Learn how to configure your OTRS to encrypt and decrypt GPG messages easily for your agents.
Basically you have two steps, the preparation on your operating system of OTRS, and to be specific in the user context of the running otrs. The usercontext is typically the user otrs (default on all debian, ubuntu also for redhat and centos).
OS dependent steps
You need to prepare your OS to be able to use GPG in OTRS properly.
First install gpg on your OS. Typically it is already installed, anyway test it by executing these commands.
sudo apt install gpg
redhat and centos
sudo yum install gnupg2
Prepare your OTRS users home directory with GPG keys
first we need to find out your home directory. Use this command to get the detals:
sudo -H -u otrs bash -c 'echo "I am user $USER, with uid $UID"; echo "my home dir is $HOME"'
you will get something like this (example is from centos)
I am user otrs, with uid 500
my home dir is /opt/otrs
Generate the GPG keys
The next step is now to generate the GPG keys for the otrs user.
sudo -H -u otrs bash -c 'gpg --gen-key'
This will result in something like
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: directory `/opt/otrs/.gnupg' created gpg: new configuration file `/opt/otrs/.gnupg/gpg.conf' created gpg: WARNING: options in `/opt/otrs/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/opt/otrs/.gnupg/secring.gpg' created gpg: keyring `/opt/otrs/.gnupg/pubring.gpg' created Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 2
Use DSA and Elgamal which is said to be more secure over RSA. In our case enter ‘2’.
The next question is asking for the length of the key. Use at least 2048 bits. Better you go to a longer version like we use 3072 bits length.
DSA keys may be between 1024 and 3072 bits long. What keysize do you want? (2048) 3072 Requested keysize is 3072 bits
The key expire time frame shall be typically multiple years. We will use here unlimted (key does not expire).
Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 0 Key does not expire at all
Confirm this parameters and add now the personal data to the key details.