[Remops] zax nymserv error: sign+encrypt failed

Breaka.net Anonymous Remailer Administration admin at breaka.net
Thu Sep 20 23:03:54 BST 2012 

----- Original Message -----

> From: Steve Crook <steve at mixmin.net>
> To: remops at lists.mixmin.net
> Cc: 
> Sent: Thursday, September 20, 2012 2:42 PM
> Subject: Re: [Remops] zax nymserv error: sign+encrypt failed
> 
> On Thu, Sep 20, 2012 at 02:14:05PM -0600, Breaka.net Anonymous Remailer 
> Administration wrote:
>> OK. Adding the X-Original-To header by Exim system_filter works just fine. 
>> Nymserv begins processing the in-coming config message but faills with the 
>> following error:
> In the next release I'll make the header choice configurable.  I
> hardcoded X-Original-To because my MTA adds it.
> 
>> 2012-09-20 13:17:55 DEBUG Signing and Encrypting message for 
>> 74B8301AE4F18D74A5E874B4176650376BC25290
>> 2012-09-20 13:17:55 ERROR GnuPG returned an error whilst attempting to 
>> signcrypt a message.  The error was:
>> gpg: no default secret key: secret key not available
>> gpg: [stdin]: sign+encrypt failed: secret key not available
>> 
>> I tried re-creating the GPG key and updating the fingerprint in .nymservrc 
> but 
>> it continues to fail with the same error.
>> 
>> I can see the secret key when I list the keys.
>> 
>> Any ideas what's stopping it this time?
> 
> Probably because your secret key is on the wrong keyring.  By default
> GnuPG will use ~/.gnupg as its path.  The nymserver's default is
> ~/nymserv/keyring.  You could export the key and reimport it to the
> correct keyring or regenerate a new one in situ.  In either case you
> probably want to use the 'gpg --homedir' option.
> 
> If you want to put the keyring in a different location, such as an
> encrypted disk, you can use the following option in .nymservrc:-
> 
> [paths]
> keyring: /encrypted_disk/nymserver/keyring

I did the above. Repeated it again to make sure I did it right.

Using "--homedir=/home/breaka/nymserv/keyring" to generate and manage the 
keys. To be safe, I tried putting the keyrings in .gnupg to see if the 
nymserver was looking there but that made no difference.

Also, double checked the fingerprint in the .nymservrc and it was correct. So 
was the keyring path.

I am currently trying using the key ID instead of the fingerprint to see if 
that makes a difference.

I am assuming from the above that:

1. Nymserv uses *only* the keys and keyrings in nymserv/keyring. The ~/.gnupg 
is ignored completely.

2. Nymserv compares the key ID or fingerprint to the secret keys in 
nymserv/keyring. In my case, there should only be one (1) secret keys in this 
keyring,

Let you know what happens in my next test.

-ken



-- 
Breaka.net Anonymous Remailer
http://www.breaka.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mixmin.net/pipermail/remops/attachments/20120920/32150199/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.mixmin.net/pipermail/remops/attachments/20120920/32150199/attachment.pgp>

More information about the Remops mailing list