Page MenuHome GnuPG
Feed Advanced Search

Thu, Sep 23

werner updated subscribers of T5574: GPG Portable on USB-Stick - Problems with GnuPG 2.2.30.

That looks all pretty standard. I don't know what's going on. I need to be able to replicate it here.

Thu, Sep 23, 5:26 PM · Bug Report
werner added a comment to T5574: GPG Portable on USB-Stick - Problems with GnuPG 2.2.30.

Sorry, I am not abale to replicate this with standard version of gpg. Hwoever, the portable version only changes the directories and nothing at the output code paths. THus I really wonder what's going on here. Note that the spaces used to indent the "mittels ..." are also missing.

Thu, Sep 23, 8:46 AM · Bug Report

Wed, Sep 22

werner triaged T5616: asn1-parse.y:861:20: error: 'yytoknum' undeclared as Normal priority.
Wed, Sep 22, 9:55 PM · toolchain, libksba, Bug Report
werner closed T5618: GPG Key Server Doesn´t Work as Resolved.

Ah well, Kleopatra has a GUI to set the keyserver - that is probably easier to use.

Wed, Sep 22, 7:17 PM · Support, FAQ, Keyserver, gpg4win
werner added a comment to T5618: GPG Key Server Doesn´t Work.

The keyserver network has been shutdown a couple of months ago. We can't do anything about it. The default in newer gpg versions has changed; you may put

Wed, Sep 22, 7:14 PM · Support, FAQ, Keyserver, gpg4win
werner added a comment to T5613: GpgEX does not use CSIDL_LOCAL_APPDATA.

Okay.

Wed, Sep 22, 4:59 PM · Windows, kleopatra, gpgex
werner added a comment to T5613: GpgEX does not use CSIDL_LOCAL_APPDATA.

We want to deprecate the whole UI-Server thing and thus I considered it better to provide the generic socket dir instead of adding support in libkleo for the uiserver socket. For the time being, doing this in Kleopatra sounds better to me. From my understanding. libkleo shall be an interface to gpgme++, right?

Wed, Sep 22, 4:10 PM · Windows, kleopatra, gpgex
werner committed rDee3cb0d8137c: swdb: GpgEX 1.0.8 (authored by werner).
swdb: GpgEX 1.0.8
Wed, Sep 22, 3:44 PM
werner closed T5614: invalid certificate for https://bugs.gnupg.org as Resolved.

Since the migration to a new machine with lots of config changes this spring the redirect rules for bugs.gnupg.org were not properly adjusted and when running into an error, it seems that the admin back then ignored the problem and simply removed bugs.gnupg.org from dehydrated's list of domains. Thanks again for reporting. Should now work again.

Wed, Sep 22, 2:56 PM · dev.gnupg.org, Bug Report
werner added a comment to T5614: invalid certificate for https://bugs.gnupg.org.

Sorry for your troubles but we need to protect against spam - a tracker flooded with spam is useless.

Wed, Sep 22, 2:13 PM · dev.gnupg.org, Bug Report
werner added a project to T5616: asn1-parse.y:861:20: error: 'yytoknum' undeclared: libksba.

Sorry, I don't know which software has version 12.0.0 and which git master this is. In case this is stock libksba, please tell us at least the last commit id. Note that we in general do not support arbitrary versions from the repos but only released versions .

Wed, Sep 22, 2:09 PM · toolchain, libksba, Bug Report
werner committed rX0b7556fa662e: Take UI-Server socket from gpgconf. (authored by werner).
Take UI-Server socket from gpgconf.
Wed, Sep 22, 12:38 PM
werner committed rXe16578cf690a: Post release updates (authored by werner).
Post release updates
Wed, Sep 22, 12:38 PM
werner committed rXf617777da07d: Remove unused functions (authored by werner).
Remove unused functions
Wed, Sep 22, 12:38 PM
werner committed rX5069a113733d: Release 1.0.8 (authored by werner).
Release 1.0.8
Wed, Sep 22, 12:38 PM
werner placed T5613: GpgEX does not use CSIDL_LOCAL_APPDATA up for grabs.
Wed, Sep 22, 12:25 PM · Windows, kleopatra, gpgex
werner added a comment to T5613: GpgEX does not use CSIDL_LOCAL_APPDATA.

For Kleopatra this patch


should be sufficient. Take care this is fully untested and not very elegant.

Wed, Sep 22, 12:24 PM · Windows, kleopatra, gpgex
werner added a comment to T5613: GpgEX does not use CSIDL_LOCAL_APPDATA.

It will be useful to have support in libkleo:

.

Wed, Sep 22, 10:41 AM · Windows, kleopatra, gpgex

Tue, Sep 21

werner closed T5615: pgpme fails compiling: void value not ignored as Resolved.

Please see T5587

Tue, Sep 21, 8:44 PM · gpgme, Duplicate, Bug Report
werner added a comment to T5611: 2.3.2: test suite is failing.

Here is James' writeup on the use https://gnupg.org/blog/20210315-using-tpm-with-gnupg-2.3.html . For more details please consult the mailing lists and the commit messages.

Tue, Sep 21, 8:30 PM · Support, gnupg (gpg23)
werner triaged T5613: GpgEX does not use CSIDL_LOCAL_APPDATA as High priority.
Tue, Sep 21, 4:16 PM · Windows, kleopatra, gpgex
werner added a comment to T5512: Implement service indicators.

Tsss, requires to allow JS for Google.

Tue, Sep 21, 3:20 PM · FIPS, libgcrypt, Bug Report
werner added projects to T5611: 2.3.2: test suite is failing: gnupg (gpg23), Support.

Ich you do not have a working TPM or emulation but the tpm libraries installed run configure with the option

--disable-tpm2d
Tue, Sep 21, 3:17 PM · Support, gnupg (gpg23)
werner updated the task description for T5611: 2.3.2: test suite is failing.
Tue, Sep 21, 3:14 PM · Support, gnupg (gpg23)
werner added a comment to T5610: Update libtool.

That does indeed not look like something which could introduce a regression.

Tue, Sep 21, 11:43 AM · MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt
werner closed T5608: Encryption using python for international characters not working properly as Wontfix.

GnuPG 2.0 reached end-of-life nearly 4 years ago. See https://gnupg.org/download/index.html#end-of-life . Same for Gpg4win. They are not maintained and its use is very risky due to unfixed bugs. Please update to a recent version.

Tue, Sep 21, 8:47 AM · gnupg (gpg20), Too Old, Python, Bug Report
werner triaged T5610: Update libtool as Low priority.

macOS has low priority for us and I do not want to risk any regression.

Tue, Sep 21, 8:42 AM · MacOS, ntbtls, npth, libksba, libassuan, libgcrypt, gpgrt

Mon, Sep 20

werner added a comment to T5607: Fingerprint signing fails with 'gpg: signing failed: No secret key'.

@amit: Do you say it used to work with GnuPG 2.2.27 or did it worked with an older version?

Mon, Sep 20, 7:43 PM · gnupg
werner added projects to T5608: Encryption using python for international characters not working properly: gnupg, Python.

Which gpg version?
Which Python library? (gnupg is pretty generic)
How does the Python library call gpg?
Are you aware that gpg uses utf8 and not Windows Unicode?

Mon, Sep 20, 7:40 PM · gnupg (gpg20), Too Old, Python, Bug Report
werner renamed T5609: keydb_get_keyblock failed with cv448 key from gpg: keydb_get_keyblock failed: Invalid object to keydb_get_keyblock failed with cv448 key .
Mon, Sep 20, 7:35 PM · OpenPGP, gnupg (gpg23)
werner added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Well, while importing you get the warning:

Mon, Sep 20, 4:08 PM · Support, gnupg, OpenPGP
werner added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Yes, for migration from GnuPG 2.0 reasons, a batch import delays the key checking (i.e. converting from OpenPGP to GnuPG internal format) to the first use. Thus you don't see an error immediately. But if you encrypt something , you won't be able to decrypt it again:

Mon, Sep 20, 4:00 PM · Support, gnupg, OpenPGP
werner added a comment to rKLEOPATRA107abfdb1a41: Hide create openpgp key from card command for <2.3.

FWIW: I tested it with a freshly created card and thus keys. When hitting the "create OpenPGP Key " button, a warning was shown that a key already exists, I selected the do-anyway thing but the created keys had different fingerprints then. Thus the creation time was not taken in account. I recall that I implemented this for gpg-card and thus only for 2.3 - it is just quite likely that it does not work for 2.2.

Mon, Sep 20, 1:31 PM
werner is attending E887: Weekly Standup.
Mon, Sep 20, 10:06 AM
werner changed the status of T5600: Provide module name/version API for FIPS 140-3 from Open to Testing.

Thanks. Applied with a minor change: The string is now in a new third field.

Mon, Sep 20, 8:51 AM · libgcrypt, FIPS, Bug Report
werner committed rCc74fde0c3f61: Allow passing FIPS module version (authored by Jakuje).
Allow passing FIPS module version
Mon, Sep 20, 8:51 AM
werner committed rC3f4dd47ba74e: Remove the forced fips mode (authored by Jakuje).
Remove the forced fips mode
Mon, Sep 20, 8:51 AM
werner committed rCedbc1dd10bc3: Remove a way to inactive FIPS mode (authored by Jakuje).
Remove a way to inactive FIPS mode
Mon, Sep 20, 8:51 AM
werner closed T5606: 2.3.2: compile and link time warnings as Resolved.

Thanks for reporting. However, many gcc warnings produce a lot of false positives. Thus to be useful all the warnings need to be scrutinized. Let's do this for one example

Mon, Sep 20, 8:49 AM · Bug Report

Sun, Sep 19

werner claimed T5600: Provide module name/version API for FIPS 140-3.
Sun, Sep 19, 1:05 PM · libgcrypt, FIPS, Bug Report

Fri, Sep 17

werner added a comment to T5599: Make gpg use the helpers baked into its AppImage.

The actual patch is rGd4768bb982adb5c8410303334ee8d82ba0d71f3b (our parser in dev.gnupg.org missed to pick up the bug-id due to teh use of scissor lines in the commit message).

Fri, Sep 17, 5:58 PM · gnupg, Restricted Project, Feature Request
werner committed rGd4768bb982ad: common: Support a gpgconf.ctl file under Unix. (authored by werner).
common: Support a gpgconf.ctl file under Unix.
Fri, Sep 17, 5:43 PM
werner committed rG9c272dc24545: common: New function substitute_envvars. (authored by werner).
common: New function substitute_envvars.
Fri, Sep 17, 5:43 PM
werner committed rDe12aeb7a150b: web: New versions of the AD ldap schemes. (authored by werner).
web: New versions of the AD ldap schemes.
Fri, Sep 17, 2:49 PM
werner added projects to T5590: OpenPGP: Curve 448, modernize?: gnupg (gpg23), OpenPGP.
Fri, Sep 17, 11:07 AM · OpenPGP, gnupg (gpg23)
werner triaged T5604: Kleopatra clipboard allows to process an empty message as Low priority.
Fri, Sep 17, 10:56 AM · kleopatra
werner added a project to T5603: Kleopatra button "change passphrase" is not disabled for cards.: token.
Fri, Sep 17, 10:52 AM · token, kleopatra
werner created token.
Fri, Sep 17, 10:52 AM
werner triaged T5603: Kleopatra button "change passphrase" is not disabled for cards. as Low priority.
Fri, Sep 17, 10:51 AM · token, kleopatra
werner closed T5551: gpg-agent: DISPLAY is not set when calling pinentry-qt as Resolved.

Thanks for commenting. I close this bug then.

Fri, Sep 17, 8:07 AM · qt, pinentry, gnupg
werner added a comment to T5560: gpg.exe interrupt batch execution in WindowsXp.

Remember to always pass --batch for unattended operations.

Fri, Sep 17, 8:02 AM · Windows, gnupg (gpg22), Bug Report
werner added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Having hash-algo in the s-exp is useful because a hash handle may carry several hashes. This is sometimes useful if you do not know the hash algorithm in advance and you need to make a guess (various PGP compatibility things in gpg). But of course we can simplify this and use the default algo from the hash handle if hash-algo is missing.

Fri, Sep 17, 7:59 AM · FIPS, libgcrypt, Feature Request

Thu, Sep 16

werner added a comment to T5519: Release GnuPG 2.2.30.

I introduced a regression in this version; if you run into problems please update to 2.3.31 (T5571)

Thu, Sep 16, 12:32 PM · Release Info, gnupg (gpg22)
werner closed T5571: Release GnuPG 2.2.31 as Resolved.
Thu, Sep 16, 12:31 PM · Release Info, gnupg (gpg22)
werner committed rD5debdcd7a4ad: swdb: GnuPG 2.2.31 (authored by werner).
swdb: GnuPG 2.2.31
Thu, Sep 16, 12:00 PM
werner committed rGecf4c2f61123: Release 2.2.31 (authored by werner).
Release 2.2.31
Thu, Sep 16, 11:56 AM
werner committed rG48dc463adacf: Post release updates (authored by werner).
Post release updates
Thu, Sep 16, 11:56 AM
werner committed rG6eb6304c040a: po: Change German descriptions for password constraints. (authored by werner).
po: Change German descriptions for password constraints.
Thu, Sep 16, 11:56 AM
werner triaged T5601: Release GnuPG 2.2.32 as Low priority.
Thu, Sep 16, 11:53 AM · Release Info, gnupg (gpg22)
werner claimed T5599: Make gpg use the helpers baked into its AppImage.
Thu, Sep 16, 11:23 AM · gnupg, Restricted Project, Feature Request
werner added a comment to T5598: AppImage of gpg.

Some quick ideas: On Windows we have envvars (and APIs) to determine certain locations. There is also the registry. We use of all them. IT would be best to do this simalar on Unix. We also have a control file on Windows which switches to that portable mode; maybe it is best to do this also on Unix - A text file installed alongside gpg which gpg (common/homedir.c) uses to enable the use of certain envvars to locate the root etc..

Thu, Sep 16, 10:05 AM · gnupg, Restricted Project, Feature Request

Wed, Sep 15

werner triaged T5600: Provide module name/version API for FIPS 140-3 as Normal priority.

We can easily extend the gcry_get_config API. You can give a key or have it to return all infos. For examle
"gpgconf --show-versions" prints this about libgcrypt:

Wed, Sep 15, 5:24 PM · libgcrypt, FIPS, Bug Report
werner added a comment to T5520: Fix tests in FIPS mode.

If a configure switch to disable Brainpool curves will be added, we also need to add a switch to disable NIST curves.

Wed, Sep 15, 11:05 AM · Testing, FIPS, libgcrypt, Bug Report

Tue, Sep 14

werner closed T5594: some possible minor things in the manpage as Resolved.
Tue, Sep 14, 3:16 PM · Documentation, gnupg, Bug Report
werner committed rG7f8ccb67e337: doc: Clarify some gpg keyring options (authored by werner).
doc: Clarify some gpg keyring options
Tue, Sep 14, 3:16 PM
werner added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Thanks. I meanwhile pushed a fix to 2.3 so that a warning is shown if the low bits are set.

Tue, Sep 14, 3:01 PM · Support, gnupg, OpenPGP
werner closed T5560: gpg.exe interrupt batch execution in WindowsXp as Invalid.
Tue, Sep 14, 2:03 PM · Windows, gnupg (gpg22), Bug Report
werner closed T4972: GPG: Add Option to force passphrase constraints for symmetric encryption, too as Resolved.

Won't be implemented as a new option because --check-sym-passphrase-pattern and --check-passphrase-pattern (since 2.2.30) can be used to implement the same in a more flexible way.

Tue, Sep 14, 2:02 PM · gnupg (gpg22), Feature Request
werner lowered the priority of T5085: Filter APDUs in log output from Normal to Low.
Tue, Sep 14, 2:00 PM · Feature Request, gnupg (gpg22), scd
werner added a comment to T5120: Incompatible Ed25519 secret key (no-encryption).

gniibe: What's the state of this?

Tue, Sep 14, 1:59 PM · gnupg (gpg22), Bug Report
werner lowered the priority of T5301: Decrypting a message that has multiple SKESK packets sometimes fails from Normal to Wishlist.

Currently I see no need to fix this for 2.2

Tue, Sep 14, 1:58 PM · gnupg (gpg22), Bug Report
werner closed T5322: gpg erroring when the terminal is too small to show the ncurses pinentry dialog as Resolved.
Tue, Sep 14, 1:56 PM · gnupg (gpg22), gpgagent, pinentry, Bug Report
werner closed T5536: Backport the extended gpg-check-pattern to 2.2 as Resolved.

Released with 2.2.30 (T5519)

Tue, Sep 14, 1:52 PM · gnupg (gpg22)
werner committed rG13e4e322eb14: Update release signing keys. (authored by werner).
Update release signing keys.
Tue, Sep 14, 1:51 PM
werner committed rG67e1834ad402: scd: Remove context reference counting from pc/sc (authored by werner).
scd: Remove context reference counting from pc/sc
Tue, Sep 14, 1:44 PM
werner committed rGdbfb7f809b89: gpg: Print a warning when importing a bad cv25519 secret key. (authored by werner).
gpg: Print a warning when importing a bad cv25519 secret key.
Tue, Sep 14, 1:01 PM
werner added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Right, as long as there is only one format in widespread use (based on a long existing 4880bis draft) only this format should go over the wire.
Thus, it is a matter how the key is exported. In cryptography you should never have several options - one clearly defined format is what you want. We have had enough trouble with PGP5 peculiarities but in that case their implementation had more users and thus GnuPG had to work around it. Not good, but there was no standard at all at this time.

Tue, Sep 14, 11:14 AM · Support, gnupg, OpenPGP
werner committed rD8b8811c50311: web: Update signature keys. (authored by werner).
web: Update signature keys.
Tue, Sep 14, 10:39 AM
werner committed rG18e94c72294a: Update release signing keys. (authored by werner).
Update release signing keys.
Tue, Sep 14, 10:16 AM

Mon, Sep 13

werner committed rG117afec01891: common: New envvar GNUPG_EXEC_DEBUG_FLAGS. (authored by werner).
common: New envvar GNUPG_EXEC_DEBUG_FLAGS.
Mon, Sep 13, 5:37 PM
werner committed rGf2b01025c3da: common: New envvar GNUPG_EXEC_DEBUG_FLAGS. (authored by werner).
common: New envvar GNUPG_EXEC_DEBUG_FLAGS.
Mon, Sep 13, 5:37 PM
werner changed the status of T5597: First 8 bytes of cache item left in clear in memory after decryption. from Open to Testing.
Mon, Sep 13, 4:51 PM · libgcrypt, symmetric, Bug Report
werner committed rC792f607c58c0: cipher: Clear AESWRAP scratch area immediately after use (authored by werner).
cipher: Clear AESWRAP scratch area immediately after use
Mon, Sep 13, 4:50 PM
werner committed rC69e2e498f6a1: cipher: Clear AESWRAP scratch area immediately after use (authored by werner).
cipher: Clear AESWRAP scratch area immediately after use
Mon, Sep 13, 4:50 PM
werner committed rCdf4fe02794bb: cipher: Clear AESWRAP scratch area immediately after use (authored by werner).
cipher: Clear AESWRAP scratch area immediately after use
Mon, Sep 13, 4:46 PM
werner added a comment to T5597: First 8 bytes of cache item left in clear in memory after decryption..

And well, the context area of the handle is also wiped at gcry_cipher_close time. Thus any standard use of aeswrap (open,encrypt/decrypt,close) is not affected.

Mon, Sep 13, 4:42 PM · libgcrypt, symmetric, Bug Report
werner claimed T5597: First 8 bytes of cache item left in clear in memory after decryption..

Good catch. Thanks. This patch should fix the leak:

Mon, Sep 13, 4:39 PM · libgcrypt, symmetric, Bug Report
werner moved T5520: Fix tests in FIPS mode from Next to Done on the FIPS board.
Mon, Sep 13, 11:17 AM · Testing, FIPS, libgcrypt, Bug Report
werner moved T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation from Backlog to Next on the FIPS board.
Mon, Sep 13, 11:16 AM · FIPS, libgcrypt, Feature Request
werner moved T5520: Fix tests in FIPS mode from Backlog to Next on the FIPS board.
Mon, Sep 13, 11:11 AM · Testing, FIPS, libgcrypt, Bug Report
werner added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

My suggestion for a combined function is a simple:

Mon, Sep 13, 9:53 AM · FIPS, libgcrypt, Feature Request
werner added a comment to T5594: some possible minor things in the manpage.

Yes, --no-keyring should enough for the subset of gpg commands which do not need keys.

Mon, Sep 13, 9:37 AM · Documentation, gnupg, Bug Report
werner added a comment to T5560: gpg.exe interrupt batch execution in WindowsXp.

Sorry, GnuPG proper has no context menu or any graphic user interface. You need to install Gpg4win for this. Regarding use of gpg by other programs: There has been no change - other programs need to use the status-fd/command-fd interface and that has always been defined as UTF-8 and not as any native codepage. Please ask the makers of The Bat what is going wrong there.

Mon, Sep 13, 9:35 AM · Windows, gnupg (gpg22), Bug Report
werner is attending E886: Weekly Standup.
Mon, Sep 13, 9:15 AM
werner added a comment to E886: Weekly Standup.

Last week:

  • Business stuff
  • GnuPG 2.2 minor bug fixes
Mon, Sep 13, 9:15 AM
werner claimed T5574: GPG Portable on USB-Stick - Problems with GnuPG 2.2.30.

The breakaway job notices should definitely only be emitted in verbose mode. For the other things I need to check.

Mon, Sep 13, 6:30 AM · Bug Report
werner claimed T5596: Libgcrypt documentation: corrections to obvious misprints.
Mon, Sep 13, 6:28 AM · libgcrypt, patch, Documentation, Bug Report

Sat, Sep 11

werner added a comment to T1621: Support multiple cards (not just readers).

GnuPG stable (i.e. 2.3.2) has full support for several readers and tokens. This won't be backported to the LTS versions (2.2), though. Better switch.

Sat, Sep 11, 11:16 AM · gnupg, Feature Request

Thu, Sep 9

werner committed rG92f5cbb01874: doc: Clarify some gpg keyring options (authored by werner).
doc: Clarify some gpg keyring options
Thu, Sep 9, 5:47 PM
werner lowered the priority of T5079: Add compliance flag to trustlist.txt from High to Normal.
Thu, Sep 9, 3:08 PM · Feature Request, gnupg (gpg22)