Ok - thats good news.
Thank you very much for your analysis.

Any fix for this should be included in the test suite to avoid a regression :)

I can see the case for encryption subkeys. Signing subkeys are still useful after their expiration.

OK, I got the picture, now.

Well, my speculation of SERIALNO undefined may be wrong.

Thanks, I received the log file.

If you are encountering the problem, please

1. Check that you have updated your Windows operation system to the latest version and you've got all security updates. (As some necessary certificates may have come later with an update.)
2. Does the behaviour change if you "investigate the certificate chain" through -> Properties -> Digital Signatures?

Thank you for your efforts. Logfiles is in the mail

We recieved another mail by a customer about this issue today:

Thanks a lot for your testing. Here are my keys:

All right - that was quicker.
I deinstalled pcscd (apt remove pcscd)
I changed .gnupg/scdaemon.conf as you proposed.
I tried again to decrypt the message (in the meantime I have a file) which works decrypting withoutl SmartCard when I use it on a pc with the key.
Still failed. Can I send you the Logfile encrypted ? If so - what is you eMail / key.

As said - it took me a while. Sorry for the delay.
I could dig out the Key in some archives. So I was able to test the decryption of the message on a computer without smartcard.
It worked.

Thanks for your report. This is because GnuPG 2.2.4 now requires newer libassuan (in order to fix a race condition).

Thanks a lot. I'm going to push the fix to 2.2 (and then master).
In short, it was the bug in ccid-driver of scdaemon, which was introduced last year when I enhanced it to support multiple card readers at once.

Yes, thank you, the smartcard is being recognized now.

Thanks (again). According to the status code (bStatus), the card reader said no card is available.
Could you please remove the card and re-insert it, and do 'gpg --card-status'?

After

patch -i scdaemon-fix-for-inactive-start.diff scd/ccid-driver.c

the following log obtains.

Thanks a lot for your testing. Please test this patch:

After installing libusb-devel, and configure and make, this is the new log.

Thanks. I think that you configured GnuPG without libusb, thus, ccid-driver is not enabled, and you don't have pcscd installed. In this situation, no way to access any smartcard reader.

Please enable all debug information in scdaemon.conf, like:

verbose
verbose
debug-level guru
debug-all
debug-ccid-driver
log-file /run/user/1000/scdaemon-verbose.log

The file scdaemon.log is short and contains only:

2017-12-24 12:32:53 scdaemon[4347] écoute sur la socket « /run/user/1000/gnupg/S.scdaemon »
2017-12-24 12:32:53 scdaemon[4347] gestionnaire pour le descripteur -1 démarré
2017-12-24 12:32:53 scdaemon[4347] pcsc_establish_context failed: no service (0x8010001d)

Thanks for your testing. please give me scdaemon.log with updated scdaemon.

With latestes master, there still appears:

--- ~ » gpg --card-status                                          2 ↵
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: selecting openpgp failed: Aucun périphérique de ce type
gpg: la carte OpenPGP n'est pas disponible : Aucun périphérique de ce type

im on devuan jessie

All fixed (or marked fuzzy) except for master which will be done with the next merge from 2.2.

As answered in the forum: https://wald.intevation.org/forum/forum.php?thread_id=1837&forum_id=21&group_id=11 :

Unsupported Protocol means that GpgOL can't find your GnuPG installation. Maybe something went wrong during the install of Gpg4win?

OK. I realized that msgfmt -c only works when #, c-format exist.
To check all problems, I did something like following for 1.4, 2.0, 2.2, and master:

Thanks for the report. It seems there has been this bug for four years.
I don't know the reason why msgfmt -c doen't show us the error.
Fixed in repos of GnuPG 1.4, 2.2, 2.0 and master.

It also happens with gpg1.4.22 with --gen-key option.

Hi @hs,
given that you have used the instructions from the link above to look at the message,
I'll take it that you are using an IMAP/SMTP setup for mail transportation?

A signed but not encrypted message appears in the same way (visible in Sent, empty in Inbox)

Looking at the messages from above using another PC, same Windows 7 and Outlook 2010 but Gpg4Win 2.3.3 :

• received message in Inbox is decrypted shown correctly inline both in preview and opening it
• original message in Sent is not decrypted, but shown as encrypted with gpgolXXX.dat attachment

Hence, it shows the opposite behavior to the 3.0.2 handling.

You start Windows Explorer (the file manager thingy)

I feel dumb for asking this, but I'm a Mac guy, and my client is on Windows 10. How do I exactly "move away the data directory"?

One problem seems to be that the content of Inbox message differs from this one in the Sent folder (10 vs. 20 KB).
The content of the Inbox is shown as empty, even using the "show source" option. Saving the message as plain text shows a PGP part inside, but this is ignored by Outlook.
I tried this advice:
How to view the message source in Outlook
But the result is the same, after maked as read, the message becomes unreadable.

Ok I apologize for my ignorance as I've been desperate for help with not many places to turn to. Thank you very much

yes. That is the whole point of public key encryption. Please read one of the suggested intros or
ask for help at the gnupg-users@gnupg.org ML.

Ah man. So let me ask you for clarification in case I am not understanding this right. You're saying I encrypted the message with someone else's public key?

I could somewhat reproduce this problem when I disconnected the connection to Exchange from my Outlook and then tried to respond to an exchange mail. Although for me Outlook did not Hang and an error message (with a General Error) showed up.

• fresh install of Gpg4Win 3.0.2
• reboot
• openening Outlook 2010 with only one plugin (GpgOL)
• sending an encrypted email to myself
• trying to open that email (no content)

1. exit gnupg software;
2. ctrl+shift+esc: end the process that starts with the 'GnuPG's ...' character~；
3. windows + r : %appdata%, delete ‘gnupg’ directory；

Thanks for the report and the log.
I see the problem. In your case of a reply outlook does not give us the SMTP address for the recipient but an Exchange DN

@aheinecke Because it was mentioned in another comment, I've tried to restart Outlook with the GpgOl plugin enabled, only. Same result. But the fact that I could see the message just after arrival, but not in a second approach may point in a direction that incoming messages are processed by an server-based filter changing potentially vulnerable email content (as embedded links).
I could try to log the complete process of sending an email to myself, decrypting once and failing in a second trail. This would actually increase the size of the log file.

@hs Your log is interesting but I don't yet understand it. We see a "Load" event for an encrypted mail, create our internal data modelling. But later there is a mismatch between the reference Outlook gives us and our internal reference (Failed to find mail in map).
Out of the blue there might be something I could do in that case but it's still somewhat unclear to me why this state occurs.

Looking an example code of http://g10code.com/docs/openpgp-card-v21-free-source.zip (Note that this is just an example code), 6A88 can be occurred for PSO:DECIPHER when:

Well, I meant to do this on the command line (cmd.exe). Replace INFILE with the name of the encrypted file and OUTFILE is the name of the file which will receive the decrypted data. You can't do that in the clipboard.

I included two pictures of what is going on. The first picture is what I get from trying to decrypt the line that you gave me. The second picture is the original issue I was having. I do appreciate your help

It all depends on your system. This is why this is an _option_.

Can you please try to decrypt this message on the command line:

I also have had this problem. I just opened up my laptop for the first time in years. I was trying to decrypt text I encrypted years ago but I get that same error stated in the original post. Now I just remind you, this was encrypted years ago. In the encrypted message, after it says "begin pgp message," it says "version: GnuPg v2.0.20 (MingW32)" i am not sure if that matters, but that is all i have to give on my end other than i am currently using gpa 0.9.10 GnuPG 2.2.3

Perhaps as a last word on this it may be reasonable to remove that strange "--enable-hmac-binary-check" as it does cause problems.

Just installed Gpg4Win 3.0.2.
Had a very similar effect with Windows 7 / Outlook 2010:

• Sending an encrypted e-mail to myself.
• E-mail will be decypted once after receiving.
• After that, e-mail is shown as "unsecure" and with empty message body (both in preview and own window).
• E-mail in "Sent" folder still decryptable with right content.

I've added gpgol.log for opening Outlook again after receiving the e-mail (with empy body, now).

Please reopen or comment if that problem still happens if you move away the gnupg home directory.

Case Insensitive Sorting is fixed with:
https://commits.kde.org/kleopatra/856aad228a81f542f821209ae2c796d9b7160263

Great, many thanks.

no i have not any software that interfieres.

Strange, do you have any unusual Group Policies or some "Security Software" that might interfere with the running of GPA / Kleopatra (they open a local socket).

The fatal bug you reported can happen if the process is running out of secure memory. In general it should return an error but there is one place where we assumed the allocation would always succeed. This has meanwhile changed in the repo and will go into 1.8.2 However, this is not the real problem you have but just a wrong error behaviour.

I can reproduce that problem and have opened T3614 for this.

Hi, first of all I want to report back that with beta15 that the following issues did NOT arise anymore, fantastic!

Please open another report, not reusing similar. I don't think it's same bug.
Please note that GnuPG's ssh is not fast enough (intentionally), its rate is usually ten connections per second.

I'm seeing something quite similar - same setup, osx and it only shows when using ansible. I'm on gnupg 2.2.3, also saw same using "GPG Suite 2017.2".

gpa not starting as well

Thanks a lot. Please note that there is a bit of possibility the messages which cause failure are one of attack vectors. (While most likely case is they are generated by broken implementation.)

Im mean GnuPG fails for messages from a particular sender, while it works for messages from other senders.

I only installed 3.0.2 this morning so this hasn't had much of a chance to happen.

Version 1.8.1. The full output is

OKay, mail lists. I didn't see that option but I will subscribe to the gnupg-users list and keep quiet. However in the mean while I can tell you that the removal of the configure options "--enable-large-data-tests --enable-hmac-binary-check --disable-O-flag-munging --disable-optimization " results in perfect test reports. Thank you.

Wow. Well thank you Werner becasue I have never seen the term used. It is precisely correct and yet the defacto style of the day seems to be "megabytes" but "mebibytes" is the correct term :

mebibytes is not a spelling error but the correct unit (abrev is MiB).

Your comments in the output were hard to find. Thus my comment to explain the bug.
You are using non default options and in particular the hmac binary check. The latter was written a couple of years ago for an older Redhat version and it might well be broken in the meantime.

Minor spelling typo :