Done something similar for master; needs to be backported to 1.5.

Also related (includes patch): http://bugs.debian.org/cgi-bin/bugreport.cgi?
bug=725411

I have pushed a similar change to 2.0 and master. Will also be done for 1.4.

Werner - taht is the problem - I already tried that (and other hints too) - it
is IMO a lack of a good feature in gpg.

Support is already in master and in the soon to be released 1.6.0

Libgcrypt 1.6 will be released this year.

Retire you old key. There is a "disable" command in "gpg --edit-key".

yep - rather an enhancement request then a bug.

OTOH even before the Snowden-era it would be always better to implemented a
strategy to choose the "best" key (in my case the older has 1024 bit - the newer
has 4096).

Bad news, though that .c/.cpp file exists, it does not seem to get built into
Android. I have tried building against android-14, which is after that file was
introduces, and no luck. I also tried looking for it in the libs, and its not
in the .so or .a libs. Running this gives me nothing:

$ strings /opt/android-ndk/platforms/android-*/arch-arm/usr/lib/* | grep atfork

This has been discussed ad nauseam. Thus this will not be included.

D182: 410_0001-gpg-Compile-time-flag-for-RSA-key-sizes-4096.patch

Uploaded a new patch file - I missed a semicolon.

D183: 407_0001-gpg-Compile-time-flag-for-RSA-key-sizes-4096.patch

Nope; won't be done. We had this in the past and people enabled it and later
complained about disk full stati. And yes, it exposes confidential info.

Tested and works fine with current gnupg and gpgcard.

D180: 398_0001-enable-key-to-card-upload-for-cert-only-keys.patch

D181: 389_cert_card.patch

Ah well, the Spansih versions have been dropped. The Howtos are anyway somewhat
outdated.

I took copies of the MiniHowto from archive.org and put them direct under GnuPG.org.

This is not a worth a bug report. If you want to discuss this topic, please use
the gnupg-users mailing list. We can't answer indivdual questions by means of a
bug tracker.

What is the threat model for this? If you are able to ptrace a process you can
do all other kind of stuff, like replacing gpg with your own code. If the box
has been taken over, we are in game-over state.

Disabling core dumps is a different issue because a core dump leaves traces of
the process on the disk.

The option --default-cert-level is described in the manual.
Thus, this bug report is about web.
Changing "category" from gnupg to gpgweb.

I think that original reporter's intention is to prevent attaching by ptrace.
By PR_SET_DUMPABLE disabled, ptrace PTRACE_ATTACH won't work any more.
This would be better if we care about kernel compatibility.
In http://bugs.debian.org/714107, I found that setrlimit64 doesn't work reliably
for 2.6.34 or older. PR_SET_DUMPABLE seems to work for even 2.4.x.

I just backported the new ssh-agent code from master to the 2.0 branch. Thus
2.0.21 will have this support.

Hello Werner,

GnuPG uses setrlimit do disable core dumps. It has always done so. See
common/sysutils.c:disable_core_dumps. Do you have a test case which shows that
it does not work?

Please recall that gpg is a Unix command line tool and as such it need to stcik
to common conventions. Only messages which are deemed to be necessary are
printed. Chnages to the key generation dialog would be veryhard because gpg is
used by several other programs as a backend and they assume a certain order of
prompts.

I suggest that you use one of the graphical frontends for key generation.

Thanks for your answer, I'll do that then.

Best regards

Loïc Gomez

If you want to rely on the exit coide, you can't use gpg. There are simply too
many things to consider and everyone has a different policy. I commonly use AWK
scripts to implement such policies by parsing the --status-fd output.

The tool you might want to use is gpgv which has been designed for these
purposes. In fact, it is used by all Linux distros to verify the integrity of
the downloaded packages against a specific keyring. Please check out the gpgv
man page.

We need to see whether we can re-use the code from GPA for this purpose.

Fixed in 0.9.4, coming soon.

Pending for a long time; should be considered for 2.1

Done for 2.0