git checkout gnupg-2.5.14, reverted the commits 46f4cb66125ee34e87e592cc02d38daead3427af and 0cc7759ed5a3890b4e28563a6b5e97f3aa551530, recompiled, and the error message gpg: keydb_search_first failed: SQL error no longer appeared. Also, in /root/.gnupg/public-keys.d/, the two files pubring.db.lock and .#lk0x0000... are present.

Sun, Nov 23, 9:26 AM · workaround, gnupg, Bug Report

Fri, Nov 21

timegrid added a comment to T7885: Kleopatra: Unsupported backup of secret kyber key should be handled more gracefully.

Note: Backup/Restore secret kyber keys looks good to me on gpg4win-5.0.0-beta413 @ win11 now.

Fri, Nov 21, 2:32 PM · gnupg, gpd5x, kleopatra

• gniibe added a comment to T7720: w32: Synchronous spawning gpg-agent/dirmngr/keyboxd.

Let me explain about the change rG57affc4e98ab.

Fri, Nov 21, 6:44 AM · gnupg, Feature Request, Bug Report

William added a comment to T7941: gpg: keydb_search_first failed: SQL error.

Additionally, in the /root/.gnupg/public-keys.d/ directory, the two files .#lk0x00007fdcb40043b0.b02bef684bbe.5108 and pubring.db.lock are missing.

Fri, Nov 21, 5:16 AM · workaround, gnupg, Bug Report

Thu, Nov 20

William added a comment to T7941: gpg: keydb_search_first failed: SQL error.

gpg was compiled with the latest version of SQLite3 at the time as its own private library, without linking against the system's libsqlite3.so.
The sqlite3 CLI is the version that comes pre-installed with Ubuntu 22.04.5.

Thu, Nov 20, 12:29 PM · workaround, gnupg, Bug Report

• werner added a comment to T7941: gpg: keydb_search_first failed: SQL error.

Can you please schek which Sqlite version you have installed? I have not seen this on my system.

Thu, Nov 20, 11:25 AM · workaround, gnupg, Bug Report

William added a comment to T7941: gpg: keydb_search_first failed: SQL error.

keyboxd (GnuPG) 2.5.13

listening on socket '/root/.gnupg/S.keyboxd'
keyboxd (GnuPG) 2.5.13 started
handler 0x7f2eba314640 for fd 9 started
connection from process 4361 (0:0)
(SQL: PRAGMA foreign_keys = ON)
(SQL: CREATE TABLE IF NOT EXISTS config (name  TEXT NOT NULL UNIQUE,value TEXT NOT NULL ))
database version: 1
database created: 2025-11-20 06:11:12
(SQL: CREATE TABLE IF NOT EXISTS pubkey (ubid     BLOB NOT NULL PRIMARY KEY,type  INTEGER NOT NULL,ephemeral INTEGER NOT NULL DEFAULT 0,revoked INTEGER NOT NULL DEFAULT 0,keyblob BLOB NOT NULL))
(SQL: CREATE TABLE IF NOT EXISTS fingerprint (fpr  BLOB NOT NULL PRIMARY KEY,kid  BLOB NOT NULL,keygrip BLOB NOT NULL,subkey INTEGER NOT NULL,ubid BLOB NOT NULL REFERENCES pubkey))
(SQL: CREATE INDEX IF NOT EXISTS fingerprintidx0 on fingerprint (ubid))
(SQL: CREATE INDEX IF NOT EXISTS fingerprintidx1 on fingerprint (fpr))
(SQL: CREATE INDEX IF NOT EXISTS fingerprintidx2 on fingerprint (keygrip))
(SQL: CREATE TABLE IF NOT EXISTS userid (uid  TEXT NOT NULL,addrspec TEXT,type  INTEGER NOT NULL,uidno INTEGER NOT NULL,ubid BLOB NOT NULL REFERENCES pubkey))
(SQL: CREATE INDEX IF NOT EXISTS userididx0 on userid (ubid))
(SQL: CREATE INDEX IF NOT EXISTS userididx1 on userid (uid))
(SQL: CREATE INDEX IF NOT EXISTS userididx3 on userid (addrspec))
(SQL: CREATE TABLE IF NOT EXISTS issuer (sn TEXT NOT NULL,dn TEXT NOT NULL,ubid BLOB NOT NULL REFERENCES pubkey))
(SQL: CREATE INDEX IF NOT EXISTS issueridx1 on issuer (dn))
database '/root/.gnupg/public-keys.d/pubring.db' created
(SQL: SELECT ubid, type, ephemeral, revoked, keyblob FROM pubkey as p WHERE p.type = 1 ORDER by ubid)
(SQL: SELECT ubid, type, ephemeral, revoked, keyblob FROM pubkey as p WHERE p.type = 1 ORDER by ubid)
command 'NEXT' failed: Not found
handler 0x7f2eba314640 for fd 9 terminated

Thu, Nov 20, 9:38 AM · workaround, gnupg, Bug Report

• werner triaged T7941: gpg: keydb_search_first failed: SQL error as Low priority.

Interesting. What SQlite version are you using? To see the exact reason and you have a copy of the old pubring.db, please add

Thu, Nov 20, 8:58 AM · workaround, gnupg, Bug Report

• gniibe changed the status of T7720: w32: Synchronous spawning gpg-agent/dirmngr/keyboxd from Open to Testing.

Applied the change to master: rG57affc4e98ab: common,agent,dirmngr,kbx:w32: Synchronous spawning daemon process.

Thu, Nov 20, 7:07 AM · gnupg, Feature Request, Bug Report

• gniibe changed the status of T7629: gcc 15 warns about -Wunterminated-string-initialization in gnupg from Open to Testing.

I applied a change with GPGRT_ATTR_NONSTRING to master, since 2.6 branch now requires newere gpgrt.
Fix is rGcad79e542d85: agent,common,dirmngr,tests: Silence warnings of a compiler.

Thu, Nov 20, 7:04 AM · gnupg, Bug Report

Wed, Nov 19

• werner changed the status of T7904: GnuPG may downgrade digest algorithm to SHA1 from Open to Testing.

Wed, Nov 19, 5:53 PM · gnupg, Bug Report

• werner updated the task description for T7906: Memory Corruption in ASCII-Armor Parsing.

Wed, Nov 19, 5:49 PM · gnupg, Bug Report

• werner moved T7315: Allow export and import of PQC secret keys. from WIP to QA on the gnupg26 board.

Wed, Nov 19, 5:47 PM · gnupg26, OpenPGP, PQC, gnupg

• werner moved T7893: GnuPG: Decryption fails if the pinentry dialog for the first tried recipient is canceled from Backlog to QA on the gnupg26 board.

Wed, Nov 19, 5:46 PM · gnupg26, gnupg

• werner added a project to T7893: GnuPG: Decryption fails if the pinentry dialog for the first tried recipient is canceled: gnupg26.

Wed, Nov 19, 5:45 PM · gnupg26, gnupg

• werner moved T7892: keyboxd: a new subkey is sometimes not stored in the fingerprint table. from WIP to QA on the gnupg26 board.

Wed, Nov 19, 5:44 PM · gnupg26, Bug Report, keyboxd, gnupg

• werner changed the status of T7908: GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field from Open to Testing.

Wed, Nov 19, 5:43 PM · gnupg, Bug Report

• werner updated the task description for T7869: Release GnuPG 2.5.14.

Wed, Nov 19, 5:40 PM · gnupg, Release Info

• werner updated the task description for T7940: Release GnuPG 2.5.15.

Wed, Nov 19, 5:39 PM · gnupg, Release Info

• werner changed the status of T7906: Memory Corruption in ASCII-Armor Parsing from Open to Testing.

Wed, Nov 19, 5:38 PM · gnupg, Bug Report

• werner shifted T7906: Memory Corruption in ASCII-Armor Parsing from the Restricted Space space to the S1 Public space.

Wed, Nov 19, 5:38 PM · gnupg, Bug Report

• werner updated the task description for T7940: Release GnuPG 2.5.15.

Wed, Nov 19, 5:37 PM · gnupg, Release Info

• werner triaged T7940: Release GnuPG 2.5.15 as Normal priority.

Wed, Nov 19, 5:27 PM · gnupg, Release Info

• werner added a comment to T7908: GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field.

The problem is that a user may unintentionally use the suggested filename without checking that it does not harm to write to this file. It is better not to present a default name at all.

Wed, Nov 19, 4:08 PM · gnupg, Bug Report

Tue, Nov 18

• werner changed the status of T7892: keyboxd: a new subkey is sometimes not stored in the fingerprint table. from Open to Testing.

Tue, Nov 18, 5:29 PM · gnupg26, Bug Report, keyboxd, gnupg

Mon, Nov 17

• ebo added a project to T7892: keyboxd: a new subkey is sometimes not stored in the fingerprint table.: gnupg26.

Mon, Nov 17, 12:09 PM · gnupg26, Bug Report, keyboxd, gnupg

• ikloecker abandoned D616: gpgsm: Fix output of card serial numbers in colon listing.

The revision was actually applied (rG0947a20c28cf: gpgsm: Fix output of card serial number in colon listing.), but Phabricator doesn't allow me to set it as applied because not all reviewers have approved it.

Mon, Nov 17, 9:08 AM · gnupg

Sun, Nov 16

• werner changed the status of T7914: Card s/n number missing in gpgsm from Open to Testing.

Fix applied. Thanks.

Sun, Nov 16, 7:10 PM · gnupg22, scd, S/MIME, Feature Request, gnupg26

• werner renamed T7290: Handle creation date in private key files for re-use of an existing key. from Handle creation date in private key files for re-use of an existing. to Handle creation date in private key files for re-use of an existing key..

Sun, Nov 16, 6:57 PM · gnupg26, OpenPGP, gnupg

• werner added a comment to T7290: Handle creation date in private key files for re-use of an existing key..

This is not a composite key specific thing despite that this is an extra challenge. The creation date is used to reconstruct a key if the public key has been lost and only the fingerprint is still available. A solution might be to test the all combinations of stored creation dates to match the fingerprint.

Sun, Nov 16, 6:57 PM · gnupg26, OpenPGP, gnupg

• werner renamed T7290: Handle creation date in private key files for re-use of an existing key. from Kyber+ECC with smartcards to Handle creation date in private key files for re-use of an existing..

Sun, Nov 16, 6:54 PM · gnupg26, OpenPGP, gnupg

• werner changed the status of T7315: Allow export and import of PQC secret keys. from Open to Testing.

Sun, Nov 16, 6:50 PM · gnupg26, OpenPGP, PQC, gnupg

• werner changed the status of T7315: Allow export and import of PQC secret keys., a subtask of T6815: PQC encryption for GnuPG, from Open to Testing.

Sun, Nov 16, 6:50 PM · gnupg26, OpenPGP, PQC, gnupg

Sat, Nov 15

• werner closed T7896: Escape binary data in NOTATION* for status-fd as Resolved.

Sat, Nov 15, 4:50 PM · gnupg, OpenPGP, Feature Request

mgorny added a comment to T7896: Escape binary data in NOTATION* for status-fd.

I can confirm that the patch fixes the issue. Thanks!

Sat, Nov 15, 9:16 AM · gnupg, OpenPGP, Feature Request

Fri, Nov 14

• werner moved T7315: Allow export and import of PQC secret keys. from Backlog to WIP on the gnupg26 board.

Fri, Nov 14, 4:01 PM · gnupg26, OpenPGP, PQC, gnupg

• werner renamed T7315: Allow export and import of PQC secret keys. from Allow exporting of PQC keys. to Allow export and import of PQC secret keys..

Fri, Nov 14, 3:56 PM · gnupg26, OpenPGP, PQC, gnupg

• werner triaged T7932: Support gpg --passwd for Kyber as Normal priority.

Fri, Nov 14, 3:45 PM · OpenPGP, PQC, gnupg

• werner triaged T7914: Card s/n number missing in gpgsm as Normal priority.

Fri, Nov 14, 12:42 PM · gnupg22, scd, S/MIME, Feature Request, gnupg26

• werner renamed T7914: Card s/n number missing in gpgsm from Kleopatra: wrong info given for S/MIME secret key location on card to Card s/n number missing in gpgsm.

Fri, Nov 14, 12:40 PM · gnupg22, scd, S/MIME, Feature Request, gnupg26

• werner added projects to T7914: Card s/n number missing in gpgsm: gnupg26, Feature Request.

Fri, Nov 14, 12:38 PM · gnupg22, scd, S/MIME, Feature Request, gnupg26

Thu, Nov 13

• werner closed T7885: Kleopatra: Unsupported backup of secret kyber key should be handled more gracefully as Invalid.

Thu, Nov 13, 12:26 PM · gnupg, gpd5x, kleopatra

• werner added a comment to T7885: Kleopatra: Unsupported backup of secret kyber key should be handled more gracefully.

I am currently working on backup/restore of Kyber keys. The error message will go away.

Thu, Nov 13, 12:26 PM · gnupg, gpd5x, kleopatra

Mon, Nov 10

• ikloecker retitled D616: gpgsm: Fix output of card serial numbers in colon listing from Fix output of card serial numbers in colon listing to gpgsm: Fix output of card serial numbers in colon listing.

Mon, Nov 10, 8:39 AM · gnupg

Nov 6 2025

• ikloecker edited projects for T7914: Card s/n number missing in gpgsm, added: gnupg; removed kleopatra.

This is caused by a bug in gpgsm. The card serial numbers are missing in the with-colon key listing.

Nov 6 2025, 3:09 PM · gnupg22, scd, S/MIME, Feature Request, gnupg26

• ikloecker requested review of D616: gpgsm: Fix output of card serial numbers in colon listing.

Nov 6 2025, 3:06 PM · gnupg

• ebo edited projects for T6859: S/MIME keys are not deleted, added: gpd5x; removed Restricted Project.

Nov 6 2025, 11:51 AM · gpd5x, S/MIME, kleopatra, gnupg

• werner changed the status of T7896: Escape binary data in NOTATION* for status-fd from Open to Testing.

Nov 6 2025, 9:06 AM · gnupg, OpenPGP, Feature Request

• ikloecker added a revision to T7885: Kleopatra: Unsupported backup of secret kyber key should be handled more gracefully: D615: gpg: Emit status error for unsupported export of secret dual key.

Nov 6 2025, 8:11 AM · gnupg, gpd5x, kleopatra

• gniibe changed the status of T7893: GnuPG: Decryption fails if the pinentry dialog for the first tried recipient is canceled from Open to Testing.

That's my mistake with KEM API.

Nov 6 2025, 6:14 AM · gnupg26, gnupg

• gniibe closed T7194: gnupg_ -> gpgrt_ : Pipe API as Resolved.

Nov 6 2025, 1:55 AM · gpgrt, gnupg

Nov 5 2025

• werner added a comment to T7896: Escape binary data in NOTATION* for status-fd.

Alright, I change it from for notation data (and name).

[GNUPG:] NOTATION_NAME foo@foo.org
[GNUPG:] NOTATION_FLAGS 0 1
[GNUPG:] NOTATION_DATA bla%20bla%20��%20blub

with change:

[GNUPG:] NOTATION_NAME foo@foo.org
[GNUPG:] NOTATION_FLAGS 0 1
[GNUPG:] NOTATION_DATA bla%20bla%20%81%82%20blub

Nov 5 2025, 4:49 PM · gnupg, OpenPGP, Feature Request

• werner added a comment to T7896: Escape binary data in NOTATION* for status-fd.

Since rfc2440 the PGP specs say:

Nov 5 2025, 3:55 PM · gnupg, OpenPGP, Feature Request

Nov 4 2025

• werner triaged T7904: GnuPG may downgrade digest algorithm to SHA1 as High priority.

Nov 4 2025, 1:26 PM · gnupg, Bug Report

• gniibe added a comment to T7908: GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field.

Added a compatibility flag in: rGad0c6c33c3d6: gpg: Do not use a default when asking for another output filename.

Nov 4 2025, 7:08 AM · gnupg, Bug Report

• gniibe created T7908: GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field.

Nov 4 2025, 7:07 AM · gnupg, Bug Report

• gniibe added a comment to T7906: Memory Corruption in ASCII-Armor Parsing.

Fixed in rG115d138ba599: gpg: Fix possible memory corruption in the armor parser.

Nov 4 2025, 6:57 AM · gnupg, Bug Report

• gniibe created T7906: Memory Corruption in ASCII-Armor Parsing.

Nov 4 2025, 6:56 AM · gnupg, Bug Report

• gniibe added a comment to T7904: GnuPG may downgrade digest algorithm to SHA1.

Fixed in rGdb9705ef594d: gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures.

Nov 4 2025, 6:46 AM · gnupg, Bug Report

• gniibe created T7904: GnuPG may downgrade digest algorithm to SHA1.

Nov 4 2025, 6:45 AM · gnupg, Bug Report

Nov 3 2025

mgorny added a comment to T7896: Escape binary data in NOTATION* for status-fd.

That's a good question. Looking at https://datatracker.ietf.org/doc/draft-koch-librepgp/, it doesn't really specify what encoding is used for "human-readable" notation, so I'd personally lean towards encoding it to stay on the safe side. Unless I'm mistaken, status-fd will only be used locally, so escaping overhead should not be a problem.

Nov 3 2025, 5:43 PM · gnupg, OpenPGP, Feature Request

• werner triaged T7881: Public key URL cannot be cleared on ZeitControl OpenPGP v3.4 card as Normal priority.

Nov 3 2025, 5:08 PM · gpd5x, kleopatra

• werner edited projects for T7896: Escape binary data in NOTATION* for status-fd, added: Feature Request, OpenPGP, gnupg; removed Bug Report.

The question is who shall correct the wrong encoding of notation data (assuming it is flagged as human readable). Escaping is a solution but needs a lot of extra bytes.

Nov 3 2025, 9:58 AM · gnupg, OpenPGP, Feature Request

• werner renamed T7892: keyboxd: a new subkey is sometimes not stored in the fingerprint table. from keyboxd: subkey issue connected to ADSK to keyboxd: a new subkey is sometimes not stored in the fingerprint table..

Nov 3 2025, 9:54 AM · gnupg26, Bug Report, keyboxd, gnupg

• werner triaged T7892: keyboxd: a new subkey is sometimes not stored in the fingerprint table. as High priority.

It is not an ADSK issue. The problem is that the new subkey has not been entered into the fingerprint table and can thus not be found.

Nov 3 2025, 9:52 AM · gnupg26, Bug Report, keyboxd, gnupg

• ikloecker added a comment to T7881: Public key URL cannot be cleared on ZeitControl OpenPGP v3.4 card.

That's what gpg-card url --clear does

if (!strcmp (argstr, "--clear"))
  url = xstrdup (" "); /* No real way to clear; set to space instead. */

Nov 3 2025, 9:24 AM · gpd5x, kleopatra

• gniibe closed T7138: Windows (Semi-hosted environment): filename and network access as Resolved.

Fixed in 2.5.13.

Nov 3 2025, 3:41 AM · gnupg, Bug Report

Nov 2 2025

thesamesam added a project to T6500: Keyserver access via http-proxy isn't attempted when using standard-resolver: Gentoo.

Nov 2 2025, 5:29 AM · Gentoo, gnupg, dns, Bug Report

Oct 30 2025

• ikloecker claimed T7881: Public key URL cannot be cleared on ZeitControl OpenPGP v3.4 card.

So we need to find out what gpg-card url --clear does to avoid the card error for the ZeitControl cards.

Oct 30 2025, 8:40 PM · gpd5x, kleopatra

timegrid added a comment to T7893: GnuPG: Decryption fails if the pinentry dialog for the first tried recipient is canceled.

In gpg4win-4.4.1 it works too.

Oct 30 2025, 3:03 PM · gnupg26, gnupg

timegrid added a comment to T7893: GnuPG: Decryption fails if the pinentry dialog for the first tried recipient is canceled.

Note: In the current vsd beta (29) it works (pinentry for the next key is opened):

Oct 30 2025, 2:58 PM · gnupg26, gnupg

• ikloecker added a project to T7885: Kleopatra: Unsupported backup of secret kyber key should be handled more gracefully: gnupg.

@werner Proposed patch for gpg:

diff --git a/g10/export.c b/g10/export.c
index 5dcb9c665..908a6b6a0 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -1961,7 +1961,9 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
           if (strchr (hexgrip, ','))
             {
               log_error ("exporting a secret dual key is not yet supported\n");
-              return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+              err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+              write_status_error ("export_keys.secret", err);
+              return err;
             }

Oct 30 2025, 11:28 AM · gnupg, gpd5x, kleopatra

timegrid added a comment to T7881: Public key URL cannot be cleared on ZeitControl OpenPGP v3.4 card.

Note: It works with gpg-card url --clear.

Oct 30 2025, 10:22 AM · gpd5x, kleopatra

• ikloecker renamed T7881: Public key URL cannot be cleared on ZeitControl OpenPGP v3.4 card from Kleopatra: Card URL cannot be cleared to Public key URL cannot be cleared on ZeitControl OpenPGP v3.4 card.

Oct 30 2025, 10:06 AM · gpd5x, kleopatra

• ikloecker edited projects for T7881: Public key URL cannot be cleared on ZeitControl OpenPGP v3.4 card, added: gnupg, scd; removed gpd5x, kleopatra.

I could reproduce this with a ZeitControl OpenPGP v3.4 card, but (as Tobias) not with an (old) Yubikey. Looks like a bug in the card firmware.

Oct 30 2025, 10:02 AM · gpd5x, kleopatra

• ebo renamed T7893: GnuPG: Decryption fails if the pinentry dialog for the first tried recipient is canceled from GnuPG: Decryption failes if the pinentry dialog for the first tried recipient is canceled to GnuPG: Decryption fails if the pinentry dialog for the first tried recipient is canceled.

Oct 30 2025, 9:40 AM · gnupg26, gnupg