Page MenuHome GnuPG
Feed All Stories

Sun, Oct 10

werner closed T5622: 'HKLM\Software\GNU\GnuPG' registry key does not already exist after end of setup, but users might expect to find it as Resolved.
Sun, Oct 10, 6:49 PM · Not A Bug, gpg4win
werner closed T5621: No '%ProgramData%\GNU', '%ProgramData%\GNU\etc', '%ProgramData%\GNU\etc\gnupg' or '%ProgramData%\GNU\etc\gnupg\trusted-certs' or '%ProgramData%\GNU\etc\gnupg\extra-certs' get created after setup as Resolved.

Sure they don't get created - they are optional.

Sun, Oct 10, 6:48 PM · Documentation, Not A Bug, gpg4win
calestyo added a comment to T5646: indicate wrong passphrase via exit status.

I did in fact check --status-fd before, but I'm not sure whether it gives me the information I wanted.

Sun, Oct 10, 5:12 PM · gnupg, FAQ
Hiddi added a comment to T2337: gpg command line language wrong.

In that case maybe GetUserDefaultUILanguage. Thank you for considering.

Sun, Oct 10, 4:39 PM · gnupg (gpg23), Feature Request, gpg4win
werner edited projects for T2337: gpg command line language wrong, added: Feature Request, gnupg (gpg23); removed Info Needed, Bug Report, gnupg (gpg20).

Thanks for the info.

Sun, Oct 10, 4:23 PM · gnupg (gpg23), Feature Request, gpg4win
werner closed T5646: indicate wrong passphrase via exit status as Resolved.

Please use the --status-fd interface. This yields all the info you need. An exit code is not distinct enough for such purpose and you need to check the status lines in any case. For scripting gpgme-tool or gpgme-json might be useful as well because they do all the nitty-gritty parts of using gpg correctly

Sun, Oct 10, 4:15 PM · gnupg, FAQ
Hiddi reopened T2337: gpg command line language wrong as "Open".

Problem/Bug still persists in current version (gpg4win 3.1.16) --> reopen

Sun, Oct 10, 3:12 PM · gnupg (gpg23), Feature Request, gpg4win
Laurent Montel <montel@kde.org> committed rLIBKLEOcf2f647027bf: USe std::unique_ptr (authored by Laurent Montel <montel@kde.org>).
USe std::unique_ptr
Sun, Oct 10, 2:17 PM
Laurent Montel <montel@kde.org> committed rLIBKLEOcef7cd1d971e: GIT_SILENT: time to increase version (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: time to increase version
Sun, Oct 10, 11:20 AM
Laurent Montel <montel@kde.org> committed rKLEOPATRA98f419637674: GIT_SILENT: time to increase version (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: time to increase version
Sun, Oct 10, 11:19 AM
jukivili committed rC95425c6b0b96: cipher/sha256: fix 'accessing 32 bytes in a region of size 4' warnings (authored by jukivili).
cipher/sha256: fix 'accessing 32 bytes in a region of size 4' warnings
Sun, Oct 10, 8:38 AM

Sat, Oct 9

calestyo created T5646: indicate wrong passphrase via exit status.
Sat, Oct 9, 6:15 PM · gnupg, FAQ
Laurent Montel <montel@kde.org> committed rKLEOPATRAfba4777db891: GIT_SILENT: prepare 5.18.3 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.18.3
Sat, Oct 9, 9:28 AM
Laurent Montel <montel@kde.org> committed rLIBKLEO0f65cc21e56f: GIT_SILENT: prepare 5.18.3 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.18.3
Sat, Oct 9, 9:27 AM

Fri, Oct 8

werner closed T5472: Kleopatra not storing decrypted files as Resolved.
Fri, Oct 8, 7:33 PM · Support, kleopatra, Bug Report
Jakuje added a comment to T5645: RSA/DSA keygen modification for FIPS/ACVP testing.

sorry for a confusion. We do not plan to certify DSA so disregard the second part of the patch.

Fri, Oct 8, 4:17 PM · Testing, libgcrypt, FIPS, Bug Report
jarregui added a comment to T5472: Kleopatra not storing decrypted files.

Sorry, I just discovered that I had to click on "Save All" in order for the file to be actually stored in the disk and then it works.

Fri, Oct 8, 3:57 PM · Support, kleopatra, Bug Report
jarregui added a comment to T5472: Kleopatra not storing decrypted files.

Here it goes...

Fri, Oct 8, 3:50 PM · Support, kleopatra, Bug Report
werner triaged T5645: RSA/DSA keygen modification for FIPS/ACVP testing as High priority.
Fri, Oct 8, 3:34 PM · Testing, libgcrypt, FIPS, Bug Report
werner added projects to T5472: Kleopatra not storing decrypted files: kleopatra, Support.
Fri, Oct 8, 3:33 PM · Support, kleopatra, Bug Report
werner added a comment to T5472: Kleopatra not storing decrypted files.

Please hit "mostra de registro..." link in the blue box and show us its content (you may want to check that it does not show sensitive data)

Fri, Oct 8, 3:33 PM · Support, kleopatra, Bug Report
werner triaged T5435: GpgOL shows Insecure and won't decrypt instead there is an attachment as Normal priority.

Thanks for the log, however, I would suggest to use 3.1.16 and try again.

Fri, Oct 8, 3:27 PM · Info Needed, Bug Report, gpg4win
werner added a subtask for T5593: Gpg4Win displayed 'PATH env variable too big' error during setup: T5605: After end of v3.1.16 setup Kleopatra desktop icon was created with wrong saved path for own icon.
Fri, Oct 8, 3:24 PM · Bug Report, gpg4win
werner added a parent task for T5605: After end of v3.1.16 setup Kleopatra desktop icon was created with wrong saved path for own icon: T5593: Gpg4Win displayed 'PATH env variable too big' error during setup.
Fri, Oct 8, 3:24 PM · Bug Report, gpg4win
werner triaged T5605: After end of v3.1.16 setup Kleopatra desktop icon was created with wrong saved path for own icon as Low priority.
Fri, Oct 8, 3:24 PM · Bug Report, gpg4win
werner closed T5633: gpg key generation failure as Wontfix.
Fri, Oct 8, 3:23 PM · MacOS, Bug Report
werner closed T5642: gpg: keyserver send failed: Network is unreachable as Resolved.
Fri, Oct 8, 3:22 PM · Support
werner added a comment to T5645: RSA/DSA keygen modification for FIPS/ACVP testing.

Do we really need to support DSA in FIPS mode? I mean standard DSA and not ECDSA.

Fri, Oct 8, 3:22 PM · Testing, libgcrypt, FIPS, Bug Report
werner closed T5643: Downgrade gpg as Resolved.
Fri, Oct 8, 3:19 PM · Info Needed, Support
werner added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

There won't be any other 3.1 release - install GnuPG 2.2.32 on top of Gpg4win 3.1.16

Fri, Oct 8, 3:18 PM · gnupg (gpg22), dirmngr
werner raised the priority of T5644: Heuristic for default reader detection from Normal to High.
Fri, Oct 8, 2:51 PM · Feature Request, gnupg (gpg22)
onickolay added a comment to T3795: Failure to decrypt file, encrypted with multiple passwords.

Got again accross this. Actual behaviour is a bit different from one described in a bug report. If file is encrypted to 3 passphrases, and you want to decrypt it with the 2 or 3, it succeeds but only if you provide valid passphrase to the second or, respectively, third request.

Fri, Oct 8, 12:23 PM · Bug Report, gnupg
bernhard added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

My experience on a Window 10 system was, that removing the expired root certificate did not help with https://keyserver.ubuntu.com and the intermediate certificate was not in the windows store, so it could not be removed.

Fri, Oct 8, 12:01 PM · gnupg (gpg22), dirmngr
Jakuje created T5645: RSA/DSA keygen modification for FIPS/ACVP testing.
Fri, Oct 8, 11:05 AM · Testing, libgcrypt, FIPS, Bug Report
ikloecker added a comment to T5643: Downgrade gpg.

Sure.

Fri, Oct 8, 9:17 AM · Info Needed, Support
ikloecker added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

Removing an intermediate cert from your local system doesn't help because any correctly configured server will send you all necessary intermediate certs together with the server cert. You'd have to remove the expired root certificate instead (see Workaround 1 on https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/). The problem is that this will break certificate verification for any servers that still use the old intermediate cert, e.g. keyserver.ubuntu.com.

Fri, Oct 8, 9:16 AM · gnupg (gpg22), dirmngr

Thu, Oct 7

Laurent Montel <montel@kde.org> committed rLIBKLEOd0b2628a8ee9: GIT_SILENT: prepare 5.18.3 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.18.3
Thu, Oct 7, 9:39 PM
dingyis added a comment to T5643: Downgrade gpg.

And it shows

Thu, Oct 7, 7:42 PM · Info Needed, Support
dingyis added a comment to T5643: Downgrade gpg.

Thank you so much for your explanation.
I just want to try with older version. Because when I try to run

Thu, Oct 7, 7:23 PM · Info Needed, Support
werner edited projects for T5642: gpg: keyserver send failed: Network is unreachable, added: Support; removed Bug Report.
Thu, Oct 7, 5:41 PM · Support
werner closed T5611: 2.3.2: test suite is failing as Resolved.
Thu, Oct 7, 5:35 PM · Support, gnupg (gpg23)
werner edited projects for T5643: Downgrade gpg, added: Support, Info Needed; removed Bug Report.
Thu, Oct 7, 5:34 PM · Info Needed, Support
werner added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

The LE web site has instruction on how to do this. However, it is complicated and depends on your system. The intermediate cert you listed is signed by the expired old root cert. If you remove this intermediate cert the other root cert will be found and we are done. The old LE certs had a 4 tier chain and the new one a 3 tier.
See https://dev.gnupg.org/rG341ab0123a8fa386565ecf13f6462a73a137e6a4 and https://letsencrypt.org/images/isrg-hierarchy.png

Thu, Oct 7, 5:33 PM · gnupg (gpg22), dirmngr
werner triaged T5644: Heuristic for default reader detection as Normal priority.
Thu, Oct 7, 4:07 PM · Feature Request, gnupg (gpg22)
ikloecker committed rKLEOPATRA2f5a85bacf19: Bump version to 3.1.19 (authored by ikloecker).
Bump version to 3.1.19
Thu, Oct 7, 3:23 PM
bernhard added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

One problem I see is that keyserver.ubuntu.com delivers a problematic intermediate(?) certificate:

Thu, Oct 7, 1:59 PM · gnupg (gpg22), dirmngr
bernhard added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

If there is no easy way to install a new version of GnuPG, e.g. for Gpg4win or for GNU/Linux distributions: It may make sense to have instructions for the workaround ready.

Thu, Oct 7, 9:30 AM · gnupg (gpg22), dirmngr
ikloecker added a comment to T5642: gpg: keyserver send failed: Network is unreachable.

Works for me:

ingo@daneel:~/dev/g10/src/gpg4win-appimage-test (ikloecker/t5592-appimage *)$ gpg --version
gpg (GnuPG) 2.2.27
libgcrypt 1.9.4-unknown
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Thu, Oct 7, 8:53 AM · Support
ikloecker added a comment to T5643: Downgrade gpg.

The usual procedure for downgrading is

  1. Uninstall the currently installed version
  2. Install the older version
Thu, Oct 7, 8:45 AM · Info Needed, Support
werner added a comment to T5643: Downgrade gpg.

You should never ever downgrade. What is the problem with the new 2.2.32?

Thu, Oct 7, 8:29 AM · Info Needed, Support
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Pushed the change: rC082ea0efa9b1: cipher: Add sign+hash, verify+hash, and random-override API.

Thu, Oct 7, 8:25 AM · FIPS, libgcrypt, Feature Request
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2021q4/000465.html on T5601: Release GnuPG 2.2.32.
Thu, Oct 7, 7:55 AM · Release Info, gnupg (gpg22)
gniibe committed rC16a9eaad5d1a: cipher:dsa,ecdsa: Support supplying K externally. (authored by gniibe).
cipher:dsa,ecdsa: Support supplying K externally.
Thu, Oct 7, 7:14 AM
gniibe committed rC082ea0efa9b1: cipher: Add sign+hash, verify+hash, and random-override API. (authored by gniibe).
cipher: Add sign+hash, verify+hash, and random-override API.
Thu, Oct 7, 7:14 AM
dingyis created T5643: Downgrade gpg.
Thu, Oct 7, 7:10 AM · Info Needed, Support

Wed, Oct 6

dingyis added a comment to T5642: gpg: keyserver send failed: Network is unreachable.

What do you mean by asking on a ML or on IRC for networking help?

Wed, Oct 6, 11:38 PM · Support
dingyis added a comment to T5642: gpg: keyserver send failed: Network is unreachable.

Hi, I have installed 2.2.32, but still get the same error.

Wed, Oct 6, 10:15 PM · Support
werner committed rDa7c5dd23a1e5: swdb: GnuPG 2.2.32 (authored by werner).
swdb: GnuPG 2.2.32
Wed, Oct 6, 10:09 PM
dingyis added a comment to T5642: gpg: keyserver send failed: Network is unreachable.

Thank you for your reply! I have updated version numbers and the used OS. I will try with GnuPG 2.2.32

Wed, Oct 6, 9:45 PM · Support
dingyis updated the task description for T5642: gpg: keyserver send failed: Network is unreachable.
Wed, Oct 6, 9:38 PM · Support
werner added a comment to T5642: gpg: keyserver send failed: Network is unreachable.

I can't tell you why you get this error. However, since Oct 1 the keyserver access does in many case not work anymnore. This has been fixed in GnuPG 2.2.32, which I released a few minutes ago. You may install this on top of gpg4win 3.1.16.

Wed, Oct 6, 9:26 PM · Support
dingyis renamed T5642: gpg: keyserver send failed: Network is unreachable from gpg: kyserver send failed: Network is unreachable to gpg: keyserver send failed: Network is unreachable.
Wed, Oct 6, 9:25 PM · Support
werner added a comment to T5571: Release GnuPG 2.2.31.

Please update to 2.2.32 if you have problems with keyservers etc.

Wed, Oct 6, 9:22 PM · Release Info, gnupg (gpg22)
dingyis updated the task description for T5642: gpg: keyserver send failed: Network is unreachable.
Wed, Oct 6, 9:21 PM · Support
werner closed T5584: gpg --list-packets lists wrong packets as Resolved.

Backported to 2.2.32

Wed, Oct 6, 9:21 PM · gnupg (gpg22), Bug Report
werner closed T5639: dirmngr uses the wrong Let's encrypt chain as Resolved.
Wed, Oct 6, 9:20 PM · gnupg (gpg22), dirmngr
werner closed T5601: Release GnuPG 2.2.32 as Resolved.
Wed, Oct 6, 9:19 PM · Release Info, gnupg (gpg22)
dingyis created T5642: gpg: keyserver send failed: Network is unreachable.
Wed, Oct 6, 9:18 PM · Support
werner committed rGbb750cf4bae3: Post release updates (authored by werner).
Post release updates
Wed, Oct 6, 9:15 PM
werner committed rG476096099db9: Release 2.2.32 (authored by werner).
Release 2.2.32
Wed, Oct 6, 9:15 PM
werner triaged T5641: Release GnuPG 2.2.33 as Low priority.
Wed, Oct 6, 9:14 PM · Release Info, gnupg (gpg22)
werner committed rGa17f1b607473: gpg: Skip the packet when not used for AEAD. (authored by gniibe).
gpg: Skip the packet when not used for AEAD.
Wed, Oct 6, 8:12 PM
jukivili committed rC9fc0d145278d: Fix building for Win64 target (authored by jukivili).
Fix building for Win64 target
Wed, Oct 6, 6:16 PM
werner added a comment to T5571: Release GnuPG 2.2.31.

We have been hit by the Let's Encrypt root cert switch. Thus a fixed version will soon be released. See T5639 for details of the problem.

Wed, Oct 6, 5:58 PM · Release Info, gnupg (gpg22)
werner added a comment to T5487: GnuPG 2.2.28 not working with Yubikey NEO.

You mean Gpg4win. The solution for Gpg4win 3.1.x is to install the latest GnUPG LTS installer for Windows on top of the latest Gpg4win version. See https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000459.html . Noet that there will very soon be a 2.2.32 to fix a problem with Let's encrypt protected keyservers (T5639).

Wed, Oct 6, 5:53 PM · yubikey, gnupg (gpg22), Bug Report
DanielHabenicht added a comment to T5487: GnuPG 2.2.28 not working with Yubikey NEO.

Just for everbody else who might be waiting for a new release. Workaround is to simply use the previous version: https://www.gpg4win.de/change-history-de.html (3.1.15)

Wed, Oct 6, 5:21 PM · yubikey, gnupg (gpg22), Bug Report
werner closed T5640: gnupg 1.4.23 static analysis report as Wontfix.

Thanks for the report. However, for 1.4 we will only apply important real world security patches. A brief review did not reveal any setious problems. Theoretical memory leaks will not be fixed. Note that your report also includes patches to parts of the code which are not anymore used.

Wed, Oct 6, 4:58 PM · gnupg (gpg14), Bug Report
Jakuje updated the task description for T5636: Run integrity checks + selftests from library constructor in FIPS.
Wed, Oct 6, 4:47 PM · FIPS, libgcrypt, Bug Report
lehich created T5640: gnupg 1.4.23 static analysis report.
Wed, Oct 6, 4:26 PM · gnupg (gpg14), Bug Report
ikloecker committed rGe99b9890c28d: common: Respect gpgconf.ctl when looking up translations (authored by ikloecker).
common: Respect gpgconf.ctl when looking up translations
Wed, Oct 6, 1:43 PM
werner committed rG341ab0123a8f: dirmngr: Fix Let's Encrypt certificate chain validation. (authored by werner).
dirmngr: Fix Let's Encrypt certificate chain validation.
Wed, Oct 6, 11:58 AM
werner committed rG323a20399d90: dirmngr: New option --ignore-cert (authored by werner).
dirmngr: New option --ignore-cert
Wed, Oct 6, 11:58 AM
mfilippov awarded T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent a Like token.
Wed, Oct 6, 11:24 AM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
werner committed rG687993788597: dirmngr: Fix Let's Encrypt certificate chain validation. (authored by werner).
dirmngr: Fix Let's Encrypt certificate chain validation.
Wed, Oct 6, 10:41 AM
werner committed rG4b3e9a44b58e: dirmngr: New option --ignore-cert (authored by werner).
dirmngr: New option --ignore-cert
Wed, Oct 6, 10:41 AM
werner triaged T5639: dirmngr uses the wrong Let's encrypt chain as High priority.
Wed, Oct 6, 9:23 AM · gnupg (gpg22), dirmngr
gniibe claimed T5609: keydb_get_keyblock failed with cv448 key .
Wed, Oct 6, 5:43 AM · Testing, OpenPGP, gnupg (gpg23)
gniibe added a comment to T5623: gpg2 hangs on many tasks on OpenIndiana (Illumos).

Major problem here (before the change) was that clock_gettime returned an error with no valid value of the time, which confuses gpg-agent's calibration of time. This occurred on (not newest) Solaris kernel, as it offers clock_gettime function in the library and CLOCK_THREAD_CPUTIME_ID constant in the header.

Wed, Oct 6, 2:23 AM · Solaris, gnupg (gpg23)

Tue, Oct 5

mooney added a comment to T5623: gpg2 hangs on many tasks on OpenIndiana (Illumos).

I mentioned the two POSIX getconf settings you referenced in those links, and the developer that implemented CLOCK_THREAD_CPUTIME_ID and a couple other CLOCK_THREAD types had this to say:

Tue, Oct 5, 9:30 PM · Solaris, gnupg (gpg23)
werner added a subtask for T5175: Kleopatra: Add support for custom groups: T5638: Make Kleopatra group configuration exportable.
Tue, Oct 5, 4:37 PM · Restricted Project, kleopatra
werner added a parent task for T5638: Make Kleopatra group configuration exportable: T5175: Kleopatra: Add support for custom groups.
Tue, Oct 5, 4:37 PM · Restricted Project, Feature Request, kleopatra
werner triaged T5638: Make Kleopatra group configuration exportable as High priority.
Tue, Oct 5, 4:36 PM · Restricted Project, Feature Request, kleopatra
gniibe committed rC71d4d592d891: build,gcrypt.h: Don't define gcry_socklen_t. (authored by gniibe).
build,gcrypt.h: Don't define gcry_socklen_t.
Tue, Oct 5, 9:07 AM
gniibe committed rC0f43570af93e: build,gcrypt.h: Remove INSERT_SYS_SELECT_H. (authored by gniibe).
build,gcrypt.h: Remove INSERT_SYS_SELECT_H.
Tue, Oct 5, 9:07 AM
gniibe committed rC7da42a8e8cc5: random: Use poll instead of select. (authored by gniibe).
random: Use poll instead of select.
Tue, Oct 5, 9:07 AM
gniibe committed rG3918fa1a9488: agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep. (authored by gniibe).
agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.
Tue, Oct 5, 7:09 AM
gniibe set External Link to https://src.fedoraproject.org/rpms/libgcrypt/blob/rawhide/f/libgcrypt-1.8.4-use-poll.patch on T5637: Use poll for libgcrypt (support more than 1024 fds).
Tue, Oct 5, 6:32 AM · gpgrt, Feature Request, gpgme
gniibe triaged T5637: Use poll for libgcrypt (support more than 1024 fds) as High priority.
Tue, Oct 5, 6:31 AM · gpgrt, Feature Request, gpgme
gniibe committed rGeeb25df6f8fc: agent: Fix calibrate_get_time use of clock_gettime. (authored by gniibe).
agent: Fix calibrate_get_time use of clock_gettime.
Tue, Oct 5, 5:13 AM
gniibe added a comment to T5623: gpg2 hangs on many tasks on OpenIndiana (Illumos).

FreeBSD has _POSIX_THREAD_CPUTIME > 0.
GNU/Linux has _POSIX_THREAD_CPUTIME == 0, because older kernel doesn't support the system call.

Tue, Oct 5, 4:59 AM · Solaris, gnupg (gpg23)