Frankly, I am pretty sure that the new base64 encoding of the fingerprint leads to less diligent comparison of the fingerprint by the user. I don't understand why they did not used a truncated hex output or zBase32 .
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
May 12 2021
May 11 2021
May 7 2021
Ah, great. Thanks!
May 6 2021
May 3 2021
Thank you for taking time to look into that. There are couple of issues in the CAcert bug tracker talking about the same issue but if, (I see right), the certs still miss the usage flags:
RFC-5280 states in 4.2.1.3 for Key Usage:
Any chance looking into this @werner?
Apr 27 2021
The curve is not defined to be used for ECDH (encryption); in fact it should in general only be used with the EdDSA
algorithm. You need to use "Key-Type: eddsa". Note that the EdDSA signing algorithm is different than the commonly used ECDSA signing algorithm.
Thanks for the quick response Werner. I knew I could use it with quick-gen-key and I’ve updated my config file to have it as default.
But, just for my understanding, is there a reason ed25519 cannot be used with full-gen-key and gen-key in batch mode?
You can't use ecdh with ed25519.
Apr 26 2021
Update:
It looks like OpenSSH version 8 now supports ssh-agent's handling REQUEST_IDENTITIES.
Apr 20 2021
it's in 2.3.
Apr 16 2021
This has been fixed in version 2.2.16.
Apr 15 2021
gpg4win 3.1 has no full Unicode support. You may try to install the new GnuPG 2.3 version on top of gpg4win to fix this problem or wait until we have releases gpg4win 4 which will come with GnuPG 2.3.
Apr 13 2021
Done in 2.3.0.
Done in 2.3.0.
Done in 2.3.
Apr 12 2021
This was changed in kleopatra some time ago to also generate keys with 2y expiry. So the motivation for this issue is gone.
Apr 6 2021
Note that rndjent.c is already build with -O0 as can be seen in example above. That warning could be silenced by surrounding pragma with #ifdef __OPTIMIZE__ (with should be supported by GCC and Clang).
Apr 1 2021
Mar 30 2021
Do what ever you want with _gcry prefixed functions - this is never considered an API or ABI break. There are some exceptions for internal functions used by macros but those are clearly marked.
These functions are internal to library and, for example, on linux/windows builds are not externally available.
Mar 29 2021
This patch should work if configure properly detects need for extra underscore on C symbols:
This patch should work if configure properly detects need for extra underscore on C symbols:
Here's the patch I am using for the Apple M1: libgcrypt-darwin.patch. The patch is public domain so anyone is free to use it.
This is kind of a hack, but this patch:
Mar 28 2021
yep, Should be fixed in libgpg-error/src/w32-gettext.c unless we want a way to retrieve the meat data. We can also and faster fix this in gnupg proper.
Mar 25 2021
Example from gpg.c:
ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")), [...] ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
The quiet option has a human readable description, but the no-greeting option does not have one. Consequently, gpgconf --list-options gpg gives the following result:
[...] quiet:0:0:be somewhat more quiet:0:0:::: no-greeting:0:3::0:0::::1 [...]
For comparison, on an English Linux system the options also look wrong, i.e. all options that are problematic in the German translation are "raw" option names enclosed in double quotes. It seems that the untranslated description of the options is already missing.
Btw this only occurs for some options:
Mar 16 2021
Things are working out nicely and thus I am convinced that we will miss that whooshing sound the deadline would make as it fly by.
Mar 8 2021
We have used this task for more than the usual release info, thus the new title. We will use
T5343 for the 2.3.0 release info.
Feb 18 2021
I'm sorry, if my wording sounded harsh.
Feb 17 2021
In T1756#143328, @gniibe wrote:In T1756#131862, @whites11 wrote:I understand this is kind of an edge case, but having the possibility to use signed ssh keys would be very useful to me.
??? Do you understand how ssh keys are handled by ssh client and ssh-agent?
In T1756#131862, @whites11 wrote:I understand this is kind of an edge case, but having the possibility to use signed ssh keys would be very useful to me.
Feb 13 2021
Could you tell what is the status of this ticket? Is it planned for the development?
For some users usage is problematic when there are other readers recognized, provided by the OS or hardware platform, and ordered before the target device which in turn blocks access to it.
Feb 11 2021
Feb 10 2021
The now used /var/run thingy solves all these problems nicely. In fact we may eventually remove the use fallback of using sockets in the GNUPGHOMEDIR.
We have the --unwrap option which already does this. The problem here is that an addition compression layer is not removed. Therefore I will rename this report to add a feature strip things down to a signature or literal data packet..
Due to better working timeouts we have mostly soolved these problems,. Further keyservers are not anymore of great use these days.
The other patches don't make sense because of future plans for dirmngr.
Feb 4 2021
I have to leave this as open as this describes a clear issue users expirience in our software. I assign it to me to keep an eye on the issue. Werner and me discussed this issue at length verbally and there won't be a quick fix for the stable branch but we will address this some time in the future, but then not only for 8bit but for full unicode.
Feb 3 2021
I mentioned it several times: It is not sufficient to use some wmain as long as we don't rework the entire spawn machinery in gnupg. libassuan and gpgme. Reading Unicode from the command line would be easy the other things are the real work.
And in fact it was never possible to use 8bit filenames on the command line. The result was not stable and led to non-compatible messages due to the use of native character set instead of proper utf-8. It depended on just too much things.
gpgme-tool or gpgme-json might be useful workaround.
You can use --multifile for this. This reads the filenames from a descriptor or a file. One on the reasons to implement Unicode handling at most places was a request to allow using --multifile as a workaound for the command line limitation..
Jan 29 2021
Jan 28 2021
The last server of the HKPS pool dropped off for several hours yesterday, during which hkps.pool.sks-keyservers.net could not be resolved.
Jan 26 2021
Sorry, we won't apply such changes. A couple of years we did this and all we earned were a few extra bugs aqnd useless diffs. Further many of those changes are in files which will be updated from upstream time to time and your chnages would be lost.
OK, I only edited documents and notes, no code changes.
Thanks. However, we need to go over the list one by one to decide this. For example
"http://gnupg.org/.well-known/openpgpkey/hu/12345678" is actually expected to return a 404 and test code may very well use http: