I agree with everything in the previous comment. Just hoping for simple, robust UI like gpg 1.x that works over an SSH connection (no GUI) for ordinary file decryption on the command line.

@dkg I use gnupg 1.x for a very, very long time. I like the way it works. And most, I like that the terminal is not hidden from me when I type a password and that the characters in password does not appear on terminal as "*". Sometime the text in terminal is important to me. pinentry-tty have more or less the same behavior as gnupg 1.x. With pinentry-curses the terminal is hidden and there are '*' for each character in password that I type. Also, there is not GUI on my servers so no pinentry-(qt|gtk|anything else).

Very few OpenPGP data signatures have an expiration time either, fwiw. I have never actually seen one in the wild, and no one that i know uses --ask-sig-expire or --default-sig-expire (it shows up in the cupt test suite and the apt test suite, but doesn't appear to be actually used by anything).

CMS signatures do not have a expiration time. Further the meaning of the expiration time of one of the certificates also depends on the validation model (shell or chain); thus a one-to-one relationship between these times is not possible.

We will run into all kind of problems after 2038 on 32 bit boxes. 2106 is nothing to care about.

pinentry-tty is pretty fragile, and designed to be handled in a particular way. I strongly recommend a different workflow if you're using gpg secret key operations in a regular process. either:

@maiden_taiwan Thank you. Nice trick. Works fine for for one file and covers almost all of my issues.
Still, for example, when used together with rpmsign and I have to sign multiple rpms files, is inconvenient to type ctrl-D for each rpm file (for whatever reason I want to stop the signing process) . ctrl-c just stop the process.
This worked fine with gpg 1.x. Not so much with gpg2.

Thank you.

I uploaded the certificate files. For a test please do the following:

@gv: I am another user (not the developer), but here is a workaround I found. Type ctrl-D instead of ctrl-C to terminate pinentry-tty.

I'm sorry, this issue is far from fixed.

This is a support question. Please use one of the public support channels as listed at gnupg.org or ask for a quote at a commercial service (https://gnupg.org/service.html).

I am currently investigating the issue known as CVE-2019-14855 for Debian's LTS version Debian 8 "Jessie" and even Debian 7 "Wheezy".

Regression due to a faulty backport. Fixed in repo; patch is F1052802
Thanks for reporting.

There is a regression in decryption with hidden recipients; see T4762.
Patch available

Okay, I can replicate that on gnupg 2.2; it works correct on master.

I am not sure what you want you are going. I see is a verify command using an unknown file or number of files without knowing its content (using globbing (*-SOMETHING) is not a good idea). Some signature is verified okay but it is not known whether the key is trustworthy. You export a ke and then you do a verify on the key - this can't work because a key-file is not a signature.

Sorry, a fix didn't made it into 2.2.18.

This is actually unused code and it will never be called with ERR == 0. Will fix it in master anway.

No bug.

The LDAP code is actually in very bad shape because @neal added it without utilizing the ldap wrapper and thus a timeout won't work reliable.

See T4760.

[ Please do not post each compiler warning as a single report. That is just just too much overhead and we do see such messages ourselves if you would provide a bit more information. ]

Unusable v6 interfaces are now detected on Windows and then not used.