Hi, thanks for the report.

I have also experience the same bug and reported it on:
https://bugs.kde.org/show_bug.cgi?id=385390

$ gpg --homedir /notexistent -dv <1.msg --override-session-key 7:D6E1027D58A0CB047C41EA881A137197 --status-fd 2 
gpg: keyblock resource '/notexistent/pubring.kbx': No such file or directory
[GNUPG:] ERROR add_keyblock_resource 33587281
gpg: public key is 7F3B7ED4319BCCA8
[GNUPG:] ENC_TO 7F3B7ED4319BCCA8 18 0
[GNUPG:] ERROR keydb_search 33554445
gpg: encrypted with ECDH key, ID 7F3B7ED4319BCCA8

Indeed, this makes gpg return 2. The reason is that the first error message uses log_error which sets a flag to have gpg return 2. Now, changing this to log_info may produce problems for applications which expect that gpg errors out for a bad homedir.

can you try it with --homedir /does/not/exist

I got it working.. turns out I had to force a migration by doing an rm ~/.gnupg/.gpg-v21-migrated.

Thanks!

The Linux specific solution in /D450 looks like a good solution but it needs some testing.

But how can I influence the target directory for GnuPG during an automatic installation? We are not using the default directories.

Right, this differs. GnuPG is now installed at a well known location. Actually the Gpg4win installer includes the standard GnuPG installer and it is possible to update just GnuPG without a need to update the entire gpg4win.
This avoid multiple installs of GnuPG with all its problems.

Hello all together,

I close this for now. If you run into problems with 2.2.2 again, please re-open this bug.

Thanks for the list

Using an npth function is not good because we want to come up with a reasonable iteration count. Allowing npth to switch threads would not be good. The Linux specific solution in /D450 looks like a good solution but it needs some testing.

Yesterday I could reproduce that emails in the "send" folder cannot be decrypted anymore.

How about D450: clock_gettime if CLOCK_THREAD_CPUTIME_ID is available.?

Here is the list:

• libgcrypt
• libassuan
• ntbtls
• gpgme : autogen.sh is ready
• npth

Applied to 2.2 branch.

I fixed for master.
It will be into 2.2.

This week I'm trying to make progress with this issue.

Confirmed, this is the exact same problem!

Thanks!

Just tried this but can't replicate it:

$ ../g10/gpg -dv <1.msg --override-session-key 7:D6E1027D58A0CB047C41EA881A137197 --status-fd 2 
gpg: public key is 7F3B7ED4319BCCA8
[GNUPG:] ENC_TO 7F3B7ED4319BCCA8 18 0
gpg: encrypted with ECDH key, ID 7F3B7ED4319BCCA8
[GNUPG:] BEGIN_DECRYPTION
gpg: AES encrypted data
[GNUPG:] DECRYPTION_INFO 2 7
gpg: original file name=''
[GNUPG:] PLAINTEXT 62 1508859245 
[GNUPG:] PLAINTEXT_LENGTH 68
"Well hello there Charlie Brown, you blockhead."
                -- Lucy Van Pelt
[GNUPG:] DECRYPTION_OKAY
[GNUPG:] GOODMDC
[GNUPG:] END_DECRYPTION
$ echo $?
0
$ gpg -k 7F3B7ED4319BCCA8
gpg: error reading key: No public key

Unfortunately --batch option doesn't help, it only suppresses user input.

$ gpg2 --pinentry-mode loopback --batch --delete-secret-keys F4433F96910C9AC1FEF65A7299A5538C769B6150
gpg: deleting secret key failed: No pinentry
gpg: deleting secret subkey failed: No pinentry
gpg: F4433F96910C9AC1FEF65A7299A5538C769B6150: delete key failed: No pinentry

GPG pinentry works well on my Gnome desktop (wellformated form appear) but I have a problem when I need remove secret key (enter passphrase) on remote machine via SSH.
It can be handled with --export why not with --delete-secret-keys?
Is there some fix already? Or roadmap this will be fixed? Or some workaround how can I remove secret key remotely via SSH?

gpg-agent sometimes pops up confirmation dialogs. This can't yet be handled with the loopback pinentry. Try gpg option --batch.

I tried to melt it down to a specific beta release with which it isn't possible anymore to decrypt send emails.

Jochen, I am currently using Windows 10 version 1607 (OS Build 14393. 1230).

Won't we fixed for 1.4 and 2.0 (which is too close to EOL). Has been fixed for master; see T2359.

In 2.2.2 you will see "Secret sibkeys are available" and commands which require the primary key are disabled.

Since this is a bug that is related to two different parts of the gpg4win package, this bug now only cares about the GpgOL Issue, that GpgOL crashes and cant decrypt messages from the sent folder that are encrypted with S/MIME. All File Based Issues are belonging to Kleopatra are documentet in the KDE Phabricator (https://phabricator.kde.org/T7310).

What Version of Windows do you use? If you use an older Windows (pre 7) please follow this guideline: https://wiki.gnupg.org/Gpg4win/releases/3.0/notes

1. Mails encrypted with S/MIME are stored with "No Data" in the sent EMail folder, but arrive properly at the recipients (you will recieve a readable copy, if you add yourself to the list of recipients). This Issue breaks the GpgOL Plugin after some time which is leading to the described Problem.

gpgme does not known about return codes because it uses a double fork approach. However, certain staus lines could have the same effect.

Hm, perhaps this non-zero return code is due to not being able to write to the GNUPGHOME directory, actually. It goes away when GNUPGHOME is writable. That doesn't make sense either -- this operation doesn't actually depend on being able to write to GNUPGHOME, so it shouldn't return a different error code if GNUPGHOME is unwritable.

I am closing this bug report, as I can't get feedback to fix something.

GnuPG 1.4 is only for old features. New features are only supported by GnuPG 2.2.

2. Files that are Signed and Encrypted to a S/MIME Certificate is broken. When you select a file and encrypt and sign it to a recipient, only a detached signature will be created and the Encrpyted file is missing. (Very similar to Issue 1, but file based).

https://phabricator.kde.org/D8368

Can you please try again with the standard shell (and not the power shell)?

Please look in the status bar of your desktop. You should see a (blinking) tab for the Pinentry. Unfortunately it is not always possible to get the Pinentry into the foreground and Windows will instead show it in the status bar.

Same issue exists in 2.2:

Same here on current stable (3.0.0):

DCO = Developer's Certificate of Origin. See gnupg/doc/HACKING under "** License Policy" .

The long term goal is to replace sshcontrol by aflag in the extended private key format. This would instantly solve the bug. Thus closing.

Let's move that to master.

A backport to 2.0 does not make anymore sense given EOF in 2 months.

No info received, similar to another fixed bug, and for 2.0 which will soon reach EOL.

I am preparing the patch I am using against 2.2.0. What is DCO?

gniibe: Can you check the status?

2.0 will reach EOL soon and we have received no response. Thus closing. If the problem persists with 2.2 (e.g. from gpg4win 3.0) please re-open this bug.

Won't be fixed for 1.4.

No, I used the standard Windows command line

2.0 reached eol in 2 months so need to check it. For 1.4 I assume it has been fixed ;-)

@perske, may I ask you to send a DCO and an possible updated patch against 2.2 to gnupg-devel@ ? I would like to add it to 2.2.2. Sorry for the delays.

There should be a backup file in these cases.

I would suggest to close this as won't fix.

In 2.2 we implemented --import-option show-only which dies the right thing, that is to use the reguarl key-listing code. Backporting this to 1.4 does not make sense - people should move on and use gpg 2.2.

Given that we received no info after nearly two years, shouldn't we simply assume that this bug as been fixed?

This patch was released with 1.4.22

Thanks for testing. Did you try with a powershell?

Tried this on Windows 8.1 (x64) with GnuPG 2.2.1 (libgcrypt 1.8.1) and was not able to reproduce it.

I can replicate this now. Unfortunately without logging enabled.

This is exactly what I was looking for --> Settings > Configure Kleopatra > Crypto operations > Create signed or encrypted files as text files
Thanks!

I tried to replicate this but failed. Well, I am on Vista and standard cmd.exe. Can you please try your tests again on a standard cmd.exe shell?

@gouttegd provided a patch to implemented that policy. I setup a server server to check this:

gpg -v --fetch-key https://test.gnupg.org/testurl/redirect-to-http.html

Here is a part of the log inline:

I would suggest to close this report even that I have the same problem with the g10 Code cert on Vista - but it used to work when I bought that cert.

Hello Jochen,

There is just another person experiencing the same problem with an Exchange based account on Win10pro x64, Outlook 2016 x86.

I don't have access to this description. I used official, newest releases. I searched for this issue on the web, on the gpg4win page but did not find a solution. Is there any accessible information?

This sound like the issue described in https://wald.intevation.org/forum/message.php?msg_id=5265&group_id=11