- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Nov 19 2020
Nov 19 2020
gpgconf: Also print revision of libksba.
• werner triaged T5143: YubiKey 5 Nano GPG --card-edit verify command causes a segfault as High priority.
• werner committed rGf7cbf68fdd1e: po: Update Polish translation (authored by Jakub Bogusz <qboosh@pld-linux.org>).
po: Update Polish translation
mgorny reopened T5039: 2.2.22 regression: Nitrokey Pro 2 is no longer recognized automatically, requires --card-status as "Open".
The problem seems to have returned in 2.2.24.
• werner added a comment to rG84020385be19: scd:openpgp: Public keys should be available for check_keyidstr..
Urgs, that was my fault.
• gniibe committed rG8ddadbbdbbe2: agent: Fix creating shadow key on card key generation. (authored by • gniibe).
agent: Fix creating shadow key on card key generation.
• gniibe reopened T5065: scdaemon doesn't detect card removal after boot/resume (Identiv SPR332v2) as "Testing".
• gniibe added a comment to T5065: scdaemon doesn't detect card removal after boot/resume (Identiv SPR332v2).
Thanks again for your report.
• gniibe committed rG84020385be19: scd:openpgp: Public keys should be available for check_keyidstr. (authored by • gniibe).
scd:openpgp: Public keys should be available for check_keyidstr.
gpg: Fix --card-edit command.
turkja added a comment to T5065: scdaemon doesn't detect card removal after boot/resume (Identiv SPR332v2).
I'm still having problems with 2.2.24. Now the card removal is detected correctly, but the initialization fails.
Thanks. I understand the situation. Basically, gpg-agent's computation is done by a single thread (in current implementation), although it accepts many requests simultaneously.
Nov 18 2020
Nov 18 2020
We had some card related regressions in 2.2.23. I would appreciate if you could first test again with 2.2.24 which was released yesterday.
I am sorry, but this is not a help desk but a bug tracker. See https://gpg4win.org or https://gnupg.org to find out which community support is available.
swdb: Release of libksba 1.5.0
Release 1.5.0
Post release updates
Add SPDX identifiers.
• ikloecker lowered the priority of T5130: Kleopatra: Generating OpenPGP keys on Yubikey (with PIV enabled) fails with "General error" from High to Normal.
Resetting priority to normal for re-evaluation
• ikloecker reopened T5130: Kleopatra: Generating OpenPGP keys on Yubikey (with PIV enabled) fails with "General error" as "Open".
Re-opening. Now trying to generate new keys fails with a "Wrong card" error.
• werner committed rKb6438e768cf9: Allow for NDEF list of certs and CRLs in CMS. (authored by • werner).
Allow for NDEF list of certs and CRLs in CMS.
cpp: Use portable off_t size_t
• ikloecker committed rKLEOPATRAccd6e3eecf7d: Merge branch 'gpgme-1.13.1' into 'master' (authored by • ikloecker).
Merge branch 'gpgme-1.13.1' into 'master'
• ikloecker committed rKLEOPATRA9e475a6f3573: Bump required GPGME version to 1.13.1 (authored by • ikloecker).
Bump required GPGME version to 1.13.1
• ikloecker committed rKLEOPATRA0c42b4a78ef9: Merge branch 'gpgme-1.13.1' into 'master' (authored by • ikloecker).
Merge branch 'gpgme-1.13.1' into 'master'
• aheinecke committed rKLEOPATRA57248775932d: Improve error handling of seckey export (authored by • aheinecke).
Improve error handling of seckey export
• aheinecke committed rKLEOPATRA4ccbaec62569: Respect action restrictions in welcomewidget (authored by • aheinecke).
Respect action restrictions in welcomewidget
• aheinecke committed rKLEOPATRAf573a51f86fa: Pass UTF-8 filenames to gpgtar on Windows (authored by • aheinecke).
Pass UTF-8 filenames to gpgtar on Windows
Bump version in master
• ikloecker committed rLIBKLEO79f68d55776f: Merge branch 'gpgme-1.13.1' into 'master' (authored by • ikloecker).
Merge branch 'gpgme-1.13.1' into 'master'
• ikloecker committed rLIBKLEO92c3f01a2a1d: Bump required GPGME version to 1.13.1 (authored by • ikloecker).
Bump required GPGME version to 1.13.1
In T5137#139066, @werner wrote:Note that you actually run 30 independent processes with gpg 1.4 but with gpg-agent there is just one process to handle the private key operations (decrypt). To utilize more cores you need to setup several GNUPGHOME with the same private keys.
In T5137#139064, @gniibe wrote:I think that it is not gpg-agent but pinentry which causes millions of futex syscall errors.
For interactive use case, pinentry may be the point of contention.
I might be wrong if your key is not protected by passphrase.If possible, please try adding arguments for gpg invocation: --pinentry-mode loopback --passphrase-file YOUR_FILE_FOR_PASSPHRASE
This can avoid the invocation of pinentry entirely.
• ikloecker committed rKLEOPATRA5e5d740f91ea: Merge branch 'gpgme-1.13.1' into 'master' (authored by • ikloecker).
Merge branch 'gpgme-1.13.1' into 'master'
Output of (unpatched) gpg with --debug ipc:
$ GNUPGHOME=$HOME/.cache/gnupg-master-home gpg --debug ipc --quick-gen-key --yes piv@example.net card gpg: reading options from '[cmdline]' gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: enabled debug flags: ipc gpg: DBG: chan_3 <- OK Pleased to meet you, process 7588 gpg: DBG: connection to the gpg-agent established gpg: DBG: chan_3 -> RESET gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION ttyname=/dev/pts/7 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION ttytype=xterm-256color gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION display=:0 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION xauthority=/home/ingo/.Xauthority gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION putenv=XMODIFIERS=@im=local gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION putenv=GTK_IM_MODULE=cedilla gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION putenv=QT_IM_MODULE=xim gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION lc-ctype=de_DE.UTF-8 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION lc-messages=de_DE.UTF-8 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> GETINFO version gpg: DBG: chan_3 <- D 2.3.0-beta1481 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION allow-pinentry-notify gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION agent-awareness=2.1.0 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> SCD SERIALNO gpg: DBG: chan_3 <- S SERIALNO FF020001008A7796 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> SCD SERIALNO gpg: DBG: chan_3 <- S SERIALNO FF020001008A7796 gpg: DBG: chan_3 <- OK gpg: Serial number of the card: FF020001008A7796 gpg: DBG: chan_3 -> SCD LEARN --keypairinfo gpg: DBG: chan_3 <- S CHV-USAGE 40 00 gpg: DBG: chan_3 <- S CHV-STATUS -2 3 -2 gpg: DBG: chan_3 <- S KEYPAIRINFO EB6A99D61EF3BC7C7934173CD9833376D773E65D PIV.9A a gpg: DBG: chan_3 <- S KEYPAIRINFO 482BD076054B6950A6FC476C356AF029A5115BBD PIV.9E a gpg: DBG: chan_3 <- S KEYPAIRINFO 0773CFCB90C043F3A6151B3F2FBF23726F10A48A PIV.9C sc gpg: DBG: chan_3 <- S KEYPAIRINFO ED6579C1360100BE92C46ECB1A1826A63614D5AB PIV.9D e gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> SCD GETATTR $SIGNKEYID gpg: DBG: chan_3 <- S $SIGNKEYID PIV.9C gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> SCD READKEY --info -- PIV.9C gpg: DBG: chan_3 <- S KEYPAIRINFO 0773CFCB90C043F3A6151B3F2FBF23726F10A48A PIV.9C sc - nistp256 gpg: DBG: chan_3 <- [ 44 20 28 31 30 3a 70 75 62 6c 69 63 2d 6b 65 79 ...(118 byte(s) skipped) ] gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> SCD SERIALNO gpg: DBG: chan_3 <- S SERIALNO FF020001008A7796 gpg: DBG: chan_3 <- OK gpg: Serial number of the card: FF020001008A7796 gpg: DBG: chan_3 -> SCD LEARN --keypairinfo gpg: DBG: chan_3 <- S CHV-USAGE 40 00 gpg: DBG: chan_3 <- S CHV-STATUS -2 3 -2 gpg: DBG: chan_3 <- S KEYPAIRINFO EB6A99D61EF3BC7C7934173CD9833376D773E65D PIV.9A a gpg: DBG: chan_3 <- S KEYPAIRINFO 482BD076054B6950A6FC476C356AF029A5115BBD PIV.9E a gpg: DBG: chan_3 <- S KEYPAIRINFO 0773CFCB90C043F3A6151B3F2FBF23726F10A48A PIV.9C sc gpg: DBG: chan_3 <- S KEYPAIRINFO ED6579C1360100BE92C46ECB1A1826A63614D5AB PIV.9D e gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> SCD GETATTR $ENCRKEYID gpg: DBG: chan_3 <- S $ENCRKEYID PIV.9D gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> SCD READKEY --info -- PIV.9D gpg: DBG: chan_3 <- S KEYPAIRINFO ED6579C1360100BE92C46ECB1A1826A63614D5AB PIV.9D e - rsa2048 gpg: DBG: chan_3 <- [ 44 20 28 31 30 3a 70 75 62 6c 69 63 2d 6b 65 79 ...(286 byte(s) skipped) ] gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> RESET gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> READKEY -- 0773CFCB90C043F3A6151B3F2FBF23726F10A48A gpg: DBG: chan_3 <- ERR 67141713 No such file or directory <GPG Agent> Key generation failed: No such file or directory gpg: secmem usage: 0/32768 bytes in 0 blocks
• ikloecker closed T5142: Qt gpgme's sign_key function should not set a remark with an empty string as Resolved.
Fixed. Workaround for gpgme 1.15 (and earlier) implemented in Kleopatra: Do not call setRemark() with an empty QString.
• ikloecker committed rKLEOPATRAbba1d9547252: Do not set an empty remark to avoid an empty signature notation (authored by • ikloecker).
Do not set an empty remark to avoid an empty signature notation
• ikloecker committed rM3c185c2159cd: qt: Avoid empty "rem@gnupg.org" signature notations (authored by • ikloecker).
qt: Avoid empty "rem@gnupg.org" signature notations
• ikloecker added a comment to T5142: Qt gpgme's sign_key function should not set a remark with an empty string.
I think Kleopatra is affected. It calls setRemark() on the job unconditionally with the text from the widget, and I'm pretty sure that this text is empty but not a null QString, if the user doesn't enter a remark.
• aheinecke committed rO04aedef30681: Only restore orig body when it is not empty (authored by • aheinecke).
Only restore orig body when it is not empty
• werner added a comment to T5098: Gpg4win problems for Windows Users with some non-ASCII account names.
It was a bunch or work and we are still not able to pass Unicode strings on the command line. Will eventually be done. At least people in Asia can now use their regular Windows account with gpg.
Yes sure. --debug ipc should give you some insight why gpg does not thing the key is on the card.
• werner assigned T5142: Qt gpgme's sign_key function should not set a remark with an empty string to • ikloecker.
Ingo, can you please check? I guess we are not affected because Kleo already checks for an empty string. But dkg's suggestion sounds good to me.
bernhard added a comment to T5098: Gpg4win problems for Windows Users with some non-ASCII account names.
Thanks Werner! Seems like an important step!
• gniibe committed rTe0a807eec263: m4: Update with newer autoconf constructs. (authored by • gniibe).
m4: Update with newer autoconf constructs.
• gniibe committed rT35d7429480b0: build: Update to newer autoconf constructs. (authored by • gniibe).
build: Update to newer autoconf constructs.
• gniibe committed rK1ef7f310d8bb: m4: Update with newer autoconf constructs. (authored by • gniibe).
m4: Update with newer autoconf constructs.
• gniibe committed rK0d46f2c000c4: build: Update to newer autoconf constructs. (authored by • gniibe).
build: Update to newer autoconf constructs.
• gniibe committed rK60b32609ae7f: build: Use modern Autoconf check for type. (authored by • gniibe).
build: Use modern Autoconf check for type.
• gniibe closed T5086: GnuPG fails to generate keys on-card in versions 2.2.22 and 2.2.23 as Resolved.
• gniibe committed rM223779dfdeb7: build: Update with newer autoconf constructs. (authored by • gniibe).
build: Update with newer autoconf constructs.
• gniibe committed rP5c83f6314e3f: build: Update to newer autoconf constructs. (authored by • gniibe).
build: Update to newer autoconf constructs.
• gniibe committed rGd66fb3aa53a6: build: Update to newer autoconf constructs. (authored by • gniibe).
build: Update to newer autoconf constructs.
• gniibe committed rGaeeb8e975dc7: build: Use modern Autoconf check for types. (authored by • gniibe).
build: Use modern Autoconf check for types.
• gniibe committed rC9485ca7b5bf1: build: Update to newer autoconf constructs. (authored by • gniibe).
build: Update to newer autoconf constructs.
• gniibe committed rC425bf499185d: build: Use modern Autoconf check for type. (authored by • gniibe).
build: Use modern Autoconf check for type.
• gniibe committed rC908e347fb68b: m4: Update with newer autoconf constructs. (authored by • gniibe).
m4: Update with newer autoconf constructs.
Nov 17 2020
Nov 17 2020
• ikloecker committed rKLEOPATRA38eb236a56c9: Merge remote-tracking branch 'origin/release/20.12' (authored by • ikloecker).
Merge remote-tracking branch 'origin/release/20.12'
• ikloecker committed rKLEOPATRA787568c78455: Make it compile with libgpg-error < 1.36 (authored by • ikloecker).
Make it compile with libgpg-error < 1.36
Ömer Fadıl Usta <omerusta@gmail.com> committed rKLEOPATRA64d4421d1edf: Merge branch 'work/usta_boostfix' into 'master' (authored by Ömer Fadıl Usta <omerusta@gmail.com>).
Merge branch 'work/usta_boostfix' into 'master'
• werner committed rD71796e7ae7a7: ids: draft-koch-openpgp-webkey-service-11.txt (authored by • werner).
ids: draft-koch-openpgp-webkey-service-11.txt
• ikloecker committed rKLEOPATRA3b1d9c9e6ec6: Merge branch 'gpgme-1.13.1' into 'master' (authored by • ikloecker).
Merge branch 'gpgme-1.13.1' into 'master'
• ikloecker committed rLIBKLEO566fe537f3ad: Merge branch 'gpgme-1.13.1' into 'master' (authored by • ikloecker).
Merge branch 'gpgme-1.13.1' into 'master'
• ikloecker committed rKLEOPATRA681bed803854: Allow creating an OpenPGP key for the keys on a PIV card (authored by • ikloecker).
Allow creating an OpenPGP key for the keys on a PIV card
• ikloecker committed rLIBKLEO622af9c55e39: Allow restricting the key lookup by keygrip to OpenPGP or S/MIME keys (authored by • ikloecker).
Allow restricting the key lookup by keygrip to OpenPGP or S/MIME keys
• aheinecke committed rOd45fed7235dc: Use a fresh output for second pass verify (authored by • aheinecke).
Use a fresh output for second pass verify
• aheinecke committed rO37f4fa84beab: Fix parsing of multipart/signed with one part (authored by • aheinecke).
Fix parsing of multipart/signed with one part
After patching the above mentioned if-clause the command fails on the first try, but it succeeds on the second try
$ gpgconf --kill allpo: Update italian translation
Update GnuPG to 2.2.24
Update KMime
• werner changed the status of T4616: Smartcard: Card reset required - It should be automatic from Open to Testing.
• werner closed T5098: Gpg4win problems for Windows Users with some non-ASCII account names as Resolved.
A fix has been released; see T5052.
web: Announce 2.2.24
swdb: Fix Makefile
swdb: Release gnupg 2.2.24
Post release updates
Release 2.2.24
Yuri Chornoivan <yurchor@ukr.net> committed rKLEOPATRA152ff283e385: Fix tag (authored by Yuri Chornoivan <yurchor@ukr.net>).
Fix tag
I change this to a feature request: Allow several processes to run public key decryption using the same set of private keys.
Note that you actually run 30 independent processes with gpg 1.4 but with gpg-agent there is just one process to handle the private key operations (decrypt). To utilize more cores you need to setup several GNUPGHOME with the same private keys.
• gniibe committed rPTH7e45b50a4034: m4: Update with newer autoconf constructs. (authored by • gniibe).
m4: Update with newer autoconf constructs.
• gniibe committed rPTHf73f94228652: build: Update to newer autoconf constructs. (authored by • gniibe).
build: Update to newer autoconf constructs.