- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Jun 23 2021
Jun 22 2021
So let's close this task.
Setting the gpg.program configuration value to "C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe" appears to resolve the issue.
It appears that Git ships with its own GnuPG program set, as can be seen in the attached image. I'll attempt to set the gpg.program setting in Git and see if that helps.
That looks all fine.
With the next release you will get only a warning:
gnupg-2.2/common/t-sexputil.c:467: test 0 failed: Unknown elliptic curve - ignored This is likely due to a patched version of Libgcrypt with removed support for Brainpool curves
The only download I have executed with regard to gpg4win is from the gpg4win website. You can see the output of the command you specified below.
may give you some clues.
You are not using gpg4win with its included GnuPG 2.2 but some broken gpg version. The error message
"invalid size of lockfile" can only be emitted by the Unix version of GnuPG. Check for other installed gpg versions - there are sites which allows the download of for example a Cygwin version - these version can't work properly on Windows.
I did some test on Windows 10 using gnupg 2.2 with this patch and things work.
For testing ion Windows 10 you need to switch to "Legacy Console" and reboot.
I think that a patch like following is needed:
diff --git a/common/ttyio.c b/common/ttyio.c index c385700de..55468bdf0 100644 --- a/common/ttyio.c +++ b/common/ttyio.c @@ -236,7 +236,21 @@ w32_write_console (const char *string) n = wcslen (wstring);
Regression with no-unicode font on Windows: T5491
When console font is not a Unicode font, it seems that the WriteConsoleW function may return ERROR_GEN_FAILURE.
Hello Mr. Koch,
Jun 21 2021
The sks pool is now officially gone.
Sorry for the expired certificate.
Fix: "I Know so few about gnupg, thus I'm not sure I COULD add test cases, probably not. "
Hi,
The site now shows: "NET::ERR_CERT_DATE_INVALID" and I have a limited access to the web page.
Thanks for you explanation. However, I now so few about gnupg, thus I'm not sure I cannot add test cases, probably not. I'll see later if we have to provide on AIX a behavior different than the one of RedHat. Meanwhile, about your last proposal, yes it would be very useful to detect the case, print a warning, and skip the test. That would be helpful. Moreover, if the test deals with smartcards, we do not have on AIX, thus this test is very probably not useful in our environment.
Please run
The thing is that I added a test for a new function which uses standard curves of Libgcrypt. But here we are again at the RedHat mess: They support the NIST curves but they removed support for Brainpool curves. Both are very similiar curves just different parameters. Brainpool is just in Europe out of fear that the NIST curves are rigged by the the NSA. Now, why RedHat removed Brainpool is probably just a legal dept thing who didn't have a clue. The tin foil hats probably see a different reason.
- a patch change within scd/apdu.c dealing with a call of: pcsc_connect() since code has changed between the 2 versions: may this be the cause of the failure? (Edited: hummm this patch seems no more required. And I have the same failure without it).
Hi Werner,
Supported curves should be listed by
gpg --list-config --with-colons curve
I am not sure about Fedora, but RedHat used to remove ECC support from Libgcrypt; GnuPG requires these curves. As long as you don't use ECC you things will work despite of this failed test. The test is new to check and does not anticipate a broken Libgcrypt.
Regression for keyserver search by mail address: T5497
Replicated and fixed. Thanks for the report.
In fact, the trigger is not yubikey but the pcsc-shared flag... If the pcsc-shared flag is enabled, you do check for interference because you are in shared condition. It is not really a race condition because you can put the driver in transaction mode. It’s more a turn-by-turn games but you can lose the card context status between turn.
If you lock the patch only for yubikey I’m not able to test with my device. You can add my manufacturer ID in the test please.
Thank you for your explanation.
Thank you for your report.
I pushed the fix.
It's not a device is a card. NXP P71 security chips on the card in the 250Kb Rom with GlobalPlateform 2.1.1 It is not possible for a card to change CCID by applet. Card depends of reader CCID. When the card is on NFC readers, the FIDO applet is accessible not when it is on contact readers. But, when I am in NFC FIDO share the CCID. For the user point of view having multiple card for each applet is a bad thing to devices for one user. User search presently for multipurpose devices. DOOR, Login, Email-crypt, ledger. Actually for app is not recommended to use a reader in exclusive mode. By designs the card is stateless and for memory management deselect applet free mem from other applet. Presently in the best case the card has 144-255 KB of eeprom and 2k or ram.
If your token/card is not Yubikey and when it is possible to improve your token/card implementation, I would suggest not follow what Yubikey does for multiple applications; No multiple applications, but each feature with independent access (card+CCID, another card+different CCID, FIDO+HID, ...).
Jun 20 2021
i'am not able to test... i can't build for win32. i have some trouble with my mingw32 installation and the miss match with library for build a functional version of gnupg for win32.
seem missing dll after make install folder. do you have instruction to setup dev environment for build win32 binary ? I use a ubuntu with minwg32. ntbtls seem missing ksba but libksba is already install verion 1.6.0 other project detect correctly ksba. it's seem is a little bit complicated juste for building scd project. a make it working correctly on windows environements.