Page MenuHome GnuPG
Feed Advanced Search

Today

werner triaged T5537: Use CSIDL_LOCAL_APPDATA for the socketdir as High priority.
Fri, Jul 30, 12:50 PM · Windows, Restricted Project, gnupg (gpg22)

Yesterday

werner triaged T5536: Backport the extended gpg-check-pattern to 2.2 as Normal priority.
Thu, Jul 29, 12:37 PM · gnupg (gpg22)

Sun, Jul 4

werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html on T5498: Release GnuPG 2.2.29.
Sun, Jul 4, 5:45 PM · Release Info, gnupg (gpg22)
werner closed T5487: GnuPG 2.2.28 not working with Yubikey NEO as Resolved.
Sun, Jul 4, 5:30 PM · yubikey, gnupg (gpg22), Bug Report
werner closed T5498: Release GnuPG 2.2.29 as Resolved.
Sun, Jul 4, 5:29 PM · Release Info, gnupg (gpg22)
werner triaged T5519: Release GnuPG 2.2.30 as Low priority.
Sun, Jul 4, 5:23 PM · Release Info, gnupg (gpg22)
werner triaged T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient. as Normal priority.
Sun, Jul 4, 4:19 PM · gnupg (gpg22), Windows, Bug Report

Fri, Jul 2

werner added a comment to T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient..

It is a matter of the used font. 2.2.29 will fix this problem.

Fri, Jul 2, 7:52 AM · gnupg (gpg22), Windows, Bug Report

Thu, Jul 1

Reiner added a comment to T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient..

Same error message in Windows 8.1 x64 with the commands:
gpg --local-user 0x12345678 --sign-key 0xABCDEF12 or: gpg --default-key 0x12345678 --sign-key 0xABCDEF12.

Thu, Jul 1, 7:24 PM · gnupg (gpg22), Windows, Bug Report

Jun 25 2021

werner closed T5069: Concurrent auto-start of gpg-agent by multiple gpg instances. as Resolved.
Jun 25 2021, 11:29 AM · Not A Bug, No Response, Info Needed, gnupg (gpg22), Windows, Bug Report
werner lowered the priority of T4892: gpgsm --gen-key with existing key from "ssh-add" fails from Normal to Low.

Needs to be tested with the current 2.2 version and a gcry_log_debugsxp should be added to the error output.

Jun 25 2021, 11:26 AM · gnupg (gpg22), Bug Report, S/MIME
werner closed T5162: Import problem due to disabled brainpool curves as Wontfix.

This will not be fixed. Brainpool is a standard feature of Libgcrypt and thus this is a bug in the used Libgcrypt installation. Note that although I recently fixed a new regression test for this case, I do not think that it is a good idea to add extra code for a broken Libgcrypt.

Jun 25 2021, 11:21 AM · Bug Report, libgcrypt, gnupg (gpg22)
werner closed T5309: gpg: key generation failed: Corrupted protection as Resolved.
Jun 25 2021, 11:16 AM · Info Needed, gnupg (gpg22), Bug Report
werner closed T5068: LDAP keyserver does not support lookup by fingerprint as Resolved.

This has been solved in 2.2.26 commit rGc75fd75532

Jun 25 2021, 11:15 AM · LDAP, dirmngr, gnupg (gpg22)
werner added a comment to T5322: gpg erroring when the terminal is too small to show the ncurses pinentry dialog.

That might depend on your pinentry version. With a pre-1.1.1 pinentry and 2.2.28 I get this:

Jun 25 2021, 11:12 AM · gnupg (gpg22), gpgagent, pinentry, Bug Report
werner closed T5376: gpg --fetch-keys no longer returns non 0 exit status on failure as Resolved.
Jun 25 2021, 10:55 AM · gnupg (gpg22), Bug Report
werner added a comment to T5376: gpg --fetch-keys no longer returns non 0 exit status on failure.

Will be in 2.2.29.

Jun 25 2021, 10:54 AM · gnupg (gpg22), Bug Report

Jun 22 2021

werner changed the status of T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient. from Open to Testing.

I did some test on Windows 10 using gnupg 2.2 with this patch and things work.

Jun 22 2021, 11:33 AM · gnupg (gpg22), Windows, Bug Report
werner added a comment to T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient..

For testing ion Windows 10 you need to switch to "Legacy Console" and reboot.

Jun 22 2021, 7:59 AM · gnupg (gpg22), Windows, Bug Report
gniibe added a comment to T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient..

I think that a patch like following is needed:

diff --git a/common/ttyio.c b/common/ttyio.c
index c385700de..55468bdf0 100644
--- a/common/ttyio.c
+++ b/common/ttyio.c
@@ -236,7 +236,21 @@ w32_write_console (const char *string)
   n = wcslen (wstring);
Jun 22 2021, 7:24 AM · gnupg (gpg22), Windows, Bug Report
gniibe added a comment to T5482: Release GnuPG 2.2.28.

Regression with no-unicode font on Windows: T5491

Jun 22 2021, 6:10 AM · Release Info, gnupg (gpg22)
gniibe renamed T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient. from GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient. to Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient..
Jun 22 2021, 6:08 AM · gnupg (gpg22), Windows, Bug Report
gniibe added a comment to T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient..

When console font is not a Unicode font, it seems that the WriteConsoleW function may return ERROR_GEN_FAILURE.

Jun 22 2021, 4:58 AM · gnupg (gpg22), Windows, Bug Report
Reiner added a comment to T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient..

Hello Mr. Koch,

Jun 22 2021, 1:45 AM · gnupg (gpg22), Windows, Bug Report

Jun 21 2021

werner added a comment to T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient..

Please run

Jun 21 2021, 5:16 PM · gnupg (gpg22), Windows, Bug Report
werner updated the task description for T5482: Release GnuPG 2.2.28.
Jun 21 2021, 9:37 AM · Release Info, gnupg (gpg22)
werner triaged T5498: Release GnuPG 2.2.29 as Normal priority.
Jun 21 2021, 9:37 AM · Release Info, gnupg (gpg22)
werner added a comment to T5482: Release GnuPG 2.2.28.

Regression for keyserver search by mail address: T5497

Jun 21 2021, 9:35 AM · Release Info, gnupg (gpg22)

Jun 17 2021

Reiner added a comment to T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient..

Hello Mr. Koch,

Jun 17 2021, 11:45 PM · gnupg (gpg22), Windows, Bug Report
werner added projects to T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient.: Windows, gnupg (gpg22).

Are you using Powershell or another non-standard shell? Which windows version are you using? Do you use default-key in gpg.conf? Do you have a smartcard inserted?

Jun 17 2021, 11:28 AM · gnupg (gpg22), Windows, Bug Report

Jun 15 2021

gniibe triaged T5487: GnuPG 2.2.28 not working with Yubikey NEO as High priority.

I set the priority 'High' as Yubikey NEO is the last one with source code available, IIUC.

Jun 15 2021, 1:41 AM · yubikey, gnupg (gpg22), Bug Report
gniibe added a comment to T5487: GnuPG 2.2.28 not working with Yubikey NEO.

@kianga
Thanks for your log.

Jun 15 2021, 1:40 AM · yubikey, gnupg (gpg22), Bug Report

Jun 14 2021

kianga added a comment to T5487: GnuPG 2.2.28 not working with Yubikey NEO.

I was just about to open a similar bug report, but I think this might be related. I’m also having trouble getting my Yubikey NEO to work with the latest update, however my log output looks different (see below) and this is on Windows (10 Pro, 21H1, build 19043.1055).

Jun 14 2021, 8:46 PM · yubikey, gnupg (gpg22), Bug Report
gbschenkel added a comment to T5487: GnuPG 2.2.28 not working with Yubikey NEO.

Thank you @werner I will apply the patch and recompile the .28 version for myself.

Jun 14 2021, 6:45 PM · yubikey, gnupg (gpg22), Bug Report
werner changed the status of T5487: GnuPG 2.2.28 not working with Yubikey NEO from Open to Testing.

Fix will eventually go into 2.2.29. If there is enough public demand we will do a new Windows installer earlier.

Jun 14 2021, 11:39 AM · yubikey, gnupg (gpg22), Bug Report
gniibe added a comment to T5482: Release GnuPG 2.2.28.

Regression Yubikey NEO: T5487

Jun 14 2021, 10:18 AM · Release Info, gnupg (gpg22)

Jun 10 2021

werner closed T5482: Release GnuPG 2.2.28 as Resolved.
Jun 10 2021, 10:35 PM · Release Info, gnupg (gpg22)
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000460.html on T5482: Release GnuPG 2.2.28.
Jun 10 2021, 10:35 PM · Release Info, gnupg (gpg22)
werner triaged T5482: Release GnuPG 2.2.28 as Normal priority.
Jun 10 2021, 5:42 PM · Release Info, gnupg (gpg22)

Jun 7 2021

gniibe added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

@dkg
If we support native X25519 format, multiple representations will be possible (there are 32 ways, at least) for a single secret key, because it's the feature of X25519.

Jun 7 2021, 7:21 AM · Support, gnupg, OpenPGP
gniibe added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

@werner
My patch is for the case if it's better to accept such a key of OpenPGP.
I don't know if it's better or not (yet). The purpose of this patch is to show the point where OpenPGP secret part translates into libgcrypt secret key, concretely.

Jun 7 2021, 2:57 AM · Support, gnupg, OpenPGP

Jun 4 2021

dkg added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Do we want to encourage multiple cleartext wire-format representations of the same secret key?

Jun 4 2021, 3:56 PM · Support, gnupg, OpenPGP
onickolay added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

JFYI: Original curve25519-donna (as well as Botan library, and OpenSSL) tweaks bits inside of the exponentiation function, so secret keys with or without tweaked bits would be equivalent and produce the same public key.

Jun 4 2021, 10:57 AM · Support, gnupg, OpenPGP
aheinecke closed T5424: GnuPG w32: Expand environment variables when reading registry paths as Resolved.

Works. My initial tests also failed because on Windows 64 the registry value has to be placed in the WOW6432NODE

Jun 4 2021, 10:09 AM · gnupg (gpg22), Restricted Project
aheinecke changed the status of T5424: GnuPG w32: Expand environment variables when reading registry paths from Open to Testing.

Apologies,.. I used ctags on read_w32_registry_string and that jumped me to build-aux/speedo/w32/g4wihelp.c which has a read_w32_registry_string that does not expand....
Now I found the w32-reg.c in common which looks completely fine.

Jun 4 2021, 9:39 AM · gnupg (gpg22), Restricted Project
werner added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

gniibe: Can you explain why an import shall modify the secret key? Form my understanding it is an invalid secret key and thus it can't be used. An import operation is different than the key generation.

Jun 4 2021, 7:33 AM · Support, gnupg, OpenPGP
gniibe added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

For an implementation of Curve25519 routine, it is needed to tweak those bits.

Jun 4 2021, 6:52 AM · Support, gnupg, OpenPGP
gniibe added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Better to have in-line:

diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index 53c88154b..b1d43227a 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -159,7 +159,21 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey,
                EdDSA flag.  */
             format = "(private-key(ecc(curve %s)(flags eddsa)(q%m)(d%m)))";
           else if (!strcmp (curve, "Curve25519"))
-            format = "(private-key(ecc(curve %s)(flags djb-tweak)(q%m)(d%m)))";
+            {
+              unsigned int nbits;
+              unsigned char *buffer = gcry_mpi_get_opaque (skey[1], &nbits);
+              unsigned char d[32];
+
+              if (nbits != 256)
+                return gpg_error (GPG_ERR_BAD_SECKEY);
+
+              memcpy (d, buffer, 32);
+              d[0] = (d[0] & 0x7f) | 0x40;
+              d[31] &= 0xf8;
+              gcry_mpi_release (skey[1]);
+              skey[1] = gcry_mpi_set_opaque_copy (NULL, d, 256);
+              format = "(private-key(ecc(curve %s)(flags djb-tweak)(q%m)(d%m)))";
+            }
           else
             format = "(private-key(ecc(curve %s)(q%m)(d%m)))";
Jun 4 2021, 6:00 AM · Support, gnupg, OpenPGP
gniibe added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

"Curve25519" in libgcrypt was implemented before the standardization of X25519. There are two problems here: endianess and tweaking-bits.

Jun 4 2021, 5:59 AM · Support, gnupg, OpenPGP

Jun 3 2021

dkg added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

I've mentioned this interop issue (and tried to propose clarifying language for the revised standard) in the IETF OpenPGP WG mailing list.

Jun 3 2021, 3:04 PM · Support, gnupg, OpenPGP
gniibe claimed T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..
Jun 3 2021, 8:26 AM · Support, gnupg, OpenPGP

Jun 2 2021

onickolay added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

@dkg I mentioned it just because it was added as (part of the?) solution for Ed25519 issue, i.e. it is not something related to parsing of interoperable format but some further processing when secret key part is sent to the gpg-agent in some intermediate format.

Jun 2 2021, 9:56 PM · Support, gnupg, OpenPGP
dkg added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

I think rGba321b60bc3bfc29dfc6fa325dcabad4fac29f9c has nothing to do with interoperable formats -- how things are stored in ~/.gnupg/private-keys-v1.d is unrelated to the interoperable transferable secret key format specified in 4880 or its revisions.

Jun 2 2021, 9:51 PM · Support, gnupg, OpenPGP
werner added a comment to T3972: 100% CPU usage endles loop of gpg --list-keys.

It is a different trust model. The man page has some information but we meanwhile doubt that it will ever be of great use. It is over designed to be actually useful. Just don't care. For further questions, please use the mailing lists.

Jun 2 2021, 7:18 PM · gnupg (gpg22)
melodie added a comment to T3972: 100% CPU usage endles loop of gpg --list-keys.

If I did enable "tofu" that was not on purpose and I would not know how. What are tofu related questions? Is there a doc you can point me to? (Also is tofu.db an annoyance, and if so in which way?)

Jun 2 2021, 6:48 PM · gnupg (gpg22)
werner added a comment to T3972: 100% CPU usage endles loop of gpg --list-keys.

TOFU is not used by default and thus the tofu.db does only matter if you have enabled TOFU. Its purpose is to track the use of keys and it also stored information which you explictly gave in response to TOFU related questions.

Jun 2 2021, 5:46 PM · gnupg (gpg22)
melodie added a comment to T3972: 100% CPU usage endles loop of gpg --list-keys.

Hello,
I just hit the same issue in Ubuntu 18.04.5 LTS with gpg version 2.2.4-1ubuntu1.4 and the command line provided on post https://dev.gnupg.org/T3972#127356 by dkg has helped me fix it.
The faulty key was from the Tor project.

Jun 2 2021, 5:20 PM · gnupg (gpg22)
werner removed a project from T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG.: OpenPGP.

Right. However, the SOS thing should then also be used for secret keys. (FWIW, I wrote my last comment while you were writing yours).

Jun 2 2021, 5:14 PM · Support, gnupg, OpenPGP
onickolay added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

@werner isn't it used just for the public key? The secret x25519 key, exported by GnuPG, looks as following (in the way it is stored in file):

Jun 2 2021, 5:11 PM · Support, gnupg, OpenPGP
werner updated subscribers of T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

We invented the 0x40 compression flag to declare that as native curve point format. With the introduction of 448 things got more complicated due to the new IETF statdards for this curev. This is the reason for @gniibe's proposal for a Simple Octet String (SOS) as a new data type in OpenPGP.

Jun 2 2021, 5:06 PM · Support, gnupg, OpenPGP
onickolay added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Investigated it more, and it looks problem is not in incorrect endianness. Exporting x25519 secret subkey from the GnuPG showed up that we still need to change byte order.
After some experiments I ended up with the following self-explaining code piece, which makes RNP-generated keys to work with GnuPG for import:

repeat:
    if (botan_privkey_create(&pr_key, "Curve25519", "", rng_handle(rng))) {
        goto end;
    }
    /* botan returns key in little-endian, while mpi is big-endian */
    if (botan_privkey_x25519_get_privkey(pr_key, keyle.data())) {
        goto end;
    }
    if ((keyle[31] != 0x45) || (keyle[0] != 0x40)) {
        botan_privkey_destroy(pr_key);
        goto repeat;
    }
    if (botan_privkey_export_pubkey(&pu_key, pr_key)) {
        goto end;
    }
Jun 2 2021, 5:04 PM · Support, gnupg, OpenPGP
werner placed T5424: GnuPG w32: Expand environment variables when reading registry paths up for grabs.

Well, we have always expanded envvars in registry values. You need to create the value as an REG_EXPAND_SZ type, though.

Jun 2 2021, 3:04 PM · gnupg (gpg22), Restricted Project
onickolay added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Thanks for investigations! Indeed, we do change byte order when storing/loading private key, as MPI should be big-endian, while curve25519 private key is little endian.
Do I correctly understand that we should store it in the MPI as it is (like with Ed25519)? It would be nice to clarify that in the RFC draft.
Another thing is that in my test even if byte order is not reversed in the secret key (including the attached test key), GnuPG still asks for password, reporting "error sending to agent: Bad passphrase".

Jun 2 2021, 11:47 AM · Support, gnupg, OpenPGP
werner edited projects for T5424: GnuPG w32: Expand environment variables when reading registry paths, added: gnupg (gpg22); removed gnupg.
Jun 2 2021, 11:08 AM · gnupg (gpg22), Restricted Project
dkg added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

The problem here appears to be that the "MPI" of the curve25519 secret key is not actually a standard-issue big-endian OpenPGP MPI -- it's an opaque bytestring expected to be passed to the underlying "native" implementation of x25519, in the same way that the secret key is handled for Ed25519.

Jun 2 2021, 1:35 AM · Support, gnupg, OpenPGP
dkg added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

investigating the subkey in python:

Jun 2 2021, 1:20 AM · Support, gnupg, OpenPGP
dkg added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

looks to me like you've got the byte ordering of the Curve25519 secret subkey reversed from the way that GnuPG expects it.

Jun 2 2021, 1:16 AM · Support, gnupg, OpenPGP
dkg added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

fwiw, gpg-agent complains that the keys don't match:

Jun 2 2021, 1:06 AM · Support, gnupg, OpenPGP

Jun 1 2021

werner triaged T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG. as High priority.
Jun 1 2021, 3:46 PM · Support, gnupg, OpenPGP

May 25 2021

werner added a comment to T5446: Don't show LDAP credentials in error messages, at least not by default.

So what do you think is the threat here?

May 25 2021, 8:34 AM · gnupg (gpg22)
cbiedl added a comment to T5446: Don't show LDAP credentials in error messages, at least not by default.

My concern is not a disloyal administrator, so I disagree with that priority.

May 25 2021, 8:14 AM · gnupg (gpg22)

May 21 2021

werner triaged T5446: Don't show LDAP credentials in error messages, at least not by default as Low priority.

I give this a low priority because all those infos are easily retrievable from config files.

May 21 2021, 11:46 AM · gnupg (gpg22)
cbiedl updated the task description for T5446: Don't show LDAP credentials in error messages, at least not by default.
May 21 2021, 11:09 AM · gnupg (gpg22)
cbiedl created T5446: Don't show LDAP credentials in error messages, at least not by default.
May 21 2021, 10:57 AM · gnupg (gpg22)

Apr 21 2021

dkg added a comment to T5407: gpg fails to import second secret key in .pfx (PKCS12) file.

Apparently only one of the secret keys is actually imported: the decryption key, but not the signing key.

Apr 21 2021, 6:20 AM · gnupg (gpg23), Feature Request, S/MIME
gniibe added a project to T5297: SCM SPR332 smartcard reader support broken: gnupg (gpg22).

Fixed in GnuPG 2.3.1, so, add the tag for GnuPG 2.2.

Apr 21 2021, 2:44 AM · gnupg (gpg22), scd, Bug Report
dkg created T5407: gpg fails to import second secret key in .pfx (PKCS12) file.
Apr 21 2021, 1:59 AM · gnupg (gpg23), Feature Request, S/MIME

Apr 19 2021

anon85786376 added a comment to T5401: Imported ECC/Ed25519 subkey has unusable key file in private-keys-v1.d.

You can't use an EdDSA as subkey for encryption. Encryption is the default for a subkey unless you provide key usage parameters. Yes, we could flag this as an error, but I won't give it high priority.

Yes, this is an edge case very unlikely to be encountered. The odd thing is the generated "ed25519" subkey does somehow encrypt and decrypt without issue.

Apr 19 2021, 11:17 PM · gnupg (gpg22), Bug Report
werner triaged T5401: Imported ECC/Ed25519 subkey has unusable key file in private-keys-v1.d as Low priority.

You can't use an EdDSA as subkey for encryption. Encryption is the default for a subkey unless you provide key usage parameters. Yes, we could flag this as an error, but I won't give it high priority. I would anyway suggest to use

Apr 19 2021, 10:46 PM · gnupg (gpg22), Bug Report
anon85786376 created T5401: Imported ECC/Ed25519 subkey has unusable key file in private-keys-v1.d.
Apr 19 2021, 10:26 PM · gnupg (gpg22), Bug Report
werner edited projects for T4921: Support import of PKCS#12 encoded ECC private keys., added: gnupg (gpg22); removed gnupg (gpg23).
Apr 19 2021, 5:52 PM · gnupg (gpg22), backport, Feature Request, S/MIME

Apr 13 2021

werner closed T5387: Accept key signatures from LDAP servers as Resolved.

Done for 2.2. and 2.3.

Apr 13 2021, 2:56 PM · Feature Request, gnupg (gpg22)

Apr 9 2021

werner triaged T5387: Accept key signatures from LDAP servers as High priority.
Apr 9 2021, 12:25 PM · Feature Request, gnupg (gpg22)

Mar 30 2021

werner triaged T5376: gpg --fetch-keys no longer returns non 0 exit status on failure as Normal priority.

You are coming pretty late to the party ;-). Since 2.1.0 we don't use the ancient keyserver helpers anymore but reworked the entire network access. I even doubt that I can still test with a 2.0 version.

Mar 30 2021, 8:16 PM · gnupg (gpg22), Bug Report

Mar 11 2021

werner closed T4584: --quick-sign-key offers no way to override a current certification as Resolved.

New option --force-sign-key for 2.2.28 and 2.3. Also added support to gpgme.

Mar 11 2021, 11:54 AM · Restricted Project, gnupg (gpg22), Feature Request
werner closed T4584: --quick-sign-key offers no way to override a current certification, a subtask of T5093: GnuPG: Add quick-revsig, as Resolved.
Mar 11 2021, 11:54 AM · Feature Request, gnupg (gpg22)

Mar 3 2021

gniibe renamed T5331: Possibly incompatible Ed25519 signature between other implementations and 2.3-bata from Incompatible Ed25519 signature between GnuPG 2.2 and 2.3-bata to Possibly incompatible Ed25519 signature between other implementations and 2.3-bata.
Mar 3 2021, 8:50 AM · gnupg (gpg22), Bug Report
gniibe added a comment to T5331: Possibly incompatible Ed25519 signature between other implementations and 2.3-bata.
========= 0110.asc ==========
# off=0 ctb=88 tag=2 hlen=2 plen=117
:signature packet: algo 22, keyid E267B052364F028D
	version 4, created 1614755507, md5len 0, sigclass 0x01
	digest algo 10, begin of digest 4f 78
	hashed subpkt 33 len 21 (issuer fpr v4 249CB3771750745D5CDD323CE267B052364F028D)
	hashed subpkt 2 len 4 (sig created 2021-03-03)
	subpkt 16 len 8 (issuer key ID E267B052364F028D)
	data: ADEE890B755C3B52D46FB0105097F23B5905B472C626222ACB4E441D8EB40001
	data: 007119FF80C34DA152BDB07E1EF5D968CB9F2773002A0CF57911670BE248CF06
========= 0354.asc ==========
# off=0 ctb=88 tag=2 hlen=2 plen=117
:signature packet: algo 22, keyid E267B052364F028D
	version 4, created 1614755520, md5len 0, sigclass 0x01
	digest algo 10, begin of digest 28 19
	hashed subpkt 33 len 21 (issuer fpr v4 249CB3771750745D5CDD323CE267B052364F028D)
	hashed subpkt 2 len 4 (sig created 2021-03-03)
	subpkt 16 len 8 (issuer key ID E267B052364F028D)
	data: 001DB3839E3FD8D4CB81357EE5E42F4AF652C252A03A0FB21768621B1025C08C
	data: AF5A0910EF1D4D6BDD07EA0AA6D69049CB7BA7ED42427E14B8B72CF2C2231704
Mar 3 2021, 8:25 AM · gnupg (gpg22), Bug Report
gniibe added a comment to T5331: Possibly incompatible Ed25519 signature between other implementations and 2.3-bata.

Here are example files produced by GnuPG 2.3-beta:
S part has preceding zero:


R part has preceding zero:

Mar 3 2021, 8:22 AM · gnupg (gpg22), Bug Report

Mar 1 2021

gniibe added a comment to T5331: Possibly incompatible Ed25519 signature between other implementations and 2.3-bata.

We could add compatibility mode for Ed25519 signature to conform well-formed MPI (expecting recovery).

Mar 1 2021, 9:30 AM · gnupg (gpg22), Bug Report
gniibe created T5331: Possibly incompatible Ed25519 signature between other implementations and 2.3-bata.
Mar 1 2021, 9:15 AM · gnupg (gpg22), Bug Report

Feb 25 2021

onickolay added a comment to T5309: gpg: key generation failed: Corrupted protection.

Thanks for the information!
We'll update our CI.

Feb 25 2021, 1:46 PM · Info Needed, gnupg (gpg22), Bug Report
werner added a comment to T5309: gpg: key generation failed: Corrupted protection.

MSYS builds are not supported. All kind of stuff may go wrong. Just don't use it. Please use the standard installer as listed at gnupg.org or install gpg4win (which includes this installer).

Feb 25 2021, 1:43 PM · Info Needed, gnupg (gpg22), Bug Report
onickolay added a comment to T5309: gpg: key generation failed: Corrupted protection.

Sure, here is output:

2021-02-24T20:19:46.8671882Z + gpgconf --show-versions
2021-02-24T20:19:49.6868215Z * GnuPG 2.2.25-unknown (0000000)
2021-02-24T20:19:49.6871468Z MSYS
2021-02-24T20:19:49.6888515Z 
2021-02-24T20:19:49.6889344Z * Libgcrypt 1.8.7 (baacfb40)
2021-02-24T20:19:49.6889956Z version:1.8.7:10807:1.39-unknown:12700:
2021-02-24T20:19:49.6890454Z cc:90300:gcc:9.3.0:
2021-02-24T20:19:49.6891633Z ciphers:arcfour:blowfish:cast5:des:aes:twofish:serpent:rfc2268:seed:camellia:idea:salsa20:gost28147:chacha20:
2021-02-24T20:19:49.6892539Z pubkeys:dsa:elgamal:rsa:ecc:
2021-02-24T20:19:49.6893424Z digests:crc:gostr3411-94::md4:md5:rmd160:sha1:sha256:sha512:sha3:tiger:whirlpool:stribog:blake2:
2021-02-24T20:19:49.6894177Z rnd-mod:linux:
2021-02-24T20:19:49.6894666Z cpu-arch:x86:
2021-02-24T20:19:49.6895791Z mpi-asm:generic/mpih-add1.c:generic/mpih-sub1.c:generic/mpih-mul1.c:generic/mpih-mul2.c:generic/mpih-mul3.c:generic/mpih-lshift.c:generic/mpih-rshift.c:
2021-02-24T20:19:49.6897734Z hwflist:intel-cpu:intel-fast-shld:intel-bmi2:intel-ssse3:intel-sse4.1:intel-pclmul:intel-aesni:intel-rdrand:intel-avx:intel-avx2:intel-fast-vpgather:intel-rdtsc:
2021-02-24T20:19:49.6898968Z fips-mode:n:n:
2021-02-24T20:19:49.6899492Z rng-type:standard:1:2010000:1:
2021-02-24T20:19:49.6899888Z 
2021-02-24T20:19:49.6900359Z * GpgRT 1.41-unknown (0000000)
2021-02-24T20:19:49.6900739Z 
2021-02-24T20:19:49.6901208Z * Libassuan 2.5.4-unknown (0000000)
2021-02-24T20:19:49.6901605Z 
2021-02-24T20:19:49.6902048Z * KSBA 1.4.0-unknown (?)
2021-02-24T20:19:49.6902420Z 
2021-02-24T20:19:49.6902843Z * GNUTLS 3.6.15
Feb 25 2021, 12:02 PM · Info Needed, gnupg (gpg22), Bug Report

Feb 24 2021

werner added a comment to T5309: gpg: key generation failed: Corrupted protection.

Can you please run

Feb 24 2021, 5:36 PM · Info Needed, gnupg (gpg22), Bug Report
Aster89 added a comment to T5322: gpg erroring when the terminal is too small to show the ncurses pinentry dialog.

As suggested in the linked question on stackexchange, I think that even if the error comes from the pinentry program, GnuPG could echo a more informative error than gpg: decryption failed: No secret key, such as terminal to little to show the pinetnry program, or something similar.

Feb 24 2021, 2:37 PM · gnupg (gpg22), gpgagent, pinentry, Bug Report

Feb 23 2021

onickolay added a comment to T5309: gpg: key generation failed: Corrupted protection.

Hi Werner,
Thanks for the reply. Will try to reproduce this and get back to you. Our CI wasn't have an option to upload artifacts in case of failure.

Feb 23 2021, 6:13 PM · Info Needed, gnupg (gpg22), Bug Report
werner triaged T5322: gpg erroring when the terminal is too small to show the ncurses pinentry dialog as Normal priority.

Thanks for the report. Frankly the curses pinentries are not that widely tested.

Feb 23 2021, 5:02 PM · gnupg (gpg22), gpgagent, pinentry, Bug Report
werner triaged T5301: Decrypting a message that has multiple SKESK packets sometimes fails as Normal priority.

With 2.2 the second works if the first passphrase prompt was canceled. Test invocation:

Feb 23 2021, 9:17 AM · gnupg (gpg22), Bug Report
werner triaged T5309: gpg: key generation failed: Corrupted protection as Normal priority.
Feb 23 2021, 9:07 AM · Info Needed, gnupg (gpg22), Bug Report