Tehre has never been an option "shared-access" in GnuPG. At least not in upstream. In general we suggest the use of the interal ccid driver, but if you want PC/SC you need to use disable-ccid-driver. This is because 2.3 does not feature an automatic fallback to PC/SC anymore. Using pcsc-shared with OpenPGP cards can lead to surprising effects. You may want to try Scute as PCKSC#11 access module.

Actually we do not really support the systemd thing and it is likeley that the support in GnuPG will eventually be removed again. You may want to contact the Debian maintainer, who took responsibility for all systemd things.

Does the key have a passsphrase or somehow the empty string as passphrase?
If you don't use lookback mode: does the pinentry pop up?

(I edited the report to make it readable, but did not yet looked at it in detail)
I wonder why you are using a decent libgcrypt but a 3 years old GnuPG version?

Sure there are logs, see the options log-file and debug in the man pages.
To sign using specific subkey or the main key, use the fingerprint of the key and append an exclamation mark.
For example

I think we can close this bug. The warning will now only be printed as part of the the regression test and after all it is just a warning.

Will go into 2.3.4 which will also silence the noise of not being able to read it. The major reason for this code is to allow building an AppImage.

Thanks for the patch. That is sufficent. I added you to the Contributor group, though.

The thing is that any n.m.k-something version should behave versionwise the same as n.m.k. That is okay, because beta versions etc are not considered to be released. This is required to allow testing beta version _before_ doing the release.

We are currently using "implict" service indicators but eventually we may change Libgcrypt to support explicit indicators.

Thanks.

@Reiner: Any news; were you able to run the the command with redirection to some file?

So what is your bug report? Note that the NOTATION_FLAGS are only printed for human readable or critical notations.

Lets downgrade the priority and keep it open in case we get reports from customers. The other option would be to replicate this here using our AD demo network. But that is a bit time consuming.

Yes, but it is more complicated to do because you need to download a binary version of the keys and check that they are authentic. Most users don't known it. Anyway, I meanwhile created a Brainpool release sign key and new VSD releases are signed with that. The override option does not really harm, but we can close this bug due to the new release key.

Okay, any thing else missing in nPth?

Yeah, that will be helpful. Thanks. FWIW GnuPG 2.2.32 also lists PC/SC readers and not just the Linux default of CCID readers.

Version check is a data leak anyway and thus often disabled. Thus I don't see a risk for high value targets.

Just to be sure: Can you c+p the strings?

Hello @gniibe, you did the last work on nPTh. Would you be so kind and look into this?

I would prefer to store legacy manuals on the web server. That is the easier solution.

Cool. Thanks.

( No need to certify the DSA things)

Urgs, I already implemented this:

On macOS _NSGetExecutablePath could be used, but iiuc this requires linking against dyld. For other OSes we would also need more code. I doubt that this makes a lot of sense these days; but we should come up with a solution, even if that means we need an envvar to specify the location of that open gpgconf.ctl file.

That looks like a support question. Please ask on a mailing list for help. Sorry, we can't do individual support here.

Even better. Thanks,

A way to get the output of "gpgconf --show-versions" might also be useful. Actually this command could be used to get the versions.

dots are not allowed in hostnames.

We now require a way to get the actual image of a process. For macOS the BSD method is used and we obviously need to find another way for macOS.

The new bugs have been fixed in 2.3.3; see T5565.

I won't anymore follow the path of first doing a test install. That is way to hairy in respect to "make distcheck". Change is already in my working directory.

Is that really required? Should we wait what the conlusion of the WG will be?

Bison used to be the de-facto standard yacc ;-)

On my new Windows 10 laptop I see a "Windows Hello for Business 1". Thus put everything with "Windows Hello" at the end of the list or skip unless a reader-port is set. IIRC there are device with "virtual" or "Virtual" in their name, they don't make sense for us either. I would also put devices with "SCM" or "Identiv" to the top of the list. In particular the substrings "SPR532" seems to identify the Identiv SPR332 which is what we use here and actualay a suggested reader for GnUPG VS-Desktop.

Thanks for your findings. I recall that I read this in the announcement and cursed about this new tendency in GNU to break long standing APIs.

OpenPGP requires the P < U property and gpg does also. In some parts of the GnuPG we re-calculate the CRT parameters but not in these code paths. Right, a better error message would be appropriate. I'll turn this into a feature request.

Please ask on a mailing list etc. This is a bug tracker and pnly very few people are reading your report.

As long as we can't replicate this, it does not make sense to keep this bug open. Please re-open it if you run into it again in a replicatable way.

Fixed in gpgex 1.0.8

Sure they don't get created - they are optional.