In T6869#200695, @timegrid wrote:so the non working automatic match of data.sig -> data is another bug?
Feed All Stories
May 7 2025
May 7 2025
• ikloecker added a comment to T6869: Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures).
• ikloecker added a comment to T6869: Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures).
You cannot trust any signatures made with a compromised key because the signature creation date can easily be forged.
Then why don't we add at least the red background (and maybe an X) instead of the warning sign symbol and no color?
• ikloecker moved T7639: Kleopatra: Version information sometimes not shown. from Backlog to WiP on the vsd33 board.
Backported for VSD 3.3.x
• ikloecker committed rKLEOPATRA1fb1e088a82e: Update status bar when distribution settings change (authored by • ikloecker).
Update status bar when distribution settings change
• werner changed the status of T7633: libgcrypt fails to build on NetBSD due to the systems bswap32 macro defintion. from Open to Testing.
• werner changed the status of T7634: libgcrypt's test t-thread-local fails to link on some platforms. from Open to Testing.
timegrid added a comment to T6869: Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures).
so the non working automatic match of data.sig -> data is another bug?
• ebo added a comment to T6869: Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures).
You cannot trust any signatures made with a compromised key because the signature creation date can easily be forged.
• ebo added a comment to T6869: Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures).
• ikloecker added a comment to T6869: Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures).
• ikloecker added a comment to T6869: Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures).
• ikloecker added a comment to T6869: Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures).
timegrid added a comment to T6869: Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures).
It's weird that in the "multiple / mixed / split" case the full paths of the files is used even though all files seem to be in the same folder. This isn't really that important.
• ebo added a comment to T6869: Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures).
One thing: The message for the valid signature from a revoked key looks less worrisome from the user perspective as an invalid signature. Is this intended?
One does not see here if the signature was made before or after the revocation. In the latter case the signature can not be trusted for sure. In the first case it might be ok.
• ikloecker added a comment to T6869: Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures).
Most of the texts (most are proper sentences) lack a full stop. It's unclear whether this is a bug in the German translation or also in the original texts. This should be fixed.
timegrid moved T6869: Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures) from WIP to Done on the gpd5x board.
tests with vsd still needs to be done
timegrid added a comment to T6869: Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures).
the changes themself look good to me on gpg4win-5.0.0-beta167@win10
CarlSchwan committed rOJ4e7d066fc997: Ensure shellapi.h is included after windows.h (authored by CarlSchwan).
Ensure shellapi.h is included after windows.h
CarlSchwan committed rOJfea41b426317: Rename desktop file to gpgolweb and add icons (authored by CarlSchwan).
Rename desktop file to gpgolweb and add icons
• werner added a comment to T6681: agent: Clean up main loop and better cache handling of expiration (was: Adding agent_timer API for monitoring something and passphrase cache).
Lucas Mülling commented yesterday on gnupg-devel:
yes please!
CarlSchwan committed rW47c619c6c8ca: GpgOL/Web: fix missing manifest.xml file (authored by m <meik.michalke@gnupg.com>).
GpgOL/Web: fix missing manifest.xml file
CarlSchwan committed rW0be2302c0759: GpgOL/Web: fixed installation path for add-in icons (authored by m <meik.michalke@gnupg.com>).
GpgOL/Web: fixed installation path for add-in icons
timegrid moved T7574: Migration of group config from old location to new location is broken from WIP to Done on the gpd5x board.
looks good to me on gpg4win-5.0.0-beta167@win10
CarlSchwan committed rW879899729ad9: gpgpoljs: Add powershell script for root ca installation (authored by CarlSchwan).
gpgpoljs: Add powershell script for root ca installation
• ikloecker changed the status of T7639: Kleopatra: Version information sometimes not shown. from Open to Testing.
The status bar is now updated in case the VERSION file is loaded after the main window was created.
• ikloecker committed rKLEOPATRA6f48c49fee42: Do not try to verify the VERSION file if it doesn't exist (authored by • ikloecker).
Do not try to verify the VERSION file if it doesn't exist
• ikloecker committed rKLEOPATRA7fa582188438: Update status bar when distribution settings change (authored by • ikloecker).
Update status bar when distribution settings change
• ikloecker added a comment to T7639: Kleopatra: Version information sometimes not shown..
Kleopatra does not show version information in the status bar. It does show whatever is stored in the VERSION file under the key statusline in the group [Kleopatra].
timegrid moved T7304: Kleopatra: "All Certificates" key filter gets selected when saving a change to a key filter's appearance from WIP to Done on the gpd5x board.
looks good to me on gpg4win-5.0.0-beta167@win10
• ikloecker moved T7639: Kleopatra: Version information sometimes not shown. from Backlog to WIP on the gpd5x board.
• gniibe added a comment to T7519: libgcrypt: (EC)DSA signature generation should be constant-time.
In libgcrypt/cipher/ecc-ecdsa.c, we have:
mpi_mulm (s, k_1, sum, ec->n); /* s = k^(-1)*(hash+(d*r)) mod n */
l10n daemon script <scripty@kde.org> committed rKLEOPATRA35cbf31ad3d4: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
collinfunk added a comment to T7638: gpg on Solaris does not print a signal description.
Hi Werner, I submitted a patch right after this bug report using AC_CHECK_DECLS([_sys_siglist]) [1].
May 6 2025
May 6 2025
dkg added a comment to T7611: WoT: adding a marginal trustsig reduces the validity of a downstream certificate.
To avoid further noise on this ticket, i've done as requested and posted to gnupg-devel : https://lists.gnupg.org/pipermail/gnupg-devel/2025-May/035875.html
CarlSchwan committed rOJ8cdb08f3fece: client: Ensure all ultimately trused keys are fetched (authored by CarlSchwan).
client: Ensure all ultimately trused keys are fetched
CarlSchwan committed rOJ0c8ee7c133fd: Use ShellExecute to install root ca on Windows (authored by CarlSchwan).
Use ShellExecute to install root ca on Windows
Add domain name to certificate
Update NEWS
hej added a comment to T7581: Draft: Kleopatra: Create Group key.
engl. Menu Entry: Save Secret Team Key
Tooltip: Save this secret key to share with other team members.
• ikloecker committed rKLEOPATRA935f4667485e: Remove RELEASE_SERVICE_VERSION amendment from application version (authored by • ikloecker).
Remove RELEASE_SERVICE_VERSION amendment from application version
• alexk updated the task description for T7581: Draft: Kleopatra: Create Group key.
• alexk added a comment to T7581: Draft: Kleopatra: Create Group key.
Discussion and background for naming things and german translation
• ikloecker updated subscribers of T7405: Kleopatra: Highlight if no valid encryption subkey exists.
For the icon:
• alexk updated the task description for T7581: Draft: Kleopatra: Create Group key.
• werner committed rG9589da97e2fc: gpgsm: Always print info about certs-only message. (authored by • werner).
gpgsm: Always print info about certs-only message.
timegrid moved T7215: Improve UX of "subkey expiry change" window from WIP to Done on the gpd5x board.
timegrid added a comment to T7215: Improve UX of "subkey expiry change" window .
looks good to me on gpg4win-5.0.0-beta167@win10
• ikloecker committed rGPGMEQTecce330a06e9: build: Append the linker search paths to the RPATH for installed targets (authored by • ikloecker).
build: Append the linker search paths to the RPATH for installed targets
• ikloecker committed rKLEOPATRA1417df985de5: Initialize pointer variables to avoid a crash (authored by • ikloecker).
Initialize pointer variables to avoid a crash
• ikloecker committed rKLEOPATRAda306d536c8f: Initialize pointer variables to avoid a crash (authored by • ikloecker).
Initialize pointer variables to avoid a crash
• ebo renamed T7405: Kleopatra: Highlight if no valid encryption subkey exists from Draft: Kleopatra: Highlight if no valid encryption subkey exists to Kleopatra: Highlight if no valid encryption subkey exists.
• ebo added a comment to T7405: Kleopatra: Highlight if no valid encryption subkey exists.
We decided to
• ebo added a comment to T7580: Kleopatra: Add a dialog window to the disable/enable certificate action.
@TobiasFella: please ping on screenshot in MR
• ebo renamed T7580: Kleopatra: Add a dialog window to the disable/enable certificate action from Draft: Kleopatra: Add a dialog window to the disable/enable certificate action to Kleopatra: Add a dialog window to the disable/enable certificate action.
• werner committed rGe1576eee040f: scd:p15: Make signing work for Nexus cards. (authored by • werner).
scd:p15: Make signing work for Nexus cards.
• ikloecker committed rGPGMEPP2b30653d48b5: build: Append the linker search paths to the RPATH for installed targets (authored by • ikloecker).
build: Append the linker search paths to the RPATH for installed targets
hej added a comment to T7580: Kleopatra: Add a dialog window to the disable/enable certificate action.
Vorschlag Text:
• ikloecker added a comment to T7620: gpgme_get_key fails to detect secret encryption subkey after key generation on card (until context is recreated).
The first call of get_key receives the following key listing from gpg:
2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: sec:-:256:19:C4A24EB0B5F2E025:1746474606:::u:::s 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: cESCA:::D2760001240100000006180489130000::brainp 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: oolP256r1:23::0:<LF> 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: fpr:::::::::DEC0948C398A6E7B50746EC6C4A24EB0B5F2 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: E025:<LF> 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: grp:::::::::06BDACFBDEDBC5783A75AE5E7251FA3369C4 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: 0FF4:<LF> 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: uid:-::::1746474606::2222D8E2F373B9BDEE0DEA2A20A 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: 9402214E9F984::Eric <eric@bktus.com>::::::::::0: 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: <LF> 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: ssb:-:256:19:EAFC5EA29B758B22:1746474606::::::a: 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: ::D2760001240100000006180489130000::brainpoolP25 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: 6r1:23:<LF> 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: fpr:::::::::1AD596DDEC9B8CF3C1AC6C41EAFC5EA29B75 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: 8B22:<LF> 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: grp:::::::::52F0797C0B0439BBD718E2534D46656A6C45 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: 6A78:<LF> 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: ssb:-:256:18:A874804DB497B91C:1746474606::::::e: 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: ::#::brainpoolP256r1:23:<LF> 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: fpr:::::::::33B273C7BD46E4EB63DD6874A874804DB497 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: B91C:<LF> 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: grp:::::::::34A1F8D9B2AA0CF07C2E042D70E10F9D4EBE 2025-05-05 21:50:23 gpgme[57059] _gpgme_io_read: check: E734:<LF>
Note the line
ssb:-:256:18:A874804DB497B91C:1746474606::::::e:::#::brainpoolP256r1:23:<LF>
where the # marks the subkey as stub.
• werner added a comment to T7638: gpg on Solaris does not print a signal description.
Right now we have
l10n daemon script <scripty@kde.org> committed rKLEOPATRA0e29a3330c99: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rLIBKLEOcc1a5f90f65a: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
collinfunk added a comment to T7638: gpg on Solaris does not print a signal description.
Interesting, that sounds like a portable method. I am not very familiar with GPG internals, but to me that sounds like quite a bit of work. Unless there is another benefit to doing so, I don't think it is worth it just to print signal names.
collinfunk added a comment to T7631: Building libassuan on AIX warns about missing function declarations..
Yep, I wrote a small client and server just to verify that it is functional.
l10n daemon script <scripty@kde.org> committed rKLEOPATRA7c8b70f456c9: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rLIBKLEOb5fb17e01f5f: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
May 5 2025
May 5 2025
Saturneric added a comment to T7620: gpgme_get_key fails to detect secret encryption subkey after key generation on card (until context is recreated).
I have now identified the exact conditions and a reproducible path for the issue I previously reported. I will also attach the relevant gpgme.log.
CarlSchwan committed rGPGMEPP7a82afe66309: Add missing Context::EncryptionFlags (authored by CarlSchwan).
Add missing Context::EncryptionFlags
• werner added a comment to T7620: gpgme_get_key fails to detect secret encryption subkey after key generation on card (until context is recreated).
I doubt that this is a gpgme problem. With a gpgme log we will be able see the exact commands send to gpg and replicate this on the command line.
• ikloecker moved T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t from Backlog to QA for next release on the gpgme board.
Should be fixed.
• ikloecker added a comment to T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t.
For gpgme 2 we changed the data types of the time fields to unsigned: rMf2d40473b522e348d96a70c089d2191d0b978098 . Since this change breaks the ABI we use the above change for the 1.24 branch.
• ikloecker committed rMf23cef6f66a4: cpp: Ensure correct expiration time on 32-bit arch with 64-bit time_t (authored by • ikloecker).
cpp: Ensure correct expiration time on 32-bit arch with 64-bit time_t
• werner committed rMa6e8f961436d: core: Fix regression for RSA in gpgme_pubkey_algo_string. (authored by • werner).
core: Fix regression for RSA in gpgme_pubkey_algo_string.
Prepare NEWS for the next release
Release 1.24.2
Post release updates.
• werner committed rMa4945675ece2: cpp: Ensure that all transitions go from one state to a different state (authored by • ikloecker).
cpp: Ensure that all transitions go from one state to a different state
cpp: Validate the transition map
• werner committed rMe327305b9669: cpp: Add missing transition, remove two ignored (and wrong) transitions (authored by • ikloecker).
cpp: Add missing transition, remove two ignored (and wrong) transitions
• werner changed the status of T3325: Allow encryption/signing in GPGME using a specified subkey from Open to Testing.
• werner committed rMbfd320abfeaf: Allow signing using an exactly specified subkey. (authored by • werner).
Allow signing using an exactly specified subkey.
• werner committed rMf2d40473b522: Change timestamp fields from signed to unsigned long. (authored by • werner).
Change timestamp fields from signed to unsigned long.
Mark the subkey used to find a key.
• werner triaged T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t as Normal priority.
• werner added a comment to T7628: gpg uses "month" as a synonym for 30 days.
And the US administration might even change the definition of a year to, say, 100 months so that potus can rightfully keep his promise that there won't be more election in the foreseeable future ;-)
CarlSchwan updated the diff for D607: Add missing Context::EncryptionFlags.
Add news
• ikloecker added a comment to D607: Add missing Context::EncryptionFlags.
Looks good. Please also add the new flags to the NEWS file (similar to what Werner wrote in https://dev.gnupg.org/rMcd79fc39736fda6ce38f1f79700cf658c47372f9).
• ikloecker added a comment to T7628: gpg uses "month" as a synonym for 30 days.
By the way, "years" is also "incorrect" once in ~4 years because it uses n*365 days. Werner's advice still applies. Enter an ISO date if you want an exact date. Or use a UI tool like Kleopatra.
CarlSchwan committed rOJ9ae1fdf25258: Request two seperate access tokens for msgraph API and EWS API (authored by CarlSchwan).
Request two seperate access tokens for msgraph API and EWS API
svuorela added a comment to T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t.
tested @ikloecker's patch succesful on amdahl.
• ikloecker added a comment to T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t.
The following patch for gpgme 1.24 should fix the test.
diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp index 42046aa..2b14d90 100644 --- a/src/key.cpp +++ b/src/key.cpp @@ -633,7 +633,7 @@ time_t Subkey::creationTime() const
svuorela added a comment to T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t.
I did a local change (on amdahl.d.o) changing _gpgme_subkey.expires to long long (ABI-break) and all tests succeeded.
svuorela added a comment to T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t.
It looks like the entirety of gpgme timestamping was missed when the 64bit time transition happened in Debian and Ubuntu.
• ikloecker edited projects for T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t, added: gpgme; removed gpgmeqt, qt.
This looks like a problem in gpgme. struct _gpgme_subkey stores the expiration date as long int expires which is a signed 32-bit value on all 32-bit architectures. gpgmepp casts this to time_t, but that doesn't help if the 32-bit value is already negative. The same problem exists with all other timestamps in gpgme (i.e. key creation date, signature expiration date, etc.).