I think Werner backported some missing functionality to GnuPG 2.2. Please retest with the next version.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Mar 16 2023
Mar 16 2023
• ikloecker changed the status of T6379: Kleopatra: Brainpool key can not be moved to smart card from Open to Testing.
Mar 16 2023, 10:43 AM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, kleopatra
• ikloecker changed the status of T5478: Kleopatra: Performance problems decrypting and encrypting large Archives from Open to Testing.
ready for testing
• ikloecker added a comment to T5478: Kleopatra: Performance problems decrypting and encrypting large Archives.
I wrote T6412: Kleopatra: Inform user if some files were not extracted from encrypted archive to inform the user about not extracted files. I think this shouldn't block this issue because special files probably don't occur in normal usage of GnuPG VSD.
• ikloecker moved T6342: GPGME/Kleopatra: Extend gpgme to use gpgtar from Restricted Project Column to Restricted Project Column on the Restricted Project board.
• ikloecker closed T6342: GPGME/Kleopatra: Extend gpgme to use gpgtar, a subtask of T5478: Kleopatra: Performance problems decrypting and encrypting large Archives, as Resolved.
Closing. This will be tested with T5478: Kleopatra: Performance problems decrypting and encrypting large Archives.
• ikloecker changed the status of T6373: Kleopatra: Show progress dialog when moving decrypted archive to final destination from Open to Testing.
I think letting KIO show the progress is okay for now. I hope it also works on Windows (if showing progress is necessary).
• ikloecker changed the status of T6373: Kleopatra: Show progress dialog when moving decrypted archive to final destination, a subtask of T5478: Kleopatra: Performance problems decrypting and encrypting large Archives, from Open to Testing.
• ikloecker added a comment to T6064: Kleopatra: Allow queries to list all certificates on the server.
If it's possible to search for any keys on an LDAP server, then gpg's LDAP support could probably map "*" to the required LDAP search filter. I'm pretty sure that (modern) keyservers don't allow listing all keys.
gpgsm: New option --no-pretty-dn
l10n daemon script <scripty@kde.org> committed rKLEOPATRAfa3242e4d4db: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Mar 15 2023
Mar 15 2023
• werner committed rEfbbc55b3febe: build: Improve the beta numbering by autogen.sh (authored by • werner).
build: Improve the beta numbering by autogen.sh
• werner committed rM98a159eb5e04: build: Update autogen.sh from libgpg-error (authored by • werner).
build: Update autogen.sh from libgpg-error
FYI: Quite some more days than a few passed by. I still did not found the time for this, sorry.
works. tested with VSD 3.1.26 (gpg 2.2.41) and keyserver entry in dirmngr.conf only.
works, server can be added to dirmngr.conf via kleopatra
works with AD, too. Even with an "a" ;-)
• aheinecke committed rO1f9c757872b0: Save MAPI message before decryption (authored by • aheinecke).
Save MAPI message before decryption
• ikloecker committed rKLEOPATRAfefd82dd122b: Add include to make Qt6 build happy (authored by • ikloecker).
Add include to make Qt6 build happy
• werner committed rGe5066f2d1c26: gpgtar: Do not allow the use of stdout for --status-fd (authored by • werner).
gpgtar: Do not allow the use of stdout for --status-fd
• werner committed rGda044776311e: gpgtar: Do not allow the use of stdout for --status-fd (authored by • werner).
gpgtar: Do not allow the use of stdout for --status-fd
• werner committed rG0045583cd2ac: gpgtar: Print a result status with skipped files. (authored by • werner).
gpgtar: Print a result status with skipped files.
• werner committed rGed9a420a221a: gpgtar: Emit progress status lines in create mode. (authored by • werner).
gpgtar: Emit progress status lines in create mode.
Remove obsolete helpers
• ikloecker committed rKLEOPATRA32a30acd7d41: Use KIO::moveAs to move decrypted folders to the target folder (authored by • ikloecker).
Use KIO::moveAs to move decrypted folders to the target folder
• ikloecker committed rKLEOPATRA8da2c9acf38d: Sort/group libraries to link (authored by • ikloecker).
Sort/group libraries to link
• ikloecker committed rKLEOPATRA39754005e5b3: Look for all KF libraries with a single find_package command (authored by • ikloecker).
Look for all KF libraries with a single find_package command
Mar 15 2023, 11:43 AM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
• werner moved T6363: Add progress status output to gpgtar from Backlog to WiP on the gnupg22 board.
• werner committed rG56b65f33d261: gpgtar: Print a result status with skiupped files. (authored by • werner).
gpgtar: Print a result status with skiupped files.
Tuyen added a comment to T6402: [gnupg] configure: --with-libksba-prefix overrided by --with-ksba-prefix.
Hi @werner,
I understand we should use --with-libksba-prefix, but it doesn't work:
• aheinecke triaged T6403: Kleopatra: Warn if a certificate in a group is deleted as Normal priority.
I changed the title of the issue to make it about adding the warning. I also think that is a good idea to avoid confusion / accidents.
• aheinecke renamed T6403: Kleopatra: Warn if a certificate in a group is deleted from Kleopatra: handling of keys/certificates which are in a group to Kleopatra: Warn if a certificate in a group is deleted.
I disagree. Unless customers explicitly request it users should be able to trust root certificates manually. I do not see much difference between this and allowing users to certify their own certificates.
This can be required when a user wants to encrypt something to an unknown certificate, regardless of VS-NfD or not.
• werner closed T6402: [gnupg] configure: --with-libksba-prefix overrided by --with-ksba-prefix as Resolved.
That is not a bug but required for backward compatibility. See me/ksba.m4:
I would suggest that with the VSD 3.2 we make --no-user-trustlist the default via the corresponding registry entry and explain how to use --sys-trustlist-name to use a custom trustlist.
• werner edited projects for T6411: Signing Other PGP Keys Fails when Using a SmartCard, added: Support; removed Bug Report.
Mar 15 2023, 9:43 AM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
• werner committed rG5118beeec18f: gpg: Delete secret key after "keytocard". (authored by • werner).
gpg: Delete secret key after "keytocard".
• werner committed rG2e065b4bd2d3: scd,openpgp: Switch key attributes between RSA and ECC in writekey. (authored by • werner).
scd,openpgp: Switch key attributes between RSA and ECC in writekey.
• werner committed rG706d557a6451: gpg: Delete secret key after "keytocard". (authored by • werner).
gpg: Delete secret key after "keytocard".
Hint: When the user disabled GpgOL -> Automation -> Automatically secure messages in the configuration of GpgOL he could see the email body again.
• ikloecker committed rKLEOPATRAedf8ae06ff84: Let the compiler control the lifetime of the dialog (authored by • ikloecker).
Let the compiler control the lifetime of the dialog
Yes, the installation was with the unmodified Installer GnuPG-VS-Desktop-3.1.26.0-Standard.msi
This isn't a support forum. You'd better ask on the gnupg-users mailing list before assuming that you found a bug.
l10n daemon script <scripty@kde.org> committed rLIBKLEO1aee4ca4245e: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rLIBKLEOdd0fb16c60b1: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Mar 14 2023
Mar 14 2023
Are you using an actual GnuPG VSD installer? I'm asking because, as far as I know, several actions are disabled via immutable config entries that are only shipped to customers.
• werner closed T6382: keytocard fails to import a nistp384 ECDSA key, a subtask of T6378: keytocard: invalid value, as Resolved.
Mar 14 2023, 4:20 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
Closing this one - see T6378
• werner moved T6378: keytocard: invalid value from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Mar 14 2023, 4:18 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
Fixed in 2.2 need to check 2.4
Mar 14 2023, 4:18 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
• werner committed rG2630872cff71: scd,openpgp: Switch key attributes between RSA and ECC in writekey. (authored by • werner).
scd,openpgp: Switch key attributes between RSA and ECC in writekey.
Ooops. We do not have the automatic chnage of key type in the WRITEKEY command of scdaemon. This is only done when generating a key.
Mar 14 2023, 11:47 AM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
There is actually a regression wit Yubikeys. The fix for 2.2 is in T5100: rG08cc34911470 - for 2.4 I need to check
• werner committed rG08cc34911470: gpg: Allow no version information of Yubikey (authored by • werner).
gpg: Allow no version information of Yubikey
• ikloecker added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.
I agree. Something called READ... shouldn't change existing data. (Updating existing data to a new format that doesn't alter the semantics of the existing data is okay.)
Mar 14 2023, 10:53 AM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
Mar 14 2023, 10:49 AM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
• ikloecker committed rLIBKLEO26753ebdd2eb: Use correct INSTALL_TARGETS_DEFAULT_ARGS (authored by • ikloecker).
Use correct INSTALL_TARGETS_DEFAULT_ARGS
• werner changed the status of T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key from Open to Testing.
• werner moved T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key from Backlog to QA on the gnupg22 board.
Ignoring the error seems to be the best choice. I also think that --force should not overwrite a shadow key file. It seems safer to explicitly delete the key first. A --force option for READKEY does not sound right.
• werner committed rGb28d9ff865a0: agent: Do not overwrite a key file by a shadow key file. (authored by • werner).
agent: Do not overwrite a key file by a shadow key file.
• werner committed rG4f754caad885: agent: Make --disable-extended-key-format a dummy option. (authored by • werner).
agent: Make --disable-extended-key-format a dummy option.
• werner added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.
I did some reworking and the outcome of the READKEY command is now (agent log):
I checked it: There was an empty bin/gpgconf.ctl, and there still is.
Trying it again today, I still get error messages most notably about failed self-tests, but surprisingly the window is no longer empty.
Instead it seems to take an eternity (minutes, actually still not finished after three minutes) until the certificate cache is loaded.
Maybe the problem is the "Check Point Endpoint Security" being active on the client. It looks as if it prevents use of Kleopatra.
As I don't have administrator rights ("for security reasons"), I cannot analyze what's actually going on.
l10n daemon script <scripty@kde.org> committed rLIBKLEOd1ab3070ae7b: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRAcd1356c1a2b7: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
• gniibe committed rCfae63f517906: tests: Improve test coverage for FIPS service indicators. (authored by Jakuje).
tests: Improve test coverage for FIPS service indicators.
• gniibe committed rCe0a5a9eb8301: fips: Explicitly disable overriding random in FIPS mode. (authored by Jakuje).
fips: Explicitly disable overriding random in FIPS mode.
fips: Explicitly allow only some PK flags.
doc: Document the new FIPS indicators.
l10n daemon script <scripty@kde.org> committed rKLEOPATRA4e9a7de6f364: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Mar 13 2023
Mar 13 2023
I never made a threat model. But definitely *any* cracker, should be out of my system, either from governmental agencies or from a kiddo in Russia.
I know that I have someone that is remote accessing my machine, since I got some tells. And that this cracker have used my Emacs text editor.
• ikloecker added a comment to T6409: Kleopatra: misleading representation of key with multiple uids in sign/encrypt dialog.
For non-vsde-enabled installations the green check symbol is okay because in the given context (encryption) it indicates that the key can be used.
mlaurent committed rLIBKLEO413b7eb3801a: GIT_SILENT: don't duplicate KF_MIN_VERSION (authored by mlaurent).
GIT_SILENT: don't duplicate KF_MIN_VERSION
mlaurent committed rLIBKLEO8b8afdc83130: GIT_SILENT: time to increase version (authored by mlaurent).
GIT_SILENT: time to increase version
Seeing that there are "groups" in Kleopatra, I read the docs, and they suggested that the groups are for addressing multiple recipients.
mlaurent committed rKLEOPATRAfdbd14c41085: GIT_SILENT: time to increase version (authored by mlaurent).
GIT_SILENT: time to increase version
Settings -> Configure Groups.
It seems that you are missing the step "Create a new file called gpgconf.ctl in the folder Gpg4win_Portable/bin."