nice, i'm glad to hear you've got something working, @matheusmoreira ! if you can point to your branch, or send patches here so that other folks can review, that would be great.

Ha, fancy that, I just added the method of using gpg-connect-agent to our new handbook, I agree that having a --delete-secret-subkeys command would be incredibly handy here.

I managed to make it work on my branch: gpg --delete-secret-key FPR! deletes just that key and no others! I will prepare a patch for this specific change and then try to implement the --delete-secret-subkeys command.

Screenshots were sent by e-mail to you. Thunderbird and Outlook screenshots are different.

I am quite sure! Because, (1) I opened both mails on another computer were Thunderbird is installed. Both signatures can be verified on both accounts with Thunderbird. Both mails were sent out with PGP signature by HPI Identity Leak Checker Team, so the signature generally works fine. (2) If I save the key which is as asc file in the attachment (in the account which does not work) on computer and perform then a check of the signature, I receive a input / output error in Kleopatra. I will make some screenshots, and I´ll send it by mail to you.

Are you sure that it is related to accounts and not to the mail? E.g. if you copy that mail from the second account to the first account, is it verified then?

Thank you very much!

makes sense to me. I've applied your patch so it will be part of the next release.

FWIW, with 4a130bbc2c2f4be6e8c6357512a943f435ade28f I fixed a similar report by @syscomet but lacking a test case this was a blind flight ("This patch is not tested but a good guess."). Thanks for tracking it down.

That might have been a regression since one of the Phrabricator updates (we need to apply out own patches each time).

Minor

For reference our downstream tracker of this is https://bugs.gentoo.org/683254 including patches

The patch touches src/Makefile.am. You need to run automake to update src/Makefile.in.
In the patch, it uses pkg_namespace variable to have prefix 'errnos_'.

This bug makes it impossible to use gpg-agent as ssh-agent for keys generated from gnupg.
(How should I understand what passphrase should I enter?)
The only way is to load them with ssh-add.

Paul Wouters writes to me:

I just noticed that dirmngr(8)'s documentation for its --keyserver option says:

Note that even sending a HUP to dirmngr, when it is in this autodetection mode that observed tor at the start, is insufficient to have it re-run the autodetection. You have to explicitly terminate dirmngr to get it to unlearn the autodetected presence of Tor. This is subtly hinted at in dirmngr(8), but no justification is given for it.

I think I identified the bug. A fix is pushed.

Before the SEGV, calling a handler in _gpgme_io_close is strange:

GPGME 2019-04-11 12:24:58 <0x660e>        _gpgme_io_close: check: fd=0x22 invoking close handler 0x7f341d8b8960/0x7f33f0003930

Because the file descriptor 0x21 and 0x22 is allocated by _gpgme_io_pipe, and there should be no handler(s) for those fds.
Either, the notify_table is screwed up, or there is a leak of fds.
I'd like to see the logs of all calls of _gpgme_io_set_close_notify and _gpgme_io_close.

Sorry, I overlooked. I think it is inside _gpgme_io_close calling the handler, and the handler segfaults.

I have a fix. I'll commit it later.

Apparently, it SEGV-ted itself by assert at line 468 in gpgme/src/engine.c.
For GpgSM, info->file_name is not assigned (while it is done by gpg and gpgconf).
The code hasn't been changed for a while, I don't know the exact reason why it becomes occur.

Done ! Thanks.

I'm not actually sure how workflow should be on the 'patches' interface at dev.gnupg.org.

Fix is ok for oss-fuzz

I think that the bug has been there. The commits of import.c revealed the problem with your particular input.

Thanks for your report. It was good you add "enter no passphrase for Alfa Test Key". Then, I saw the leak. (I misunderstood as if I needed the test environment.)
Anyway, I'm going to fix it now.

Can you see the problem and fix it with the given information?

Hello World

Hello World

Hello World

Added a fix to GnuPG, too (master and stable 2.2).

I've been studying the source code. When a fingerprint suffixed with ! is given as argument, the [do_delete_key](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/delkey.c;h=cc567384612ccf0dfd41d9e620d6cd5e759fd7b6;hb=HEAD#l50) function correctly classifies the search descriptor as exact and finds the correct key using [keydb_search](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keydb.c;h=8c067e1dfbfa7a6394e44dbed3bfaef5a4fa7c43;hb=HEAD#l1853). However, the handle returned by [keydb_get_keyblock](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keydb.c;h=8c067e1dfbfa7a6394e44dbed3bfaef5a4fa7c43;hb=HEAD#l1352) apparently includes the primary key and all subkeys associated with it. After confirming the action with the user, the function iterates over all PKT_PUBLIC_KEY and PKT_PUBLIC_SUBKEY packets present in the keyblock, obtains the keygrip of each key and asks gpg-agent to delete it.

I keep this ticket open, since it is also problem for other packages.

Fixed with: https://commits.kde.org/libkleo/245eff174331c49264d1248c529e0276e02e9e29

Thanks for the report. Indeed I can also reproduce it with my own key. For signatures from expired / revoked / disabled keys it shows "No public key" because GnuPG returns the same error in that case. We can fix that by looking up the key ourself.

By installation from version 2.3 an error occurred, I´ll send you a screenshot by e-mail. However, I have some comments to the current version which may also help: I have three keys, two on smart cards and one on a Yubikey. So long as only smart cards are used, it is no problem to change between the cards and they work fine. Problems occur, if a Yubikey comes in. (i) Not always a Yubikey is recognized by pressing F5. (ii) It the Yubikey is recognized and next a key from a smart card is needed, a computer restart is required.
I tried also command: gpgconf --kill gpg-agent
It was possible to change from smart card to Yubikey with the command. However, if the Yubikey 5 NFC was recognized, the only way to change back to the smart card was a restart of the computer.

We will do a new release in two or three weeks.