Please STOP adding such bug reports or feature requests. They are not helpful and such discussion are better done at the mailing list. In case you want to spend money to speed up things you may contact gnupg.com for a quote.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Jul 17 2019
Jul 17 2019
It is on on my private todo list but thanks for opening a public issue for tracking.
I should may add, that on the card which failed, only the signature key was generated and written to the card. The authentication and encryption keys could not be generated..
@gniibe Thanks for explaining the background. Are there any ideas for fixing? (e.g. the decrypted content could be checked for a valid packet structure or at least for starting with a valid packet header)
@stm it kind of is a last-resort already, given that it's only in the event where the signature creation dates are equal, but sure, i wouldn't mind adjusting the proposal to say that (sigs) means "sort by date, then issuer, then binary content" -- but what do we think "sort by issuer" means?
does the removal of the gpg22 tag mean that it will not be possible to rely on colon-delimited output for the gpg 2.2 series?
Jul 16 2019
Jul 16 2019
dkg added a comment to T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net`.
Just a note that we're now shipping this patch in debian unstable. It would be great if it was merged upstream.
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.
that pseudocode is strange to me -- it looks like you have (two) duplicate calls to clean_key (imported_keyblock) (though maybe i just don't know what .... means in this pseudocode).
• aheinecke committed rM6f4a886b30ca: core: Fix arg counting in enginge-gpg (authored by • aheinecke).
core: Fix arg counting in enginge-gpg
It was rG07250279e7ec: * keyedit.c (keyedit_menu): Invisible alias "passwd" as "password". in 2004, which set default to rfc2440-text behavior.
And in 2007, the commit rGb550330067b6: * gpg.c (main): Disable --rfc2440-text and --force-v3-sigs by default. changed the default to no-rfc2440-text.
• gniibe closed T4105: Inconsistent output for revocation keys in --list-keys --with-colons as Resolved.
Thanks, fixed in master.
doc: Fix description of the field 11.
Please do not change the priority back. That is a maintainer's task. I consider this along with adding replicas of issues to a bit rude.
Please do not change the priority back without discussing this with the maintainer first. Thanks.
• werner added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.
You are partly right. I missed that we also do clean the original keyblock while updating a key. The code is
I see. I am also mostly testing with ntbtls so I was wondering about the report. Thanks for reporting and fixing.
Laurent Montel <montel@kde.org> committed rLIBKLEOe7f5774b9873: GIT_SILENT: 19.12 is open (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: 19.12 is open
Current situation of *.pc: static linking is not supported (yet).
It has never supported, actually, by *-config.
While I understand incorrectness, the risk in practice is not that high. So, I put this as "normal" priority.
In the current implementation of GnuPG, multiple packets of Symmetric-Key Encrypted Session Key Packet are not handled very well.
• gniibe changed the status of T4594: dirmngr appears to unilaterally import system CAs from Open to Testing.
Pushed the change to master as well as 2.2 branch.
• gniibe committed rG58e234fbeb6c: dirmngr: Don't add system CAs for SKS HKPS pool. (authored by • gniibe).
dirmngr: Don't add system CAs for SKS HKPS pool.
• gniibe committed rG75e0ec65170b: dirmngr: Don't add system CAs for SKS HKPS pool. (authored by • gniibe).
dirmngr: Don't add system CAs for SKS HKPS pool.
gpg: Fix keyring retrieval.
gpg: Improve import slowness.
Jul 15 2019
Jul 15 2019
dkg committed rGbe99eec2b105: gpg: drop import-clean from default keyserver import options (authored by dkg).
gpg: drop import-clean from default keyserver import options
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.
I think dropping import-clean from the default keyserver options is the right way to go. It is not clear what additional benefit import-clean provides given that we are already using self-sigs-only. And the idea of non-additive behavior to the local keyring when pulling from a keyserver is a deeply surprising change for multiple users i've talked to.
johnmar raised the priority of T4530: libgcrypt: POWER SHA-2 Vector Acceleration from Normal to Needs Triage.
johnmar raised the priority of T4529: libgcrypt: POWER AES Vector Acceleration from Normal to Needs Triage.
dkg added a comment to T4591: gpg drops flooded certificates entirely if the certficate is too large, and gpg is using `pubring.kbx`.
The fact that import-clean modifies already-held certifications makes me think it is inappropriate to have as the default for keyserver access (see T4628 for more details).
Due to T4628, i no longer think that import-clean is a good idea by default.
dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.
I am proposing to backport rG33c17a8008c3ba3bb740069f9f97c7467f156b54 and rGa7a043e82555a9da984c6fb01bfec4990d904690 to STABLE-BRANCH-2-2 as they represent a significant performance improvement in several specific use cases and appear to have no downsides.
If you're on a platform that has awk available (any GNU/Linux and macOS should provide it), you can scan for the largest OpenPGP certificate in your keyring with an awk script i posted over at https://dev.gnupg.org/T3972#127356
How to find out which keys are affected?
You need to delete the flooded keys to make things go faster.
After waiting for far over an hour, Kleopatra read the keys. Now, things go faster (also in LibreOffice), but it still takes around 30 seconds, which is quite long.
gpg4win 3.1.10 did not fix this issue for me, neither in Kleopatra nor in LibreOffice.
• gniibe committed rC0147a5e69e49: tests: t-mpi-point: Remove implementation dependent checks. (authored by • gniibe).
tests: t-mpi-point: Remove implementation dependent checks.
• werner committed rC1c2cecbb35e1: sexp: Improve argument checking of sexp parser. (authored by • werner).
sexp: Improve argument checking of sexp parser.
• gniibe committed rC8a0bde8c211c: tests: t-mpi-point: Remove implementation dependent checks. (authored by • gniibe).
tests: t-mpi-point: Remove implementation dependent checks.
• werner updated subscribers of T4620: no support for multiple (yubikey) smartcards plugged in at the same time.
The card frame works received a lot of changes in master but we won't backport it to 2.2. Sorry.
• aheinecke committed rWdc4b50559737: web: Remove legal parts of signature in announcements (authored by • aheinecke).
web: Remove legal parts of signature in announcements
• aheinecke committed rW0e41f379989e: web: Remove note about problem with 3.1.10 annoucement (authored by • aheinecke).
web: Remove note about problem with 3.1.10 annoucement
drafts,openpgp-webkey-service: Typo fix
dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.
@gniibe, the documentation (at least on the stable branch) says that --fast-import is just a synonym for --import. is that incorrect?
Jul 14 2019
Jul 14 2019
Maybe GnuPG could display a prompt if it detects a pubring.gpg and no pubring.kbx. Something like:
• aheinecke committed rWf88df14e2363: Add pages for the Gpg4win-3.1.10 announcement (authored by • aheinecke).
Add pages for the Gpg4win-3.1.10 announcement
swdb: Gpg4win-3.1.10
web: Update for Gpg4win-3.1.10
• aheinecke added a comment to T4622: GpgOL: Possible plain text leak when opening mails in new windows.
I also tested it with Outlook 2010 and there this did not happen. So it's probably save to assume that this was a behavioral change in some more recent Outlook Version.
Bump version to 3.1.10
Update NEWS and READMEs
Update gnupg and gpgol
• aheinecke closed T4562: Gpg4win 3.1.9, a subtask of T4560: GpgOL: Only quick print possible for encrypted mails, as Resolved.
• aheinecke closed T4562: Gpg4win 3.1.9, a subtask of T4318: GpgOl: Unable to save an encrypted message to disk [gpg4win 3.1.5], as Resolved.
This was released 2019-06-15
• aheinecke closed T4562: Gpg4win 3.1.9, a subtask of T4569: Version 3.1.8 can not "Encrypt for others", as Resolved.
• aheinecke closed T4318: GpgOl: Unable to save an encrypted message to disk [gpg4win 3.1.5] as Resolved.
Has been released and confirmed to be working.
Fix is in, will be released with 3.1.10
• aheinecke closed T4622: GpgOL: Possible plain text leak when opening mails in new windows as Resolved.
Fix is in. Will be released with 3.1.10
swdb: gpgol-2.4.2
Auto update po files
Post release version bump
Update NEWS for todays release
• aheinecke committed rO93a90dd286f4: Add safeguard against plaintext leaks after close (authored by • aheinecke).
Add safeguard against plaintext leaks after close
• aheinecke committed rO4c3e5b54f610: Ensure passNextWrite is reset after passing it (authored by • aheinecke).
Ensure passNextWrite is reset after passing it
• aheinecke committed rOd5e60def7c12: Fix mail display when plaintext opt changes in run (authored by • aheinecke).
Fix mail display when plaintext opt changes in run
• aheinecke committed rOb194f1af15b9: Print sigsum if in debug when invalid (authored by • aheinecke).
Print sigsum if in debug when invalid
• aheinecke added a comment to T4483: GpgOL: Autosecure toggling too agressive for S/MIME users without key.
This is resolved
It turned out to be a downstream issue and the change in message class was enough from our side.