It seems we were still providing the expired DST certificate, which led to an additional yet invalid trust path, which gnupg didn't consider "valid" overall. Mainstream TLS implementations are more lenient here which masked the issue for a bit.
Aug 22 2022
Aug 19 2022
Probably, PIPE_REJECT_REMOTE_CLIENTS mode and lpSecurityAttributes=NULL is OK.
Aug 18 2022
Aug 11 2022
Jul 28 2022
Probably, PIPE_REJECT_REMOTE_CLIENTS mode and lpSecurityAttributes=NULL is OK.
Here is the parser output:
$ python3 sd.py --type=pipe "D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)" D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU) Discretionary ACL: P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU) Flags: P: SE_DACL_PROTECTED (Blocks inheritance of parent's ACEs)
I think that the last argument of CreateNamedPipeA can limit the access to the named pipe.
Here is a patch to implement the functionality with --enable-win32-openssh-support.
Fixed in master.
Jul 27 2022
I tried to reproduce this as we had similar problems in the past, but for me this works with full unicode characters.
Jul 26 2022
Jul 13 2022
The standard Breeze icons (used by Kleopatra) are very dark because they are supposed to be used with a light color scheme. This can be "fixed" by the user by switching from the Breeze icon set to the Breeze Dark icon set.
Jul 11 2022
In gnupg/common/ttyio.c, the function w32_write_console does:
- Call WriteConsoleW, and when it fails, it calls
Jun 16 2022
You deleted the socket file but you did not restart the agent. Thus gpg can't contact the agent anymore. On Windows we use a socket emulation which requires the socket's file only for a new connection (to get the port and magic cookie).
May 13 2022
May 10 2022
Pushed the changes for http.c.
Apr 22 2022
Apr 14 2022
We have not seen this problem anymore in recent versions. Thus closing.
Mar 30 2022
Last part is applied. Let me consider how to solve, for other parts.
Mar 29 2022
Mar 28 2022
When we will find reproducible test case, please reopen.
Mar 25 2022
Mar 24 2022
And I move functions from pinentry.c to pinentry-curses.c, so that pinentry-w32.exe can be build with no libiconv (which is actually not used).
Thank you for your report.
Mar 22 2022
Jan 22 2022
Dec 7 2021
Nov 29 2021
The original intention was to fix t-poll failure on Windows.
It was fixed in different way in rE858bcd4343ac: tests,w32: Use CreatePipe and es_sysopen..
Nov 23 2021
Might be a TOR Thing?
Nov 22 2021
I do not think that we should put any more support for FDs into gpgrt. The goal is to move entirely to the Win32 API.
Nov 19 2021
I don't know how runtime (of mingw) is thread-safe, but if it is, it should work well.
Oct 18 2021
I would prefer to store legacy manuals on the web server. That is the easier solution.
@werner, because we have talked about it:
Oct 13 2021
@rupor-github no problem for the delay. Thanks for explaining!
Oct 12 2021
@bernhard Sorry for the delayed answer, was on sabbatical.
Oct 10 2021
Fixed in gpgex 1.0.8
Sep 29 2021
@rupor-github no problem! :)
Sep 28 2021
@bernhard thank you for explaining, did not mean to offend anybody. Before creating win-gpg-agent I tried to read as much as I could on a history and obviously had to study source a bit. Be it as it may - I decided to have separate wrapper, rather then contributing directly to gpg code base. There is noticable number of use cases on Windows which presently not addressed, some I believe are sitting it the queue already.
@rupor-github thanks for your explanations and the contribution to the GnuPG and crypto Free Software code base!
Since Windows user naively could expect multiple methods of accessing certificates from different programs (or sometimes from the same program but different supported environments, like Git4Win and git in WSL) to work together transparently, win-gpg-agent covers translation of one accidentally supported method (32 bit putty shared memory) to multiple unsupported ones (named pipe, cygwin, etc). It also takes care of managing gpg-agent.exe lifetime tying it to user login session for convenience. It uses command line parameters to only to overwrite staff critical to its functionality and does not prevent user from having configuration file(s). Optionally it provides pinentry which is integrated with Windows native Crypto Vault and UX rather than using wonderful QT or GTK. As specified in documentation when developers of gpg and WIndows will get their act together and figure out what they want and how they want it - most of functionality would not be needed. I would like to point out that simply claiming superiority and not supporting cygwin (Git4Win) or working Assuan ssh socket or putty shared memory in 64 bits Windows build does not help with user experience a single bit.
Lots of detailed documentation but frankly, after a brief read I have not yet figured out what it really does. We won't support Cygwin stuff - this is all obsolete and awe also removed starting gpg-agent as a service for good reasons. Instead of starting gpg-agent with lot of command line args it would be better to put this into a per user or system wide config file.
There is a user report that got things to work with https://github.com/rupor-github/win-gpg-agent
Sep 23 2021
Patch has been applied to Kleopatra. See T5619: Kleopatra does not create the UI-Server socket in the socketdir.
Sep 22 2021
Alternative patch for Kleopatra:
diff --git a/src/uiserver/uiserver.cpp b/src/uiserver/uiserver.cpp index d9746f0b..ab4d2ca7 100644 --- a/src/uiserver/uiserver.cpp +++ b/src/uiserver/uiserver.cpp @@ -23,6 +23,8 @@ #include "kleopatra_debug.h" #include <KLocalizedString>
Not from understanding. libkleo adds high-level functionality that's useful for KDE applications, but out-of-scope for gpgme and its C++/Qt wrappers gpgme++ and qgpgme. I would use GpgME::dirInfo() directly in Kleopatra. It would make sense to add an overload of GpgME::dirInfo() that takes an enum, so that one does not have to use the low-level string names in Kleopatra. The downside is that a string-based interface can be extended easily. OTOH, deprecating values of a string-based interface is hard and after removing it the compiler won't complain.
We want to deprecate the whole UI-Server thing and thus I considered it better to provide the generic socket dir instead of adding support in libkleo for the uiserver socket. For the time being, doing this in Kleopatra sounds better to me. From my understanding. libkleo shall be an interface to gpgme++, right?
gpgme_get_dirinfo does already have support for "uiserver-socket" since about 7 years. I don't think a separate "socketdir" which requires a brand new gpgme makes much sense.
For Kleopatra this patch
should be sufficient. Take care this is fully untested and not very elegant.
It will be useful to have support in libkleo:.
Sep 21 2021
Sep 17 2021
Tried and no change -- cmd window still flashes away.
Remember to always pass --batch for unattended operations.
Thanks to firstname.lastname@example.org, the workaround is to use pipe operation like:
pause|"C:\Program Files\GnuPG\bin\gpg.exe" --verify "%1"
He also confirmed that gpg.exe does interrupt batch processing, regardless what command is followed.
And I have tested in Windows 7, batch processing is not interrupted. Since this bug is WindowsXp specific, "won't fix" should be more proper.
Sep 14 2021
Sep 13 2021
Sorry, GnuPG proper has no context menu or any graphic user interface. You need to install Gpg4win for this. Regarding use of gpg by other programs: There has been no change - other programs need to use the status-fd/command-fd interface and that has always been defined as UTF-8 and not as any native codepage. Please ask the makers of The Bat what is going wrong there.
Aug 27 2021
Just for the record, Kleopatra and Gpg4win work totally fine for me on Windows-11 preview.
Aug 26 2021
It is quite likeley that things don't work on a non-released Windows version. We have not tested with the released version but some of us already tried Windows-11 and the gog4win development versions do work. Please wait for the next Gpg4win version or an update of the Windows-11 preview.
Aug 24 2021
Aug 23 2021
So it is related to code page. Screenshots may be more informative:
Aug 21 2021
Frankly, I don fully understand your report. Can you please clarify?
Note that with 2.2.8 we introduced full Unicode support on the command line. If you see scrambled output you may want to "chcp 65001" to get the output correctly rendered.
Aug 17 2021
I have done tests with 2.2 and no problems showed up.
Aug 3 2021
Jul 30 2021
Jul 15 2021
Forgot to mention one thing: after changing my user folder directory I lost all my Outlook contacts. I was able to recover them... make sure you have a backup before attempting this!
Jul 12 2021
I just had the same issue as hurui200320. My user name contains a "ç" and Kleopatra did not start. The Windows event logger reported a crash in libstdc++-6.dll. This was with gpg4win-3.1.16. Installing gnupg 2.3.1 did not change anything.
Jul 8 2021
Jul 6 2021
Jul 4 2021
Jul 2 2021
It is a matter of the used font. 2.2.29 will fix this problem.
Jul 1 2021
Same error message in Windows 8.1 x64 with the commands:
gpg --local-user 0x12345678 --sign-key 0xABCDEF12 or: gpg --default-key 0x12345678 --sign-key 0xABCDEF12.
Jun 27 2021
Jun 25 2021
Jun 22 2021
I did some test on Windows 10 using gnupg 2.2 with this patch and things work.
For testing ion Windows 10 you need to switch to "Legacy Console" and reboot.
I think that a patch like following is needed:
diff --git a/common/ttyio.c b/common/ttyio.c index c385700de..55468bdf0 100644 --- a/common/ttyio.c +++ b/common/ttyio.c @@ -236,7 +236,21 @@ w32_write_console (const char *string) n = wcslen (wstring);
When console font is not a Unicode font, it seems that the WriteConsoleW function may return ERROR_GEN_FAILURE.
Hello Mr. Koch,
Jun 21 2021
Jun 17 2021
Hello Mr. Koch,
Are you using Powershell or another non-standard shell? Which windows version are you using? Do you use default-key in gpg.conf? Do you have a smartcard inserted?