Sending key to WKS manually

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Sending key to WKS manually

GnuPG - Dev mailing list
Hi,

Since Thunderbird dropped Enigmail (and the ability to automatically
handle key publishing to a WKS), I have tried to do this step
manually. I use mutt (instead of sendmail) because I need to
authenticate to the mail server. I am using a command like this:
----
 /usr/lib/gnupg/gpg-wks-client --create \
        AB97233AD0EB0180882D1227799020EF6FF16876 [hidden email] \
    | mutt -F .mutt/[hidden email] [hidden email]
----

Here '.mutt/[hidden email]' contains SMTP and authentication details
and looks like this:
----
set from="[hidden email]"
set use_from="yes"
set smtp_url="smtp://[hidden email]@smtp.tst1.fs.al:587/
set smtp_pass="pass3"
----

The key publishing request that arrives on the WKS server looks like
this: https://pastebin.com/S8Qc3pka

However I get this error on the logs:
----
gpg-wks-server: t2body for level 0
gpg-wks-server: command failed: Unexpected message
----

I have tried to process the request manually, adding the option
--verbose as well, but I don't get more details:
----
cat archive/new/'1615.....5F6_0.wks.tst1.fs.al,S=6250' \
    | sudo -H -u webkey \
         gpg-wks-server --directory /host/wkd --receive --send --verbose
gpg-wks-server: t2body for level 0
gpg-wks-server: command failed: Unexpected message
----

I suspect that mutt alters the request that is generated by
gpg-wks-client in a way that is unacceptable for gpg-wks-server, but
cannot say where the problem is.
Can you spot something wrong on the request: https://pastebin.com/S8Qc3pka ?

Thanks,
Dashamir

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Reply | Threaded
Open this post in threaded view
|

Re: Sending key to WKS manually

GnuPG - Dev mailing list
On 16/03/2021 15:45, Dashamir Hoxha via Gnupg-devel wrote:
>
> I suspect that mutt alters the request that is generated by
> gpg-wks-client in a way that is unacceptable for gpg-wks-server, but
> cannot say where the problem is.
> Can you spot something wrong on the request: https://pastebin.com/S8Qc3pka ?

Yes, it looks like when you sent the generated message to mutt, mutt
interpreted it as plaintext rather than a complete raw message - you've
got two sets of headers there separated by a blank line (line 27), so
the second (real) set of headers is part of the message text, incorrectly.

--
Andrew Gallagher


_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

OpenPGP_signature (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Sending key to WKS manually

GnuPG - Dev mailing list
On Tue, Mar 16, 2021 at 6:37 PM Andrew Gallagher via Gnupg-devel
<[hidden email]> wrote:

>
> On 16/03/2021 15:45, Dashamir Hoxha via Gnupg-devel wrote:
> >
> > I suspect that mutt alters the request that is generated by
> > gpg-wks-client in a way that is unacceptable for gpg-wks-server, but
> > cannot say where the problem is.
> > Can you spot something wrong on the request: https://pastebin.com/S8Qc3pka ?
>
> Yes, it looks like when you sent the generated message to mutt, mutt
> interpreted it as plaintext rather than a complete raw message - you've
> got two sets of headers there separated by a blank line (line 27), so
> the second (real) set of headers is part of the message text, incorrectly.

You are absolutely right, that is the problem.
Thanks for your quick help.

Dashamir

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Reply | Threaded
Open this post in threaded view
|

Re: Sending key to WKS manually

GnuPG - Dev mailing list
In reply to this post by GnuPG - Dev mailing list
On Tue, Mar 16, 2021 at 6:58 PM ilf wrote:
>
> Mutt is not an smtp client, but a full-fledged MUA. Seems like you want
> something like https://marlam.de/msmtp/ instead.

Indeed, Mutt is not the right tool for sending emails from programs,
and msmtp seems to be the best one. I used msmtp like this:

1. Send a key publishing request:
----
/usr/lib/gnupg/gpg-wks-client \
        --create AB97233AD0EB0180882D1227799020EF6FF16876 [hidden email] \
    | msmtp \
        --read-envelope-from --read-recipients \
        --tls=on --auth=on \
        --host=smtp.tst1.fs.al --port=587 \
        --user=[hidden email] --passwordeval="echo pass3"
----

2. When the email with subject "Confirm your key publication" arrives,
save it as a text file.

3. Send the confirmation email with a command like this:
----
cat Confirm-your-key-publication.eml | /usr/lib/gnupg/gpg-wks-client --receive \
    | msmtp  \
        --tls=on --auth=on \
        --read-envelope-from --read-recipients \
        --host=smtp.tst1.fs.al --port=587 \
        --user=[hidden email] --passwordeval="echo pass3"
----

It is not that bad, if you know how to do it.

Regards,
Dashamir

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Reply | Threaded
Open this post in threaded view
|

Re: Sending key to WKS manually

GnuPG - Dev mailing list
On Tue, 16 Mar 2021 22:56, Dashamir Hoxha said:

> /usr/lib/gnupg/gpg-wks-client \
>         --create AB97233AD0EB0180882D1227799020EF6FF16876 [hidden email] \
>     | msmtp \
>         --read-envelope-from --read-recipients \
>         --tls=on --auth=on \
>         --host=smtp.tst1.fs.al --port=587 \
>         --user=[hidden email] --passwordeval="echo pass3"
> ----

I don't know about msmtp but I would expect that it comes with a
/var/lib/sendmail wrapper.  So all you need to do is to add --send to
the gpg-wks-client invocation.

> 3. Send the confirmation email with a command like this:

Given tha you seem to use mutt, you may simply add

application/vnd.gnupg.wks; /home/wk/b/gnupg/tools/gpg-wks-client \
   -v --read --send; needsterminal; description=WKS message

to /etc/mailcap and you are done.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (233 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Sending key to WKS manually

GnuPG - Dev mailing list
On Wed, Mar 17, 2021 at 10:05 AM Werner Koch <[hidden email]> wrote:

> I don't know about msmtp but I would expect that it comes with a
> /var/lib/sendmail wrapper.  So all you need to do is to add --send to
> the gpg-wks-client invocation.

Yes, msmtp can work as a replacement for sendmail, so that we can use
the --send option. But this requires global configuration of the SMTP
server, username, password etc. For testing and for sending a couple
of emails I would prefer to use the command line options, instead of
making a global configuration. By the way, this is a good tutorial
about msmtp: https://arnaudr.io/2020/08/24/send-emails-from-your-terminal-with-msmtp/

>
> Given tha you seem to use mutt, you may simply add
>
> application/vnd.gnupg.wks; /home/wk/b/gnupg/tools/gpg-wks-client \
>    -v --read --send; needsterminal; description=WKS message
>
> to /etc/mailcap and you are done.

I don't usually use Mutt, I was trying to find an alternative to
Thunderbird for testing the WKS server.

I have seen these instructions on the WKS wiki page, but I am not sure
how it is supposed to work. Does it mean that when we receive the
email "Confirm your key publication", we can open the attachment and
Mutt will process it automatically with gpg-wks-client? But this also
requires to setup sendmail because Mutt alone is not enough? On the
other hand, how do we send the key-publication-request from Mutt (how
do we initiate the key publishing process)?

By the way, is there any chance that the mailcap mechanism could work
with Thunderbird and other applications, or it is specific to Mutt
only?

Thanks for helping me to understand this better.

Dashamir

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Reply | Threaded
Open this post in threaded view
|

Re: Sending key to WKS manually

GnuPG - Dev mailing list
On Wed, 17 Mar 2021 11:15, Dashamir Hoxha said:

> email "Confirm your key publication", we can open the attachment and
> Mutt will process it automatically with gpg-wks-client? But this also

Right, that is the whole point of /etc/mailcap.

> requires to setup sendmail because Mutt alone is not enough? On the

Sure.  A Unix system is supposed to have a proper mail interface for
automated use, think only about cron.  But current Linux desktops are
too much Windows than Unix :-(

> By the way, is there any chance that the mailcap mechanism could work
> with Thunderbird and other applications, or it is specific to Mutt

I guess not.  Firefox also uses its own Mime type registry; so I think
TB does the same.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

signature.asc (233 bytes) Download Attachment