Are you not reading what I am saying to you?? Once again, your explanation is INVALID because that would mean that gnupg would be BROKEN, because it would be a NON-COMPLIANT http client according to the RFC I quoted.

May 23 2019, 1:58 PM · gnupg (gpg22), dns, dirmngr

misterzed88 created T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID.

May 23 2019, 11:18 AM · S/MIME, gnupg (gpg22), Bug Report

misterzed88 created T4535: gpgsm --sign prints misleading error message when using default key.

May 23 2019, 9:53 AM · gnupg (gpg22), S/MIME, Bug Report

• werner edited projects for T3287: Improve http proxy support by honoring SRV RRs., added: gnupg (gpg23); removed gnupg (gpg22).

May 23 2019, 9:43 AM · gnupg, dirmngr

• werner closed T3065: dirmngr: proxy issues with dnslookup causing failure as Wontfix.

I explained why the keyserver access requires access to the DNS. If that is not possible the keyserver code will not work. If you don't allow DNS to work you either have to use Tor (which we use to also tunnel DNS requests) or get your keys from elsewhere. Also note that the keyserver network is current several broken and under DoS and thus it is unlikely that it can be operated in the future.

May 23 2019, 9:42 AM · gnupg (gpg22), dns, dirmngr

• werner edited projects for T4422: `repair-keys` does not reorder signatures on non-merge imports, added: gnupg (gpg23); removed gnupg (gpg22).

May 23 2019, 9:31 AM · gnupg24, Bug Report

• gniibe closed T4326: Reloading gpg-agent with disable-scdaemon set does not stop scdaemon. as Resolved.

Simply sending "KILLSCD" is implemented.

May 23 2019, 3:19 AM · Bug Report, scd, gpgagent

• gniibe committed rG7158a5696dc8: agent: Stop scdaemon after reload when disable_scdaemon. (authored by • gniibe).

agent: Stop scdaemon after reload when disable_scdaemon.

May 23 2019, 3:18 AM

• gniibe committed rG265e6d670682: g10: Copy expiredate from primary key when marked expired. (authored by • gniibe).

g10: Copy expiredate from primary key when marked expired.

May 23 2019, 2:42 AM

• gniibe changed the status of T3343: show-unusable-subkeys claims "expired: never" when primary key is expired from Open to Testing.

There is also a confusing case: a subkey expiration date is set, but the associated primary key is expired.
Pushing a fix in master.

May 23 2019, 2:41 AM · gnupg, Bug Report

• gniibe closed T3283: Set 'mym4_revision' to 0 if not a git repo as Resolved.

May 23 2019, 1:59 AM · libgcrypt, Bug Report

May 22 2019

• werner closed T4533: Could not decrypt the data: Data is not integrity protected. Decrypting it could be a security problem. (no MDC) as Resolved.

You need to update the public key and convey it to the sender. This will solve the problems. You should also ask the sender to update their software so that an MDC is always used regardless of the flag.

May 22 2019, 7:24 PM · Not A Bug, gpg4win

• werner added a comment to T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested).

Actually I have a different approach to fix this bug(let). Please give me a few days.

May 22 2019, 7:21 PM · patch, Bug Report, gnupg

cdeibert added a comment to T4533: Could not decrypt the data: Data is not integrity protected. Decrypting it could be a security problem. (no MDC).

Yes, very exactly indeed: It's GPgOL within gpg4win-3.1.1... ;) But you're right, the key itself is a legacy key, created back in 2001 with a commercial PGP Solution and later on the key was "spiced up" cipher-wise...Goal ist to get everybody (also the sender) to gpg4win-3.1.7, but how can I achive not having lots of eMails which one will never be able to decrypt?

May 22 2019, 7:13 AM · Not A Bug, gpg4win

matheusmoreira updated the diff for D489: po: add portuguese translation for the new command.

Rebased on top of master: 4c7d63cd5b02

May 22 2019, 2:28 AM

matheusmoreira updated the diff for D488: gpg: add the --delete-secret-key-stubs command.

Rebased on top of master: 4c7d63cd5b02

May 22 2019, 2:27 AM

matheusmoreira updated the summary of D486: po: add portuguese description for new command.

May 22 2019, 2:26 AM

matheusmoreira updated the diff for D486: po: add portuguese description for new command.

Rebased on top of master: 4c7d63cd5b02

May 22 2019, 2:26 AM

matheusmoreira updated the diff for D485: gpg: add the --delete-secret-subkeys command.

Rebased on top of master: 4c7d63cd5b02

May 22 2019, 2:20 AM

matheusmoreira updated the diff for D483: po: add portuguese primary key deletion message.

Rebased on top of master: 4c7d63cd5b02

May 22 2019, 2:18 AM

matheusmoreira updated the diff for D482: gpg: confirm again before deleting primary key.

Rebased on top of master: 4c7d63cd5b02

May 22 2019, 2:17 AM

matheusmoreira updated the diff for D481: gpg: confirm deletion of each key individually.

Rebased on top of master: 4c7d63cd5b02
Add the if (okay) conditional back to the code

May 22 2019, 2:15 AM

matheusmoreira updated the diff for D480: gpg: factor out secret key deletion function.

Rebased on top of master: 4c7d63cd5b02

May 22 2019, 2:13 AM

matheusmoreira updated the diff for D479: gpg: avoid deletion of keys not specified by user.

Rebased on top of master: 4c7d63cd5b02

May 22 2019, 2:12 AM

matheusmoreira added a comment to T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested).

@werner Thanks for merging the --dry-run patch in 110a4550179f !

May 22 2019, 2:10 AM · patch, Bug Report, gnupg

May 21 2019

matheusmoreira abandoned D487: gpg: don't delete any keys if --dry-run is passed.

Committed to master: 110a4550179f

May 21 2019, 11:09 PM

• werner added a comment to T4533: Could not decrypt the data: Data is not integrity protected. Decrypting it could be a security problem. (no MDC).

Do you know which software the sender uses for encryption? That software may simply ignore the preferences or the sender also encrypts to a legacy key using a software which does not force the use of an MDC. Sometimes keys are generated with gpg but used with other software - without updating the preferences of the keys.

May 21 2019, 6:31 PM · Not A Bug, gpg4win

• werner added a comment to T4534: gcry_sexp_canon_len() documentation claims that valid S-expressions will never return 0, but it returns 0 if an empty string is found in a valid S-expression.

I don't see why the documentation needs to be fixed. gcry_sexp_canon_len returns 0 for certain and s-expressions, meaning tha the s-expression is not valid. After all the s-expression code in libgcrypt does not claim to be a general purpose parser for s-expression but is targeted towards Libgcrypt needs.

May 21 2019, 6:26 PM · libgcrypt, Bug Report

dkg added a comment to T4534: gcry_sexp_canon_len() documentation claims that valid S-expressions will never return 0, but it returns 0 if an empty string is found in a valid S-expression.

By marking this as "wontfix", you appear to be saying that you won't even fix the documentation to describe the constraints that gcrypt intends to enforce. This is surprising to me.

May 21 2019, 5:59 PM · libgcrypt, Bug Report

• werner committed rG30f44957ccd1: gpg: Do not bail on an invalid packet in the local keyring. (authored by • werner).

gpg: Do not bail on an invalid packet in the local keyring.

May 21 2019, 5:40 PM

• werner committed rG4c7d63cd5b02: gpg: Do not bail on an invalid packet in the local keyring. (authored by • werner).

gpg: Do not bail on an invalid packet in the local keyring.

May 21 2019, 5:28 PM

• werner closed T4534: gcry_sexp_canon_len() documentation claims that valid S-expressions will never return 0, but it returns 0 if an empty string is found in a valid S-expression as Wontfix.

May 21 2019, 4:30 PM · libgcrypt, Bug Report

• werner committed rGd32963eeb33f: gpg: Do not allow creation of user ids larger than our parser allows. (authored by • werner).

gpg: Do not allow creation of user ids larger than our parser allows.

May 21 2019, 4:29 PM

• werner closed T4532: Creating a key with a long userid succeeds, but corrupts the keyring as Resolved.

Thanks. Fixed in master and 2.2.

May 21 2019, 4:29 PM · gnupg (gpg22), Bug Report

dkg created T4534: gcry_sexp_canon_len() documentation claims that valid S-expressions will never return 0, but it returns 0 if an empty string is found in a valid S-expression.

May 21 2019, 4:28 PM · libgcrypt, Bug Report

• werner committed rG156788a43c20: gpg: Do not allow creation of user ids larger than our parser allows. (authored by • werner).

gpg: Do not allow creation of user ids larger than our parser allows.

May 21 2019, 4:28 PM

cdeibert created T4533: Could not decrypt the data: Data is not integrity protected. Decrypting it could be a security problem. (no MDC).

May 21 2019, 3:26 PM · Not A Bug, gpg4win

justus created T4532: Creating a key with a long userid succeeds, but corrupts the keyring.

May 21 2019, 2:05 PM · gnupg (gpg22), Bug Report

• werner committed rG126caa34bbdb: gpg: Unify the the use of the print_pubkey_info functions. (authored by • werner).

gpg: Unify the the use of the print_pubkey_info functions.

May 21 2019, 1:04 PM

• gniibe closed T4454: scdaemon is not working in cygwin (64bit) as Resolved.

In master, I pushed a change, closing.

May 21 2019, 9:40 AM · patch, scd, Cygwin, Bug Report

• gniibe committed rG1eb93d9229c5: scd: Fix for SCARD_IO_REQUEST structure. (authored by • gniibe).

scd: Fix for SCARD_IO_REQUEST structure.

May 21 2019, 9:39 AM

• werner closed T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte as Resolved.

Also fixed for 2.2

May 21 2019, 9:16 AM · gpgagent, ssh

• werner committed rG6e39541f4f48: agent: For SSH key, don't put NUL-byte at the end. (authored by • gniibe).

agent: For SSH key, don't put NUL-byte at the end.

May 21 2019, 9:16 AM

• werner closed T4273: agent: Request insertion of smartcard when no card present as Resolved.

The behaviour related to ssh key access is due to the way ssh works: After a connection has been established to a server ssh presents to to the server all identities (public keys) it has access to (meaning it has a corresponding private key). Thus we can't tell ssh all the keys we have because that would be an information leak and may also take too long. Because the user may in some cases not want to use the ssh-agent but resort to ssh command line input of the passphrase, we do not insist on using a key known by gpg-agent.

May 21 2019, 9:13 AM · Feature Request, Documentation, gpgagent

• werner closed T4273: agent: Request insertion of smartcard when no card present, a subtask of T2291: Smartcard interaction improvement (was: Shadowed private key design (for smartcard)), as Resolved.

May 21 2019, 9:13 AM · Restricted Project, gnupg, Feature Request

• gniibe claimed T4454: scdaemon is not working in cygwin (64bit).

For future, it would make sense applying your patch, but I wonder if it works on macOS.
Let me check.

May 21 2019, 9:11 AM · patch, scd, Cygwin, Bug Report

• gniibe committed rG479f7bf31ce4: agent: For SSH key, don't put NUL-byte at the end. (authored by • gniibe).

agent: For SSH key, don't put NUL-byte at the end.

May 21 2019, 8:54 AM

• gniibe claimed T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte.

I located the bug in agent/command-ssh.c.
Our practice is two calls of gcry_sexp_sprint; One to determine the length including last NUL byte, and another to actually fills the buffer.
The first call return +1 for NUL byte.
The second call fills NUL at the end, but returns +0 length (length sans last NUL).

May 21 2019, 8:48 AM · gpgagent, ssh

• werner added a parent task for T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested): T4509: Release GnuPG 2.2.16.

May 21 2019, 7:55 AM · patch, Bug Report, gnupg

• werner added a subtask for T4509: Release GnuPG 2.2.16: T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested).

May 21 2019, 7:55 AM · Release Info, gnupg (gpg22)

• werner claimed T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested).

May 21 2019, 7:55 AM · patch, Bug Report, gnupg

• werner added subtasks for T4531: PowerPC performance improvements: T4530: libgcrypt: POWER SHA-2 Vector Acceleration, T4529: libgcrypt: POWER AES Vector Acceleration.

May 21 2019, 7:54 AM

• werner added a parent task for T4529: libgcrypt: POWER AES Vector Acceleration: T4531: PowerPC performance improvements.

May 21 2019, 7:54 AM · libgcrypt, Feature Request

• werner added a parent task for T4530: libgcrypt: POWER SHA-2 Vector Acceleration: T4531: PowerPC performance improvements.

May 21 2019, 7:54 AM · libgcrypt, Feature Request

• werner created T4531: PowerPC performance improvements.

May 21 2019, 7:54 AM

• werner renamed T4530: libgcrypt: POWER SHA-2 Vector Acceleration from [$] libgcrypt: POWER SHA-2 Vector Acceleration to libgcrypt: POWER SHA-2 Vector Acceleration.

May 21 2019, 7:52 AM · libgcrypt, Feature Request

• werner triaged T4529: libgcrypt: POWER AES Vector Acceleration as Normal priority.

Perl would be okay for maintainer mode but not for regular builds. The reason is that perl is already used by autotools but a build shall still be possible w/o perl.

May 21 2019, 7:51 AM · libgcrypt, Feature Request

Laurent Montel <montel@kde.org> committed rLIBKLEO1d738b16816a: GIT_SILENT: Prepare 5.11.2 (authored by Laurent Montel <montel@kde.org>).

GIT_SILENT: Prepare 5.11.2

May 21 2019, 7:48 AM

• werner renamed T4529: libgcrypt: POWER AES Vector Acceleration from [$] libgcrypt: POWER AES Vector Acceleration to libgcrypt: POWER AES Vector Acceleration.

May 21 2019, 7:47 AM · libgcrypt, Feature Request

• werner triaged T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache as Low priority.

May 21 2019, 7:45 AM · Feature Request, gpgagent

Laurent Montel <montel@kde.org> committed rKLEOPATRA075a7808c318: GIT_SILENT: Prepare 5.11.2 (authored by Laurent Montel <montel@kde.org>).

GIT_SILENT: Prepare 5.11.2

May 21 2019, 7:19 AM

ctubbsii added a comment to T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache .

I spent a lot of time trying to figure out how to automate the interface between my preferred password store (gnome-keyring, via libsecret), but with the loopback pinentry mode changes in gpg 2.1, it is much harder (if not impossible) to do. Having passphrase caching is the only thing preventing me from choosing a weaker passphrase on my gpg keyring.

May 21 2019, 2:03 AM · Feature Request, gpgagent

ctubbsii added a comment to T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache .

Disallowing passphrase caching is likely to have the unintended consequence of users choosing weaker passphrases that are more easily memorized and/or typed. Caching should be permitted, IMO. This puts more decisions about passphrase management into the control of the user.

May 21 2019, 1:38 AM · Feature Request, gpgagent

May 20 2019

slandden added a comment to T4529: libgcrypt: POWER AES Vector Acceleration.

I'm looking into doing a pretty epic hack of using the switch_endian syscall to speed this up.

May 20 2019, 11:52 PM · libgcrypt, Feature Request

dkg added a comment to T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache .

And yet, that interface is already being used by the agent-transfer utility in monkeysphere. The interface exists, it is not marked in any way as unusable or deprecated or off-limits, so it is used.

May 20 2019, 11:38 PM · Feature Request, gpgagent

dkg committed rGbf2724880fe5: gpg-agent: add new CACHE_MODE_EXPORT (authored by dkg).

gpg-agent: add new CACHE_MODE_EXPORT

May 20 2019, 11:38 PM

dkg committed rG6915baf507e3: gpg-agent: add new CACHE_MODE_EXPORT (authored by dkg).

gpg-agent: add new CACHE_MODE_EXPORT

May 20 2019, 11:38 PM

gcwilson added a comment to T4529: libgcrypt: POWER AES Vector Acceleration.

I don't know. That would make it a relatively easy transplant. We've also used the Cryptogams code as a reference for Golang enhancements, if that helps. I'd welcome guidance on the matter from a maintainer.

May 20 2019, 9:46 PM · libgcrypt, Feature Request

slandden added a comment to T4529: libgcrypt: POWER AES Vector Acceleration.

Would the maintainers accept having perl in the repository? Linux does it.[1]

May 20 2019, 8:35 PM · libgcrypt, Feature Request

gcwilson created T4530: libgcrypt: POWER SHA-2 Vector Acceleration.

May 20 2019, 7:04 PM · libgcrypt, Feature Request

gcwilson created T4529: libgcrypt: POWER AES Vector Acceleration.

May 20 2019, 7:01 PM · libgcrypt, Feature Request

• aheinecke committed rO66d0c18df541: Change S/MIME Message Class handling (authored by • aheinecke).

Change S/MIME Message Class handling

May 20 2019, 2:36 PM

• aheinecke committed rOaaab728aacaa: Handle multipe valid secret keys better (authored by • aheinecke).