smtp auth 24.8.180.234 authed with ren@apotheon.org} Subject: Re: Problem with GnuPG X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jan 2010 07:24:17 -0000 --/04w6evG8XlLl3ft Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 23, 2010 at 06:19:58AM -0500, Jerry wrote: > I posted this recently on the GnuPG forum; however, no one had ever > seen it before. >=20 > FreeBSD-7.2 >=20 > gpg (GnuPG) 2.0.14 > libgcrypt 1.4.4 >=20 > gpa 0.9.0 > =20 > I honestly have no idea what the problem is here. I recently > installed GnuPG on my system. Everything appeared to go fine. For some > reason, I have numerous keys listed that I have no knowledge of. >=20 > This URL shows the keys: >=20 > http://seibercom.net/gnupg/KeyListing.png =20 >=20 > These are not OpenPGP keys, but x.509 certificates. I have no idea why > they are showing up in the listing, nor can I delete them. GnuPG no > longer works with my MUA either.I have tried deleting GnuPG in its > entirety and the "~/.gnupg" directory. That did not alleviate the > problem. Once I reinstalled them, the problem resurfaced. I've never heard of anything like this with GnuPG either, and I'm really not sure how you'd end up with a bunch of X.509 certificates in a GnuPG keyring. I do have a hypothesis for you to investigate, however: You're using a tool I don't know anything about from personal experience. Specifically, I'm talking about GPA. I've always just used the command line tools. Because what you describe doesn't seem to make any sense for the functionality of GnuPG, and you have this featureful GUI application for managing keys, I thought maybe that was the place to look. The contents of the pkg-descr file for security/gpa say: The GNU Privacy Assistant is a graphical frontend to GnuPG and may be used to manage the keys and encrypt/decrypt/sign/check files. It is much like Seahorse. WWW: http://gpa.wald.intevation.org/ Checking the site didn't really give me any information at all, but the pkg-descr file for Seahorse says: Seahorse is a Gnome front end for GnuPG - the Gnu Privacy Guard program. It is a tool for secure communications and data storage. Data encryption and digital signature creation can easily be performed through a GUI and Key Management operations can easily be carried out through an intuitive interface. WWW: http://seahorse.sourceforge.net/ Looking at the Seahorse site, it says it supports GnuPG keys *and* SSH keys. It lists a few other things it does, including an ambiguous and frustratingly undefined "More...". I hunted around a bit and, on the developer wiki, found a short list labeled "To Do (Grand Plans and Quackery)" that included "Support X.509 certificates" as its first item. My thought is, if the GPA developers are following a similar path to what the Seahorse developers are doing, they might even have gotten to X.509 certs first. If that's the case, GPA may have just automagically hunted up the X.509 certificates used by your browser and added them to the list of managed keys. Given the notion that GPA may have a bunch of functionality and features that aren't even known to the user, and that it may try to magically do things its developers assume people want, it's possible that it is interfering somehow in the proper operation of GnuPG with regard to your MUA. Perhaps some configuration file(s) for GPA, separate from the GnuPG configuration directory itself, are surviving the uninstalls and reinstalls of your various OpenPGP related tools -- and maybe that's the reason it isn't currently working with your MUA. It could be worth investigating. Is the manpage for GPA any help at all (since there doesn't appear to be any documentation at all on the Website)? I'm curious about what's causing the problem, so if/when you get this sorted out, I'd appreciate it if you'd let me know anything you learn about the problem. I may try to help you investigate the matter further as well if you keep me abreast of what you uncover about the matter. Of course, I don't plan to install GPA anywhere, so my ability to look into it is *somewhat* limited, but I might be able to pitch in a little as time permits. >=20 > Other than dumping the whole system, reformatting and re-installing the > OS, has anyone ever heard of this happening before; and if so, how to > correct it? I'm sure there's *something* you can do without nuking and paving -- even if it's somewhat drastic, like selecting a different MUA (if, for instance, a change in one of the tools or in the MUA itself has introduced an incompatibility somewhere). Oh, that reminds me . . . is it possible that a change has been made to some configuration for the MUA itself, without your knowledge? What *is* your MUA, anyway? Good luck. --=20 Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] --/04w6evG8XlLl3ft Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAktdRTYACgkQ9mn/Pj01uKVxBQCeKGlzkvWAsx63J410w1drBUyo q5gAoKg2Ibdsic579aSGzd4O3FXeXMOK =f7X/ -----END PGP SIGNATURE----- --/04w6evG8XlLl3ft--