- --import-options restore
- Implies
- import-local-sigs
- keep-ownertrust
- Turns off
- import-minimal
- import-clean
- repair-pks-subkey-bug
- merge-only
- Implies
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Jun 6 2019
Jun 6 2019
matheusmoreira added a comment to T4170: Backing up, transporting, and transferring private keys from device to device.
matheusmoreira added a comment to T4170: Backing up, transporting, and transferring private keys from device to device.
- --export-options backup
- Implies
- export-local-sigs
- export-attributes
- export-sensitive-revkeys
- Turns off
- export-clean
- export-minimal
- export-pka
- export-dane
- Causes build_packet_and_meta() to be used instead of build_packet()
- This variant also writes the meta data using ring trust packets.
- a8895c99a7d0
- Ring trust packets are implementation defined and have always been used in gpg to cache the signature verification status.
- Ring trust packets are only exported with the export option "backup" and only imported with the import option "restore".
- As a side-effect of this patch the signature status cache works again and "gpg --check-sigs" is thus much faster.
- RFC 4880 § 5.10
- doc/DETAILS
- a8895c99a7d0
- This variant also writes the meta data using ring trust packets.
- Implies
Here are the patches without any new commands:
New commands can't be introduced.
New commands can't be introduced.
@werner Only patches 2 and 3 introduce new commands. What do you think about the other changes?
• gniibe committed rG72fe8d652fce: scd: Bring back --card-timeout option as deprecated. (authored by • gniibe).
scd: Bring back --card-timeout option as deprecated.
• gniibe committed rGc13e459ffeff: gpgparsemail: Die on parse error (not abort). (authored by • gniibe).
gpgparsemail: Die on parse error (not abort).
Fixed in master.
Jun 5 2019
Jun 5 2019
• werner added a comment to T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.
Something(tm) closes an arbitrary file descriptor behind our back. Not easy to track down because strace can not trace only threads - it always wants to trace all children as well - which is a bit too much and leads to other problems.
• werner raised the priority of T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification from Normal to High.
In case I not already mentioned it: There won't be any new commands to delete a key. Of course you are free to change GnuPG as you like but I won't apply them here.
The openssl version is a 64-bit counter (at least for ppc8), not 32-bit.
aheinecke committed rM024a7f75d4b8: tests: Implement import in run-threaded (authored by aheinecke).
tests: Implement import in run-threaded
• werner committed rM0f68c9f16bda: core: Prettify _gpgme_io_select debug output again and fix TRACE_SYSRES. (authored by • werner).
core: Prettify _gpgme_io_select debug output again and fix TRACE_SYSRES.
aheinecke committed rM3a3648e3a567: tests: Use synced output for error in run-threaded (authored by aheinecke).
tests: Use synced output for error in run-threaded
aheinecke committed rM3a11421d0f63: tests: Avoid variable named the same as a macro (authored by aheinecke).
tests: Avoid variable named the same as a macro
aheinecke committed rM9bbe15ebbc41: tests,w32: Fix thread creation in run-threaded (authored by aheinecke).
tests,w32: Fix thread creation in run-threaded
• werner committed rM8f9f3224aac7: core: Improve the debug messages even more. (authored by • werner).
core: Improve the debug messages even more.
• werner committed rM856d2e8d64f6: core: Avoid explicit locks in the debug code. (authored by • werner).
core: Avoid explicit locks in the debug code.
Log loops with:
I have a hang now when keylisting in Kleo with GPGME_DEBUG=9:
aheinecke renamed T4116: Kleopatra: Hang on posix with GPGME_DEBUG=9 from Kleopatra: Hang in gpgconf_read on posix with GPGME_DEBUG=9 to Kleopatra: Hang on posix with GPGME_DEBUG=9.
ECB is not bulk optimized in libgcrypt. I've send patches to add this in past but this was rejected on grounds that ECB is insecure and should not be used.
dkg added a comment to T3464: successful decryption with session key reports failure if public key is unknown.
any feedback on this proposed patch?
Jun 4 2019
Jun 4 2019
Benchmarks with the block ciphers is here https://dev.gnupg.org/D493
include missing file.
added CTR mode support
I did forget to mention that the key I'm using is 4096 bit long
I was creating a tar archive with 7-Zip on my Windows 10 machine. After the creating was completed I was encrypting the archive like so:
Just to clarify, you were able to decrypt and extract it without error? Which tool did you use to extract the tar archive?
Update NEWS and READMEs
Update gpg4win-tools
Fix a minor quoting error in it.po
Allow to remove keys in CMS mode
Fix insertion of S/MIME placeholder
aheinecke changed the status of T4553: Compatibilty with encrypted mails sent to SecurePIM from Testing to Open.
The change in message class did not help.
• werner closed T4327: Exception handling for very large or invalid number in function parse_number(...) in the file cJSON.c:176 as Wontfix.
The solution conflicts the the fix suggested and implemented for T4330.
aheinecke added a parent task for T4389: Gpg4win 3.1.8: T4479: GpgOL: S/MIME Addressbook integration.
• werner closed T4328: Missing case distinction for value "NaN" and "Inf" of IEEE floating point variable in function print_number(...) in the file cJSON.c:176 as Resolved.
Fixed similar to the suggestion but NaN and INF are detected earlier.
• werner committed rMf56c996318df: json: Print "nan", "-inf", "inf" if needed. (authored by • werner).
json: Print "nan", "-inf", "inf" if needed.
aheinecke added a subtask for T4558: GpgOL: S/MIME Mails should use the same icons as Outlook: T4389: Gpg4win 3.1.8.
aheinecke added a parent task for T4389: Gpg4win 3.1.8: T4558: GpgOL: S/MIME Mails should use the same icons as Outlook.
aheinecke added a parent task for T4389: Gpg4win 3.1.8: T4557: Kleopatra: Keylist columns should be configurable.
aheinecke added a subtask for T4557: Kleopatra: Keylist columns should be configurable: T4389: Gpg4win 3.1.8.
• werner committed rMfabe96126b4e: json: Improve handling of large exponents in the JSON parsor. (authored by • werner).
json: Improve handling of large exponents in the JSON parsor.
aheinecke changed the status of T4322: GpgOL: Embedded image not visible in forwarded email from Open to Testing.
Works for me
aheinecke changed the status of T4388: GpgOL: Add draft encryption as an option. from Open to Testing.
aheinecke committed rOe714c4c749eb: Revert "Only use IPM.Note.SMIME.MultipartSigned for SMIME" (authored by aheinecke).
Revert "Only use IPM.Note.SMIME.MultipartSigned for SMIME"
• werner moved T4456: gpgme repeatedly segfaults claws-mail after update to 1.13.0 from Backlog to QA for next release on the gpgme board.
• werner removed a project from T4518: Kleopatra: Changes log-file tcp://IPADDR to tcp:\\IPADDR: gpgme.
With the current GPGME master and the forthcoming T4551 release this has been fixed.
• werner committed rM1024884e07f7: core: Implement recpstring option parsing for gpgsm. (authored by • werner).
core: Implement recpstring option parsing for gpgsm.
• werner committed rMe9ca36f876e1: core: Make gpgme_op_encrypt_ext work for CMS. (authored by • werner).
core: Make gpgme_op_encrypt_ext work for CMS.
• werner committed rG9bf650db022b: sm: Print a better diagnostic for encryption certificate selection. (authored by • werner).
sm: Print a better diagnostic for encryption certificate selection.
I did encrypt the file myself with the version mentioned above.
I see the regression of gpgconf. I wonder if it's better to fix gpgconf side, too.
I see a regression with your fix. This option is even controllable with gpgconf at the basic level. It would be better to make it a dummy option.
g10: Block signals in g10_exit.
Fixed in master. Closing.
• gniibe closed T4137: IPC syntax error when `gpg` starts `gpg-agent` without `$TERM` variable as Resolved.
Fixed in master (to be 2.3).
agent: Allow TERM="".
I tried to apply&push, since we changed the file a bit, I needed to apply it manually.
Anyway, it's done.
Closing.
• gniibe committed rM47135ffdb923: python: Fix typo in DecryptionError exception. (authored by • gniibe).
python: Fix typo in DecryptionError exception.
• gniibe closed T3383: scdaemon option 'card-timeout' does not have any effect, a subtask of T3362: Prevent Smartcard from caching PIN when cache-ttl is set accordingly, as Resolved.
• gniibe committed rG3a1bb0081087: agent: Add pinentry_loopback_confirm declaration. (authored by • gniibe).
agent: Add pinentry_loopback_confirm declaration.
• gniibe committed rG4262933ef6f7: scd: Remove unsupported --card-timeout option. (authored by • gniibe).
scd: Remove unsupported --card-timeout option.
• gniibe added projects to T3383: scdaemon option 'card-timeout' does not have any effect: scd, Documentation.
I meant, 'card-timeout' was not intended for controlling caching PIN on card. It was for "DISCONNECT" command support.
I'm going to remove questionable documentation.
Closing.
maiden_taiwan closed T4542: gpg-agent loses characters when prompting for a GPG passphrase over SSH in Emacs as Resolved.
No worries -- you led me in the direction of a solution when you mentioned loopback mode. I appreciate your time and your help!
• gniibe closed T3119: gpg: Improve public key decryption, a subtask of T2291: Smartcard interaction improvement (was: Shadowed private key design (for smartcard)), as Resolved.
While it's not recommended, current master has a support of sharing same raw key materials. I think that it now works (I don't try, though).
Closing.
• gniibe closed T2903: "gpg --card-status" does not add any entries to the private key ring as Resolved.