Duplicate of T1938

Compiling with latest npth instead of latest pth does not change anything.
Without patch = segfault, with patch = works.

Thanks. It might be related to a left overPGP-2 key in the trustdb. I need to
investigate that closer.

Here's the output:

% gpg -K 1F38684E
% gpg -K 1F38684E
gpg: Oops: keyid_from_fingerprint: no pubkey
sec dsa1024/46B1EFE1 1999-07-05
uid [ultimate] Neil W Rickert <rickert@cs.niu.edu>
ssb elg2048/1F38684E 1999-07-05

% gpg --with-keygrip -k 1F38684E
gpg: Oops: keyid_from_fingerprint: no pubkey
pub dsa1024/46B1EFE1 1999-07-05

Keygrip = AD607F40378A7ADBC06212C08554174AB7A02B0D

uid [ultimate] Neil W Rickert <rickert@cs.niu.edu>
sub elg2048/1F38684E 1999-07-05

Keygrip = 007FC4C272831E165FDC61E9B078E566D7F472A3

Files exist for both keygrips in that output.

Does

gpg -K  1F38684E

list this key? If not please do

gpg --with-keygrip -k 1F38684E

and check that there is a file named after the kegrip below
~/.gnupg/private-keys-v1.d/

With that patch:
gpg --list-keys rickert

that now works. However, I am still unable to decrypt. When attempting to open

kdewallet, I get the message:

Error when attempting to decrypt the wallet kdewallet using GPG. If you're using
a SmartCard, please ensure it's inserted then try again.

GPG error was Decryption failed

If I try to decrypt a file at the command line, I get:

gpg: encrypted with 2048-bit ELG key, ID 1F38684E, created 1999-07-05

"Neil W Rickert <rickert@cs.niu.edu>"
gpg: decryption failed: No secret key

However, using the same keyring, this all works with opensuse 13.2 (gpg 2.0.26),
so the secret key is there. The file uses the same key as kdewallet.

Fixed in all branches.

D285: 559_0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch

The code to skip the old keys is getting quite complex for the only reason to
allow reporting the use of such keys during import.

Please try the attached patch.

Fixed with commit 0c3d764.
Should be backported to 1.4.

Back ported to 2.0 (commit 2b2adb85948ce2c7db727ebc0c99e8ad2c29bf5f)

Fixed for 2.1 with 382ba4b.Should be backported to 2.0 and 1.4.

I have pushed a fix: commit 09e8f35. If you are using libgpg-error from git,
please also update it.

The test case still takes quite long the first time but after that things are
better. The reason for this is that gpg does a --rebuild-keydb-caches.

The context menu of the key manager now has a "refresh key" item.

Probably due to T1774 which has beend fixed.

kmail2 4.14.3 fails to terminate gpg 2.1.0 instances on failed attempt to
attach public keys: https://bugs.kde.org/show_bug.cgi?id=341501

KMail2 4.14.3 cannot attach public keys when using GnuPG 2.1.0:
https://bugs.kde.org/show_bug.cgi?id=341490

Hi again -

Exporting HOSTNAME worked, thanks.

I'm still not seeing a per-host ssh agent socket, though. Maybe i'm missing
something, but here's exactly what i'm doing:

Set contents of ~/.gnupg/S.gpg-agent to:
%Assuan%
socket=${HOME}/.gnupg/S.gpg-agent-${HOSTNAME}

(newlines after each of the two lines)

~/.gnupg/gpg-agent.conf contents:
enable-ssh-support
default-cache-ttl 7200
max-cache-ttl 14400
default-cache-ttl-ssh 7200
max-cache-ttl-ssh 14400
no-grab

gpg-connect-agent --verbose /bye

gpg-connect-agent: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to agent established
gpg-connect-agent: closing connection to agent

Now i have gpg-agent running, and gpg works as expected.

In ~/.gnupg i see the following sockets:
S.gpg-agent-mymble
S.gpg-agent.ssh

Is the ssh agent socket supposed to be the same filename with .ssh appended, or
is there another line i should be adding to the S.gpg-agent redirect file?

Thanks!

On my system HOSTNAME is not an exported envvar. Thus

export HOSTNAME

should do what you want. ssh support and the new --extra-socket all use the
same code for creating the socket, thus this hould work. I have not tested it
but I am pretty sure. A problem might be that the printed SSH_AUTH_SOCK is not
set to the real socket name - I have not checked this.

Looks like a good solution. I got the git versions compiled and gave it
a whirl. I noticed a couple of things:

Looks like a good solution. I got the git versions compiled and gave it
a whirl. I noticed a couple of things:

I tried the exact contents of S.gpg-agent you gave below, but libassuan
is creating the file as $HOME/.gnupg/S.gpg-agent-

In other words the ${HOSTNAME} is blank, which obviously won't work out
very well. :) Presumably a bug. I checked my setup:

echo $HOSTNAME

mymble

hostname

mymble

So the hostname does appear to be set correctly. I'm not quite sure how
i can start it with --verbose to see if it helps show what's happening;
if i try that, with or without a server running it just gives me the
server status.

Second, with --enable-ssh-agent, i noticed that the ssh-agent socket is
still created as ~/.gnupg/S.gpg-agent.ssh. Will this same method be
able to specify a per-host ssh-agent?

In general, though, this looks like it's on the right track! Let me
know if i can do any more testing to help.

If you use the latest Libassuan and GnuPG from GIT you should get what you want.
For example:

rm ~/.gnupg/S.gpg-agent || true
printf '%%Assuan%%\nsocket=${HOME}/.gnupg/S.gpg-agent-${HOSTNAME}\n' \

      > ~/.gnupg/S.gpg-agent

Creates a redirection file which uses HOME and the HOSTNAME. If you start
gpg-agent with --verbose you get a noticed about what has been redirected.

Needs to be implemented for scdaemon and dirmngr as well - but that needs to
wait until Monday.

backported to 2.0 and 1.4.

Yep, I'm using Kleo/Kmail now with 2.1 and I don't see any issues.

I've closed your Bug against kleopatra accordingly.

I also don't think that there will be much "Does not work at all" issues but
rather "There is no gui for this or that configuration option / no gui for ECC
Key creation" etc. So this is not really a Yes/No question.

Imho a Wiki Page would be more suited to track this.

Fixed in master will be backported to 2.0.
That is a very well written bug report. Thanks.

Kleopatra and KMail should both work fine with 2.1. During the port of KMail to
WindowsCE and Maemo we developed what is now 2.1. Thus any bug is either an
regression in KDE or in GnuPG 2.1.

KGPG Should support GnuPg 2.1: https://bugs.kde.org/show_bug.cgi?id=340676

Kleopatra Should support GnuPG 2.1: https://bugs.kde.org/show_bug.cgi?id=340677

and this is for i686 build

yes, i can. this is a gpg-error.h for x86_64 build.

Fixed in master. Will be ported to 1.6.

With dirmngr 1.1.1 and libgcrypt-1.6.0 (gpg4win-2.2.2-beta19) I have what I
think is a similar error on Windows:

C:\Users\aheinecke>"c:\Program Files\GNU\GnuPG\dirmngr.exe"
dirmngr[3060]: Fatal: can't register GNU Pth with Libgcrypt: Not supported

Doesn't crash though. I've not tested the pth_init patch. If you think this is
useful please tell me and I will do so. I assume it will also fix this problem.

Fixed for 2.0.

This is already known and has been discussed at gnupg-devel -users. This is
indeed a regression which needs to be fixed. The import filter does only check
the primary key and as soon as you downlaod via a subkey id the key is rejected.

It is on my short list.

okay.

Hello Werner,

Applied to master and 2.0.

I'll apply the patch. Thanks.

I don't think that it is worth the trouble. A pinpad reader make most sense on
desktop machines and there we have 2.x. 1.4 is maintained for use on servers
where card support is anyway hard to operate.

I can confirm to you as I've write last time, but this time with new gnupg2 (2.0.24)
and gnupg (1.4.16) version, than Vega reader works fine with gpg-agent, but failed without it.

In 2.1.x (development), scdaemon and its pinpad support has been improved
(including name change from "keypad" support), and it's backported to 2.0.x.

However, it is not backported to 1.4.x. For gpg of 1.4.x, it only works when
you use gpg-agent and scdaemon of 2.?.x.

Some fixes (such as PC/SC support for MacOS) are backported to 1.4.x, though.

For Covadis Vega-Alpha, we would need to backport pinpad support improvement, as
well as CCID driver support improvement (for no auto configuration feature).

Changes are not trivial to merge, I don't know if it's worth for 1.4.x.

Fixed in master.

I meant 2.0.24 of course.

Done for 2.0.14 with commit e790671c

Backported parts of the change to 1.4.

Hello Werner,

Updated Text to remove extra word 'embedded ' from 5th entry. Send Message to
Most recent editor to confirm if correct.