Package: project (Proposed solution at the end)
I've been trying to update/change/add some information via the Mail Gateway to the developer's database. Each time I get an error message from the gateway telling me that the key wasn't found. The error message does not specify _which_ key wasn't found. That alone is a bug, since it's a bad error message and is leaving the user with less information than before. Reading thru http://cvs.debian.org/userdir-ldap/userdir_gpg.py?rev=1.12&cvsroot=debian-admin&content-type=text/vnd.viewcvs-markup I guess that the function (method?) GPGCheckSig(Message) is doing something wrong. From what I can understand: Res = GPGWriteFilter(GPGPath,GPGSigOptions,Message); that's calling gpg with --no-options --batch --no-default-keyring --secret-keyring /dev/null --always-trust --status-fd 3 {some keyring} --output - as the only options and feeding it the message extracted from my mail. Doing that locally I see: [GNUPG:] PLAINTEXT 74 0 gpg: Signature made Thu Jun 30 06:53:16 2005 CST using RSA key ID 8404D500 [GNUPG:] SIG_ID ignST9aX/c8PLWfzpa4lCVsKJh0 2005-06-30 1120135996 [GNUPG:] GOODSIG 7198A8208404D500 Marcelo E. Magallon <[EMAIL PROTECTED]> gpg: Good signature from "Marcelo E. Magallon <[EMAIL PROTECTED]>" [GNUPG:] VALIDSIG 9D44CA6C99DFB718AAEAF1687198A8208404D500 2005-06-30 1120135996 0 4 0 1 2 01 4389F70092A2044E83520EFE7A81833366468D05 The fingerprint is the data that comes along with VALIDSIG. From the code: # ValidSig has the key finger print if Split[1] == "VALIDSIG": KeyFinger = Split[2]; So it's using 9D44CA6C99DFB718AAEAF1687198A8208404D500 as the fingerprint. That's the fingerprint of the 8404D500 subkey. The morale is I can't use subkeys to talk to the mail gateway. Doing this: $ gpg --clearsign -u '66468D05!' < zone | mail [EMAIL PROTECTED] Solves my problem. As a _minimum_ to consider this bug addressed, this information should be added to the documentation ("The mailgateway does not support messages signed with subkeys, you have to use the primary key, like this ..."), but that doesn't fix it. A message signed with the primary key produces: [GNUPG:] VALIDSIG 4389F70092A2044E83520EFE7A81833366468D05 2005-07-02 1120269865 0 4 0 17 2 01 4389F70092A2044E83520EFE7A81833366468D05 My guess is that you want the _last_ item on that line (the primary key's fingerprint) and not the one right after VALIDSIG, since the LDAP gateway only contains the primary fingerprints. So... I've read my share of Python for this year, I guess that should up my karma back to zero or perhaps even a bit above it... Thanks, Marcelo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
