..... And now after looking into this a bit deeper after attempting to build gpg-agent for windows, it appears that this is a bit deeper than the logic above (which is actually sound, when I read it for the second time)
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Nov 30 2018
Nov 29 2018
Nov 27 2018
Nov 16 2018
Nov 15 2018
Nov 9 2018
Sorry I did not see your first comment.
I would change gpgme_addrspec_from_uid and the gnupg equivalent to strip out the subaddress.
It does not make sense to handle this in the protocol. The client should always ask for joe@example.org and thus keep the whole thing mostly out of gpg. This requires that keys are not created with sub-addresses. However, if someone has a need for this, this strategy should work:
Nov 6 2018
Sorry, it didn't made it into 2.2.11.
Nov 5 2018
Oct 29 2018
It actually tries several servers but we need to set a limit because we need to cope with longer timeouts. Do you suggest to toggle between v4 and v6 addresses? That is if a v6 address fails, first try the next v4 address and it that fails, another v6 address, etc.
Oct 21 2018
Oct 18 2018
That it will not be a problem on that or near that date but already now because some use expiration times of 20 years.
what does "not only on Jan 19, 2038" mean here?
Oct 15 2018
I hope I did not choose inappropriate action in commenting here that I also would highly appreciate a cache timeout for OpenPGP Cards to reduce the exposure time of already unlocked card's keys. Would be great to get such an option
The next version will have a details button to show the actual gpg output. This will often be helpful.
The "Copy" menu item already copies public keys to the clipboard.
I now added a private key key copy option to the context menu.
While I agree that it would be good for some useful comment to be generated, I'd currently settle for a way to manually set a comment on a key.
Oct 9 2018
I believe this would be a good improvement in user experience
Oct 7 2018
ok, feel free to close this ticket then. It's disappointing that there
seems to be no sane, simple, private multi-channel communication
mechanism avaiable cross-platform that GnuPG can rely on.
Oct 2 2018
Oct 1 2018
I have this use case: A card based encryption key is used as a subkey on one of my keys but also on another key of mine. The reason for this can be that I want to have separate keys (with different fingerprints) for two user ids but still use the same card for decryption. Sure it is possible to figure out that the user ids belong together but it is not obvious on first sight. Another use case is a role account with a shared subkey with only one administering the primary key.
Sep 28 2018
This was additionally reported as https://bugs.debian.org/909755 -- it would be great to get a clear statement from the GnuPG project about handling the curated keyring use case.
I want to be able to create an ed448 key using gpg, use it to sign things.
Please write a proper feature requests. Two words are bit too brief. You should indicate for what you want ed448 support: gpg, gpgsm, libgcrypt etc.
Sep 27 2018
Interaction will be something like this:
Priority is high, because Gnuk Token requires this feature for testing its implementation.
Sep 24 2018
Maybe not on Linux but the environment is visible from other processes in the same way as the command line. So I don't see why we should add yet more clumsy passphrase workarounds to gpg. We already have PINENTRY_USER_DATA which can fulfill the same task.
Sep 23 2018
i note that my patch doesn't include an addition to the test suite, which it probably should, though i'm not fluent in gpgscm. if someone could update it to include a test, i'd appreciate that, and would probably learn from the commit. I imagine the test would do something like:
I tried to push commit 07c19981da0607dc442fadc4079b1d71fbef8f83 to branch dkg/passphrase-env on playfair, but i got this complaint:
Sep 10 2018
Well, the counterpart in gpg-agent is missing.
Sep 4 2018
Gpg4win-3.1.3 was released.
Aug 31 2018
Assuming dirmngr is just connecting to localhost on one of the following ports: 9050, 9150 or 8118 (maybe) then an interim workaround could be achieved with ncat (or netcat, or nc ... but ncat is like those two on steroids and will happily pass a shell exec function to connect to the remote host with openssl too (which may be preferred depending on the size of the LAN).
Aug 30 2018
BTW: For TSA keys an additional key (usage) flag ("This key may be used for time-stamping") in RFC 4880bis would be nice. What do you think?
According to RFC 3628 there are two additional conditions to consider:
A timestamp or a time mark (which is an audit record kept in a secure audit trail from a trusted third party) applied to a digital signature value proves that the digital signature was created before the date included in the time-stamp or time mark.
Aug 29 2018
We won't fix that. If you want to build for Apple iOS make sure to use
We won't do that. Those with badly encoded user ids should create new keys or meanwhile have done so. The whole charset back and forth encoding adds a lot of complexity for some legacy applications. Frankly I would like to get rid of all code conversions and stick to utf-8.
In T3464 is is described how you can do it. Sure, in your case you want to have a home directory so that the agent and pinentry can work. --no-keyring makes sure that a decryption with a private key can't happen. How we have the cache for symmetric encrypted data which you can disable with --no-symkey-cache.
I'm sorry but the explanation you give does not address the original issue I described, and which dkg then clarified. The discussion about AE is tangentially related, but the issue I described relates to the gpg interface:
To use encryption and for both purposes: encryption and authentication.
Thank you!
Will be in 2.2.10
Aug 28 2018
The question is now to model the API for this. For 0x02 it seems to be pretty clear: We assume it is a detached signature on a zero length file and make sure that no signed file is given.
With -beta24 the crash on send should also be gone. I've removed the option for the workaround as I expect that it is no longer necessary. (Yeah I'm an Optimist :-P )
Aug 27 2018
Attached is a timestamp signature created with the test key (alfa, alpha, alice) from tests/openpgp.
Aug 26 2018
Okay, can you please provide sample data for the test suite? Best using one of the existing keys but adding another one won't harm either.
Aug 25 2018
DKGPG will contain programs to generate such signatures in its next release. Thus it would be nice, if those signatures can be verified by GnuPG as one of the most widespread OpenPGP implementations.
Aug 24 2018
What are your use cases?
Aug 22 2018
I don't think that GnuPG >= 2 can still be build with RISCOS. In any case it is such a minor platform that we are removing special RISCOS hacks when touching such code parts.
Aug 21 2018
Apple Clang changes the -fno-common to be default. It can also compile by adding -fcommon to the CFLAGS but I suspect this patch (with the exception of adding __APPLE__ to the (defined (__riscos__) || defined (__APPLE__))) would be needed for things to work properly on __riscos__ also.
-fcommon, -fno-common This flag specifies that variables without initializers get common linkage. It can be disabled with -fno-common.
Do you say that the linker can't handle the standard common block feature? The only toolchain I am aware of which does not understand this is the Norcraft C compiler for RISC OS. And now also Clang building for iOS?
Aug 17 2018
Aug 13 2018
With certified keys the automation is working as expected.
Aug 9 2018
Well, I have already tried to explain the use case: To make using cryptography easier for our users (for most of them the command line is the hell ...) I have integrated GnuPG in our webmailer. The webmailer has a key management page where you can import and export keys (up- and download, import from mail, attach to mail etc.), where you can edit trust settings, and where you can sign other keys and revoke such signatures. The webmailer certainly does not offer all capabilities of GnuPG but certainly a substantial subset.
The option you mean is "Disable non-blocking encrypt / sign", correct?
It's english in the german dialogue, btw.
This seems very special and I'm not sure if we should not say at some point that we won't add quick commands for everything ;-)
The crash on send should be avoidable by checking "Disable async encryption" in the options.
Yesterday I got a new OL 2013 test system with which I can reproduce the crash. So that will be fixed or worked around for the next release.
no. Outlook 2013 reproducably crashes on sending and won't toggle
encryption on.
Aug 8 2018
Sure, this should work, local keys are preferred.
But can't I simply use the keys in my local keyring?
No you can not use an "external" Web Key Directory. The point is that the provider (your domain) should be the source of the keys as it already manages the mail account. ( For more info see: https://wiki.gnupg.org/WKD )
I downloaded GPGwin v3.1.3 beta 20 today. The automatic key fetching fails in my case because we have no WKS. Never heard of that before.
Aug 7 2018
Windows 10 was obtained last week and the process of preparing a Windows build env began earlier today.
Jul 26 2018
Good to know, no problem, just wanted to document it just in case they do remove the API entirely in the future.
Jul 25 2018
Indeed. Thanks for the reminder.
There is some code currently in there already but its not yet fully implemented. Needs to be finished.
Deleting a user id is more or less useless. What you want is to revoke a user id.
Jul 23 2018
CryptGenRandom is only used as an additional source of entropy and doesn't count towards our entropy estimation. Thus whether it is used of not does not make any difference. Our main entropy source is meanwhile the jitter based RNG. Thus your request will receive a low priority.
Jul 21 2018
Jul 18 2018
The problem with mnemonics based on words is that they are language dependent and only a small part of the world is fluent enough in English to spell/use them correctly. Thus anything based on ICAO spelling (Alfa, Bravo,...) is a better choice than arbitrary words from one language. Even if that meas to write down a longer string. A CRC is of course very useful.
It would be great if this feature were implemented with a mnemonic code option, with a built in checksum, as described in bip39: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki Using the same bip39 standard (and perhaps others, as alluded to in T3497) would also improve compatibility with existing crypto key storage devices (i.e. cryptocurrency wallets used as smart cards).
Jul 14 2018
@werner That begs the question: why can't quick-add-key re-use the same code that quick-add-uid is using?
Right, but requires extra code. The --quick commands try to reuse existing code and, iirc, that is the reason why a user id is accepted for --quick-add-uid.
We do have a history of extending the API, no?
Jul 13 2018
I should have :) Thing is - a fix could be made in a backwards compatible way. So I don't really see your point.
The command line is an API and we will never break an API without a very good reason. If you didn't like that API you should have noted that on the devel mailing list years ago ;-)
And FWIW: an inconsistent UI/CLI should be treated as bug - not as a feature request.
You completely ignore the fact that --quick-add-uid and --quick-add-key are not consistent.
It's not clear why one should require a fingerprint and the other allows the kind of "user-id" you just described.
That was the main point of this issue.
The term “user-id” is used throughout gpg to mean some kind of user id beit is a name, a key id, a fingerprint, a keygrip, etc. See the section "How to specify a user id" in the man page. FPR is used if a fingerprint is required.