hm, i think this is the file:
You can find the message attached.
Message has been saved from Outlook 2013.
Thanks for your report and analysis.
Tue, Feb 20
Thanks for tracking this down. I'll fix.
Bissecting between gnupg-2.3-base and master pinpointed commit ecbbafb88d920e713439b6b1b8e1b41a6f8d0e38 as the origin of the bug. This commit changed MAX_FINGERPRINT_LEN from 20 to 32, but the get_user_id_byfpr function in g10/getkey.c still assumes the old value.
Mon, Feb 19
Note that there is no standard for this. In particular the encoding of filenames with special characters are different in almost all implementations. I tried to find a common ground for our implementation.
Just to be clear I think this issue is valid and we should add more checksum tools in the future. But I would want them to use libgcrypt and confirm to the standard *sum command line arguments like -c.
On saturday I could observe the problem with a fresh Windows 10 Home edition.
- Mostly finished with the new encrypt / sign architecture
- UIServer is now mostly removed from GpgOL
- New Repo "Gpg4win-Tools" for small, single App GUI Helpers
- Started WKS Implementation
- Can programatically send valid WKS Mails, but can't yet switch the account. I have to somehow put an OOM Object (LPDISPATCH) to a value, works without errors but does nothing :-/
- ECDH on Curve25519:
- Vincent claims his own interpretation (for me, it's questionable, although I'd imagine how it's possible) and interoperability issues to other implementations (which is the real problem)
- My suggestions are (take one or more):
- Use new algo ID
- Use different OID for X25519
- Use 0x40 prefix for private key part
- ... and/or clarifying the spec.
- ElGamal: I wont respond to Weikeng Chen this time: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
- gpgme: Fix for BSD Make ("export", allowed chars for target, distinction for path and target)
- mostly working well on NetBSD: T3056: gpgme-1.8.0: test failures on NetBSD
- -only-sign-text-ids: T3787: Signature prompt has negated logic regarding `--only-sign-text-ids`
- scdaemon fix for NetBSD, where signaling to self doesn't unblock pselect by EINTR: T3778: NetBSD: scdaemon should be killed when its parent (gpg-agent) is going to shutdown
- scdaemon for KDF-DO support: rG25f3b6912901: scd: Improve KDF-DO support
- libgcrypt: AES-GCM
- Jussi fixed for len(IV) > 96-bit: T3764: AES-GCM bug for len(IV) != 96
- I wonder the reason why BMW uses AES-GCM. Recently I encountered DLMS/COSEM (for smart meters, for example) also uses AES-GCM (possibly wrongly).
The problem seems to have to do with the locking of the TOFU database.
Sun, Feb 18
Sat, Feb 17
Fri, Feb 16
This handles the problem, thanks.
Kleopatra can still be used without UI Server connectivity. But this might point to a bigger issue.
This is a MUA thing. Do you ask whether we plan to add it to GpgOL?
Sorry, we won't do this any time soon. We may even shut the Bitcoin thing down. I was too troublesome from a bookkeeping POV.
My first GUI Idea does not work. From the Ribbon I don't see a way to find the currently used account. I could only look at all accounts that are configured and check the WKS publishing state for all of them.
Still trying to pinpoint the bug, but I am afraid I am stuck.
The error of testQuickUID is strange. In the test, it adds a UID and checks number of UIDs (3 + 1 = 4).
It is not reproducible for me (Debian with Qt 5.9.2, NetBSD 7.0.2 with Qt 5.5.1), gnupg 2.2.x from the repo.
Thu, Feb 15
FYI this is still unfixed.
I think it'd be valuable to run another round of fuzzing tests, but this should be fixed before, otherwise it'll just be hit all the time and may hide other bugs.
Please see the original file (hello.txt), CFB-encrypted to two passwords (hello.txt.cfb), and AEAD-encrypted (hello.txt.aead).
Passwords used are '1' and '2'.
(automake should flag non-portable Makefile features - after all it is there to avoid gmake features)
Does this patch help? My artificial test confirmed that this does the Right Thing.