securemail doesn't like my gpg key

VERIFIED FIXED

Status

()

bugzilla.mozilla.org
Extensions: Other
VERIFIED FIXED
7 years ago
7 years ago

People

(Reporter: bbaetz, Assigned: justdave)

Tracking

(Blocks: 1 bug)

Production
x86_64
Linux

Details

Attachments

(2 attachments)

(Reporter)

Description

7 years ago
Created attachment 528292 [details]
gpg key that bugzilla currently has

Bugzilla already has a gpg key for me (I think I uploaded it in the early version of the securemail patch)

I went to upload a newer version of my key, but bugzilla doesn't want to accept it - I get the error:

"We were unable to read the public key that you entered. Make sure that you are entering either an ASCII-armored PGP/GPG public key, including the "BEGIN PGP PUBLIC KEY BLOCK" and "END PGP PUBLIC KEY BLOCK" lines, or a PEM format (Base64-encoded X.509) S/MIME key, including the BEGIN CERTIFICATE and END CERTIFICATE lines."

In fact, bugzilla doesn't even like me submitting the key that it already has stored. I'll attach that one to the bug for reference (obtained via copy-paste from the form field)
It doesn't like mine either, and I know it works on my local install. I think Crypt::OpenPGP must be messed up on the Bugzilla machine.

I'll attach a test script which may be useful.

From another bug, it seems that S/MIME works OK...

Gerv
Created attachment 528296 [details]
Test key read script - make sure it's using the Bugzilla copy of Crypt::OpenPGP
Component: Bugzilla: Other b.m.o Issues → Extensions
Product: mozilla.org → bugzilla.mozilla.org
QA Contact: other-bmo-issues → bmo-exts
Version: other → Current
justdave please post the version of Crypt::OpenPGP that is currently installed on BMO? It may be that we will need to roll our own package that has the latest version if there are some issues that were resolved in it. This also works for me on my local install using Fedora 14 and the latest rpm for it.

One thing I did notice in the past is that keys generated by the MacOS version of gpg it didn't like but the ones generated by Fedora, it did. And they looked similar to me.

dkl
Assignee: nobody → dkl
Status: NEW → ASSIGNED
The difference appears to be whether you're using RSA or DSA to generate your key.

Crypt::DSA was broken because the version of Math::BigInt on the system was too old.  The dependencies in the RPM (and the Makefile the RPM was generated from for that matter) failed to list this dependency, instead it errors out at runtime when you try to load it.

Unfortunately, fixing this problem isn't easy because the package for the newer version of Math::BigInt conflicts with the core perl package on RHEL5.  Should have something figured out in the next 24 hours or so.  (Installing via CPAN is not palatable because of the number of web servers involved on the production instance of Bugzilla)
taking this, since it turns out to be a systems thing and not a problem with the app.
Assignee: dkl → justdave
This should be fixed, the updated Math::BigInt packages were rolled out the to production webservers Tuesday night.
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
VERIFIED - I have successfully installed a GPG key and received and decoded a password reset email.

Gerv
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.