No, I am not aware. I can't remember whether PGP once had such a bug because @dshaw did most cross-testing and fixing for PGP bugs. I would suggest to remove any such checks. IIRC, this was introduced by PGP 2 to speed up signature checking. 30 years ago RSA operations were quite expensive.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Feb 16 2024
Feb 7 2024
VS-NfD is not a standard but a classification for restricted data. Software used to convey such material needs an official approval and is bound to certain organizational requirements. That is what "VS-NfD konform" says. The community version of gpg4win does not have this approval despite that it is technically the same code as the approved GnuPG VS-Desktop.
Feb 5 2024
Unfortunately there are real world applications which make use of this option in special environments. Thus we can't remove it. I improved the warning in the man page.
Jan 24 2024
Dec 28 2023
Dec 12 2023
In 2.4, a user need to specify disable-ccid in scdaemon.conf when scdaemon is built with integrated CCID driver (using libusb) but the user wants to use PC/SC driver instead.
Nov 16 2023
To align the documentation of GnuPG, we should not use GNUPGHOME in FILES section.
It may be controlled by --homedir as well as GNUPGHOME.
GNUPGHOME is addressed in the ENVIRONMENT section, so, I don't think it makes sense using $GNUPGHOME}/trustedkeys.kbx.
Thank you. Applied and pushed in: rG260004747016: gpgv: Update used keyrings in doc FILES section
Nov 12 2023
Oct 25 2023
Oct 17 2023
Your tools don't use the chain validation model which is required for QES (at least according to German laws). A signature is still valid even if the certificate has been revoked. You need to consider the context and the time the certificate was revoked.
Sep 26 2023
Here's another data point.
Aug 22 2023
Aug 1 2023
Okay, will go into the next revision. Thanks.
Jul 31 2023
Thanks for the reply!
Jul 20 2023
Jun 13 2023
Thanks. I think that it was the oldest one: FSF used to be there in Cambridge, then moved to Tremont St. in Boston, and now it's in Franklin St.
Jun 12 2023
FYI, while going through the licenses again I noticed one of the pinentry files have even older address that so if you would do sed, this would not be matched:
May 26 2023
May 2 2023
The user tried to sneak in an ad link and he has thus been banned. Here is his probably AI generated comment for documentation:
Apr 27 2023
Fixed for libgcrypt, updating copyright notices and license files.
Apr 26 2023
@ikloecker Thanks for your comment. I put a comment in the commit.
Apr 25 2023
Note that this may not work for Python 2.7, but since those are just examples that doesn't matter that much.
So, here are fixes. I'll apply soonish.
Apr 24 2023
In T6466#169934, @werner wrote:Funny enough that Python seems not to allow to set the permission with open. Low priority because a proper umask must anyway be used on a multi-user system.
Funny enough that Python seems not to allow to set the permission with open. Low priority because a proper umask must anyway be used on a multi-user system.
Apr 13 2023
Fixed in 1.19.0.
Apr 12 2023
The crypto profiles have been removed in Gpg4win 4.1.1
Apr 4 2023
Any volunteers to write a manual? ;-)
Mar 28 2023
Actually this is about improving an error message.
Mar 24 2023
Thanks for your follwup. Let me remark that it is sufficient to stop all gnupg processes (pkill gpg-agent) and then rename the ~/.gnupg to .gnupg-save-NNNN. This way you have a backup and gpg will create a new ~/.gnupg.
Mar 3 2023
Thanks for the description; this is good for documentation.
Jan 31 2023
Thanks. I fixed the documentation. Will go into 1.19
Jan 19 2023
Jan 10 2023
Dec 20 2022
Dec 12 2022
Dec 9 2022
The current WKD/WKS draft offers no direct guidance to WKD clients about the type of filtering they should do.
Dec 5 2022
Nov 29 2022
Well, the modern way, recommended by the FSFE, for license notices in source files is SPDX instead of verbose license notices. https://reuse.software/
Modern way for license notice seems use of URL: https://www.gnu.org/prep/maintain/maintain.html#License-Notices-for-Code
https://www.gnu.org/licenses/gpl-howto.html
Nov 25 2022
Implications are... you won't be possible to use new protocols introduced by newer OpenSSH:
Nov 24 2022
Thanks. Adding 'PubkeyAuthentication unbound' to my ~/.ssh/config seems to workaround it for me on openssh-9.1p1-3 (arch). I don't quite follow what the implications of that setting are though.
In my cases (tested with 9.1), here are the length of data to be signed by ssh-agent (emulation by gpg-agent).
- 164 bytes: Both features disabled by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com -o PubkeyAuthentication=unbound
- 192 bytes: Unbound only by: ssh -o PubkeyAuthentication=unbound
- 298 bytes: No Post Quantum only by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com
- 330 bytes: Both features enabled (no options)
Nov 22 2022
Thank you, looks good to me.
I tested with openssh 9.1. When I add -o PubkeyAuthentication=unbound, I can make the length of data smaller.
Please use gpgme.pc to configure your build. Your options are:
(1) With Autoconf:
(1-1) Use pkg.m4 and PKG_CHECK_MODULES (which uses pkg-config to access gpgme.pc)
(1-2) Use gpgme.m4 and AM_PATH_GPGME (which uses gpgrt-config to access gpgme.pc)
(2) Or... use pkg-config to access gpgme.pc.
Nov 10 2022
Thanks. There should also be SPDX indentifiers everywhere.
Nov 9 2022
In T5931#165009, @alexk wrote:A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:
KexAlgorithms -sntrup761x25519-sha512@openssh.comFor me ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com ... does work as well.
A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:
Nov 1 2022
The problem here is how large the data to be signed is. It is an issue of protocol design. The protocols are explained in openssh/PROTOCOL.certkeys and openssh/PROTOCOL. Unfortunately, it seems that it was designed with not much consideration for smartcard use case, so, data to be signed may be longer (than the capability of smartcard).
Oct 11 2022
Fixed in libgpg-error 1.46 and pinentry 1.2.1.
Oct 8 2022
Thanks. Fix has been pushed to master.
Oct 7 2022
Aug 23 2022
Aug 1 2022
I don't think that we need to fix things here. Important is that the WKD import uses a filter which imports only keys with the requested mail address. However, if a key with the same fingerprint already exists it will be merged.
Jul 27 2022
What I found: When the page is served by the server, it omits "charset=utf-8" part. This is the issue.
Jul 26 2022
Thanks for fixing.
There won't be any semantic changes for obvious reasons.
Thanks for reporting.
The first thing is a problem of the GNU makeinfo tool. Can't be fixed int the source.
Jul 25 2022
Jul 19 2022
But then again: The three other apostrophes that occur in the text are represented by single quote characters. Maybe sticking to ASCII characters is the better fix after all.
Typographically the apostrophe character ’ is a different character than the single quote character '. So, the correct fix would be to fix the probably wrong encoded apostrophe instead of replacing it by a single quote character.
Jul 14 2022
Jul 12 2022
Changed the tags and the title.
Jun 28 2022
Fixed in libgpg-error.
May 20 2022
May 13 2022
Mar 21 2022
Mar 19 2022
Mar 14 2022
Thanks for you patches. Most of them applied cleanly despite that I delayed processing them for half a year.
Jan 25 2022
There are reasons why we don't used pcsc-shared by default; for example: Not all OpenPGP cards support reading the current verification state (whether a PIN has already been entered) and thus we use a local cache for this. Other shared applications may change the state behind our back or even switch to another application on the card. Thus we use the safe way.
Jan 20 2022
Thanks
Jan 11 2022
The primary version of that script is in libgpg-error. Thus it needs to be fixed therefirst.