In T5444#146395, @werner wrote:You should anyway use --quick-gen-key.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Thu, May 8
Thu, May 8
• werner moved T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1 from WiP to QA on the gnupg24 board.
Apr 17 2025
Apr 17 2025
• werner added a comment to T5444: "gpg: key generation failed: Unknown elliptic curve" from "Key-Type: default".
ametzler1 added a comment to T5444: "gpg: key generation failed: Unknown elliptic curve" from "Key-Type: default".
This is still broken on 2.5.5.
Apr 9 2025
Apr 9 2025
• werner changed the status of T7547: signatures from revoked or expired keys show up as missing keys from Open to Testing.
Apr 7 2025
Apr 7 2025
• ebo moved T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1 from Backlog to WiP on the gnupg24 board.
• werner edited projects for T4021: dirmngr: dirmngr/dns.c issue with 127.0.0.1, added: gnupg24; removed gnupg.
Mar 14 2025
Mar 14 2025
• werner moved T7457: gpg --full-gen-key doesn't show list of keys on card (regression) from Backlog to QA on the gnupg24 board.
Done
• ikloecker reopened T7457: gpg --full-gen-key doesn't show list of keys on card (regression) as "Open".
Re-opening because I think rGaa36f6ae8bae needs to be backported to GnuPG 2.4 (see T7568). The fix for T7309 which introduced the regression has been backported to GnuPG 2.4.
I've offered https://github.com/bestpractical/gnupg-interface/pull/16 to GnuPG::Interface, and am testing it out in debian unstable.
Mar 13 2025
Mar 13 2025
I'll work on making a patch to offer a flexible test suite.
Alternately, i suppose we could ask GnuPG::Interface to drop the variant parts of that test entirely. @werner, If you have a preference for what they test, it would be good to know. I suspect your opinion would carry weight with the maintainer there.
Well, we also have the gpgme test suite which tests a couple of other things and for obvious reasons we need to keep this stable. Granted, sometimes we had to change the gpgme test suite as well. My personal preference would be your second choice.
Thanks for the fix for the double-free on --no-sig-cache, that appears to be an issue on all released gpg versions, as i can crash them directly when i --no-sig-cache.
Mar 12 2025
Mar 12 2025
Interestingly, from this i'm learning that the patch actually *normalizes* the output so that we see the same thing regardless of ordering. the different output based on certificate order happens only in the unpatched version.
Please test without the --import keys.pgp -- just import filtered.pgp or filtered2.pgp.
I can't replicate your findings here . In a test directory w/o a gpg.conf:
Uihhh
with --no-sig-cache --check-sigs i get the following error with the patch applied:
Did you also tried with --no-sig-cache ? That could help to get a better insight into the reason for that difference.
Mar 11 2025
Mar 11 2025
OK, now i really don't know what the issue is on the 2.4 branch. trying to replicate it with and without this patch, the --with-colons output of --check-sigs appears to depend on the order in which the certificates were ingested.
hm, digging a bit further, i think the above changes have to do with third-party signatures using SHA1, *not* with expired certifiers. in 2.4.7, i see a change from % to ! for these certifications. (2.2.x, which i know is EOL) shows the difference between ? and !. I'm trying to make a simpler replicator now.
• werner changed the status of T7547: signatures from revoked or expired keys show up as missing keys from Testing to Open.
With the patch "gpg: Fix regression for the recent malicious subkey DoS fix", there is a change in how gpg --check-sigs reports certifications from expired keys.
Mar 7 2025
Mar 7 2025
it would be great to include a test in the test suite that ensures that the --status output behaves as expected in the face of expired or revoked keys.
Mar 6 2025
Mar 6 2025
• werner moved T7547: signatures from revoked or expired keys show up as missing keys from Backlog to QA on the gnupg24 board.
• werner changed the status of T7547: signatures from revoked or expired keys show up as missing keys from Open to Testing.
• werner lowered the priority of T7547: signatures from revoked or expired keys show up as missing keys from Unbreak Now! to High.
Please use "unbreak now" only for *released* software with a criticial bug.
• ikloecker moved T7547: signatures from revoked or expired keys show up as missing keys from Backlog to WIP on the gnupg26 board.
• ikloecker edited projects for T7547: signatures from revoked or expired keys show up as missing keys, added: gnupg24, gnupg26; removed gnupg.
Feb 5 2025
Feb 5 2025
I think there's some confusion.
• werner changed the status of T7506: GnuPG: Error when adding ECDSA subkey in batch mode with quick-add-key "Wrong key usage" from Open to Testing.
• werner moved T7506: GnuPG: Error when adding ECDSA subkey in batch mode with quick-add-key "Wrong key usage" from Backlog to Done on the gnupg26 board.
• ebo renamed T6986: Refresh/update OpenPGP keys should check WKD from Refresh OpenPGP keys should check WKD to Refresh/update OpenPGP keys should check WKD.
changed the workboard to gpd5x as this is still the case in Gpg4win 5.0-Beta versions.
• ebo edited projects for T6986: Refresh/update OpenPGP keys should check WKD, added: gpd5x; removed Restricted Project.
Feb 3 2025
Feb 3 2025
• werner triaged T7506: GnuPG: Error when adding ECDSA subkey in batch mode with quick-add-key "Wrong key usage" as Normal priority.
Jan 8 2025
Jan 8 2025
• werner moved T2169: Smartcard card-edit generate fails when off-card backup of encryption key is selected from Backlog to done on the gnupg24 board.
• werner moved T2169: Smartcard card-edit generate fails when off-card backup of encryption key is selected from Backlog to Done on the gnupg26 board.
• werner added a comment to T2169: Smartcard card-edit generate fails when off-card backup of encryption key is selected.
Got a simple fix for this which does two things:
- Correctly act upon an error from the backup file writing
- Print a warning note.
m.eik added a comment to T2169: Smartcard card-edit generate fails when off-card backup of encryption key is selected.
In T2169#196673, @werner wrote:Shall we handle this with additional retry prompts, w/o a timeout? I think this makes sense because creating keys with a backup file and a passphrase is a manual task anyway.
• werner edited projects for T2169: Smartcard card-edit generate fails when off-card backup of encryption key is selected, added: gnupg26, gnupg24; removed gnupg.
There is a regression due to the regression fix in rGb30c15bf7c5336c4abb1f9dcd974cd77ba6c61a7 (from Dec 24 2015) or some related commits:
Jan 6 2025
Jan 6 2025
Dec 5 2024
Dec 5 2024
• werner moved T7332: Kleopatra: Initial keylisting sometimes fails or hangs for some seconds from Backlog to QA on the gpd5x board.
Dec 2 2024
Dec 2 2024
• gniibe closed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) as Resolved.
Closed, since this was documentation for the workaround, four years ago.
• werner added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Just a reminder: with Gnuk 1.2.15 and an ed25519 key PubkeyAuthentication unbound is required for hosts using the new feature.
Nov 29 2024
Nov 29 2024
• gniibe closed T7160: scd: pipe server shutdown, a subtask of T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close, as Resolved.
• gniibe closed T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close as Resolved.
Fixed in 2.4.6.
Nov 25 2024
Nov 25 2024
• werner changed the status of T7426: Retain binary representation of key for import->export (in particular, Ed25519 signature), a subtask of T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form , from Open to Testing.
For this ticket, I reviewed the code around my SOS changes.
Because I'd like to focus the point of retaining binary representation when doing import->export,
I created another thicket: T7426
Nov 20 2024
Nov 20 2024
thanks for the clarification. i was not objecting to the workflow, i was trying to understand so that i can interact with the bug tracker appropriately. I was unaware of the difference between "milestones" and other project tags. I'll try to get that right in the future.
• werner triaged T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form as Low priority.
• werner added projects to T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form : gnupg24, Not A Bug.
Please do not add milestone tags.
Nov 14 2024
Nov 14 2024
I put "scd" tag and let me claim this ticket.
Nov 12 2024
Nov 12 2024
Nov 8 2024
Nov 8 2024
• ebo added a comment to T7332: Kleopatra: Initial keylisting sometimes fails or hangs for some seconds.
For Beta-75 it looks similar judging from my first tries.
Nov 7 2024
Nov 7 2024
• ebo added a comment to T7332: Kleopatra: Initial keylisting sometimes fails or hangs for some seconds.
I managed to get the same "loading certificate" message several times in a row on this test instance by stopping and starting Kleopatra in a row twice. After removing the Signature Card 2.0 this did not happen again in 5-6 tries, although I collected 2 lingering listing processes again (not both started on the same startup). Even import of a X.509 certificate worked.
• ebo added a comment to T7332: Kleopatra: Initial keylisting sometimes fails or hangs for some seconds.
Next I managed to have one gpg and one gpgsm process each left over from the last execution of Kleopatra.
After starting Kleopatra new anyway, again "loading certificate cache" and an additional pair of gpg and gpgsm listing processes start.
• ebo added a comment to T7332: Kleopatra: Initial keylisting sometimes fails or hangs for some seconds.
Had a occurrence of the never ending "loading certificate cache" issue again.
There was a leftover gpgsm process from the previous tests (although Kleopatra warned when I closed it, that processes still running in the background were there and would be aborted).
Nov 5 2024
Nov 5 2024
• ebo removed a project from T5054: Preservation of modification date upon decryption/extraction.: gnupg (gpg23).
Nov 2 2024
Nov 2 2024
• werner changed the status of T7332: Kleopatra: Initial keylisting sometimes fails or hangs for some seconds from Testing to Open.
Nov 1 2024
Nov 1 2024
• gniibe added a comment to T7332: Kleopatra: Initial keylisting sometimes fails or hangs for some seconds.
@ebo Thank you for your continuous testing.
Oct 31 2024
Oct 31 2024
• ebo added a comment to T7332: Kleopatra: Initial keylisting sometimes fails or hangs for some seconds.
Unfortunately, this seems not to have ended the sporadic hangs.
I just saw a hanging initial keylisting with gpg4win-beta-70 which has gpg 2.4.6
• ebo renamed T6014: Add support for relative redirect URI-references to dirmngr from Failed to search on certificate server. The error returned was: Syntax error in URI. to Add support for relative redirect URI-references to dirmngr.
Oct 29 2024
Oct 29 2024
• werner moved T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close from Backlog to QA on the gnupg24 board.
• werner moved T7298: gpg --quick-set-expire fails for V5 subkeys from Backlog to QA on the gnupg24 board.
• werner changed the status of T7298: gpg --quick-set-expire fails for V5 subkeys from Open to Testing.
Backported to 2.4 to go into 2.4.6
• werner changed the status of T7332: Kleopatra: Initial keylisting sometimes fails or hangs for some seconds from Open to Testing.
• werner added a comment to T7332: Kleopatra: Initial keylisting sometimes fails or hangs for some seconds.
Fix backported to 2.4
Oct 24 2024
Oct 24 2024
• ikloecker reassigned T7332: Kleopatra: Initial keylisting sometimes fails or hangs for some seconds from • ikloecker to • werner.
Passing ticket to werner to consider backports.
Oct 17 2024
Oct 17 2024
• ebo edited projects for T7332: Kleopatra: Initial keylisting sometimes fails or hangs for some seconds, added: gnupg22, gnupg24; removed gnupg.
Oct 9 2024
Oct 9 2024
• ebo edited projects for T5447: Add feature to delete a key from an LDAP server, added: vsd33; removed vsd33 (vsd-3.3.0).
• alexk added a project to T5447: Add feature to delete a key from an LDAP server: vsd33 (vsd-3.3.0).
Oct 4 2024
Oct 4 2024
Tested with VS-Desktop-3.2.94.2-Beta.
Works as expected on the cli.
• werner moved T6882: Make ADSK configurable for new keys from QA to gnupg-2.2.45 on the gnupg22 board.
Oct 2 2024
Oct 2 2024
• ikloecker added a comment to T7313: gpgconf --list-options does not handle multiple trusted-keys..
gpgme should handle lists correctly. In Kleopatra those options are not shown in the configuration dialog because they are GC_LEVEL_INVISIBLE, i.e. Kleopatra can read them programmatically but they are not shown to the user.
Oct 1 2024
Oct 1 2024
In T6882#191854, @werner wrote:While testing this I noticed that only the last adsk or trusted key is listed. Thus several assurances of this options are not properly represented. See T7313
• werner assigned T7313: gpgconf --list-options does not handle multiple trusted-keys. to • ikloecker.
Fixed for master. Let's first test this with kleopatra.
• werner renamed T7313: gpgconf --list-options does not handle multiple trusted-keys. from gpgconf --list-options does now handle multiple trusted-keys. to gpgconf --list-options does not handle multiple trusted-keys..
Done for 2.2. It is already in 2.4.
• werner triaged T7313: gpgconf --list-options does not handle multiple trusted-keys. as Normal priority.
Sep 27 2024
Sep 27 2024
Will do.
It is reproducible bug even with master branch.
Sep 26 2024
Sep 26 2024
werner: Can you also backport listing of "default-new-key-adsk" with gpgconf so that Kleopatra can check whether a default ADSK is set?
Backported to 2.2