Thanks. Applied with a minor change: The string is now in a new third field.

Thanks for reporting. However, many gcc warnings produce a lot of false positives. Thus to be useful all the warnings need to be scrutinized. Let's do this for one example

OK, while I'll be awaiting for anyone to possibly answer my last T5593 'Sat, Sep 18, 6:29 PM' question, just for sake of completeness I've also been able to check that inside registry (HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Gpg4win\kleopatra\Capabilities) Kleopatra icon has correct expected value so ApplicationIcon (REG_SZ) = 'C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe,0' (N.B. preceding text string into registry is obviously unquoted ). ;-D

OK, while I'll be awaiting for anyone to possibly answer my last 'Sat, Sep 18, 6:29 PM' question that I decided to re-update today, just for sake of completeness I've also been able to check more inside registry but details will only go inside T5605 since only pertinent there ;-D

Because of T3458 and other references to PATH I found in the past (see past references I added previously into this bug), could anyone please be so kind to confirm me if am I right to assume that under normal conditions (so with no PATH related errors like 'PATH env variable too big' I reported here) after proper end of 'gpg4win-3.1.16.exe' installation only following (unquoted) path string 'C:\Program Files (x86)\Gpg4win\bin;' would have been added at beginning of PATH system environment variable ?
Or if not, would new path rather have 'C:\Program Files (x86)\Gpg4win\bin;C:\Program Files (x86)\GnuPG\bin;' (always unquoted) prepended at beginning of PATH system environment variable ?
P.S. Please note that I'm only asking this to then try to properly manually set PATH system environment variable accordingly and then see if my (current) 2nd 'gpg4win-3.1.16.exe' installation can still work correctly as expected or not... ;-D

Woops, I also forgot to say that only Kleopatra icon I found on my desktop has this problem. Original folder path of Kleopatra.lnk shortcut I have on my Desktop is C:\Users\Public\Desktop.
While 'Kleopatra.lnk_' I uploaded after renaming its extension as 'lnk_' was just another copy of it I temporarily put on my own Desktop only for uploading.

I have a draft, which results in the following "API" of the name-version:

The changes do not seem to touch anything I've mentoned in (1)?

Tried and no change -- cmd window still flashes away.

Remember to always pass --batch for unattended operations.

Thanks to jaclaz@msfn.org, the workaround is to use pipe operation like:
pause|"C:\Program Files\GnuPG\bin\gpg.exe" --verify "%1"
He also confirmed that gpg.exe does interrupt batch processing, regardless what command is followed.
And I have tested in Windows 7, batch processing is not interrupted. Since this bug is WindowsXp specific, "won't fix" should be more proper.

We ran the coverity again with the new 2.3.1 release and there are couple of new stuff that I probably missed in the initial review.

Thanks. I think we are good here. If we will decide to pursuate the brainpool switch, I will open a new issue.

Two third patches are applied to master. (@werner those parts are typo fix and tests improvement, which we agreed to push.)

We can easily extend the gcry_get_config API. You can give a key or have it to return all infos. For examle
"gpgconf --show-versions" prints this about libgcrypt:

If a configure switch to disable Brainpool curves will be added, we also need to add a switch to disable NIST curves.

Oh, my bad. I probably used wrong git command. Uploaded now the patches themselves:

disable-brainpool.patch is a text of list of patches.
I think the first two could be applied.
@Jakuje Could you please upload them?

gniibe: What's the state of this?

Currently I see no need to fix this for 2.2

And well, the context area of the handle is also wiped at gcry_cipher_close time. Thus any standard use of aeswrap (open,encrypt/decrypt,close) is not affected.

Good catch. Thanks. This patch should fix the leak:

@ikloecker
Thank you.
So it's a different issue.
Sorry, I was confused because after solving the gpg: can't connect to the agent I instantly got gpg: problem with the agent: End of file.

Symmetric decryption is broken in 2.3.2. See T5577: Null ptr dereference in gpg-agent (gnupg 2.3.2). Try 2.3.1.

gpg: can't connect to the agent: IPC connect call failed

This problem with portable mode in Windows can be solved by creating additional gnupg folder near bin, home, share.
I don't know why, but gpg-agent v2.3.2/2.2.30 in Windows in portable mode creates files S.gpg-agent.* in gnupg, not in home folder. And it doesn't work without gnupg folder.

Yes, --no-keyring should enough for the subset of gpg commands which do not need keys.

Sorry, GnuPG proper has no context menu or any graphic user interface. You need to install Gpg4win for this. Regarding use of gpg by other programs: There has been no change - other programs need to use the status-fd/command-fd interface and that has always been defined as UTF-8 and not as any native codepage. Please ask the makers of The Bat what is going wrong there.

I have one more patch set to improve FIPS testing in test/curves.c. In the past, it was basically skipped altogether in FIPS mode. This implements more fine-grained selection of what is being tested. This is the first part.

The breakaway job notices should definitely only be emitted in verbose mode. For the other things I need to check.

Few more logs from 2.3.2 and 2.2.29 (for comparison):

I'm not sure that the portable mode is a culprit here.
Something is very wrong with gpg-agent/pinentry.
Even symmetric decryption doesn't work in 2.3.2/2.2.30:

Woops, :-s I forgot to also add all these details from additional investigations I already did (obviously assuming it might be helpful ones for definitely fixing issue I reported (and my apologies in advance for whom might find lenght of all this really excessive, 8-) since I simply tried to comprehensively summarize results...)

My apologies for further delay before also providing this screenshot bitmap of error found (because of initially not finding specific site info about best browser to use and not seeing 'cloud symbol' (many thanks werner :-D ) I obviously had to switch from IE11 to MSEdge and then also manually import proper cookies needed for this site :-(( )

In the editor you find a cloud symbol with an arrow to upload a file. Use this and and the file id will be pasted at the cursos, like here

Apologies for my (newbie) comment on this bug reporting system. Since I have a screen shot bitmap better showing error I described, could anyone tell me how to attach to this bug ?

Fixed in 2.3 and 2.2

(I closed this by accident)

looks good to me. Tested now with master 47e425e07995454573e28c13c08229d2f8a75642 and all tests pass for me in and out of FIPS mode as well as in the "soft" one.

I think this issue is solved. For systemd, I need to run this as --supervised option not the --daemon option. The --daemon option has bug.

You could use --disable-keyboxd which should fix this. However, there will eventually be no more way to build w/o Sqlite and thus I would suggest not to allow disabling of sqlite.

This works for me:

I think the behavior makes perfect sense for Unix but the default delimiter for .txt in Windows is \r\n.

The OP wants to do symmetric encryption. This isn't about the passphrase that protects a key.

Yes, we read up to the first LF. This has been the traditional way of PGP2 and is still used by mail programs like Mutt.

I'm guessing gpg in Unix has stripped the \n if present? I don't have access to a real Unix system at the moment.

I see that problem but gpg has traditionally not interpreted the passphrase in any way. Right, for Windows we could strip the CR but I fear that this might break other users scripts/passphrases. However there should be a warning in the manual.

The actual problem is not that --list-packets produces weird output, but that --decrypt fails with

gpg: [don't know]: invalid packet (ctb=4f)
[GNUPG:] NODATA 3

causing confusing errors in Kleopatra.

Based on GCC bugzilla, affected released GCC versions are 11.1 and 11.2.

(ab | ba) >= 0 is used to make optimization analysis for compiler more difficult. I see that with (ab | ba) == 0, it would be much easier for compiler to conclude than loop could exit early as soon as first a[i] != b[i] is seen.

Aihhh, my fault. seems that a new version it not too far away.

See description above.

We will look into it but nevertheless I have to remark that this this portable thing is dangerous to use and you should avoid it.

The same problem. Portable mode is completely broken in v2.3.2 and v2.2.30 on Windows.

Hello Mr. Koch,

I wonder about the spelling errors. For particular

Please show us the output of

Just for the record, Kleopatra and Gpg4win work totally fine for me on Windows-11 preview.