Date: Mon, 25 Jan 2010 06:58:17 -0500 From: Jerry <gesbbb@yahoo.com> To: freebsd-questions@freebsd.org Subject: Re: Problem with GnuPG Message-ID: <20100125065817.3f555bb3@scorpio.seibercom.net> In-Reply-To: <20100125071606.GA1628@guilt.hydra> References: <20100123061958.73f3bc31@scorpio.seibercom.net> <20100125071606.GA1628@guilt.hydra>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/FgI_AC7fXgvwY+cHoaOly6B Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Mon, 25 Jan 2010 00:16:06 -0700 Chad Perrin <perrin@apotheon.com> articulated: > On Sat, Jan 23, 2010 at 06:19:58AM -0500, Jerry wrote: > > I posted this recently on the GnuPG forum; however, no one had ever > > seen it before. > >=20 > > FreeBSD-7.2 > >=20 > > gpg (GnuPG) 2.0.14 > > libgcrypt 1.4.4 > >=20 > > gpa 0.9.0 > > =20 > > I honestly have no idea what the problem is here. I recently > > installed GnuPG on my system. Everything appeared to go fine. For > > some reason, I have numerous keys listed that I have no knowledge > > of. > >=20 > > This URL shows the keys: > >=20 > > http://seibercom.net/gnupg/KeyListing.png =20 > >=20 > > These are not OpenPGP keys, but x.509 certificates. I have no idea > > why they are showing up in the listing, nor can I delete them. > > GnuPG no longer works with my MUA either.I have tried deleting > > GnuPG in its entirety and the "~/.gnupg" directory. That did not > > alleviate the problem. Once I reinstalled them, the problem > > resurfaced. >=20 > I've never heard of anything like this with GnuPG either, and I'm > really not sure how you'd end up with a bunch of X.509 certificates > in a GnuPG keyring. I do have a hypothesis for you to investigate, > however: >=20 > You're using a tool I don't know anything about from personal > experience. Specifically, I'm talking about GPA. I've always just > used the command line tools. Because what you describe doesn't seem > to make any sense for the functionality of GnuPG, and you have this > featureful GUI application for managing keys, I thought maybe that > was the place to look. >=20 > The contents of the pkg-descr file for security/gpa say: >=20 > The GNU Privacy Assistant is a graphical frontend to GnuPG and > may be used to manage the keys and encrypt/decrypt/sign/check > files. It is much like Seahorse. >=20 > WWW: http://gpa.wald.intevation.org/ >=20 > Checking the site didn't really give me any information at all, but > the pkg-descr file for Seahorse says: >=20 > Seahorse is a Gnome front end for GnuPG - the Gnu Privacy > Guard program. >=20 > It is a tool for secure communications and data storage. > Data encryption and digital signature creation can easily > be performed through a GUI and Key Management operations > can easily be carried out through an intuitive interface. >=20 > WWW: http://seahorse.sourceforge.net/ >=20 > Looking at the Seahorse site, it says it supports GnuPG keys *and* SSH > keys. It lists a few other things it does, including an ambiguous and > frustratingly undefined "More...". I hunted around a bit and, on the > developer wiki, found a short list labeled "To Do (Grand Plans and > Quackery)" that included "Support X.509 certificates" as its first > item. >=20 > My thought is, if the GPA developers are following a similar path to > what the Seahorse developers are doing, they might even have gotten > to X.509 certs first. If that's the case, GPA may have just > automagically hunted up the X.509 certificates used by your browser > and added them to the list of managed keys. >=20 > Given the notion that GPA may have a bunch of functionality and > features that aren't even known to the user, and that it may try to > magically do things its developers assume people want, it's possible > that it is interfering somehow in the proper operation of GnuPG with > regard to your MUA. Perhaps some configuration file(s) for GPA, > separate from the GnuPG configuration directory itself, are surviving > the uninstalls and reinstalls of your various OpenPGP related tools > -- and maybe that's the reason it isn't currently working with your > MUA. It could be worth investigating. Is the manpage for GPA any > help at all (since there doesn't appear to be any documentation at > all on the Website)? >=20 > I'm curious about what's causing the problem, so if/when you get this > sorted out, I'd appreciate it if you'd let me know anything you learn > about the problem. I may try to help you investigate the matter > further as well if you keep me abreast of what you uncover about the > matter. Of course, I don't plan to install GPA anywhere, so my > ability to look into it is *somewhat* limited, but I might be able to > pitch in a little as time permits. >=20 >=20 > >=20 > > Other than dumping the whole system, reformatting and re-installing > > the OS, has anyone ever heard of this happening before; and if so, > > how to correct it? >=20 > I'm sure there's *something* you can do without nuking and paving -- > even if it's somewhat drastic, like selecting a different MUA (if, for > instance, a change in one of the tools or in the MUA itself has > introduced an incompatibility somewhere). >=20 > Oh, that reminds me . . . is it possible that a change has been made > to some configuration for the MUA itself, without your knowledge? >=20 > What *is* your MUA, anyway? >=20 > Good luck. OK, I posted this on the 'GnuPG' list earlier; however, since you requested further info, here it is. This is the file that apparently GPA is loading that has those pesky 'certs': /usr/local/share/gnupg -r--r--r-- 1 root wheel 27K Jan 20 22:43 com-certs.pem I renamed the file, deleted those "~/.gnupg/*.kbx" files and restarted GPA and the problem went away. Apparently, GnuPG does have support for X.509 certificates. I have been reading through the documentation -- info gnupg -- to discover its full potential and usage. In any case, it apparently is configurable. I am not sure what that is, or if I inadvertently turned it on. I am still working on that phase of debugging. I have GnuPG working with 'claws-mail' now though. For whatever reason, the plug-in that claws-mail uses for GnuPG was unloaded. I don't know why; I certainly never did it. In any case, after reloading it, claws-mail works again with GnuPG. I wouldn't doubt that there is some sort of gnomish bug lurking around, though I doubt that I will ever discover its existence. --=20 Jerry gesbbb@yahoo.com |::::=3D=3D=3D=3D=3D=3D=3D |::::=3D=3D=3D=3D=3D=3D=3D |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D | Consider a spherical bear, in simple harmonic motion... =0D Professor in the UCB physics department --Sig_/FgI_AC7fXgvwY+cHoaOly6B Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iQEcBAEBAgAGBQJLXYdgAAoJEGnxpuiKsj5SLxoH/RNoah2ErO0WI9YAB9iSLlwm XUflRIqW30jZtxmFh3pwznvvVPcY1fXWZtzDy62ktTq2WJaU/NfzohRhEm1owIc3 aWuR2gYG9UIMtYjJmdG3eDquAjEreP826nnpu66SAC576oRyUBtKXesUoeRwpZB1 QE4LdLYUktiZebmGCf6c5te1Wi6G2GaRY0F4mN+LWBIM6zKDHUuLtmsgKvNMvsi5 KQLAYEYupS1yJHB9rYGtHuNqxiYDlOtJL8AATYhlALuLgTITZXPpN4uoz+BC/X04 EM2YxlFLAtok4aCG+Pz8QeEPdV1wmNEZdn+M1MUXpfdxSrnBUK9CHIo1bihAju8= =fh5U -----END PGP SIGNATURE----- --Sig_/FgI_AC7fXgvwY+cHoaOly6B--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100125065817.3f555bb3>