Yes, with current gnupg it works w/o problems. Well, unless systemd decided to remove the directory. There is a loginctl(1) way to avoid this.

You are still using the old way of having the sockets in ${GNUPGHOME:-~/.gnupg}. Since 2.2.13 we use

API-wise this would be possible because right now gpg errors out with

Done for master

Using a double underscore in a symbol should be avoided because such symbols are reserved for system use.
(To include a diff inline, please intend it by two spaces so that it is not not considered as marked up text.)

That is a very old version (2015); please retry using the latest released version 1.4.23 (from 2018).

I just tried and Pinentry ask me whether I really want to use an unprotected key. Take care that you hit the right button.

FWIW, GPGME is basically C90 and we only recently started to use C99 variadic macros - they are a cpp feature, though.

I am working on the Telesec Signature Card v2. I will add encryption support to gpgsm.

Please let us know which version of Gpg4win you are using.

Sorry, I don't know what kind of sample data that is. The reference keys have been provided by the RFC6637 author and are part of GnuPG's test suite; see (gnupg/tests/openpgp/samplekeys/ecc-sample-*).

We do this now always if --auto-issuer-key-retrieve is set. Also backported to 2.2

I back ported @jukivili's changes back to 2.2 which gives a CFB decryption speedup of 25%. I also implemented AEAD _decryption_ in 2.2 to be prepared for mixed 2.2 and 2.3 version use. And AEAD is really fast compared to CFB. Willbe in 2.2.21.

Nope, I was wrong.

Thanks for the patch. However, this the getopt is unfortunately GNU specific which is the reason why the original code open coded the option parser.

Thanks for reporting; the code is really new and not yet fully tested.

Data (ie.e CMS) signatures do now also work.

I think I fixed a memory leak on error but no other changes for old code except that the array to old the args now takes void* and not gcry_mpi_t - which does not make a difference.

There are no betas; either you apply the patch mentioned above ( rG2f08a4f25df7) to a stock 2.2.20 or you build from the Git repo (STABLE-BRANCH-2-2, see https://gnupg.org/download/git.html).

Okay certificate and CRL checking does now work with rsaPSS. Need to work on data signatures and check the compliance modes.

I started to work on it so that I can actually use the certificates on my new D-Trust card. This will be a verify-only implementation.

FWIW, the code was written by the author of the specs and he note in his original patch (rGe0972d3d96) :

That smells very much like an old and insecure version 3 key. We don't allow them anymore - use gpg 1 to decrypt old material but never use that key to sign stuff or give it to others to encrypt to you. It is just too weak.

Please explain what your problems is. Setting arbitrary debug flags is not helpful for your or us.