Page MenuHome GnuPG
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Jan 14 2017

neal added a comment to T2914: TOFU Conflict Status fd output broken.

It's true that the user is listed 4 times, but this is because tofu.c:get_trust
is called four times. For instance, the first time it is called to show the
"gpg: Good signature from "tofu_conflict@example.com" [marginal]" line, and the
second time is it called to register the signature (tofu_register_signature).
This also explains why the signature count increases between the first and
second versions.

Note that each of these outputs is preceded by a KEY_CONSIDERED lined (for the
same key). Since the TOFU conflict information is per key, I'd expect an
implementation to say: Oh, there is already some conflict information for key X.
This must be a more up to date version, so I'll delete that first instead of
appending to it. Is this an unreasonable expectation?

It should be possible to change the behavior to only output the TOFU_STATS lines
if a TOFU_STATS_LONG line is also output (but I need to think about it some
more). Would this be better?

Jan 14 2017, 11:31 PM · rc, Bug Report, gnupg, TOFU

Jan 13 2017

aheinecke added a comment to T2917: --locate-key should re-fetch key via WKD if it is expired.

For what it's worth i think WKD checks should be done even more regularly then
when they are explicitly triggered thorugh locate keys because we need to see
updates on key rollover / revocation of keys or uids. Something like the
parcimonie style auto-key-refesh that is currently planned.

But yes re fetching on locate-keys if the key / uid for key-locate is expired
would be a first step.

Jan 13 2017, 1:34 PM · gnupg (gpg22), Bug Report

Jan 12 2017

dkg added a comment to T2902: dimrngr over tor fails obscurely on IPv6 records when NoIPv6Traffic flag is set.

gpg: keybox '/home/dkg/tmp/tmp.0Ew9D45cz7/gpg/pubring.kbx' created
gpg: /home/dkg/tmp/tmp.0Ew9D45cz7/gpg/trustdb.gpg: trustdb created
gpg: key 7638D0442B90D010: public key "Debian Archive Automatic Signing Key
(8/jessie) <ftpmaster@debian.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
S # hosttable (idx, ipv6, ipv4, dead, name, time):
S # 0 hkps.pool.sks-keyservers.net
S # . hkps.pool.sks-keyservers.net
S # . --> 15 14 13 12 11 10 19 18* 17 16 9 8 7 6 5 4 3 2 1
S # 1 6 [2a02:898:31:0:48:4558:73:6b73]
S # 2 6 [2a01:4a0:59:1000:223:9eff:fe00:100f]
S # 3 6 [2a00:14b0:4200:3000:27::27]
S # 4 6 [2606:9500:201:1::141]
S # 5 6 [2606:1c00:2802::b]
S # 6 6 [2001:bc8:4700:2300::10:f15]
S # 7 6 [2001:bc8:2515::1]
S # 8 6 [2001:720:418:caf1::8]
S # 9 6 [2001:470:1:116::6]
S # 10 4 216.66.15.2
S # 11 4 212.12.48.27
S # 12 4 209.135.211.141
S # 13 4 192.94.109.73
S # 14 4 163.172.29.20
S # 15 4 130.206.1.8
S # 16 4 94.142.242.225
S # 17 4 92.43.111.21
S # 18 4 51.15.53.138
S # 19 4 37.191.238.78
OK
2017-01-12 11:35:25 dirmngr[833] listening on socket
'/home/dkg/tmp/tmp.0Ew9D45cz7/gpg/S.dirmngr'
2017-01-12 11:35:25 dirmngr[834.0] permanently loaded certificates: 0
2017-01-12 11:35:25 dirmngr[834.0] runtime cached certificates: 0
2017-01-12 11:35:25 dirmngr[834.0] failed to open cache dir file
'/home/dkg/tmp/tmp.0Ew9D45cz7/gpg/crls.d/DIR.txt': No such file or directory
2017-01-12 11:35:25 dirmngr[834.0] creating directory
'/home/dkg/tmp/tmp.0Ew9D45cz7/gpg/crls.d'
2017-01-12 11:35:25 dirmngr[834.0] new cache dir file
'/home/dkg/tmp/tmp.0Ew9D45cz7/gpg/crls.d/DIR.txt' created
2017-01-12 11:35:26 dirmngr[834.6] handler for fd 6 started
2017-01-12 11:35:26 dirmngr[834.6] connection from process 831 (1000:1000)
2017-01-12 11:35:26 dirmngr[834.6] DBG: dns: libdns initialized (tor mode)
2017-01-12 11:35:27 dirmngr[834.6] DBG: dns:
getsrv(_pgpkey-https._tcp.hkps.pool.sks-keyservers.net) -> 0 records
2017-01-12 11:35:27 dirmngr[834.6] DBG: dns: libdns initialized (tor mode)
2017-01-12 11:35:28 dirmngr[834.6] DBG: dns:
resolve_dns_name(hkps.pool.sks-keyservers.net): Success
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2a02:898:31:0:48:4558:73:6b73]'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2a01:4a0:59:1000:223:9eff:fe00:100f]'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2a00:14b0:4200:3000:27::27]'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2606:9500:201:1::141]'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2606:1c00:2802::b]'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2001:bc8:4700:2300::10:f15]'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2001:bc8:2515::1]'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2001:720:418:caf1::8]'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2001:470:1:116::6]'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '216.66.15.2'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '212.12.48.27'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '209.135.211.141'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '192.94.109.73'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '163.172.29.20'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '130.206.1.8'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '94.142.242.225'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '92.43.111.21'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '51.15.53.138'
2017-01-12 11:35:28 dirmngr[834.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '37.191.238.78'
2017-01-12 11:35:28 dirmngr[834.6] DBG: http.c:connect_server: trying
name='51.15.53.138' port=443
2017-01-12 11:35:28 dirmngr[834.6] DBG: dns: resolve_dns_name(51.15.53.138): Success
2017-01-12 11:35:31 dirmngr[834.6] DBG: http.c:1706:socket_new: object
0x00007f57e400a5d0 for fd 8 created
2017-01-12 11:35:34 dirmngr[834.6] DBG: http.c:request:
2017-01-12 11:35:34 dirmngr[834.6] DBG: >> GET
/pks/lookup?op=get&options=mr&search=0x126C0D24BD8A2942CC7DF8AC7638D0442B90D010
HTTP/1.0\r\n
2017-01-12 11:35:34 dirmngr[834.6] DBG: >> Host:
hkps.pool.sks-keyservers.net:443\r\n
2017-01-12 11:35:34 dirmngr[834.6] DBG: http.c:request-header:
2017-01-12 11:35:34 dirmngr[834.6] DBG: >> \r\n
2017-01-12 11:35:37 dirmngr[834.6] handler for fd 6 terminated
2017-01-12 11:35:37 dirmngr[834.6] handler for fd 6 started
2017-01-12 11:35:37 dirmngr[834.6] connection from process 841 (1000:1000)
2017-01-12 11:35:37 dirmngr[834.6] handler for fd 6 terminated

Jan 12 2017, 5:39 PM · Debian, Bug Report, gnupg, dirmngr
dkg added a comment to T2902: dimrngr over tor fails obscurely on IPv6 records when NoIPv6Traffic flag is set.

gpg: keybox '/home/dkg/tmp/tmp.swbfPRERsO/gpg/pubring.kbx' created
gpg: keyserver receive failed: Server indicated a failure
S # hosttable (idx, ipv6, ipv4, dead, name, time):
S # 0 hkps.pool.sks-keyservers.net
OK
2017-01-12 11:36:01 dirmngr[851] listening on socket
'/home/dkg/tmp/tmp.swbfPRERsO/gpg/S.dirmngr'
2017-01-12 11:36:01 dirmngr[852.0] permanently loaded certificates: 0
2017-01-12 11:36:01 dirmngr[852.0] runtime cached certificates: 0
2017-01-12 11:36:01 dirmngr[852.0] failed to open cache dir file
'/home/dkg/tmp/tmp.swbfPRERsO/gpg/crls.d/DIR.txt': No such file or directory
2017-01-12 11:36:01 dirmngr[852.0] creating directory
'/home/dkg/tmp/tmp.swbfPRERsO/gpg/crls.d'
2017-01-12 11:36:01 dirmngr[852.0] new cache dir file
'/home/dkg/tmp/tmp.swbfPRERsO/gpg/crls.d/DIR.txt' created
2017-01-12 11:36:02 dirmngr[852.6] handler for fd 6 started
2017-01-12 11:36:02 dirmngr[852.6] connection from process 849 (1000:1000)
2017-01-12 11:36:02 dirmngr[852.6] DBG: dns: libdns initialized (tor mode)
2017-01-12 11:36:12 dirmngr[852.6] DBG: dns:
getsrv(_pgpkey-https._tcp.hkps.pool.sks-keyservers.net): Server indicated a failure
2017-01-12 11:36:12 dirmngr[852.6] command 'KS_GET' failed: Server indicated a
failure <Unspecified source>
2017-01-12 11:36:12 dirmngr[852.6] handler for fd 6 terminated
2017-01-12 11:36:12 dirmngr[852.6] handler for fd 6 started
2017-01-12 11:36:12 dirmngr[852.6] connection from process 854 (1000:1000)
2017-01-12 11:36:12 dirmngr[852.6] handler for fd 6 terminated

Jan 12 2017, 5:39 PM · Debian, Bug Report, gnupg, dirmngr
dkg added a comment to T2902: dimrngr over tor fails obscurely on IPv6 records when NoIPv6Traffic flag is set.

gpg: keybox '/home/dkg/tmp/tmp.vOaRFt7s4L/gpg/pubring.kbx' created
gpg: keyserver receive failed: Permission denied
S # hosttable (idx, ipv6, ipv4, dead, name, time):
S # 0 hkps.pool.sks-keyservers.net
S # . hkps.pool.sks-keyservers.net
S # . --> 15 14 13 12 11 10 19 18 17 16 9 8 7 6 5 4 3 2* 1
S # 1 6 [2a02:898:31:0:48:4558:73:6b73]
S # 2 6 [2a01:4a0:59:1000:223:9eff:fe00:100f]
S # 3 6 [2a00:14b0:4200:3000:27::27]
S # 4 6 [2606:9500:201:1::141]
S # 5 6 [2606:1c00:2802::b]
S # 6 6 [2001:bc8:4700:2300::10:f15]
S # 7 6 [2001:bc8:2515::1]
S # 8 6 [2001:720:418:caf1::8]
S # 9 6 [2001:470:1:116::6]
S # 10 4 216.66.15.2
S # 11 4 212.12.48.27
S # 12 4 209.135.211.141
S # 13 4 192.94.109.73
S # 14 4 163.172.29.20
S # 15 4 130.206.1.8
S # 16 4 94.142.242.225
S # 17 4 92.43.111.21
S # 18 4 51.15.53.138
S # 19 4 37.191.238.78
OK
2017-01-12 11:36:23 dirmngr[866] listening on socket
'/home/dkg/tmp/tmp.vOaRFt7s4L/gpg/S.dirmngr'
2017-01-12 11:36:23 dirmngr[867.0] permanently loaded certificates: 0
2017-01-12 11:36:23 dirmngr[867.0] runtime cached certificates: 0
2017-01-12 11:36:23 dirmngr[867.0] failed to open cache dir file
'/home/dkg/tmp/tmp.vOaRFt7s4L/gpg/crls.d/DIR.txt': No such file or directory
2017-01-12 11:36:23 dirmngr[867.0] creating directory
'/home/dkg/tmp/tmp.vOaRFt7s4L/gpg/crls.d'
2017-01-12 11:36:23 dirmngr[867.0] new cache dir file
'/home/dkg/tmp/tmp.vOaRFt7s4L/gpg/crls.d/DIR.txt' created
2017-01-12 11:36:24 dirmngr[867.6] handler for fd 6 started
2017-01-12 11:36:24 dirmngr[867.6] connection from process 864 (1000:1000)
2017-01-12 11:36:24 dirmngr[867.6] DBG: dns: libdns initialized (tor mode)
2017-01-12 11:36:26 dirmngr[867.6] DBG: dns:
getsrv(_pgpkey-https._tcp.hkps.pool.sks-keyservers.net) -> 0 records
2017-01-12 11:36:26 dirmngr[867.6] DBG: dns: libdns initialized (tor mode)
2017-01-12 11:36:27 dirmngr[867.6] DBG: dns:
resolve_dns_name(hkps.pool.sks-keyservers.net): Success
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2a02:898:31:0:48:4558:73:6b73]'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2a01:4a0:59:1000:223:9eff:fe00:100f]'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2a00:14b0:4200:3000:27::27]'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2606:9500:201:1::141]'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2606:1c00:2802::b]'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2001:bc8:4700:2300::10:f15]'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2001:bc8:2515::1]'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2001:720:418:caf1::8]'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '[2001:470:1:116::6]'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '216.66.15.2'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '212.12.48.27'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '209.135.211.141'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '192.94.109.73'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '163.172.29.20'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '130.206.1.8'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '94.142.242.225'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '92.43.111.21'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '51.15.53.138'
2017-01-12 11:36:27 dirmngr[867.6] resolve_dns_addr for
'hkps.pool.sks-keyservers.net': '37.191.238.78'
2017-01-12 11:36:27 dirmngr[867.6] DBG: http.c:connect_server: trying
name='2a01:4a0:59:1000:223:9eff:fe00:100f' port=443
2017-01-12 11:36:27 dirmngr[867.6] DBG: dns:
resolve_dns_name(2a01:4a0:59:1000:223:9eff:fe00:100f): Success
2017-01-12 11:36:27 dirmngr[867.6] can't connect to
'2a01:4a0:59:1000:223:9eff:fe00:100f': Permission denied
2017-01-12 11:36:27 dirmngr[867.6] error connecting to
'https://[2a01:4a0:59:1000:223:9eff:fe00:100f]:443': Permission denied
2017-01-12 11:36:27 dirmngr[867.6] command 'KS_GET' failed: Permission denied
2017-01-12 11:36:27 dirmngr[867.6] handler for fd 6 terminated
2017-01-12 11:36:27 dirmngr[867.6] handler for fd 6 started
2017-01-12 11:36:27 dirmngr[867.6] connection from process 869 (1000:1000)
2017-01-12 11:36:27 dirmngr[867.6] handler for fd 6 terminated

Jan 12 2017, 5:38 PM · Debian, Bug Report, gnupg, dirmngr
dkg added a comment to T2902: dimrngr over tor fails obscurely on IPv6 records when NoIPv6Traffic flag is set.

Here's the reproducer script i'm using:

--------

#!/bin/bash

WORKDIR=$(mktemp -d)
export GNUPGHOME="$WORKDIR/gpg"
mkdir -p -m 0700 "$GNUPGHOME"
cat > "$GNUPGHOME/dirmngr.conf" <<EOF
debug dns,network
verbose
use-tor
log-file $WORKDIR/dirmngr.log
EOF

gpg --recv 126C0D24BD8A2942CC7DF8AC7638D0442B90D010

gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye

cat "$WORKDIR/dirmngr.log"

rm -rf "$WORKDIR"

I just ran it three times in a row, and i got three different results, which
i'll paste as separate messages for easier visibility.

Jan 12 2017, 5:37 PM · Debian, Bug Report, gnupg, dirmngr
werner added a comment to T2902: dimrngr over tor fails obscurely on IPv6 records when NoIPv6Traffic flag is set.

Can you run dirmngr with

debug dns,network
verbose

I don't think that gnutls debug is required.

Jan 12 2017, 12:32 PM · Debian, Bug Report, gnupg, dirmngr
dkg added a comment to T2902: dimrngr over tor fails obscurely on IPv6 records when NoIPv6Traffic flag is set.

They don't solve the bug for me, unfortunately. with those patches applied, i
now get "permission denied" errors:

an 11 15:57:18 alice dirmngr[20203]: DBG: gnutls:L3: ASSERT:
mpi.c[_gnutls_x509_read_uint]:246
Jan 11 15:57:18 alice dirmngr[20203]: DBG: gnutls:L5: REC[0x7f07c0008640]:
Allocating epoch #0
Jan 11 15:57:18 alice dirmngr[20203]: can't connect to
'2a02:898:31:0:48:4558:73:6b73': Permission denied
Jan 11 15:57:18 alice dirmngr[20203]: error connecting to
'https://[2a02:898:31:0:48:4558:73:6b73]:443': Permission denied

which also don't mark the IPv6 address as dead, so they're effectively permanent
until i clear them out.

As a workaround, i've been clearing out all IPv6 addresses with this terrible hack:

0 dkg@alice:~$ cat bin/dirmngr-flush-ipv6
#!/bin/bash

drop all IPv6 keyservers from dirmngr:

gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye |\

awk '/\[.*:.*\]/{ print "keyserver --dead " $5 } ' |\
gpg-connect-agent --dirmngr

0 dkg@alice:~$

Jan 12 2017, 12:37 AM · Debian, Bug Report, gnupg, dirmngr

Jan 11 2017

werner added a comment to T2902: dimrngr over tor fails obscurely on IPv6 records when NoIPv6Traffic flag is set.

I just pushed two patches:
76fb2fe dirmngr: Mark hosts dead on ENETDOWN.
09aeac4 dirmngr: Fix Tor access for v6 addresses.
which should solve this bug.

Jan 11 2017, 4:48 PM · Debian, Bug Report, gnupg, dirmngr
werner added a project to T2902: dimrngr over tor fails obscurely on IPv6 records when NoIPv6Traffic flag is set: Restricted Project.
Jan 11 2017, 4:48 PM · Debian, Bug Report, gnupg, dirmngr
werner added a comment to T2902: dimrngr over tor fails obscurely on IPv6 records when NoIPv6Traffic flag is set.

The reason why we see an EINVAL for a v6 address is that
we create the socket for AF_INET6 but then use that very socket with AF_INET to
sonnect to the socks5 proxy. Cleary a socket for v6 can't be used to connect to
a v4 address.

Jan 11 2017, 12:51 PM · Debian, Bug Report, gnupg, dirmngr

Jan 10 2017

werner added a project to T2917: --locate-key should re-fetch key via WKD if it is expired: gnupg (gpg22).
Jan 10 2017, 5:30 PM · gnupg (gpg22), Bug Report
werner added a comment to T2917: --locate-key should re-fetch key via WKD if it is expired.

Good point.

Jan 10 2017, 5:30 PM · gnupg (gpg22), Bug Report

Jan 9 2017

hanno set Version to 2.1.17 on T2917: --locate-key should re-fetch key via WKD if it is expired.
Jan 9 2017, 3:48 PM · gnupg (gpg22), Bug Report
hanno added projects to T2917: --locate-key should re-fetch key via WKD if it is expired: gnupg, Bug Report.
Jan 9 2017, 3:48 PM · gnupg (gpg22), Bug Report
hanno added a comment to T2917: --locate-key should re-fetch key via WKD if it is expired.

940_root.asc7 KBDownload

Jan 9 2017, 3:48 PM · gnupg (gpg22), Bug Report
werner added a project to T2745: gpg 2.1.15, *no* keyservers found for submit/recv, "DNS query returned an error or no records: No such domain (nxdomain)": Restricted Project.
Jan 9 2017, 10:57 AM · gnupg, Bug Report, dirmngr
werner added a comment to T2745: gpg 2.1.15, *no* keyservers found for submit/recv, "DNS query returned an error or no records: No such domain (nxdomain)".

Please try current master where I hopefully fixed T2451. This may also fix
this issue.

Jan 9 2017, 10:57 AM · gnupg, Bug Report, dirmngr
werner added a project to T2451: _hkp_tcp SRV record doesn't work: Restricted Project.
Jan 9 2017, 10:55 AM · gnupg, Bug Report, dirmngr
werner added a comment to T2451: _hkp_tcp SRV record doesn't work.

Fixed in master:

0cc975d dirmngr: Use "pgpkey-hkps" and "pgpkey-hkp" for SRV record lookups.
c2cbe2f dirmngr: Do not use a SRV record for HKP if a port was specified.

Jan 9 2017, 10:55 AM · gnupg, Bug Report, dirmngr
werner claimed T2451: _hkp_tcp SRV record doesn't work.
Jan 9 2017, 9:37 AM · gnupg, Bug Report, dirmngr
werner added a comment to T2745: gpg 2.1.15, *no* keyservers found for submit/recv, "DNS query returned an error or no records: No such domain (nxdomain)".

This seems to be closely related to T2451.

The ML discussion started during my fall vacation and thus scrolled out of my
sight :-(. While doing some unrelated SRV experiments yesterday, I figured the
problem myself and K_F pointed me to the discussion.

The actual cause for the bugs might be that I missed to forward-port David's
patch from 2009 for changing the service name to the 2.1 branch. I will further
investigate. The move to libdns introduced other bugs and covered the actual bug.

Jan 9 2017, 9:36 AM · gnupg, Bug Report, dirmngr

Jan 6 2017

neal added projects to T2915: Key import on a machine with date moved back: gnupg, Bug Report.
Jan 6 2017, 9:25 PM · Bug Report, gnupg
werner added a project to T2907: make DNS look ups more parallel: gnupg (gpg23).
Jan 6 2017, 7:20 PM · Feature Request, gnupg
werner added a comment to T2908: dirmngr can't be build w/o LDAP.

We should use the wrapper as long as we don't have full control over libldap
(select, timeout, etc.)

Jan 6 2017, 7:13 PM · dirmngr, gnupg (gpg22), Bug Report, gnupg
werner added a project to T2908: dirmngr can't be build w/o LDAP: gnupg (gpg22).
Jan 6 2017, 7:13 PM · dirmngr, gnupg (gpg22), Bug Report, gnupg
werner renamed T2908: dirmngr can't be build w/o LDAP from dirmngr, ldap, dirmngr_ldap, and the ldap "wrapper" to dirmngr can't be build w/o LDAP.
Jan 6 2017, 7:12 PM · dirmngr, gnupg (gpg22), Bug Report, gnupg
werner added a project to T2908: dirmngr can't be build w/o LDAP: dirmngr.
Jan 6 2017, 7:12 PM · dirmngr, gnupg (gpg22), Bug Report, gnupg
werner added a comment to T2911: Key creation problem with 2.1.16 (passphrase param).

Workaround is to use --passphrase

Jan 6 2017, 7:07 PM · Bug Report, gnupg
werner added a project to T2914: TOFU Conflict Status fd output broken: rc.
Jan 6 2017, 7:06 PM · rc, Bug Report, gnupg, TOFU
werner added a project to T1426: the way gpg updates the pubring files makes it impossible to symlink it: Won't Fix.
Jan 6 2017, 7:04 PM · Won't Fix, gnupg, Feature Request
werner closed T1424: gpg --quiet doesn't suppress messages "requesting key XXX ..." / noise on STDERR/STDOUT as Resolved.
Jan 6 2017, 7:00 PM · gnupg, Debian, Feature Request
werner added a comment to T1424: gpg --quiet doesn't suppress messages "requesting key XXX ..." / noise on STDERR/STDOUT.

In 2.1 --quit is honored here

Jan 6 2017, 7:00 PM · gnupg, Debian, Feature Request
werner added a project to T1345: gpg should try to connect using HTTP if HKP fails: Won't Fix.
Jan 6 2017, 6:59 PM · Won't Fix, gnupg, Feature Request
werner closed T1345: gpg should try to connect using HTTP if HKP fails as Resolved.
Jan 6 2017, 6:59 PM · Won't Fix, gnupg, Feature Request
werner added a comment to T1345: gpg should try to connect using HTTP if HKP fails.

There are keyservers which listen on port 80 or 443. They can be used in such
cases. See https://sks-keyserver.net.

Jan 6 2017, 6:59 PM · Won't Fix, gnupg, Feature Request
werner closed T1148: 1.4.x pinpad support (reader covadis vega-alpha => cannot used secure PIN) as Resolved.
Jan 6 2017, 6:55 PM · Won't Fix, gnupg (gpg14), Feature Request, gnupg
werner added a project to T1148: 1.4.x pinpad support (reader covadis vega-alpha => cannot used secure PIN): Won't Fix.
Jan 6 2017, 6:55 PM · Won't Fix, gnupg (gpg14), Feature Request, gnupg
werner closed T1255: No output on status-fd if user cancels as Resolved.
Jan 6 2017, 6:53 PM · Too Old, Info Needed, gnupg, Feature Request
werner added projects to T1255: No output on status-fd if user cancels: Info Needed, Too Old.
Jan 6 2017, 6:53 PM · Too Old, Info Needed, gnupg, Feature Request
werner added projects to T2267: Fix "Invalid Parameter passed to C runtime function" warnings on Windows: Windows, Restricted Project, Windows 32.
Jan 6 2017, 6:50 PM · Windows 32, Windows, gnupg, gpgagent, Feature Request
werner added a comment to T2267: Fix "Invalid Parameter passed to C runtime function" warnings on Windows.

Actually we do not need that function on Windows. It is on Unix called at
startup to get a list of files not to close. On Windows we do not need to close
the files before a CreateProcess and thus close_all_fds is a dummy anyway.

I removed calling this function under Windows. To go into 2.1.18.

Jan 6 2017, 6:50 PM · Windows 32, Windows, gnupg, gpgagent, Feature Request
werner added a project to T2398: finger support using SRV DNS records: gnupg (gpg22).
Jan 6 2017, 6:29 PM · gnupg, Feature Request, dirmngr
werner added a project to T1173: gpg has no easy way to view the reason and description of revocation sigs: gnupg (gpg22).
Jan 6 2017, 6:27 PM · gnupg, Debian, Feature Request
werner renamed T1173: gpg has no easy way to view the reason and description of revocation sigs from gnupg: has no easy way to view the reason and description of revocation sigs to gpg has no easy way to view the reason and description of revocation sigs.
Jan 6 2017, 6:27 PM · gnupg, Debian, Feature Request
werner added a comment to T1537: gpgv does not handle expired or revoked keys.

I do not think that an expired key should be ignored. The reason is that it
won't be possible to verify an old package because it is common that keys expire
at some time. This does not say anything on whether the key has been compromised.

However, if a key has been revoked, that might be be an indication that the key
has been comprimised and that old signature may have been replaced by faked
ones. I would agree to return failure in this case.

Jan 6 2017, 6:25 PM · Feature Request, gnupg
werner added a project to T1537: gpgv does not handle expired or revoked keys: gnupg (gpg22).
Jan 6 2017, 6:25 PM · Feature Request, gnupg
werner closed T1986: gpg-1 should fallback to ~/.gnupg/S.gpg-agent as Resolved.
Jan 6 2017, 6:16 PM · gnupg, Fedora, Feature Request
werner added a comment to T1986: gpg-1 should fallback to ~/.gnupg/S.gpg-agent.

I would suggest to add

gpgconf --launch gpg-agent
GPG_AGENT_INFO="$(gpgconf --list-dirs agent-socket):-1:1"
export GPG_AGENT_INFO

to your startup script. This starts gpg-agent and sets the correct socket name
into the envar.

Jan 6 2017, 6:16 PM · gnupg, Fedora, Feature Request
werner added a project to T2081: g10/keydb.c:maybe_create_keyring_or_box doesn't check for EACCESS: Restricted Project.
Jan 6 2017, 5:51 PM · gnupg, Feature Request
werner added a comment to T2081: g10/keydb.c:maybe_create_keyring_or_box doesn't check for EACCESS.

I recently di this change:

  • return 0;

+ return !access (filename, R_OK)? 0 : gpg_error (GPG_ERR_EACCES);

(commit 5d13581f4737c18430f6572dd4ef486d1ad80dd1)

Does that solve your problem?

Jan 6 2017, 5:51 PM · gnupg, Feature Request
werner added a project to T2106: Support SHA-256 fingerprints for ssh: gnupg (gpg22).
Jan 6 2017, 5:47 PM · gnupg (gpg22), gnupg, ssh, Feature Request
werner added a comment to T2106: Support SHA-256 fingerprints for ssh.

Adding %f does not help much because it is only used internally. I would be in
favor of adding an ssh-key-mode option so that the user can select the hash algo
and the output format.

Jan 6 2017, 5:47 PM · gnupg (gpg22), gnupg, ssh, Feature Request
werner lowered the priority of T2233: Missing feedback when sending key to key server from Normal to Wishlist.
Jan 6 2017, 5:41 PM · gnupg, Feature Request
werner added a project to T2381: Add more support for profiles in gpgconf: gnupg (gpg22).
Jan 6 2017, 5:39 PM · In Progress, gnupg (gpg22), gnupg, Feature Request
werner removed a project from T2381: Add more support for profiles in gpgconf: gnupg (gpg21).
Jan 6 2017, 5:39 PM · In Progress, gnupg (gpg22), gnupg, Feature Request
werner added a project to T2912: command line keytocard: gnupg (gpg22).
Jan 6 2017, 5:37 PM · gnupg (gpg23), Feature Request
werner closed T1964: make distclean forgets tests/crls.d and tests/S.dirmngr as Resolved.
Jan 6 2017, 5:36 PM · Bug Report, gnupg
werner added a comment to T1964: make distclean forgets tests/crls.d and tests/S.dirmngr.

The tests framework has anyway been reworked and thus I doubt that this is still
a bug.

Jan 6 2017, 5:36 PM · Bug Report, gnupg
aheinecke added projects to T2914: TOFU Conflict Status fd output broken: TOFU, gnupg, Bug Report.
Jan 6 2017, 5:34 PM · rc, Bug Report, gnupg, TOFU
aheinecke set Version to master on T2914: TOFU Conflict Status fd output broken.
Jan 6 2017, 5:34 PM · rc, Bug Report, gnupg, TOFU
werner added a project to T2115: Spurious error on symmetric encryption: Not A Bug.
Jan 6 2017, 5:34 PM · Not A Bug, gnupg, Bug Report
werner closed T2115: Spurious error on symmetric encryption as Resolved.
Jan 6 2017, 5:34 PM · Not A Bug, gnupg, Bug Report
werner closed T2118: Command --quick-gen-key ignores --default-cert-expire, --edit-key ignores --default-sig-expire as Resolved.
Jan 6 2017, 5:33 PM · Won't Fix, gnupg (gpg21), Bug Report, gnupg
werner added a project to T2255: Doesn't import secret key on console mode: Not A Bug.
Jan 6 2017, 5:31 PM · Not A Bug, Bug Report, gnupg
werner closed T2255: Doesn't import secret key on console mode as Resolved.
Jan 6 2017, 5:31 PM · Not A Bug, Bug Report, gnupg
werner removed a project from T2273: Using GPA and Kleopatra in gpg4win does not allow you to change cipher-algo: Unreleased.
Jan 6 2017, 5:30 PM · gnupg, Bug Report, S/MIME
werner raised the priority of T2387: GNUPGHOME with newlines breaks standard parsing of gpgconf --list-dirs from Low to Normal.
Jan 6 2017, 5:29 PM · gnupg (gpg22), Bug Report, gnupg
werner added a project to T2387: GNUPGHOME with newlines breaks standard parsing of gpgconf --list-dirs: gnupg (gpg22).
Jan 6 2017, 5:29 PM · gnupg (gpg22), Bug Report, gnupg
werner added a project to T2423: configure: error: Sorry, the current implemenation requires mmap. due to empty CFLAGS (missing -fPIC): gnupg (gpg22).
Jan 6 2017, 5:26 PM · gnupg (gpg22), Bug Report, gnupg
werner raised the priority of T2423: configure: error: Sorry, the current implemenation requires mmap. due to empty CFLAGS (missing -fPIC) from Low to Normal.
Jan 6 2017, 5:26 PM · gnupg (gpg22), Bug Report, gnupg
werner added a project to T2397: error messages from gpg_keys_hkp's stderr are printed in gpg's stdout: gnupg (gpg14).
Jan 6 2017, 5:24 PM · gnupg (gpg14), Bug Report, gnupg
werner closed T2406: Sockets created in GNUPGHOME instead of /run/user/UID/gnupg if specified. as Resolved.
Jan 6 2017, 5:22 PM · Not A Bug, Bug Report, gnupg
werner closed T2427: Allow universal --batch more, with STDIN reads as Resolved.
Jan 6 2017, 5:21 PM · Won't Fix, Not A Bug, Bug Report, gnupg
werner added a comment to T2736: gnupg 1.4 fixed-list-mode fails to take effect when listing keys.

A major problem with gpg FILE-WITH-KEYS is that its behaviour was never well
defined and it is more a side effect than a a reguarl feature.

It should be fixed, however.

Jan 6 2017, 5:20 PM · gnupg (gpg14), Bug Report, gnupg
werner added a project to T2736: gnupg 1.4 fixed-list-mode fails to take effect when listing keys: gnupg (gpg14).
Jan 6 2017, 5:20 PM · gnupg (gpg14), Bug Report, gnupg
werner raised the priority of T2741: --quick-gen-key prints duplicate fingerprint from Low to Normal.
Jan 6 2017, 5:17 PM · Bug Report, gnupg
werner raised the priority of T2851: redefinition of typedef 'rfc822parse_t' from Low to Normal.
Jan 6 2017, 5:16 PM · Bug Report, gnupg
neal added a comment to T2912: command line keytocard.

Also see: https://github.com/mabels/gnupg/tree/quick-keytocard

Jan 6 2017, 5:15 PM · gnupg (gpg23), Feature Request
werner added a project to T2907: make DNS look ups more parallel: Feature Request.
Jan 6 2017, 5:13 PM · Feature Request, gnupg
werner removed a project from T2907: make DNS look ups more parallel: Bug Report.
Jan 6 2017, 5:13 PM · Feature Request, gnupg
werner lowered the priority of T2907: make DNS look ups more parallel from Low to Wishlist.
Jan 6 2017, 5:13 PM · Feature Request, gnupg
werner added a comment to T2236: Importing a key with badly ordered packets doesn't reorder it, and while --edit-key does reorder it doesn't move the signature packets to the right place.

From the ML:

Hi there,

Some keys are found on the keyserver network with non-self signatures
incorrectly attached to a subkey instead of a UID (cf. Issue2236).

Since 2.1.13 it's possible to reorder fix these keys by running the
‘check’ command of the gpg shell. However the procedure currently has
to be repeated after refreshing the keyring, since each --refresh-keys
command downloads the badly ordered key again.

In T2236 (wk on May 06 2016, 08:18 PM / Roundup) Werner wrote that “We will eventually call that reorder
function during import. But let's wait for bug reports with the
--edit-key triggered code.” This code has been working fine for me
since 2.1.13, so I was wondering if it could be activated for --import
(and --recv-key) in 2.1.18? (So we get this in the next Debian stable
:-)

Moreover, as Neal pointed out to me privately, there is no overhead for
keys that don't have incorrectly placed signature packets.

Thanks!

Cheers,

Guilhem.

Jan 6 2017, 5:10 PM · gnupg (gpg22), Bug Report
neal added a project to T2236: Importing a key with badly ordered packets doesn't reorder it, and while --edit-key does reorder it doesn't move the signature packets to the right place: gnupg (gpg22).
Jan 6 2017, 3:57 PM · gnupg (gpg22), Bug Report
neal added projects to T2912: command line keytocard: Feature Request, gnupg.
Jan 6 2017, 3:33 PM · gnupg (gpg23), Feature Request
neal set External Link to https://lists.gnupg.org/pipermail/gnupg-devel/2016-November/032235.html on T2911: Key creation problem with 2.1.16 (passphrase param).
Jan 6 2017, 3:25 PM · Bug Report, gnupg
neal added projects to T2911: Key creation problem with 2.1.16 (passphrase param): gnupg, Bug Report.
Jan 6 2017, 3:25 PM · Bug Report, gnupg
neal set Version to 2.1.15 on T2909: GnuPG 2.1.15 - delete-secret-keys seems not to accept loopback pinentry.
Jan 6 2017, 2:59 PM · Bug Report, gnupg
neal set External Link to https://lists.gnupg.org/pipermail/gnupg-devel/2016-November/032168.html on T2909: GnuPG 2.1.15 - delete-secret-keys seems not to accept loopback pinentry.
Jan 6 2017, 2:59 PM · Bug Report, gnupg
neal added projects to T2909: GnuPG 2.1.15 - delete-secret-keys seems not to accept loopback pinentry: gnupg, Bug Report.
Jan 6 2017, 2:59 PM · Bug Report, gnupg
neal added projects to T2908: dirmngr can't be build w/o LDAP: gnupg, Bug Report.
Jan 6 2017, 2:35 PM · dirmngr, gnupg (gpg22), Bug Report, gnupg
neal added projects to T2907: make DNS look ups more parallel: gnupg, Bug Report.
Jan 6 2017, 1:02 PM · Feature Request, gnupg
neal updated subscribers of T2907: make DNS look ups more parallel.
Jan 6 2017, 1:02 PM · Feature Request, gnupg
ikarisan added a comment to T2903: "gpg --card-status" does not add any entries to the private key ring.

Hi!

I am using a GPG smartcard and a YubiKeyNEO. And with GnuPG 2.0.xx it was
possible to
add the private keys' reference (on the card) to the keyring by calling:

gpg --card-edit

fetch

gpg --card-status

But now with GnuPG 2.1.17 this seems no longer be possible.
After fetching the public key for the card and calling "gpg --card-status"
the keys
are listed as public keys only but not as private keys. So I cannot set
their trust
level to ultimate or use them to encrypt my mails. :(

gpg --card-status

Reader ...........: SCM Microsystems Inc. SCR33x USB Smart Card Reader 0
Application ID ...: D2760001240102000000000000020000
Version ..........: 2.0
Manufacturer .....: test card
Serial number ....: 00000002
Name of cardholder: Thorsten Reichelt
Language prefs ...: de
Sex ..............: männlich
URL of public key : http://pgp.kleiner-androide.de/0xCCF6EF60.asc
Login data .......: shinji
Signature PIN ....: nicht zwingend
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry
counter : 3 3 3
Signature counter : 26
Signature key ....: 2545 D3E3 0C41 32EE 3A25 B663 5892 4EF3 CCF6 EF60

created ....: 2016-10-15 21:20:40

Encryption key....: BAE5 99FF 4F3D AB19 60C0 B0B8 0984 52C3 1AFA A499

created ....: 2016-10-15 21:20:40

Authentication key: 9293 BD4E 9BD9 CCC9 6221 8AB0 0E98 95D4 E7AD 8B07

created ....: 2016-10-15 21:23:09

General key info..: pub rsa2048/58924EF3CCF6EF60 2016-10-15 Thorsten
Reichelt
<XXXXXX@thorsten-reichelt.de>
sec# rsa2048/58924EF3CCF6EF60 erzeugt: 2016-10-15 verfällt: niemals
ssb# rsa2048/098452C31AFAA499 erzeugt: 2016-10-15 verfällt: niemals
ssb# rsa2048/0E9895D4E7AD8B07 erzeugt: 2016-10-15 verfällt: niemals

gpg -K

gpg -k

C:/Users/shinji/AppData/Roaming/gnupg/pubring.kbx

pub rsa2048 2016-10-15 [SC]

2545D3E30C4132EE3A25B66358924EF3CCF6EF60

uid [ unbekannt ] Thorsten Reichelt <XXXXXXX@thorsten-reichelt.de>
sub rsa2048 2016-10-15 [E]
sub rsa2048 2016-10-15 [A]

Jan 6 2017, 2:11 AM · Info Needed, Bug Report, gnupg
ikarisan added projects to T2903: "gpg --card-status" does not add any entries to the private key ring: gnupg, Bug Report.
Jan 6 2017, 2:09 AM · Info Needed, Bug Report, gnupg
ikarisan set Version to 2.1.17 on T2903: "gpg --card-status" does not add any entries to the private key ring.
Jan 6 2017, 2:09 AM · Info Needed, Bug Report, gnupg

Jan 5 2017

dkg added a comment to T2902: dimrngr over tor fails obscurely on IPv6 records when NoIPv6Traffic flag is set.

I was wrong about Tor and IPv6 -- Tor has had IPv6 support for years, so
something else is wrong...

Jan 5 2017, 10:52 PM · Debian, Bug Report, gnupg, dirmngr
dkg set External Link to https://bugs.debian.org/849845 on T2902: dimrngr over tor fails obscurely on IPv6 records when NoIPv6Traffic flag is set.
Jan 5 2017, 10:47 PM · Debian, Bug Report, gnupg, dirmngr
dkg added projects to T2902: dimrngr over tor fails obscurely on IPv6 records when NoIPv6Traffic flag is set: dirmngr, gnupg, Bug Report, Debian.
Jan 5 2017, 10:02 PM · Debian, Bug Report, gnupg, dirmngr
dkg set Version to 2.1.17 on T2902: dimrngr over tor fails obscurely on IPv6 records when NoIPv6Traffic flag is set.
Jan 5 2017, 10:02 PM · Debian, Bug Report, gnupg, dirmngr
First
Prev
Next