newbie: error trying to upload GPG key: EncryptionPublicKeyInvalidType

[Demetri Orlando]

When trying to upload the GPG key following the directions on this page:

http://code.google.com/p/google-apps-manager/wiki/ExamplesAccountAuditing#Creating/Uploading_a_GPG_Key

it didn't work until I put the GPG and GAM program files into one directory, but now I am getting the following error message when the key is uploaded: "EncryptionPublicKeyInvalidType".

Searching this forum yielded the following suggestion:

To solve this I replaced the original command (gpg --export --armor | gam audit uploadkey) with te following command; gpg --armor --export <key>| gam audit uploadkey. This solved the problem. I got the key with the output form the "gpg --export --armor" command. Perhaps this has something to do with the fact then when generating the key it asks for a primary and a subkey?

I am trying to follow these directions, but am not sure whether the "<key>" part of this command is supposed to be the actual key which is a very long string of characters.

I tried to copy and paste the key, but it doesn't seem to like that. I also typed the command as is, but that doesn't do anything either.

Any help on my error would be most appreciated. Sorry this is probably a pretty n00b question.

thanks,

Demetri

[Demetri Orlando]

I was able to solve this, and get my PGP key uploaded (and auditing working) by using these directions: (I'm on a Mac running 10.6)

1) download and installed the GPG Keychain application from http://www.gpgtools.org/

2) generated a key (by the way, if you have multiple keys, you might want to delete all but one, this might have been one of my problems)

3) exported the one remaining key (ascii, and it is 2048 in length -- no option to change this to 1028 as recommended. seems fine at 2048)

4) Base64 encoded the key by using http://www.motobit.com/util/base64-decoder-encoder.asp (chose to upload the key file exported in previous step, copy output of top text box into next step...)

5) Saved a text file (in the same directory as gpg) named "publickey.xml" with the following contents:

<?xml version="1.0" encoding="utf-8"?>

<atom:entry xmlns:atom='http://www.w3.org/2005/Atom' xmlns:apps='http://schemas.google.com/apps/2006'><apps:property name="publicKey" value="your_entire_base_64_encoded_key_here"/></atom:entry>

(note that you paste the base 64 encoded key from step 4 between the quotes above.)

6) From a terminal window, paste the following text and hit enter key to get an Auth key returned (fill in the appropriate fields for your domain)

curl --request POST  --header "application/x-www-form-urlencoded" -d accountType=HOSTED -d Email=YOURADMINEMAILADDRESS -d Passwd=YOURPASSWORD -d service=apps -d source=reed-test-audit-app "https://www.google.com/accounts/ClientLogin"

7) Copy the long AUTH TOKEN string (everything after the "Auth=" in the curl response -- don't worry if you see some error noted, as long as it returns an auth string you should be okay.)

8) Paste this next cUrl command in the terminal and hit enter key to upload your key (filling in the appropriate strings for your domain):

curl --request POST --data "@publickey.xml" --header "Content-Type: application/atom+xml" --header "Authorization: GoogleLogin auth=YOUR_AUTHTOKEN_HERE" "https://apps-apis.google.com/a/feeds/compliance/audit/publickey/YOUR_DOMAIN.COM"

Following these steps is what worked for me. I hope this helps others who feel similarly stumped by getting going with the audit tool trying to follow the documentation. As noted in the documentation, audit requests initially appear as "PENDING" but checking the status the next morning yields a URL which when copy/pasted into a browser, downloads the requested info.