The actual error is in gpgme. CreateProcess is called with "gpgtar" but "gpgtar.exe" must be used.
This has been fixed with commit rM0c29119e061c. The reason why we didn't noticed the real cause of the problem is that the CreateProcess error shows up in the gpgme-w32spawn helper which has no good way for returning errors.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Apr 18 2023
Apr 18 2023
• werner moved T6437: Kleopatra: sign/encrypt folder results in general error from Backlog to QA for next release on the gpgme board.
• werner edited projects for T6437: Kleopatra: sign/encrypt folder results in general error, added: gpgme, Bug Report; removed gnupg24, gnupg22.
Apr 17 2023
Apr 17 2023
baka0815 added a comment to T5709: Embedded images are seen as attachments after encrypting and decrypting.
As far as I understand the problem, all content-ids are lost during processing of an email.
This process happens during the signing/encryption of an email.
Wolff17 added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.
Ok sorry, my bad, I have to use DES Keying option 2 to have 45 de ae ae e1 f4 6a 29, problem solved.
• werner added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.
In T6451#169608, @gniibe wrote:Reading the commit rC5beadf201312: Add gcry_cipher_ctl command to allow weak keys in testing use-cases,
The test code in basic.c assumes that it is an application responsibility to confirm&ignore GPG_ERR_WEAK_KEY error when using GCRYCTL_SET_ALLOW_WEAK_KEY.
Wolff17 added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.
Thank you for you responses! :)
jukivili added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.
I'll add documentation about GCRYCTL_SET_ALLOW_WEAK_KEY which was missing from be original commit.
jukivili added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.
tests/basic now actually fail because setkey not returning GPG_ERR_WEAK_KEY for weak keys with GCRYCTL_SET_ALLOW_WEAK_KEY.
jukivili added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.
That's right. With GCRYCTL_SET_ALLOW_WEAK_KEY, setkey still returns GPG_ERR_WEAK_KEY when weak key is detected. However, cipher handle can still be used as if setkey succeeded.
• gniibe added a comment to T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY.
Reading the commit rC5beadf201312: Add gcry_cipher_ctl command to allow weak keys in testing use-cases,
The test code in basic.c assumes that it is an application responsibility to confirm&ignore GPG_ERR_WEAK_KEY error when using GCRYCTL_SET_ALLOW_WEAK_KEY.
Apr 16 2023
Apr 16 2023
• werner triaged T6451: libgcrypt | gcry_cipher_setkey: 3DES-CBC key returns GPG_ERR_WEAK even with GCRYCTL_SET_ALLOW_WEAK_KEY as Low priority.
Thanks for the report. Fix is easy. I only wonder why you want to use a weak DES key.
Apr 14 2023
Apr 14 2023
works
Apr 13 2023
Apr 13 2023
isn't T3456 the same issue?
• ebo added a project to T3391: cannot import subkey that was once marked to be on a card: Restricted Project.
my Yubikey works, too, if I disable PIV. With enabled PIV:
Apr 13 2023, 11:47 AM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
• gniibe closed T5891: EOPNOTSUPP is not defined in mingw.org's MinGW, fails compilation of libgcrypt-1.10.0 as Resolved.
Fixed in 1.10.2.
Fixed in 1.10.2.
• gniibe closed T5976: libgcrypt build failure on HPPA 1.1 (./.libs/libgcrypt.so: undefined reference to `__udiv_qrnnd') as Resolved.
Fixed in 1.10.2.
Fixed in 1.10.2.
Fixed in 1.10.2.
• gniibe closed T6066: gcry_pk_hash_verify() does not work with explicitly specified hash algorithm as Resolved.
Fixed in 1.10.2.
Fixed in 1.10.2.
Fixed in 1.10.2.
• gniibe closed T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime" as Resolved.
Fixed in 1.10.2.
Fixed in 1.10.2.
• gniibe closed T6393: DRBG with SHA384 is no longer allowed in FIPS mode (and looks like impossible to enable anyway) as Resolved.
Fixed in 1.10.2.
Fixed in 1.10.2.
• gniibe closed T6396: the gcry_pk_hash_sign/verify operates in FIPS non-operational mode as Resolved.
Fixed in 1.10.2.
Fixed in 1.10.2.
Fixed in 1.10.2.
• gniibe closed T6273: AM_PATH_GPGME requires preceding invocation of AM_PATH_GPG_ERROR as Resolved.
Fixed in 1.19.0.
Fixed in 1.19.0.
Apr 12 2023
Apr 12 2023
This problem was introduced by commit cf10c74bd9d5aa80798f1c0e23a9126f381b26b3. Perhaps that change should be backed out in the interim so that a portable fix can be considered for the original issue?
Unfortunately I can't replicate that with my Yubikey on 2.4.1. Tried several variant and with and without keyboxd. My Yubikey has PIV disabled but I doubt that this is the problem.
Apr 12 2023, 5:15 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
• ebo moved T5725: Kleopatra: Certificate lookup shows only one result even if there are 100s matches from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Apr 12 2023, 2:43 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
Apr 12 2023, 2:40 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
Apr 12 2023, 2:39 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
Apr 12 2023, 2:37 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
Test with GnuPG 2.4.1-beta76 failed with "error getting current key info: invalid name":
Apr 12 2023, 2:35 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
• ebo edited projects for T6093: gpg: Continues export of secret key if first passphrase dialog was canceled, added: gnupg24 (gnupg-2.4.1); removed gnupg24.
Apr 12 2023, 12:47 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), Bug Report, Restricted Project
It is a bit complicated. Let me describe the situation.
• ebo updated the task description for T6447: Kleopatra: "imported certificates" tab inconsistencies.
Actually Linux already returns ENOSYS on older kernels where there is no getrandom libc call. Thus returning ENOSYS if we don't have the libc version of that syscall (i.e. getrandom) in FIPS mode seems to be the Right Thing to do. My whole comment was about fips mode - it does not make much sense to enable FIPS mode if the system is not appropriate for it.
I see, your issue is with the use of getrandom for FIPS. I understand now.
ENOSYS is POSIX. My point is that: getrandom was introduced in Linux kernel with flags for particular purpose (differentiate use of /dev/random and /dev/urandom), but that feature has gone.
But, for FIPS behavior, RHEL and related OS use (possibly, some would say misuse) getrandom with GRND_RANDOM. This use is RHEL specific (not for other GNU/Linux). Use of getrandom is non-POSIX.
In T6442#169419, @gniibe wrote:Returning ENOSYS is too strict, in my opinion; It doesn't work for machines other than CentOS/Fedora/RHEL.
Returning ENOSYS is too strict, in my opinion; Because the code in question doesn't work for machines other than CentOS/Fedora/RHEL. For other machines, it would be natural to just rely on getentropy (rather standard call).
Apr 11 2023
Apr 11 2023
What Werner wrote was also my thought. If getrandom is mandatory for FIPS, then it must not be possible to disable it silently.
What about
Apr 10 2023
Apr 10 2023
Fixed in 1.47.
• gniibe changed the status of T6442: libgcrypt-1.10.2: getrandom() is not available everywhere from Open to Testing.
• gniibe closed T6288: Document gpgrt-config in detail or improve it to support simple invocation as Resolved.
Fixed in libgpg-error 1.47.
Tested. I applied the above diff to libgcrypt-1.10.2, and it builds and runs.
Thank you for the report.
Here is the git diff that I used:
Apr 8 2023
Apr 8 2023
I just ran into this, too, on macOS.
Apr 7 2023
Apr 7 2023
Marius_Schamschula added a comment to T6442: libgcrypt-1.10.2: getrandom() is not available everywhere.
I just ran into this issue while attempting to update the MacPorts Portfile to version 1.10.2.
• gniibe closed T6388: libgcrypt: gpgrt-config not found in $PREFIX if there are no less-preferred options found via $CC as Resolved.
Fixed in 1.10.2.
Apr 6 2023
Apr 6 2023
acollier added a comment to T6388: libgcrypt: gpgrt-config not found in $PREFIX if there are no less-preferred options found via $CC .
In T6388#168750, @gniibe wrote:Thank you for the bug report.
I see your problem. We need to improve the patch, as we cannot use Bash-only feature in configure.
[...]
That is, prefer possible_libdir1 when not used. Please test this.
• gniibe changed the status of T6322: The warning "lower 3 bits of the secret key are not cleared" keeps showing even cv25519 key was generated by GnuPG from Open to Testing.
• gniibe claimed T6322: The warning "lower 3 bits of the secret key are not cleared" keeps showing even cv25519 key was generated by GnuPG.
Sorry, it took time (for me) to understand the issue, as this is not 100%-reproducible bug. And it was not clear (for me) that how passphrase were offered in the interaction, so, I was not possible to see if it's encrypted or not.
Apr 5 2023
Apr 5 2023
• ebo moved T6238: regexp for trust signature domain restriction does not work if key only has an e-mail address from Restricted Project Column to Restricted Project Column on the Restricted Project board.
• ebo moved T5745: Kleopatra: Card holder name is not correctly decoded from Restricted Project Column to Restricted Project Column on the Restricted Project board.
• ebo moved T5850: Kleopatra: "Show not certified certificates" button shows any not fully valid certificates from Restricted Project Column to Restricted Project Column on the Restricted Project board.
• ebo moved T6086: Kleopatra: Filtering keys doesn't work anymore from Restricted Project Column to Restricted Project Column on the Restricted Project board.
• ebo moved T6308: Kleopatra: UiServer Connectivity self-test fails on Windows from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Problem 2 comes from the fact, that gpg4win packages gpg 2.4.0, but the new archive code needs gpg 2.4.1.
Apr 5 2023, 12:08 PM · gnupg24 (gnupg-2.4.1), Restricted Project, Windows, gpg4win, kleopatra, Bug Report
Apr 5 2023, 11:20 AM · gnupg24 (gnupg-2.4.1), Restricted Project, Windows, gpg4win, kleopatra, Bug Report
Apr 4 2023
Apr 4 2023
The reason may be the following text/comment I found in gpgrt.texi:
This manual documents the Libgpg-error library application programming
interface (API). The goal is to that all functions and data types
provided by the library are explained. However, for now this is only
a stub and not very useful.
Apr 4 2023, 10:18 AM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
Please contact the translation team for the Chinese language. They are responsible for the translation of Kleopatra. See https://community.kde.org/KDE_Localization/zh-cn
• gniibe changed the status of T6384: libgcrypt link error if cipher chacha20 is not included from Open to Testing.
Fixed in master and 1.10 branch.
No, it would break the verification of too many signatures.
Probably, this change should work:
diff --git a/po/zh_CN/kleopatra.po b/po/zh_CN/kleopatra.po index 56b06e04..f34112a9 100644 --- a/po/zh_CN/kleopatra.po +++ b/po/zh_CN/kleopatra.po @@ -4680,7 +4680,7 @@ msgstr "发件人" #: src/crypto/gui/resultitemwidget.cpp:132 #, kde-format msgid "Force decryption" -msgstr "强制加密" +msgstr "强制解密"
• gniibe changed the status of T6432: libgcrypt - flag munging does not account for -Oz from Open to Testing.
After testing the builds of master for several distributions/gcc/clang, applied to 1.10 branch too.
Apr 3 2023
Apr 3 2023
• ebo closed T2069: Passphrase prompts for each subkey, but not clear which dialog belongs to which subkey as Resolved.
closed, as the remaining subtask is found at T6436
• ebo edited projects for T2069: Passphrase prompts for each subkey, but not clear which dialog belongs to which subkey, added: gnupg24; removed gnupg.
• ebo added a comment to T2069: Passphrase prompts for each subkey, but not clear which dialog belongs to which subkey.
On gpg4win 4.1.0 (and GnuPG VSD 3.1.26) there are no longer password prompts for the subkeys when exporting (or making a backup from) secret keys.
• ebo moved T6338: kleo: Japanese Translation from Restricted Project Column to Restricted Project Column on the Restricted Project board.
• werner lowered the priority of T5555: Cannot add existing ECDSA key as a signing subkey from High to Normal.
• werner removed a project from T5555: Cannot add existing ECDSA key as a signing subkey: gnupg (gpg23).
Your quick support solve my problem, I am thanking you :)
Bye bye
I added a remark to the print function. Thanks for the suggestion.
You are right, w.y should be "00039E2C9AEC146C5799651C42691A3E35E291B6BC45FF079DDA3E70E709BF33".
Can you please share the expected result with us? Note that Libgcrypt strips leading zeroes except when it is required to keep the value positive.
if your'e asking me, i'd suggest just let it be fixed going forward unless someone else complains