- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Jan 16 2026
See the gnupg-devel mailing list for more discussions. Subject: libgcrypt P256 signature malleability via weak DER enforcement"
Jan 15 2026
Fixed. Some examples for the improved texts which are based on the texts that gpg prints.
- good signature with expired key
- good signature with revoked key
- good signature with uncertified key
- expired signature with certified key
- expired signature with uncertified key
Indeed, it looks this way. Thanks so much! Windows 10 and 11 in my case.
Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:
- with / without keyboxd
- quitting kleopatra / killing all processes
I think this has been resolved in Gpg4win 5.
Jan 14 2026
If only the secret encryption subkey is exported and there is a signing subkey then, additionally, to the secret subkey export a public export is added to the created file, i.e. in the created file there's a PUBLIC KEY BLOCK and a PRIVATE KEY BLOCK. (With the next version of gpgme the public key block only contains the primary key and the signing subkey. Currently, it's a full public key export of the team key.)
Some historic integer encoding glitches from Peter Gutmann's style guide:
Jan 13 2026
Fixed upstream with https://invent.kde.org/graphics/okular/-/merge_requests/1301 - not yet in our packaging
@werner: gpg fails to batch import secret Kyber keys:
$ GNUPGHOME=/home/ingo/dev/g10/.gnupghomes/empty gpg --batch --import --verbose ~/dev/g10/testdata/exported/Kyber768_0xDD89C34EF2B69576_SECRET.asc gpg: WARNING: unsafe permissions on homedir '/home/ingo/dev/g10/.gnupghomes/empty' gpg: enabled compatibility flags: gpg: sec brainpoolP256r1/DD89C34EF2B69576 2024-11-14 Kyber768 <kyber768@example.net> gpg: using pgp trust model gpg: key DD89C34EF2B69576: public key "Kyber768 <kyber768@example.net>" imported gpg: key DD89C34EF2B69576/DD89C34EF2B69576: secret key imported gpg: key DD89C34EF2B69576/D07DD3BF9F1AAF4F: error sending to agent: IPC parameter error gpg: error reading '/home/ingo/dev/g10/testdata/exported/Kyber768_0xDD89C34EF2B69576_SECRET.asc': IPC parameter error gpg: import from '/home/ingo/dev/g10/testdata/exported/Kyber768_0xDD89C34EF2B69576_SECRET.asc' failed: IPC parameter error gpg: Total number processed: 0 gpg: imported: 1 gpg: secret keys read: 1
Importing the same files via cli does work:
Screenshots of different imports:
gpgme.log (import of kyber team key with signing key):
gpgme.log (import of normal non team key kyber cert):
Setting to resolved, as I think it should be
This is ready for testing and available in 5.0.0-betaX since about a year.
Jan 12 2026
Thanks Eva and Ingo. It seems 2.5.17 is not too far away.
I can reproduce this on the command line:
C:\Users\g10code>"c:\Program Files\GnuPG\bin\gpgsm.exe" --export --armor 579BAF3DF16AD462457BCC0897ADBC143D76EA7B 5A2B80F98F518D50891B1F0C7C6131AD107F9938 DB625D2BBBB5A3FD985C0233249B03090E85D402
Issuer ...: /CN=CA IVBB Deutsche Telekom AG 20/OU=Bund/O=PKI-1-Verwaltung/C=DE
Serial ...: 02195D190EBE34
Subject ..: /CN=iOS Test-Smartcard iostest01.sc/OU=BSI/O=Bund/C=DE/SerialNumber=2
aka ..: iostest01.sc@bsi.bund.de
Keygrip ..: 527CE32FD0552D18479442EF90DD5E434C036329I can reproduce the issue only (!!!) with keyboxd (on Windows).
Jan 9 2026
testing with 2.5/2.6 will wait for special build
I am using that version and key daily. No problems seen.
with Gpg4win-5.0.0-beta479 the listing after creating the new key with ADSK looks ok now:
That was also fixed in gnupg 2.2.50 and thus vsd 3.3.3
That was fixed with 2.2.52 which fixed a bug in the fix done in 2.2.50 (see rG31fef13df1). Note that 2.2.48 to 2.2.50 had only internal releases.
Okay, let's backport this.
Note that for exploiting this bug a second preimage attack for SHA-1 is required. This kind of attack on SHA1 is not yet possible.
Jan 8 2026
Jan 7 2026
In Gpg4win-5.0.0-beta479 the dialog no longer exists. Problem solved ;-)
works, with Gpg4win-5.0.0-beta479 on Win11.
Now after hitting "save" a dialog is shown asking under which name the file shall be saved. Saving works with both options.
It looks similar if the key is in a WKD: First search fails without error, only "no certificates found" is shown. Clicking "Search" again results then in the expected key being found and shown.
Jan 6 2026
Looks good to me on gpg4win-5.0.0-beta479 @ win11.
I can't reproduce ebo's nor pl13's issue.





