Page MenuHome GnuPG
Feed Advanced Search

Apr 7 2017

justus closed D421: padding is needed for 64-bit big endian by committing rGbf8b5e9042b3: gpgscm: Fix compact vector encoding..
Apr 7 2017, 1:06 PM · gnupg (gpg21)
justus updated the diff for D421: padding is needed for 64-bit big endian.

Use pointer-sized unsigned integer for the flags field.

Apr 7 2017, 12:53 PM · gnupg (gpg21)
gniibe added a comment to D421: padding is needed for 64-bit big endian.

I understand your emulator is s390x. Perhaps, on the emulator, memory layout is different?
I now see that C99 is OK for GnuPG, or at least no problem for gpgscm.

Apr 7 2017, 12:37 PM · gnupg (gpg21)
justus added a comment to D421: padding is needed for 64-bit big endian.
In D421#2968, @gniibe wrote:

I think that there are two archs: s390 and s390x. Latter is 64-bit and supports 32-bit version as well.

Apr 7 2017, 12:22 PM · gnupg (gpg21)
gniibe added a comment to D421: padding is needed for 64-bit big endian.

I think that there are two archs: s390 and s390x. Latter is 64-bit and supports 32-bit version as well.
Use of machine word size (32-bit for 32-bit machine, 64-bit for 32-bit machine) is good. That will be update of Diff 1255.
But I don't know how it is achieved easily.
(If we can ignore LLP64, we can use unsigned long.)
Please go ahead that way.

Apr 7 2017, 12:12 PM · gnupg (gpg21)
justus added a comment to D421: padding is needed for 64-bit big endian.

@gniibe thanks for figuring this out. This is rather mundane, I'm somewhat astonished that I did not think of that :(.

Apr 7 2017, 11:48 AM · gnupg (gpg21)
gniibe added a comment to D421: padding is needed for 64-bit big endian.

Please decide for _flag access on 64-bit machine, if 32-bit access is better or not.
If 64-bit access is better, update version of {Diff1255} is needed, instead.
unsigned long is not good for LLP64 system. Use unsigned long long for 64-bit system.

Apr 7 2017, 3:05 AM · gnupg (gpg21)
gniibe updated the diff for D421: padding is needed for 64-bit big endian.

Update of the diff, so that we can keep _flag field access to 32-bit on 64-bit machine.

Apr 7 2017, 2:27 AM · gnupg (gpg21)
gniibe added a comment to T3027: gpg-agent crash on macOS Sierra triggerd by ssh.

Applied as ebe12be034f0.

Apr 7 2017, 2:15 AM · Bug Report, gpgagent, gnupg
gniibe created D421: padding is needed for 64-bit big endian.
Apr 7 2017, 1:07 AM · gnupg (gpg21)

Apr 6 2017

werner accepted D419: gpg-agent cache handling serialization.

Re-purposing the encryption lock would have been my suggestion as well.

Apr 6 2017, 9:44 AM · gnupg (gpg21)
gniibe added reviewers for D419: gpg-agent cache handling serialization: wk, justus.
Apr 6 2017, 4:48 AM · gnupg (gpg21)
gniibe created D419: gpg-agent cache handling serialization.
Apr 6 2017, 4:43 AM · gnupg (gpg21)
gniibe added a comment to T3027: gpg-agent crash on macOS Sierra triggerd by ssh.

While I can't reproduce this problem myself, I think I found an issue of gpg-agent passphrase caching.
Double free may happen when multiple threads enter agent_put_cache, for example.

Apr 6 2017, 4:38 AM · Bug Report, gpgagent, gnupg

Apr 4 2017

gniibe added a project to T3027: gpg-agent crash on macOS Sierra triggerd by ssh: In Progress.
Apr 4 2017, 2:56 AM · Bug Report, gpgagent, gnupg
gniibe reopened T3027: gpg-agent crash on macOS Sierra triggerd by ssh as "Open".
Apr 4 2017, 2:54 AM · Bug Report, gpgagent, gnupg
gniibe closed T3027: gpg-agent crash on macOS Sierra triggerd by ssh as Resolved.

In 2.1.19, gpg-agent uses getpeerucred for macOS. I changed it (since it seemed not working). In 2.1.20, gpg-agent now uses getsockopt with LOCAL_PEERPID.
It seems for me that the crash occurs by ucred_free. If this is the case, 2.1.20 fixes this issue.

Apr 4 2017, 2:54 AM · Bug Report, gpgagent, gnupg

Apr 3 2017

wk added projects to T3029: make install does not configure/link installation for libgcrypt for gpg2: Not A Bug, FAQ.
Apr 3 2017, 9:43 AM · Bug Report, FAQ, gnupg, Not A Bug
wk added a comment to T3029: make install does not configure/link installation for libgcrypt for gpg2.

This is no a bug but a non-proper installation of libgcrypt. In fact the output
of libgcrypt's "make install" shows hints on how to finish the install; also
pointing to ldconfig.

In general it is not easy to install a newer version of a library on a system
which already has an older version of that library.

Apr 3 2017, 9:43 AM · Bug Report, FAQ, gnupg, Not A Bug

Mar 31 2017

werner added a project to T2991: dirmngr unable to receive keys if only IPv6 DNS servers are set: g10code (gnupg-2.2).
Mar 31 2017, 3:12 PM · g10code (gnupg-2.2), Debian, Bug Report, gnupg, gnupg (gpg21), dirmngr

Mar 30 2017

marcus moved T3027: gpg-agent crash on macOS Sierra triggerd by ssh from In Progress to Backlog on the gnupg board.
Mar 30 2017, 7:36 PM · Bug Report, gpgagent, gnupg
marcus moved T3027: gpg-agent crash on macOS Sierra triggerd by ssh from Backlog to In Progress on the gnupg board.
Mar 30 2017, 7:35 PM · Bug Report, gpgagent, gnupg
admin created gnupg (gpg21).
Mar 30 2017, 6:42 PM
MisterXYZ set Version to 2.1.19 on T3029: make install does not configure/link installation for libgcrypt for gpg2.
Mar 30 2017, 5:36 PM · Bug Report, FAQ, gnupg, Not A Bug
MisterXYZ added projects to T3029: make install does not configure/link installation for libgcrypt for gpg2: gnupg (gpg21), gnupg, Bug Report.
Mar 30 2017, 5:36 PM · Bug Report, FAQ, gnupg, Not A Bug
landro added projects to T3027: gpg-agent crash on macOS Sierra triggerd by ssh: MacOS, ssh, gnupg, gnupg (gpg21), gpgagent, Bug Report.
Mar 30 2017, 3:22 PM · Bug Report, gpgagent, gnupg
landro set Version to 2.1.19 on T3027: gpg-agent crash on macOS Sierra triggerd by ssh.
Mar 30 2017, 3:22 PM · Bug Report, gpgagent, gnupg

Mar 20 2017

werner updated subscribers of T2968: gpg --search: Connection closed in DNS.
Mar 20 2017, 2:55 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr
werner reassigned T2968: gpg --search: Connection closed in DNS from kardan to justus.
Mar 20 2017, 2:55 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr

Mar 16 2017

kardan added a comment to T2968: gpg --search: Connection closed in DNS.

I was able to reproduce it again. Maybe this bug depends on which keyserver in
the pool answers. The error is the same for Tor and non-Tor connections.

Mar 16 2017, 3:16 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr
kardan reopened T2968: gpg --search: Connection closed in DNS as "Open".
Mar 16 2017, 3:16 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr
kardan added a comment to T2968: gpg --search: Connection closed in DNS.

I don't know why, it is not repdroducible anymore.

Mar 16 2017, 7:27 AM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr
kardan closed T2968: gpg --search: Connection closed in DNS as Resolved.
Mar 16 2017, 7:27 AM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr

Mar 14 2017

justus added a comment to T2991: dirmngr unable to receive keys if only IPv6 DNS servers are set.

This seems to be a bug in our new resolver library. I have contacted the author
for assistance.

Mar 14 2017, 10:28 AM · g10code (gnupg-2.2), Debian, Bug Report, gnupg, gnupg (gpg21), dirmngr

Mar 13 2017

nfnty added a comment to T2991: dirmngr unable to receive keys if only IPv6 DNS servers are set.

This is a duplicate of #2990.

Mar 13 2017, 3:50 PM · g10code (gnupg-2.2), Debian, Bug Report, gnupg, gnupg (gpg21), dirmngr
flokli added a comment to T2991: dirmngr unable to receive keys if only IPv6 DNS servers are set.

Hey :-)

Glad to see I'm not the only one ;-)

Mar 13 2017, 12:56 PM · g10code (gnupg-2.2), Debian, Bug Report, gnupg, gnupg (gpg21), dirmngr
justus added a comment to T2991: dirmngr unable to receive keys if only IPv6 DNS servers are set.

Indeed, I can reproduce this.

PS: Hi flokli :)

Mar 13 2017, 10:50 AM · g10code (gnupg-2.2), Debian, Bug Report, gnupg, gnupg (gpg21), dirmngr

Mar 10 2017

flokli added projects to T2991: dirmngr unable to receive keys if only IPv6 DNS servers are set: dirmngr, gnupg (gpg21), gnupg, Bug Report, Debian.
Mar 10 2017, 9:42 PM · g10code (gnupg-2.2), Debian, Bug Report, gnupg, gnupg (gpg21), dirmngr

Feb 21 2017

dkg added a comment to T2968: gpg --search: Connection closed in DNS.

Are you using tor? if so, is your tor daemon up and running, and actively
connecting to the outside world?

Feb 21 2017, 4:43 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr

Feb 20 2017

azul closed T2969: speedo install fails due to cert issue for swdb.lst as Resolved.
Feb 20 2017, 7:19 PM · Bug Report, gnupg (gpg21)
azul added a comment to T2969: speedo install fails due to cert issue for swdb.lst.

Okay... using a later distribution with a newer wget fixed this:
https://travis-ci.org/azul/gpg-build/builds/203543109

closing. Sorry for the noise.

Feb 20 2017, 7:18 PM · Bug Report, gnupg (gpg21)
azul added a comment to T2969: speedo install fails due to cert issue for swdb.lst.

The same build works locally for me with wget 1.17.1.
travis has 1.13.4

$ wget --version

GNU Wget 1.13.4 built on linux-gnu.

+digest +https +ipv6 +iri +large-file +nls +ntlm +opie +ssl/openssl

Wgetrc:

    /etc/wgetrc (system)

Locale: /usr/share/locale

Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc"

    -DLOCALEDIR="/usr/share/locale" -I. -I../../src -I../lib 

    -I../../lib -D_FORTIFY_SOURCE=2 -Iyes/include -g -O2 

    -fstack-protector --param=ssp-buffer-size=4 -Wformat 

    -Wformat-security -Werror=format-security -DNO_SSLv2 

    -D_FILE_OFFSET_BITS=64 -g -Wall

Link: gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat

    -Wformat-security -Werror=format-security -DNO_SSLv2 

    -D_FILE_OFFSET_BITS=64 -g -Wall -Wl,-Bsymbolic-functions 

    -Wl,-z,relro -Lyes/lib -lssl -lcrypto -lz -ldl -lz -lidn -lrt 

    ftp-opie.o openssl.o http-ntlm.o ../lib/libgnu.a

Copyright (C) 2009 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later

http://www.gnu.org/licenses/gpl.html.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

Originally written by Hrvoje Niksic <hniksic@xemacs.org>.

Please send bug reports and questions to <bug-wget@gnu.org>.

Feb 20 2017, 7:13 PM · Bug Report, gnupg (gpg21)
azul added projects to T2969: speedo install fails due to cert issue for swdb.lst: gnupg (gpg21), Bug Report.
Feb 20 2017, 6:50 PM · Bug Report, gnupg (gpg21)

Feb 19 2017

kardan added projects to T2968: gpg --search: Connection closed in DNS: dirmngr, Keyserver, gnupg, gnupg (gpg21), Debian, Bug Report.
Feb 19 2017, 8:51 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr

Jan 23 2017

codmyre added a comment to T2925: Permissions of pubkey.kbx not retained through changes.

I nearly filed this as a minor bug to start with. Apologies for the
mis-classification.

My thinking was that there are a few rarer cases on unattended/shared
environments where this may be an issue. Scripts may deliberately be using a
umask that allows write permission to files it's creating, not expecting that
pubring (or other keyring) changes will create a new file. Other users/services
may need read permission to those keyrings, and actually end up with write
permission. This is potentially a problem despite the data not being secret.

Granted, the above hypothetical situation is uncommon and easily worked around
with better design/testing, but it might catch people out.

Jan 23 2017, 4:58 PM · gnupg (gpg23), Bug Report
werner lowered the priority of T2925: Permissions of pubkey.kbx not retained through changes from Normal to Low.
Jan 23 2017, 10:06 AM · gnupg (gpg23), Bug Report
werner added a comment to T2925: Permissions of pubkey.kbx not retained through changes.

I don't consider this a minor bug.

The pubring does not contain secret information but only sensitive data, like
many files in a user's $HOME. The umask is the standard Unix way of restricting
access for new files. For files holding secret data we explicitly set the
permissions.

Jan 23 2017, 10:06 AM · gnupg (gpg23), Bug Report

Jan 17 2017

codmyre added projects to T2925: Permissions of pubkey.kbx not retained through changes: gnupg (gpg21), gnupg, Bug Report.
Jan 17 2017, 9:53 PM · gnupg (gpg23), Bug Report
codmyre set Version to 2.1.17 on T2925: Permissions of pubkey.kbx not retained through changes.
Jan 17 2017, 9:53 PM · gnupg (gpg23), Bug Report
werner added a comment to T2924: HTTP(S) preferred key servers always treated as HKP.

Thanks for the report. I can replicate this.

Jan 17 2017, 10:58 AM · gnupg (gpg22), Bug Report, dirmngr
codmyre added projects to T2924: HTTP(S) preferred key servers always treated as HKP: dirmngr, gnupg (gpg21), gnupg, Bug Report.
Jan 17 2017, 12:00 AM · gnupg (gpg22), Bug Report, dirmngr

Jan 16 2017

linsam added a comment to T2923: trust signature domain restrictions don't work.

Jan 16 2017, 6:55 AM · gnupg (gpg14), Bug Report
linsam added a comment to T2923: trust signature domain restrictions don't work.

Attached example output after patch is applied. Now User4 has full validity like
expected, and the debug output shows a match for User4's email address (NOTE:
the debug output has 'YES' for no match and 'NO' for successful match)

Jan 16 2017, 6:55 AM · gnupg (gpg14), Bug Report
linsam added a comment to T2923: trust signature domain restrictions don't work.

D406: 944_example.patch

Jan 16 2017, 6:53 AM · gnupg (gpg14), Bug Report
linsam added a comment to T2923: trust signature domain restrictions don't work.

Attached example patch prevents escaping normal lowercase letters.

Note that this isn't a general solution, though it does solve the issue for me.
For example, some email addresses have numbers (I don't know if having backslash
before numbers is an issue like it is for letters)

Jan 16 2017, 6:53 AM · gnupg (gpg14), Bug Report
linsam added a comment to T2923: trust signature domain restrictions don't work.

Attached example are the following setup:

user1 tsign user2 with full trust, depth 1, domain="customer.com". User2 signs
user3 through user5 (regular signatures). User4 is at customer.com, users 3 and
5 are at example.com.

Jan 16 2017, 6:50 AM · gnupg (gpg14), Bug Report
linsam added a comment to T2923: trust signature domain restrictions don't work.

Jan 16 2017, 6:50 AM · gnupg (gpg14), Bug Report
linsam set Version to 1.4.20, 2.0.22, 2.1.11 on T2923: trust signature domain restrictions don't work.
Jan 16 2017, 6:43 AM · gnupg (gpg14), Bug Report
linsam added projects to T2923: trust signature domain restrictions don't work: gnupg (gpg21), gnupg (gpg14), gnupg (gpg20), gnupg, Bug Report.
Jan 16 2017, 6:43 AM · gnupg (gpg14), Bug Report

Jan 6 2017

werner closed T2118: Command --quick-gen-key ignores --default-cert-expire, --edit-key ignores --default-sig-expire as Resolved.
Jan 6 2017, 5:33 PM · Won't Fix, gnupg (gpg21), Bug Report, gnupg

Dec 19 2016

aheinecke added a comment to T2381: Add more support for profiles in gpgconf.

Ok profiles are now there and look workable, but it looks like they are only
supporting configuration values that are currently accessible through gpgconf:

[gpg]
trust-model tofu+pgp
keyserver-options auto-key-retrieve
auto-key-locate local,wkd,pka,cert,dane

Leads to:

gpgconf: /opt/gnupg/etc/gnupg/automated.profile:7:0: error: unknown option
'trust-model' in section 'gpg'
gpgconf: /opt/gnupg/etc/gnupg/automated.profile:8:0: error: unknown option
'keyserver-options' in section 'gpg'

So we need more options promoted to gpgconf. Which I think is ok, we can just
mark them as Expert / Invisible and GUI's should respect that.

Dec 19 2016, 6:41 PM · In Progress, gnupg (gpg22), gnupg, Feature Request

Nov 14 2016

thomas closed T2835: "keyid-format none" ignored for --verify and other commands as Resolved.
Nov 14 2016, 4:55 PM · Bug Report, gnupg (gpg21)
thomas added a comment to T2835: "keyid-format none" ignored for --verify and other commands.

ah, misread the 2.1.16 part, so yes, it seems to be fixed.

Where do you take it from that keyid-format none should result in the full
fingerprint being shown?

The man page:
"none" does not show the key ID at all but shows the fingerprint in a separate
line.

Nov 14 2016, 4:55 PM · Bug Report, gnupg (gpg21)
thomas reopened T2835: "keyid-format none" ignored for --verify and other commands as "Open".
Nov 14 2016, 4:53 PM · Bug Report, gnupg (gpg21)
thomas added a comment to T2835: "keyid-format none" ignored for --verify and other commands.

OK, then this is just an issue for interactive usage, but still an issue.

Nov 14 2016, 4:53 PM · Bug Report, gnupg (gpg21)
aheinecke added a comment to T2835: "keyid-format none" ignored for --verify and other commands.

When using a script you should not parse the human readable output.

gpg2 --status-fd 2 --verify /tmp/msg

[GNUPG:] VALIDSIG 94A5C9A03C2FE5CA3B095D8E1FDF723CF462B6B1 2016-11-14 1479138285
0 4 0 1 8 00 94A5C9A03C2FE5CA3B095D8E1FDF723CF462B6B1

See https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS
for the meaning of these fields

In gpg2.1.16 the fingerprint is also used instead of the keyid if you do:

/opt/gnupg/bin/gpg --keyid-format none --verify foo.sig

Where do you take it from that keyid-format none should result in the full
fingerprint being shown?

Nov 14 2016, 4:51 PM · Bug Report, gnupg (gpg21)
aheinecke placed T2835: "keyid-format none" ignored for --verify and other commands up for grabs.
Nov 14 2016, 4:51 PM · Bug Report, gnupg (gpg21)
aheinecke closed T2835: "keyid-format none" ignored for --verify and other commands as Resolved.
Nov 14 2016, 4:51 PM · Bug Report, gnupg (gpg21)
thomas added projects to T2835: "keyid-format none" ignored for --verify and other commands: gnupg (gpg21), Bug Report.
Nov 14 2016, 4:13 PM · Bug Report, gnupg (gpg21)
thomas updated subscribers of T2835: "keyid-format none" ignored for --verify and other commands.
Nov 14 2016, 4:13 PM · Bug Report, gnupg (gpg21)

Oct 17 2016

shtrom added a comment to T2167: Unplugging USB Smartcard/Yubikey causes problems with scdaemon.

I run in the same issue as PRab whenever I suspend or hibernate my machine. The
machine as Broadcom BCM5880 with a smart-card reader, so I cannot unplug it.
Quickest workaround is to kill/restart scdaemon.

Is there/could there be a command that could be sent to scdaemon via the agent
so a reset could be triggered? It should be easy enough to line that up as part
of the resume scripts.

Oct 17 2016, 11:17 AM · gnupg (gpg22), Restricted Project, patch, Windows 64, scd, Windows, Windows 32, Bug Report

Oct 13 2016

justus added a comment to T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol.

John is using 2.1.14, but this bug was fixed in 2.1.15.

Oct 13 2016, 1:26 PM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)
justus closed T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol as Resolved.
Oct 13 2016, 1:26 PM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)

Oct 12 2016

dkg reopened T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol as "Open".
Oct 12 2016, 11:51 PM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)
dkg added a comment to T2316: ssh-add ignores keys already in private-keys-v1.d but not in sshcontrol.

This is apparently just re-reported on gnupg-users:

https://lists.gnupg.org/pipermail/gnupg-users/2016-October/056892.html

So i don't think it's fixed.

And fwiw, it seems like a clear bug to me if i use "ssh-add" and then it is not
added to the agent.

From the ssh-add's client's perspective, some keys are magically never added,
but others are. This kind of mystery behavior is confusing and frustrating. If
gpg-agent is going to handle the ssh-agent protocol, it should aim toward behave
as the user of the ssh-agent protocol expects, regardless of whether the user
knows that they're using gpg-agent or some other implementation.

Oct 12 2016, 11:51 PM · gnupg, Not A Bug, Bug Report, ssh, gpgagent, gnupg (gpg21)

Oct 10 2016

justus added projects to T2746: ssh keys not deduplicated, cannot configure card auth keys using sshcontrol: gnupg (gpg21), gnupg, Bug Report.
Oct 10 2016, 12:42 PM · Bug Report, gnupg, gnupg (gpg21)

Oct 5 2016

werner added a project to T2118: Command --quick-gen-key ignores --default-cert-expire, --edit-key ignores --default-sig-expire: Won't Fix.
Oct 5 2016, 2:59 PM · Won't Fix, gnupg (gpg21), Bug Report, gnupg

Sep 28 2016

werner removed Version on T1089: Please store requests in a cache to avoid sending out duplicate requests (mailto: interface).
Sep 28 2016, 9:55 AM · gnupg (gpg23), gnupg, Debian, Feature Request
werner added a project to T1089: Please store requests in a cache to avoid sending out duplicate requests (mailto: interface): gnupg (gpg23).
Sep 28 2016, 9:55 AM · gnupg (gpg23), gnupg, Debian, Feature Request
werner added a comment to T1089: Please store requests in a cache to avoid sending out duplicate requests (mailto: interface).

There are a couple of ideas on how to use mail for key retrieval. We won't be
able to implement them for 2.2 but we should consider this for 2.3.

There won't be any changes for 1.4, though.

Sep 28 2016, 9:55 AM · gnupg (gpg23), gnupg, Debian, Feature Request
werner added a comment to T2118: Command --quick-gen-key ignores --default-cert-expire, --edit-key ignores --default-sig-expire.

lechten: I agree with justus' evaluation. Further we can't change the sematics
of --default-cert-expire in the way you want that; it would not be compatible.

Sep 28 2016, 9:53 AM · Won't Fix, gnupg (gpg21), Bug Report, gnupg
werner added a project to T2110: Gpgsm 2.1 external key search gives duplicated results: S/MIME.
Sep 28 2016, 9:46 AM · gnupg (gpg22), S/MIME, Bug Report, gpg4win, Windows, Windows 32
werner added a comment to T1985: Option --try-all-secrets doesn't work.

Fixed with 2.1.14.

Sep 28 2016, 9:45 AM · gnupg (gpg21), Bug Report, gnupg
werner removed a project from T1985: Option --try-all-secrets doesn't work: Restricted Project.
Sep 28 2016, 9:45 AM · gnupg (gpg21), Bug Report, gnupg
werner closed T1985: Option --try-all-secrets doesn't work as Resolved.
Sep 28 2016, 9:45 AM · gnupg (gpg21), Bug Report, gnupg
werner added a comment to T2684: GPG encrypts using a key of a partial recipient match instead of exact match.

Look at what the man page says on how to specify a user id:

  • By exact match on an email address. This is indicated by enclosing the email address in the usual way with left and right angles. <heinrichh@uni-duesseldorf.de>

The default however is a substring match on the entire user id. Note that
issue2359 is also about this and it may introduce a slighlty modified way on how
a key is specified by a mail address.

Should only be chnaged for master, though.

Sep 28 2016, 9:43 AM · gnupg (gpg14), Bug Report
werner added a project to T2684: GPG encrypts using a key of a partial recipient match instead of exact match: gnupg (gpg21).
Sep 28 2016, 9:43 AM · gnupg (gpg14), Bug Report

Sep 27 2016

werner removed a project from T2280: Wish for a new keygen API: Restricted Project.
Sep 27 2016, 11:50 AM · gnupg, gnupg (gpg21), Feature Request
werner closed T2280: Wish for a new keygen API as Resolved.
Sep 27 2016, 11:50 AM · gnupg, gnupg (gpg21), Feature Request
werner added a comment to T2280: Wish for a new keygen API.

gpgme 1.7.0 has been released and thus I consider this bug solved.

Sep 27 2016, 11:50 AM · gnupg, gnupg (gpg21), Feature Request

Sep 14 2016

werner added a comment to T2280: Wish for a new keygen API.

gpgme 1.7 will have gpgme_op_createkey which takes "default" and
"future-default" as algorithm parameters. There is also a bunch of user
functions to make creating a key easy with gpgme.

Sep 14 2016, 1:27 PM · gnupg, gnupg (gpg21), Feature Request

Aug 12 2016

werner added a project to T2359: Query which key will be used for a given mailbox: gnupg (gpg22).
Aug 12 2016, 11:16 AM · gnupg (gpg22), gnupg, Feature Request
werner added a project to T2360: Add support for TOFU in GpgME: gnupg (gpg22).
Aug 12 2016, 11:14 AM · gnupg (gpg22), gpgme, Feature Request

Aug 5 2016

aheinecke added a project to T2420: TOFU Info for a Key: Duplicate.
Aug 5 2016, 10:49 AM · Duplicate, gpgme, gnupg (gpg21), Feature Request
aheinecke added a comment to T2420: TOFU Info for a Key.

This was already mentioned in T2360 so let's not clutter the tracker.
Resolved as duplicate.

Aug 5 2016, 10:49 AM · Duplicate, gpgme, gnupg (gpg21), Feature Request
aheinecke added a comment to T2420: TOFU Info for a Key.

Duplicate of T2360

Aug 5 2016, 10:49 AM · Duplicate, gpgme, gnupg (gpg21), Feature Request
aheinecke closed T2420: TOFU Info for a Key as Resolved.
Aug 5 2016, 10:49 AM · Duplicate, gpgme, gnupg (gpg21), Feature Request

Aug 3 2016

aheinecke added a comment to T2359: Query which key will be used for a given mailbox.

To piggyback something on this issue.

To quote T2359 (aheinecke on May 17 2016, 11:59 AM / Roundup):

e.g. an API to check which key: gpg -er aheinecke@intevation.de

I did not have groups on the radar for this. If a recipient is a group then
gnupg would use multiple keys in this command.

I think locate-keys would be a great mechanism to support this easily in MUAs.
When we change it that for a given mailbox only the single most valid Key is
returned we could also have the semantic that if then multiple Keys are returned
we have a group.

Aug 3 2016, 12:29 PM · gnupg (gpg22), gnupg, Feature Request

Aug 1 2016

bernhard updated subscribers of T2118: Command --quick-gen-key ignores --default-cert-expire, --edit-key ignores --default-sig-expire.
Aug 1 2016, 10:22 AM · Won't Fix, gnupg (gpg21), Bug Report, gnupg

Jul 25 2016

justus added a comment to T2118: Command --quick-gen-key ignores --default-cert-expire, --edit-key ignores --default-sig-expire.

The document you cite also states that UID/UAT lines only use field 10.

Also, neither UID nor UAT packets encode an expiration date [0], the way an UID/UAT can expire
is that the self-signature expires [1].

0: https://tools.ietf.org/html/rfc4880#section-5.11
1: https://tools.ietf.org/html/rfc4880#section-5.2.3.3

I do no longer agree with your first problem. Key expiration is different from signature
expiration, the way to quickly generate a key that expires in one year is:

    $ g10/gpg --quick-gen-key quick_test - - 1y

I guess one could argue that if one specifies --default-cert-expire=X when adding an uid, that
the self-signature for the new uid should expire. But to be honest, I doubt that this matches
user expectations.

What would be the use case really? I know that I'll lose access to that mail address in X years
and hence want my uid to expire then.

Jul 25 2016, 2:15 PM · Won't Fix, gnupg (gpg21), Bug Report, gnupg