To little information.

• Can you please describe what you were doing when the crash occured.
• Could you enable the debug mode (described in the compendium) and add the

created log.

• Are you using an Exchange server together with outlook?

Ah yes, I had that before in our build system where RUNPATH is passed via LD_OPTIONS.
If I pass the flags via LDFLAGS it works.

Thanks! -- Dago

A few Arch users are reporting the same regression/breakage, thread here:

https://bbs.archlinux.org/viewtopic.php?pid=1479136

That pretty much looks like you are using this new test program with an older
Libksba.

Duplicate of T1467

See the other bug. Will be fixed with the next release.

Thanks for noting.

it is about the time to change the default behaviour and to have 2.1 install
gnupg.7 and 1.4 not to install it. Obviously there is a conflict for all
released versions of 1.4 but we can't do anything about it. I fear you have to
live with this minor conflict.

Fix pushed to the 1.4 branch.

backported to 2.0 and 1.4.

Does this now also work for you?

Yes. Thank you.

0.9.6 will be release today, thus I close it.

GNOME--

fixed with f80c2dd.

I don't get the message while signed in of course, but going incognito
or the next day, the message is back.

How is any browser supposed to trust a self-signed certificate if the
issuer is unknown to the browser? Is there something I can add to my
OS that will let it know you are the issuer?

I have seen this issue before, even on bank sites, going back 5 years
at least. I would like to know if there is a general solution.

You have marked this resolved so may not look at it anymore. I should
not have made this seem to be a Chrome issue. Firefox is the same and
their detailed message is more helpful:

bugs.gnupg.org uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for the following names:
www.g10code.com, g10code.com, ftp.g10code.com, bugs.g10code.com,

git.g10code.com

(Error code: sec_error_unknown_issuer)

Chrome? I don't know. Using self-signed certificates is pretty common.

Please do not use the title to describe an error. Here is the description you gave:

gpg: keyblock resource `C:/Program\secring.gpg': file open error gpg: keyblock
resource `C:/Program\pubring.gpg': file open error usage: gpg [options] [filename]

Please add more specific information. What Web application, which gpg4win
versions, etc. You may also want to ask for help on one of the maling lists.

Hello werner, a gentle reminder for this bug, have a look, if possible, it has
been over 3 months now.

I understand you may not have time to work on this since it's not the
bug I thought.

I hope you will just answer one question for me though.

Having imported my key in the system-wide keyring defined in my
gpg.conf, can I safely do without the local pubring.gpg?

Or, is it necessary for some reason that I import my public key back
into the local pubring.gpg so that there will be a double listing of
my key when I do gpg -k?

I am finally understanding what is going on with the duplicate listing
of my key, and now wonder if I have screwed something up with the
procedure that "fixed" the double key.

The reason for getting my public key listed twice as an output to 'gpg
-k' is that it first listed the contents of ~/.gnupg/pubring.gpg (just
my key) then listed the contents of /etc/pacman.d/gnupg/pubring.gpg
which also had my key in it. The reason it listed
/etc/pacman.d/gnupg/pubring.gpg is that was the keyring defined in my
gpg.conf.

My procedure that successfully got rid of the duplicate listing has
actually made my ~/.gnupg/pubring.gpg file empty! So, I don't get a
duplicate because gpg -k only lists the contents of
/etc/pacman.d/gnupg/pubring.gpg.

Will this work as is or should I try to put my public key back into
~/.gnupg/pubring.gpg?

I figured out the steps that led to the duplicate entry in the first
place. After editing ~/.gnupg/gpg.conf to include

keyring /etc/pacman.d/gnupg/pubring.gpg

I generated the key

gpg --gen-key

Then did

sudo pacman-key --import /home/colin/.gnupg

I've filed a bug against pacman-key, but I think it translates to

sudo gpg --homedir /etc/pacman.d/gnupg/ --no-permission-warning --
import /home/colin/.gnupg

And, this is what lead to the duplicate entry. Does it make sense this
would lead to a duplicate entry? Is it a bug of gpg, or is it supposed
to do that for some reason?

This was fixed in gpg4win 2.2.2

Yep, I'm using Kleo/Kmail now with 2.1 and I don't see any issues.

I've closed your Bug against kleopatra accordingly.

I also don't think that there will be much "Does not work at all" issues but
rather "There is no gui for this or that configuration option / no gui for ECC
Key creation" etc. So this is not really a Yes/No question.

Imho a Wiki Page would be more suited to track this.

Patch is included in gpg4win now with a comment that it should be obsolete with
newer mingw versions.

With pinentry 0.9 this works in pinentry-gtk under GNU/Linux.

With pinentry 0.8.4 This works in pinentry-qt4 under Windows.

Gpg4win includes a version with paste support since 2.1.0 (I think)

You say Chrome should be able to handle it, but it's not. I am using
the most up-to-date version of Chrome available for Linux: Version
40.0.2214.6 dev (64-bit), and it is not handling the certificate
properly. The wording of the "advanced" message indicates this is the
fault of my operating system. If this is a bug of Arch Linux, what
package would I file the bug against?

A fix for this has been included in gpg4win 2.2.2.

GnuPG already converted the Output but to CP_ACP instead of the
"GetConsoleOutputCP" which was wrong.

Does this now also work for you? I've only tested it with the Codepage for Germany.

After reading your suggestion, I realized using the fingerprint would
be the same as deleting the secret key for "Colin N Keenan" instead of
"Colin Keenan". Since I had made a backup of .gnupg while it was
showing a duplicate public key for "Colin Keenan", I realized that's
what I wanted to do anyway. So, I solved the issue by

gpg --delete-secret-key "Colin N Keenan"
gpg --delete-key "Colin N Keenan"
cp .gnupg/pubring.gpg .gnupg-backup
rm -r .gnupg
cp -r .gnupg-backup .gnupg

But still, this seems like a bug. Is there a better way to remove a
duplicate entry? Also, why is it allowed to have a duplicate entry?

This should be fixed in 2.2.3 (Which will be released soon)

Gpgtar now handles all filenames using the windows 8bit charset. It still does
not support full unicode filenames. For this the fix would have been larger but
at least kleopatra now reacts to gpgtar errors so when you include a File that
can not be handled it will show an error and mention the file that was problematic.

It's not crashing for me with master but its not fixed.

I acidentally ran into this while checking out a windows crash and found the cause:
echo $GPG_AGENT_INFO /run/user/1000/keyring-Lvs93w/gpg:0:1

At least this was my problem and as "Ubuntu" is the platform it is likely that
this was the original problem.

I've commented in the launchpad report.

The entire X.509 based system is unsafe - it just does not work.
To save the costs and trouble I use a self-signed certificate for this site.

Or is that that Chrome is not able to handle an expiration time set to the day
of First Contact? Icanga has such a year 2038 problem, but I bet Chrome can
handle it.

Can you please try to delete it using the fingerprint of the key?

ssh-add only looks for private key information. If there is a id_rsa-cert.pub file it
will add the certificate, but one cannot add a certificate alone.

There are a couple of problems:

1. gpg-agent doesn't recognize the cert type (ssh-rsa-cert-v01@openssh.com, etc.) so if

it is added via agent forwarding it fails.

2. If the private key is on a card, then there is no private key file for ssh-add to

use. Some cards allow certificates to be stored on the card, and it looks from the
source to scdaemon that there is a way to read it and return it to the agent.

I could give this a try: in the case of #2, do you think it would be a reasonable
addition to gpg-agent's protocol to look for ~/.ssh/id_{rsa,dsa,ecdsa}-cert.pub when
handling a card-based private key? The cert is public info so only better portability
is gained by storing it on the card.

Feel free to send a patch ;-). You may want to publish this feature request on
some mailing list and ask for help.

Isn't it possisble to convert it to standard ssh format and use that with ssh-add?

I am currently lacking the time to add this to gpg-agent.

Fixed in master will be backported to 2.0.
That is a very well written bug report. Thanks.

Fixed with commit eecbed0