Page MenuHome GnuPG
Feed Advanced Search

Feb 23 2022

TheParanoidProgrammer added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

Ok, I may see three potential problems in dirmngr->validate.c->validate_cert_chain(), but it may also be my limited familiarity with the gnupg source.

  • Here we leave the certificate validation loop at the first trusted root certificate, even if it is expired as we only mark this fact for later evaluation.
  • Here we seem to only ever go up the chain, never sideways as is the case in the original patch for this bug.
  • And probably most impactful, here we fail the whole validation if any of the previously checked certificates is expired, so that even if we would fix the second point by checking sibling certificates, we would still get an overall failure.
Feb 23 2022, 10:18 PM · gnupg (gpg22), dirmngr
TheParanoidProgrammer added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

What I wonder is: In a number of tests in our machines (mostly virtual machines), the TLS access to keyserver.ubuntu.com does work. I have yet to see a VM where it does not. So there must be a difference.

Feb 23 2022, 9:37 PM · gnupg (gpg22), dirmngr
TheParanoidProgrammer added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

Not a solution yet, but some more insights.
Starting from @NoSubstitute 's log output and from @bernhard 's statement that we use ntbTLS I verified that my dirmngr.exe was indeed compiled with NTBTLS 0.2.0. I did so by running strings "C:\Program Files (x86)\GnuPG\bin\dirmngr.exe" | grep TLS which returned "This is NTBTLS 0.2.0 - Not Too Bad TLS" among other strings. I also grepped for some debug strings introduced in newer commits to verify that the NTBTLS version used is not the current HEAD of master, but at least some commit before 64f895dba734802662cbb81b64cd0b4af198ee71. I will just assume it is the actual 0.2.0 release for now.

Feb 23 2022, 9:33 PM · gnupg (gpg22), dirmngr

Feb 22 2022

bernhard reopened T5639: dirmngr uses the wrong Let's encrypt chain as "Open".
Feb 22 2022, 10:27 AM · gnupg (gpg22), dirmngr
bernhard added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

@NoSubstitute It is okay for me to keep this issue, if most people prefer it this way, was just asking.

Feb 22 2022, 10:27 AM · gnupg (gpg22), dirmngr
NoSubstitute added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

@bernard - well, that's the kicker, isn't it.

Feb 22 2022, 10:14 AM · gnupg (gpg22), dirmngr
bernhard added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

Ah, just seeing that this issue is resolved. Shall we open a new one to be well structured?
(If we reopen this one, there is a lot of old information in here that does not apply anymore before the fixes that went into dirmngr/gnupg).

Feb 22 2022, 9:02 AM · gnupg (gpg22), dirmngr
bernhard added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

Does gpg4win ship a TLS library with gpg or does it use a system default?

Feb 22 2022, 8:59 AM · gnupg (gpg22), dirmngr

Feb 21 2022

TheParanoidProgrammer added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

Alright, in the hope it helps to pin this down, trying to sum up what I tried during and after my conversation with @bernhard so far:

  • Windows 10 keeps both the old and new root CA in the store and manual edits to the root certificate store are undone by the OS sooner or later
  • ignoring the intermediate certificate with dirmngr --ignore-cert 48504E974C0DAC5B5CD476C8202274B24C8C7172 fixes the problem as a workaround, but is not a satisfying solution
  • I cloned the repository and took a look at the original patch; while it seems that we only check validity of certificates without considering the expiration date, the patch does fix the original bug which I confirmed by compiling gpg from source at the commit containing the patch and another version at the commit prior to the patch. That is, the patch successfully fixes this on my Ubuntu machine. On my Windows 10 machine the bug persists no matter if using a self-compiled version from those commits or the official versions from gpg4win.
  • During exploring the source code and finding out how to compile and test from source I found out that I can reproduce the bug on Ubuntu if I compile gpg with the patch applied, but with a GnuTLS version that does not have their patch for this issue. Since this is the case with the default GnuTLS dev sources in Ubuntu 20.04., I had to get GnuTLS library from the project itself in order to successfully compile gpg for Ubuntu. For Windows the problem persists, however. I did not find GnuTLS or any other TLS library in the application directory of the GPG install on Windows nor in the installer itself. So I'm wondering if the remaining issue on Windows is actually with the used TLS library there. Does gpg4win ship a TLS library with gpg or does it use a system default?
  • The fixed version of GnuTLS is 3.6.14 for the project itself, there are backports of this patch for Ubuntu Xenial and Bionic, unfortunately not for Focal yet.
Feb 21 2022, 10:05 PM · gnupg (gpg22), dirmngr
NoSubstitute added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

Hello.
@bernard has been so kind to try and help me with this exact issue over in the gpg4win forum, and it seems I'm not the only one who still has problems with the "broken" LE certificate chain and hkps://keyserver.ubuntu.com.

Feb 21 2022, 3:35 PM · gnupg (gpg22), dirmngr

Feb 17 2022

werner triaged T5809: Expire subkey violates assertion "! sig->hashed" as High priority.
Feb 17 2022, 8:43 AM · Restricted Project, gnupg (gpg22), Bug Report
gniibe added a project to T5831: Backport (f808012a) scd: Use lock_slot for apdu_send_direct. to GnuPG 2.2: Restricted Project.

Thank you for your suggestion.

Feb 17 2022, 6:08 AM · gnupg (gpg22), Bug Report, scd
gniibe claimed T5831: Backport (f808012a) scd: Use lock_slot for apdu_send_direct. to GnuPG 2.2.
Feb 17 2022, 6:01 AM · gnupg (gpg22), Bug Report, scd

Feb 14 2022

ZenithalHourlyRate created T5831: Backport (f808012a) scd: Use lock_slot for apdu_send_direct. to GnuPG 2.2.
Feb 14 2022, 1:10 PM · gnupg (gpg22), Bug Report, scd

Feb 8 2022

werner closed T5703: Release GnuPG 2.2.34 as Resolved.
Feb 8 2022, 8:16 AM · Release Info, gnupg (gpg22)
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2022q1/000470.html on T5703: Release GnuPG 2.2.34.
Feb 8 2022, 8:16 AM · Release Info, gnupg (gpg22)

Feb 7 2022

werner updated the task description for T5703: Release GnuPG 2.2.34.
Feb 7 2022, 10:06 PM · Release Info, gnupg (gpg22)
gniibe changed the status of T5721: gpg22: Update *.m4 to prefer use of gpgrt-config and *.pc to *-config from Open to Testing.

Done by rGc8cd66ae7e60: m4: Update our library m4 files from master.

Feb 7 2022, 11:33 AM · gnupg (gpg22)

Feb 1 2022

erlandm added a comment to T5809: Expire subkey violates assertion "! sig->hashed".

Here is the output of --list-packets of the offending key, anonymised:

  1. off=0 ctb=99 tag=6 hlen=3 plen=418 :public key packet: version 4, algo 17, created 985690138, expires 0 pkey[0]: [1024 bits] pkey[1]: [160 bits] pkey[2]: [1024 bits] pkey[3]: [1023 bits] keyid: <KEY_ID>
  2. off=421 ctb=b4 tag=13 hlen=2 plen=35 :user ID packet: "XXXXXXXXXXXXX"
  3. off=458 ctb=88 tag=2 hlen=2 plen=120 :signature packet: algo 17, keyid <KEY_ID> version 4, created 1629537425, md5len 0, sigclass 0x13 digest algo 2, begin of digest a8 22 hashed subpkt 33 len 21 (issuer fpr v4 <XXXXXXXXXXXXXX><KEY_ID>) hashed subpkt 2 len 4 (sig created 2021-08-21) hashed subpkt 27 len 1 (key flags: 23) hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2) hashed subpkt 21 len 5 (pref-hash-algos: 8 9 10 11 2) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) hashed subpkt 30 len 1 (features: 01) hashed subpkt 23 len 1 (keyserver preferences: 80) subpkt 16 len 8 (issuer key ID <KEY_ID>) data: [158 bits] data: [159 bits]
  4. off=580 ctb=b9 tag=14 hlen=3 plen=525 :public sub key packet: version 4, algo 16, created 985690139, expires 0 pkey[0]: [2048 bits] pkey[1]: [2 bits] pkey[2]: [2046 bits] keyid: YYYYYYYYYYYYYYY
  5. off=1108 ctb=88 tag=2 hlen=2 plen=63 :signature packet: algo 17, keyid <KEY_ID> version 3, created 985690139, md5len 5, sigclass 0x18 digest algo 2, begin of digest 94 e5 data: [159 bits] data: [156 bits]
Feb 1 2022, 4:52 PM · Restricted Project, gnupg (gpg22), Bug Report
werner added a project to T5809: Expire subkey violates assertion "! sig->hashed": gnupg (gpg22).
Feb 1 2022, 4:24 PM · Restricted Project, gnupg (gpg22), Bug Report

Jan 28 2022

werner closed T5794: Cannot add ed25519 SSH key with empty comment as Resolved.

Thanks for the report. To keep things easy the empty comment is now translated to "(none)".

Jan 28 2022, 8:03 PM · ssh, gnupg (gpg22), Bug Report
werner closed T5800: gpgconf: Ignores keyserver option in gpgsm.conf as Resolved.
Jan 28 2022, 5:30 PM · Restricted Project, Bug Report, gnupg (gpg22)
werner closed T5800: gpgconf: Ignores keyserver option in gpgsm.conf, a subtask of T5732: Backport option reading in gpgconf to 2.2, as Resolved.
Jan 28 2022, 5:30 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
werner closed T5732: Backport option reading in gpgconf to 2.2 as Resolved.
Jan 28 2022, 5:30 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)

Jan 26 2022

werner added a comment to T5800: gpgconf: Ignores keyserver option in gpgsm.conf.

I added --ldapserver to gpgsm because of confusion of what a keyserver is. Right now we see a problem only with this alias but it is a more general problem with aliases. My patch to master was a for public testing - let's discuss this on the phone.

Jan 26 2022, 12:45 PM · Restricted Project, Bug Report, gnupg (gpg22)
ikloecker added a comment to T5800: gpgconf: Ignores keyserver option in gpgsm.conf.

The above change now also makes gpgconf from master ignore the keyserver option in gpgsm.conf.

$ gpgconf --version
gpgconf (GnuPG) 2.3.5-beta17
Jan 26 2022, 10:35 AM · Restricted Project, Bug Report, gnupg (gpg22)
ikloecker added a comment to T5800: gpgconf: Ignores keyserver option in gpgsm.conf.

For what it's worth: I suggest to remove the ldapserver alias of gpgsm's keyserver option in GnuPG 2.2 and 2.3 again. It was added not too long ago (in June 2021) and it was added after the new dirmngr/ldapserver option was added. The alias is causing regressions and trouble with its only benefit (as far as I can see) being that dirmngr has an option of the same name for the same purpose.

Jan 26 2022, 9:47 AM · Restricted Project, Bug Report, gnupg (gpg22)
ikloecker added a comment to T5800: gpgconf: Ignores keyserver option in gpgsm.conf.

For X.509 servers Kleopatra currently looks at gpgsm/keyserver with a fallback to dirmngr/LDAP Server. The gpgconf interface change

* tools/gpgconf-comp.c (known_options_gpgsm): Rename "keyserver" to
"ldapserver" and set level to invisible.

in rG0b4fdbd5f41e: gpgconf: Return --ldapserver and --keyserver from dirmngr. breaks configuration of X.509 servers with existing versions of Kleopatra. I suggest to revert this change to unbreak Kleopatra.

Jan 26 2022, 9:38 AM · Restricted Project, Bug Report, gnupg (gpg22)

Jan 25 2022

werner triaged T5800: gpgconf: Ignores keyserver option in gpgsm.conf as High priority.
Jan 25 2022, 8:31 PM · Restricted Project, Bug Report, gnupg (gpg22)
werner added a comment to T5800: gpgconf: Ignores keyserver option in gpgsm.conf.

Turns out that the aliasing is a problem; if we allow keyserver as an alias for ldapserver in gpgsm.conf we are not able to get the value unless we add dedicated handling for this. Test in 2.3 but we will have the same problem the other way around in 2.2.

Jan 25 2022, 8:15 PM · Restricted Project, Bug Report, gnupg (gpg22)
werner added a comment to T5800: gpgconf: Ignores keyserver option in gpgsm.conf.

What does kleopatra use to get the list of ldap servers - gpgsm or dirmngr?

Jan 25 2022, 7:58 PM · Restricted Project, Bug Report, gnupg (gpg22)
werner added a comment to T5800: gpgconf: Ignores keyserver option in gpgsm.conf.

The problem comes from the way we handle an alias. That actually depends on the order the options are specified.

Jan 25 2022, 7:56 PM · Restricted Project, Bug Report, gnupg (gpg22)
ikloecker created T5800: gpgconf: Ignores keyserver option in gpgsm.conf.
Jan 25 2022, 4:09 PM · Restricted Project, Bug Report, gnupg (gpg22)
ikloecker changed the status of T5795: Kleopatra reader selection and quoting from Open to Testing.
Jan 25 2022, 11:52 AM · gnupg22, Restricted Project, kleopatra
ikloecker added a comment to T5795: Kleopatra reader selection and quoting.

Doh! gpgme already performs the unescaping of data retrieved via the Assuan protocol for us in llass_status_handler. Doing it again in Kleo::SCDaemon::getReaders was simply wrong.

Jan 25 2022, 11:51 AM · gnupg22, Restricted Project, kleopatra
ikloecker moved T5795: Kleopatra reader selection and quoting from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Jan 25 2022, 9:43 AM · gnupg22, Restricted Project, kleopatra
ikloecker claimed T5795: Kleopatra reader selection and quoting.
Jan 25 2022, 9:43 AM · gnupg22, Restricted Project, kleopatra
ikloecker added a comment to T5795: Kleopatra reader selection and quoting.

Hmm, I looked at the gpg-side a bit. assuan_send_data that's used for returning GETINFO reader_list only does escaping "as required by the Assuan protocol", i.e. percent escaping of certain characters but no plus escaping.

Jan 25 2022, 9:40 AM · gnupg22, Restricted Project, kleopatra

Jan 24 2022

werner edited projects for T5795: Kleopatra reader selection and quoting, added: gnupg (gpg22); removed gpgme.
Jan 24 2022, 7:10 PM · gnupg22, Restricted Project, kleopatra

Jan 22 2022

werner closed T5724: gpgconf --show-configs does not show the registry values as Resolved.
Jan 22 2022, 6:33 PM · Windows, gnupg (gpg22), Bug Report
werner closed T5754: gpgtar needs to support longer filenames. as Resolved.

Implemented extended headers for filenames and linknames (on Unix).

Jan 22 2022, 6:17 PM · gnupg (gpg22), gpgtar

Jan 21 2022

werner triaged T5793: gpgsm: Wrong length when parsing octetstring in constructed encoding + definite length as Normal priority.
Jan 21 2022, 9:42 PM · Restricted Project, S/MIME, gnupg (gpg22)
werner claimed T5794: Cannot add ed25519 SSH key with empty comment.
Jan 21 2022, 1:09 PM · ssh, gnupg (gpg22), Bug Report

Jan 19 2022

ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

While trying to test the X.509 directory server configuration in Kleopatra, I stumbled over difference between 2.2 and 2.3 and a possible regression in 2.2.

Jan 19 2022, 3:24 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)

Jan 18 2022

ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

@werner Hmm, okay. So I have tested the wrong thing. To me /etc/gnupg/gpgconf.conf looked very much like a global config file I was supposed to test. I have looked at /etc/gnupg, found the example gpgconf.conf and played around with it. It had some effects (see above), so I assumed that it should work. Since it's obvious from my tests, that it doesn't really work as documented anymore, all corresponding code should be removed entirely (or fixed if it should be kept for backward compatibility).

Jan 18 2022, 7:07 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
werner added a comment to T5732: Backport option reading in gpgconf to 2.2.

ikloecker: gpgconf.conf ist not anymore used since we have the global config files.

Jan 18 2022, 6:31 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

With /etc/gnupg/gpgconf.conf

[empty lines and comment lines]
*	gpgsm	verbose				[no-change]
	gpgsm	quiet				[no-change]
	gpgsm	debug-level			[no-change]
	gpgsm	log-file			[no-change]
	gpgsm	include-certs			[no-change]
	gpgsm	compliance			[no-change]
	gpgsm	default-key			[no-change]
	gpgsm	encrypt-to			[no-change]
	gpgsm	keyserver			[no-change]
	gpgsm	disable-dirmngr			[no-change]
	gpgsm	auto-issuer-key-retrieve	[no-change]
	gpgsm	p12-charset			[no-change]
	gpgsm	disable-crl-checks		[no-change]
	gpgsm	enable-crl-checks		[no-change]
	gpgsm	disable-trusted-cert-crl-check	[no-change]
	gpgsm	enable-ocsp			[no-change]
	gpgsm	disable-policy-checks		[no-change]
	gpgsm	cipher-algo			[no-change]

all options are correctly flagged as "no change" in the output of gpgconf

Jan 18 2022, 10:52 AM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

More weirdness. With gpgconf (GnuPG) 2.2.34-beta23 I get:

Jan 18 2022, 10:49 AM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)

Jan 17 2022

ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

After commenting out the options that gpgconf 2.3 complains about I get:

$ gpgconf --version
gpgconf (GnuPG) 2.3.5-beta17
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Jan 17 2022, 5:28 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

I tried to see what gpgconf from master says, but I only get

$gpgconf --list-options gpg
gpgconf: unknown option 'try-secret-key' at '/etc/gnupg/gpgconf.conf', line 95
gpgconf: unknown option 'reader-port' at '/etc/gnupg/gpgconf.conf', line 96
Jan 17 2022, 5:20 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

This also doesn't look right:

Jan 17 2022, 5:01 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

The following looks very much like a bug.

Jan 17 2022, 4:35 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

Example:
/etc/gnupg/gpg.conf:

default-key B81CE112B26A8EA8BE7B95D2E375339BF4C51840
Jan 17 2022, 4:28 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
ikloecker added a comment to T5732: Backport option reading in gpgconf to 2.2.

With rG8c878ae4c9dfa9fe26aa15f4f9db3e86833575e9 some rules for allow-mark-trusted were removed from doc/examples/gpgconf.conf, but the comments below which are supposed to explain the example rules still talk about allow-mark-trusted.

Jan 17 2022, 4:04 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)

Jan 5 2022

werner triaged T5754: gpgtar needs to support longer filenames. as High priority.
Jan 5 2022, 11:49 AM · gnupg (gpg22), gpgtar

Jan 3 2022

ikloecker renamed T5754: gpgtar needs to support longer filenames. from gpgtar needs to support lonerg filenames. to gpgtar needs to support longer filenames..
Jan 3 2022, 11:32 AM · gnupg (gpg22), gpgtar
werner created T5754: gpgtar needs to support longer filenames..
Jan 3 2022, 10:25 AM · gnupg (gpg22), gpgtar

Dec 30 2021

werner changed the status of T5732: Backport option reading in gpgconf to 2.2 from Open to Testing.

Backport done but diligent testing is required.

Dec 30 2021, 10:51 AM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)

Dec 23 2021

alexnadtoka added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

@ikloecker yes sorry ok

Dec 23 2021, 11:35 AM · gnupg (gpg22), dirmngr
alexnadtoka updated subscribers of T5639: dirmngr uses the wrong Let's encrypt chain.

@bernard Right sorry. I have sent request to mailing lists

Dec 23 2021, 11:34 AM · gnupg (gpg22), dirmngr
ikloecker added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

@alexnadtoka, please stop adding the same information to two different issues. Let's use T5744: Issue with connecting to GPG server for any further comments.

Dec 23 2021, 11:32 AM · gnupg (gpg22), dirmngr
bernhard added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

@alexnadtoka wrote:

both versions had issues(( and send two requests to RU and EN comunity . No answer for two days already

Dec 23 2021, 11:06 AM · gnupg (gpg22), dirmngr
alexnadtoka added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

@bernhard yeah thank you. both versions had issues(( and send two requests to RU and EN comunity . No answer for two days already
The log clearlys says certificate is expired(( but it is not at least for keyserver... May be it is reffering to gpg key... I dont know... but it is not expired either. Probably I am missing something. Will try to contact community again.

Dec 23 2021, 10:41 AM · gnupg (gpg22), dirmngr
bernhard added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

@alexnadtoka When using Gpg4win-4.0.0 or 3.3.16 with an updated GnuPG the validation of dirmngr works fine with the Let's encrypt certificates again. If you have one of these versions, and you still have problems, you need to be more specific about which connection you are referring to.
Maybe it is best to ask on one of community channels (e.g. the gnupg-users mailinglist, see https://gnupg.org/documentation/mailing-lists.html )

Dec 23 2021, 10:05 AM · gnupg (gpg22), dirmngr

Dec 21 2021

ikloecker added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

@alexnadtoka, did you do what Werner wrote in T5639#150626?

Dec 21 2021, 2:57 PM · gnupg (gpg22), dirmngr
alexnadtoka added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

Guys I am facing similar issue but my Lets ecnrypt certificates are all ok. What is the problem with my gpg4win client? When connecting to openpgp server it says certificate is expired. Anybody can help me?

Dec 21 2021, 9:28 AM · gnupg (gpg22), dirmngr
gniibe edited projects for T5742: Apparent regressions between 2.2.32 and 2.2.33 of GnuPG, added: gnupg (gpg22); removed gnupg.
Dec 21 2021, 1:06 AM · Restricted Project, Bug Report, gnupg (gpg23)

Dec 14 2021

werner added a subtask for T5732: Backport option reading in gpgconf to 2.2: T5735: Kleopatra: Automatic lookup for certificates for OpenPGP card keys.
Dec 14 2021, 10:15 AM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)

Dec 13 2021

werner added a comment to T5732: Backport option reading in gpgconf to 2.2.

A clumsy workaround for the Kleo bug is to put "keyserver ldap:///" into the global gpg.conf after an ignore section containing keyserver. This will let gpgconf emit "ldap:///" unless a local gpg.conf exists.

Dec 13 2021, 5:30 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
werner changed Due Date from Dec 31 2021, 12:00 AM to Jan 31 2022, 12:00 AM on T5732: Backport option reading in gpgconf to 2.2.
Dec 13 2021, 1:58 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
werner added a project to T5732: Backport option reading in gpgconf to 2.2: Restricted Project.
Dec 13 2021, 1:57 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
werner triaged T5732: Backport option reading in gpgconf to 2.2 as High priority.
Dec 13 2021, 1:51 PM · Restricted Project, Bug Report, kleopatra, backport, gnupg (gpg22)
werner closed T5641: Release GnuPG 2.2.33 as Resolved.
Dec 13 2021, 1:46 PM · Release Info, gnupg (gpg22)

Dec 7 2021

werner added a project to T5724: gpgconf --show-configs does not show the registry values : Windows.
Dec 7 2021, 12:36 PM · Windows, gnupg (gpg22), Bug Report
werner claimed T5724: gpgconf --show-configs does not show the registry values .
Dec 7 2021, 12:36 PM · Windows, gnupg (gpg22), Bug Report
werner triaged T5724: gpgconf --show-configs does not show the registry values as Normal priority.
Dec 7 2021, 12:36 PM · Windows, gnupg (gpg22), Bug Report
gniibe triaged T5721: gpg22: Update *.m4 to prefer use of gpgrt-config and *.pc to *-config as Wishlist priority.
Dec 7 2021, 8:00 AM · gnupg (gpg22)
gniibe added a project to T5120: Incompatible Ed25519 secret key (no-encryption): Restricted Project.
Dec 7 2021, 7:43 AM · gnupg (gpg22), Bug Report
gniibe added a comment to T5120: Incompatible Ed25519 secret key (no-encryption).

For GnuPG 2.2, it's better to be conservative (least change of behavior, if any).

Dec 7 2021, 7:17 AM · gnupg (gpg22), Bug Report

Dec 6 2021

gniibe closed T5644: Heuristic for default reader detection as Resolved.
Dec 6 2021, 12:57 AM · Restricted Project, Feature Request, gnupg (gpg22)

Nov 25 2021

gniibe added a comment to T5120: Incompatible Ed25519 secret key (no-encryption).

My proposal is applying SOS (MPI with leading zero octets) patches, for 2.2, because there may be existing keys with SOS already.

Nov 25 2021, 6:17 AM · gnupg (gpg22), Bug Report
gniibe reopened T5120: Incompatible Ed25519 secret key (no-encryption) as "Open".

It's not yet solved.

Nov 25 2021, 6:14 AM · gnupg (gpg22), Bug Report

Nov 23 2021

werner changed the status of T5644: Heuristic for default reader detection from Open to Testing.
Nov 23 2021, 1:28 PM · Restricted Project, Feature Request, gnupg (gpg22)
werner closed T5650: Check problems with gpgconf and global config files as Resolved.
Nov 23 2021, 1:27 PM · Restricted Project, gnupg (gpg22)
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2021q4/000467.html on T5641: Release GnuPG 2.2.33.
Nov 23 2021, 1:26 PM · Release Info, gnupg (gpg22)
werner updated the task description for T5641: Release GnuPG 2.2.33.
Nov 23 2021, 11:56 AM · Release Info, gnupg (gpg22)
werner triaged T5703: Release GnuPG 2.2.34 as Low priority.
Nov 23 2021, 11:47 AM · Release Info, gnupg (gpg22)
werner closed T5076: [solved] gpg-agent respawn another process randomly and causes cached passphrase check failed / expired as Resolved.
Nov 23 2021, 9:18 AM · gnupg (gpg22), Bug Report
werner closed T5205: GNuPG compile error as Resolved.
Nov 23 2021, 9:17 AM · gnupg (gpg22), toolchain, Support
werner closed T5120: Incompatible Ed25519 secret key (no-encryption) as Resolved.

I guess this is solved. Feel free to re-open and schedule for 2.2.34

Nov 23 2021, 9:15 AM · gnupg (gpg22), Bug Report
werner lowered the priority of T5235: Delays in dirmngr http connections on Windows from Normal to Low.
Nov 23 2021, 9:14 AM · can't replicate, dirmngr, ntbtls, Windows, gnupg (gpg22)
werner added a project to T5235: Delays in dirmngr http connections on Windows: can't replicate.

Might be a TOR Thing?

Nov 23 2021, 9:14 AM · can't replicate, dirmngr, ntbtls, Windows, gnupg (gpg22)

Nov 13 2021

werner closed T5685: Clear stale --trusted-key records from the trustdb, a subtask of T5058: Review --trusted-key, as Resolved.
Nov 13 2021, 9:03 PM · gnupg24, gnupg (gpg23)
werner closed T5301: Decrypting a message that has multiple SKESK packets sometimes fails as Wontfix.
Nov 13 2021, 2:43 PM · gnupg (gpg22), Bug Report
werner closed T5607: Fingerprint signing fails with 'gpg: signing failed: No secret key' as Resolved.
Nov 13 2021, 2:42 PM · Support, Info Needed, gnupg (gpg22)

Nov 12 2021

gniibe added a project to T5644: Heuristic for default reader detection: Restricted Project.
Nov 12 2021, 5:50 AM · Restricted Project, Feature Request, gnupg (gpg22)

Nov 3 2021

ikloecker merged T5675: Kleopatra 3.1.16 / Keyservers related functions are not working into T5639: dirmngr uses the wrong Let's encrypt chain.
Nov 3 2021, 1:53 PM · gnupg (gpg22), dirmngr

Oct 27 2021

werner triaged T5607: Fingerprint signing fails with 'gpg: signing failed: No secret key' as Low priority.

Sure there are logs, see the options log-file and debug in the man pages.
To sign using specific subkey or the main key, use the fingerprint of the key and append an exclamation mark.
For example

Oct 27 2021, 1:12 PM · Support, Info Needed, gnupg (gpg22)

Oct 22 2021

werner moved T5650: Check problems with gpgconf and global config files from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Oct 22 2021, 12:25 PM · Restricted Project, gnupg (gpg22)
werner moved T5650: Check problems with gpgconf and global config files from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Oct 22 2021, 12:24 PM · Restricted Project, gnupg (gpg22)