-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate a GPG encryption key. #2372
Comments
No worries, just start the pgp generation from scratch:
|
I started the pgp from scratch as you have advised , and i still the the same error mapetla@mapetla:/var/www/MISP$ sudo rm -rf /var/www/MISP/.gnup gpg: keybox '/var/www/MISP/.gnupg/pubring.kbx' created GnuPG needs to construct a user ID to identify your key. Real name: mapetla Change (N)ame, (E)mail, or (O)kay/(Q)uit? o |
Maybe this here? But be careful with messing with your |
Hello, I am having the same problem, also tried the commands provided by iglocska and it did not work, is there any solution? Thanks. |
I was having this problem trying to re-issue the key on a working instance. Tried a fresh install, that install had the issue as well. Edit: this was also corrected by temporarily changing tty ownership to www-data and doing a clean generation (I also installed rng-tools) |
I solved this by using the guide and temporarly setting: Checking with ls -l $(tty) |
Change (N)ame, (E)mail, or (O)kay/(Q)uit? o i got the same problem...can some one help me |
While the issue is closed, I thought I'd add that the easiest way (and least-dangerous way, and doesn't require
I forget this every time, do a web search for this information, and end up in this thread or one much like it that advises |
Thanks a ton! This really helped. |
Perfect solution Gumnos, it works! |
Just to add to the possible means of escape, if you log into the server using ssh as the user that needs to use gpg, the tty is automatically owned by that user and there is no need to chown the tty device. If you log in as root and then use either sudo or su the tty is still owned by root and the above solutions will be needed. |
Thanks, this really helped, but not in the way that it was probably intended. I had |
The root of the issue is tty-ownership.
A lot of (IMHO, ill-guided) folks suggest using `chown` to change
ownership of the tty to your user, and then `chown` it back when
you're done. This feels pretty error-prone to me.
Alternatively, you can spawn a new `tty` via a number of means:
- use `tmux` or GNU `screen` as the secondary user to create the
new `tty` with the proper ownership (beware: if you already are
operating within `tmux`/`screen`, you might end up with nested
sessions which can be weird to navigate as you have to double up
your prefix key to send it on to the internal session)
- use `script(1)` as the secondary user to create a new `tty` with
the proper ownership (this comes with the downside that it's recording
everything you do, so you either want to write your script to
`/dev/null` or be very careful about who has access to the output
script-file since it might contain the password you entered)
- as you discovered, actually log in as that other user. This is
more of a challenge if this user was created for administrative
reasons without a password or you've disabled SSH login, so you
can't actually log in as them. Most of the times I need to GPG as
another user, this happens to be the case, so I can't use the "log
in as them" method.
But yeah, once you understand the root cause and have some tools
in your belt to ensure the `tty` has the proper/expected ownership,
it's easy to beat it into submission. :-)
…On 2023-10-30 12:21, Craig E. Shea wrote:
> While the issue is closed, I thought I'd add that the easiest way (and least-dangerous way, and doesn't require `root` privs to `chown` the tty) I've found to resolve this is to use a program like `tmux` or GNU `screen` which allocates a _new_ ptty for the `su`ed user:
>
> ```
> ***@***.***$ su - demo
> ***@***.***$ gpg --gen-key
> ???
> Key generation failed: Permission denied
> ***@***.***$ ls -l `tty` # note still owned by "gumnos"
> crw--w---- 1 gumnos tty 136, 13 Jan 9 11:37 /dev/pts/13
> ***@***.***$ tmux
> [tmux: ***@***.***$ ls -l `tty` # now owned by "demo"
> crw--w---- 1 demo tty 136, 22 Jan 9 11:38 /dev/pts/22
> [tmux: ***@***.***$ gpg --gen-key # this works as desired
> ```
>
> I forget this every time, do a web search for this information, and end up in this thread or one much like it that advises `chown`ing the tty to the secondary user, generating the key, and then `chown`ing the tty back to the original user (all that `chown`ing also requires root privs). Hopefully by leaving this here, it's useful to others, including my future forgetful self.
Thanks, this really helped, but not in the way that it was probably intended. I had `su - <some-user>` to switch to another user. Then tried to generate a GPG key for that user. And I got the error described by this issue. After reading this comment, I realized my mistake--the `tty` was owned by the user who `su`ed to `<other-user>`. So the solution was to logout and login as `<other user>`. Of course, using `tmux` works, too, if you already have it installed! ????
--
Reply to this email directly or view it on GitHub:
#2372 (comment)
You are receiving this because you commented.
Message ID: ***@***.***>
|
I get a permission denied error when i generate a GPG encryption key using the command line. Below is a copy of what i did on the terminal and the error that i got.
===========================================================================
mapetla@mapetla:/var/www/MISP$ sudo -u www-data mkdir /var/www/MISP/.gnupg
mkdir: cannot create directory ‘/var/www/MISP/.gnupg’: File exists
mapetla@mapetla:/var/www/MISP$ sudo chmod 700 /var/www/MISP/.gnupg
mapetla@mapetla:/var/www/MISP$ sudo -u www-data gpg --homedir /var/www/MISP/.gnupg --gen-key
gpg (GnuPG) 2.1.15; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Note: Use "gpg --full-gen-key" for a full featured key generation dialog.
GnuPG needs to construct a user ID to identify your key.
Real name: mapetla
Email address: mapetla.users@gmail.com
You selected this USER-ID:
"mapetla mapetla.users@gmail.com"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: Permission denied
Key generation failed: Permission denied
The text was updated successfully, but these errors were encountered: