Standard behaviour for stdio functions.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Sep 2 2022
Aug 25 2022
You get this error because the key has been created in gnupg mode (and not in de-vs) and thus it has these preferences.
Jul 13 2022
Reading through the report, the spec., and current implementation, I concluded that this is not a bug, thus, I'm closing this.
Jun 16 2022
You deleted the socket file but you did not restart the agent. Thus gpg can't contact the agent anymore. On Windows we use a socket emulation which requires the socket's file only for a new connection (to get the port and magic cookie).
Mar 16 2022
Feb 25 2022
Feb 23 2022
Feb 14 2022
Jan 18 2022
Excuse me you are right of course. man gpgconf | grep quot says it all.
man gpg | grep quote nor man gpgconf | grep quote does not tell anything about it. I recognized the single opening quote of "string at post processing the output of gpgconf --list-options to generate a gpgconf.conf template. I just expected a closing quote for "string".
vitusb: We had this discussion on cryptography@ years ago. No need to start it again - or well, try it over there. This is a bug tracker and not a discussion forum.
These curves are not the default in the compliance mode "gnupg" only if you explicitly switch to the BSI defined "VS-NfD" mode they become default.
Nope. The double quote indicates a string. See the man page.
Jan 17 2022
In T5783#153879, @werner wrote:Sending a private key with just the local protection is not a good idea.
In T5784#153872, @werner wrote:Please no holy wars on the type of curves. NIST as its opinon, Europe has its opinion, DJB has of course a different opinion. Please use the the cryptography ML for such political/technical discussions.
Sending a private key with just the local protection is not a good idea. It is better to export the key and then send it in an encrypted mail - for example in symmetric mode with a strong password.
Please no holy wars on the type of curves. NIST as its opinon, Europe has its opinion, DJB has of course a different opinion. Please use the the cryptography ML for such political/technical discussions.
Dec 21 2021
That is a security feature of WIndows. We can't do much about it except for bad hacks. Checkout Kleopatra to see how you can improve this.
Dec 10 2021
The first is a warning and the other error codes are exactly what we want.
Nov 25 2021
Not a bug but a limitation of 2.2's option listing: In contrast to 2.3 we can't *show* the used options via gpgconf correcly if there is a conflict between global and local options. However, the actually *used* values are different and correct according to the config. In particular a global forced option overrides any local or command line option.
Oct 14 2021
Oct 13 2021
Oct 12 2021
Just adding this note because a next step I'm also evaluating in my current T5593 configuration status it to temporarily create a new Gpg4win 3.1.16 hybrid configuration by also adding latest GnuPG v2.2.31 to see if all issues I reported here are still present (which is also quite probable).
Also because of T5593 it would just be quite interesting to see if GnuPG v2.2.31 too might experience same T5593 path related error.
Hi Werner,
Oct 10 2021
Sure they don't get created - they are optional.
Oct 2 2021
Just tracking my own additional investigation still about past Werner statement "percent escaping is correct and required" when this bug was closed for 1st time.
Also found interesting past references into rG055f8854d3f4 and rGe064c75b08a5 but only this last seems indeed much more specifically directly involved since it really contains related part of code (common/stringhelp.c) directly involved with this bug report for 'percent escaping' ':' (colon) character with '%3a' string even if sometimes, when possibly un-needlingly done, may even provide users unexpected on-screen displayed results like those I documented in this bug.
Problem now is that to really fully understand why on-screen displayed strings by 'gpgconf --list-dirs' correctly show a ':' (colon) correctly expected character near an unexpected (by end users) '%3a' (percent escaped) string that should just have corresponded with another simple (& user correctly expected) ':' colon character I can only really see to 2 options:
A) reopening this bug once again :-S ;
B) simply opening a new separate one asking for some additional explanations and maybe even to consider some future slight code changes to (at least for Windows OSes) ensure 'gpgconf --list-dirs' directory displayed paths results are more UI consistent with 'gpgconf --list-dirs homedir' or 'gpgconf --list-dirs sysconfdir' displayed ones where displayed C:\... paths always correctly display ':' (colon) instead of '%3a'.
So far this last seems me best viable option also because in same rGe064c75b08a5 I also saw another piece of code (tools/gpgconf-comp.c) with some similar code lines, that apparently (it seems me) if directly referenced (at least only for Windows OSes only, so maybe when a system variable %OS%==Windows_NT exists) instead of current one (common/stringhelp.c) also providing '%3a' 'percent escaping' results, might then have probably also easily avoided '%3a' user unexpected on-screen displayed results only depending by 'percent escaping'.
Just adding this note for any future reference needs only (or even message localization reference, since involved text characters strings are also expected to be among Italian language localized messages even if involved strings are not specifically being localized).
Oct 1 2021
Sep 29 2021
Hello Werner,
Sep 28 2021
That's correct - The output needs to be percent escaped.
Aug 13 2021
Jun 26 2021
wk at gnupg dot org but better avoid any HTML parts etc.
Jun 25 2021
Thank you, this is my great honor!
If it is convenient, can you provide an email address? So that I can elaborate to you.
Thanks. I added it to the list. If you have not yet done this I would suggest to write a note to gnupg-users.
Jun 19 2021
Apr 16 2021
Apr 12 2021
The surprising thing is that it works at all. I wouldn't be surprised if certain would simply reject it as "not a pdf" given that the "%PDF-1.x" marker isn't at the beginning.
Mar 27 2021
--clearsign may only be used for plain text documents due to line ending conversion etc.
Mar 6 2021
See the release notes for GnuPG 2.2.17 (T4606 first item). You need to import your peer's signature from a different source; e.g. ask them to send you your signed key by mail.
Jan 5 2021
Nov 26 2020
The log file specified in .gnupg/dirmngr.conf is created at the start of dirmngr.
dirmngr is invokded by the first call of gpg, and it keeps running and handle next request from second invocation of gpg.
So, nothing is problem.
Oct 1 2020
You used custom options which did not pick up the proper libksba. Install libksba correctly then try again. Please direct further questions to the mailing list and please build the latest version 2.2.23 and not an arbitrary old version.
Aug 29 2020
Aug 28 2020
Aug 25 2020
The CRL states how long it is valid and we cache it for about that time.
OCSP responses are by definition not cachable but we allow for a clock skew of 10 minutes.
Aug 19 2020
Aug 11 2020
OpenPGP (RFC-4880) requires support for 3DES and SHA-1 thus you can't disable them. However, they are not used in practice because the key preference guarantee the use of more modern algorithms,
Jul 31 2020
Iyou look at the key on the command line (or with Kleopatra's certificate manager), for example by using "gpg --list-key foo@bar.com" or by applying the command "gpg --show-keys" on the pasted keyblock you get this:
Jul 16 2020
I don't see any error here. There is a trailing LF on the binary data which gpg rightfully complains about.
Jun 18 2020
May 8 2020
Thanks for the patch, applied!
You are correct the NEWS file states that this was added in 1.9.0
May 5 2020
Taking a look at other GNU manuals, both GNU make and GNU Bison have a better phrasing,
so I suggest the Bison way (https://www.gnu.org/software/bison/manual/html_node/index.html):
This manual (7 December 2019) is for GNU Bison (version 3.5), the GNU parser generator.
Ah, okay, then the phrasing is missleading, the sentence looks like libgcrypt was released on this date and not the manual.
May 4 2020
Nope, that is correct, the last update of the manual was
Apr 25 2020
Mar 24 2020
@sarman: Your question is actually a support question and not a bug report. Please read the documentation, use the public help channels (so that other can also learn from the issue), or get in touch with a commercial support provider.
Mar 20 2020
In T4883#133467, @werner wrote:That option does the same as --disable-dirmngr which in trun has the same effect as disable-crl-checks
@werner wrote:
Sample how GpgOL handles this: https://dev.gnupg.org/source/gpgol/browse/master/src/keycache.cpp;6f5f48c3d60e0af52f1a9f0e51f60ee653eeeb31$269
I think what you're saying that there is *no way* to use GPGME in offline mode to validate x.509 certificates, and this is by design. Am I understanding that right?
After disabling the CRL check again in gpgsm.conf
Mar 19 2020
I see no difference between the last two example stanzas that show you running ../run-verify. Are they supposed to have different output?
I'm aware of the metadata leakage risks of OCSP, and i share your concerns about them.
OCSP can't be the default because it enables a web bug. The responder immediately sees when a signature is verified or a data is encrypted to a certificate.
If CRLs or OCSP are a MUST in a given profile, and the cert chain has OCSP but no CRL, it seems like that profile should then try OCSP, rather than failing.
That option does the same as --disable-dirmngr which in trun has the same effect as disable-crl-checks; see gnupg/sm/server.c#option_handler. If you want to check the validity of the cert you check the TRUST status lines. This is what gpgme does for you. An example is gpgme.tests/gpgsm/t-verify. You can run the tests also manually, I do this as follows:
I think what you're saying that there is *no way* to use GPGME in offline mode to validate x.509 certificates, and this is by design. Am I understanding that right?
I can see no bug here. See my comment over at T4881.
Jan 11 2020
It is a feature not a bug. For symmetric encryption the gpg-agent remembers the passphrase used for the encryption and thus for some time or until /gpgconf --reload gpg-agent/ it tries that passphrase for decryption.
Sep 6 2019
This seems to be closely related to T4319 and due to to some, ahem, interesting configuration.
Jun 25 2019
I see. Thanks for your explanation.
Jun 24 2019
I see. Thus the problem is that IPWorksOpenPGP does not create proper OpenPGP private keys. I guess they use OpenSSL with their different CRT parameter style and do not convert them correctly. RFC-4880 says this in 5.5.3:
The secret key is this series of multiprecision integers: o MPI of RSA secret exponent d; o MPI of RSA secret prime value p; o MPI of RSA secret prime value q (p < q); o MPI of u, the multiplicative inverse of p, mod q.
Jun 4 2019
May 31 2019
FYI, pEp annoyance was addressed and handled here: https://bugs.debian.org/891882
By this patch: https://sources.debian.org/src/enigmail/2:2.0.11+ds1-1/debian/patches/0002-Avoid-auto-download-of-pEpEngine-Closes-891882.patch/
May 30 2019
Thank you for your response.
For GnuPG, the error is: you don't have run-able libntbtls.so in your environment (because of your wrong configuration, perhaps) but you have it to link.
For GPGME, the error is: your linked libgpg-error.so.0 and the one which runs are different (because of your wrong configuration, perhaps).
May 22 2019
You need to update the public key and convey it to the sender. This will solve the problems. You should also ask the sender to update their software so that an MDC is always used regardless of the flag.
May 17 2019
I can't see any bug here so I will close this bug now.
May 16 2019
Hi Werner,
Please use one of the mailing lists to solve your problem. 2.3 is a development version, so I wonder from where you got this version of GnuPG.
Mar 6 2019
Thank you very much for the analysis. I'll forward the info.
Mar 5 2019
The creating software is broken in regard to non-ASCII characters in the UID:
ssh does nut support brainpool curves and thus GnuPG does not know how to map its internal name of the curve to the name as specified by ssh. GnuPG supports these curves:
Jan 15 2019
So the output of this was
Jan 11 2019
Thanks @werner I will do tonight when connecting to my team mates PC.
Btw meanwhile I actually felt like I need to open next issue where I explain all my details