Sure, but this will need adaption in FIPS mode as it fails with:
Feed All Stories
Nov 29 2022
Nov 29 2022
pmgdeb added a comment to T6291: FIPS: dirmngr CRL hash uses MD5.
pmgdeb added a comment to T6291: FIPS: dirmngr CRL hash uses MD5.
Patch using SHA1 instead of MD5.
There are other uses of MD5 and thus we can't disable it. For example gpgsm also lists the MD5 fingerprint of certificates because they are still in use at some places.
build: Update gpg-error.m4.
• werner committed rG12273efdf4b5: doc: Make uploading of 2.2 manuals easier (authored by • werner).
doc: Make uploading of 2.2 manuals easier
scd: Use app_get_slot at more places.
• werner committed rGea222a0d9c73: scd: Use APP_LEARN_FLAG_KEYPAIRINFO with more apps. (authored by • werner).
scd: Use APP_LEARN_FLAG_KEYPAIRINFO with more apps.
• werner committed rGadbe5a35a5f8: scd:nks: Support non-ESIGN signing with the Signature Card v2 (authored by • werner).
scd:nks: Support non-ESIGN signing with the Signature Card v2
gpg: New option --compatibility-flags
• werner committed rGaf1d4ff2eadc: gpg: Make --list-packets work w/o --no-armor for plain OCB packets. (authored by • werner).
gpg: Make --list-packets work w/o --no-armor for plain OCB packets.
• werner committed rG290f458ad66f: gpg: Import stray revocation certificates. (authored by • werner).
gpg: Import stray revocation certificates.
• werner committed rG6ba5b6b85451: agent: Allow trustlist on Windows in Unicode homedirs. (authored by • werner).
agent: Allow trustlist on Windows in Unicode homedirs.
• werner committed rGc1f5fcff4231: gpg: Fix trusted introducer for user-ids with only the mbox. (authored by • werner).
gpg: Fix trusted introducer for user-ids with only the mbox.
• werner committed rG2e18c371d241: scd: Redact --debug cardio output of a VERIFY APDU. (authored by • werner).
scd: Redact --debug cardio output of a VERIFY APDU.
• werner committed rGce50dea7cfe1: gpg: Add a notation to encryption subkeys in de-vs mode. (authored by • werner).
gpg: Add a notation to encryption subkeys in de-vs mode.
• werner committed rG84aba39491c2: scd:nks: Fix ECC signing if key not given by keygrip. (authored by • werner).
scd:nks: Fix ECC signing if key not given by keygrip.
tests: Use 233 for invalid value of FD.
w32: Fix for make check.
w32: Exclude tests with HOME.
tests: Keep .log files in objdir.
• werner committed rG8b1061a5dec7: tests: Fix to support --enable-all-tests and variants. (authored by • gniibe).
tests: Fix to support --enable-all-tests and variants.
• werner committed rGddfc90e5242e: tests:w32: Fix for non-dot file name for Windows. (authored by • gniibe).
tests:w32: Fix for non-dot file name for Windows.
tests:gpgscm:w32: Fix for GetTempPath.
• werner committed rG11f323271671: gpg: Make --require-compliance work with out --status-fd (authored by • werner).
gpg: Make --require-compliance work with out --status-fd
Update NEWS for 2.2.41
w32: Fix for make check.
• werner committed rG15b8d100c9c8: g10/plaintext: do_hash: use iobuf_read for higher performance (authored by jukivili).
g10/plaintext: do_hash: use iobuf_read for higher performance
• werner committed rG2302e180c010: gpg: use iobuf_read for higher detached signing speed (authored by • werner).
gpg: use iobuf_read for higher detached signing speed
Done (STABLE-BRANCH-2-2.40 for now)
• werner committed rGPA6b134447a30a: po: Update Russian translation. (authored by Ineiev <ineiev@gnu.org>).
po: Update Russian translation.
• werner reopened T5826: Improve detached signing and verification speed as "Open".
Yes, I'll do that. Thanks for the reminder.
• ikloecker added a comment to T6271: The old FSF address in libgcrypt source code.
Well, the modern way, recommended by the FSFE, for license notices in source files is SPDX instead of verbose license notices. https://reuse.software/
ametzler1 added a comment to T6285: AM_PATH_GPGME_PTHREAD not ready for gpgrt-config transition.
• gniibe committed rE3f812a0f5df8: gpgrt-config: Support a simple invocation. (authored by • gniibe).
gpgrt-config: Support a simple invocation.
doc: Add man page of gpgrt-config.
• gniibe changed the status of T6288: Document gpgrt-config in detail or improve it to support simple invocation from Open to Testing.
Pushed the change.
• gniibe changed the status of T6273: AM_PATH_GPGME requires preceding invocation of AM_PATH_GPG_ERROR from Open to Testing.
• gniibe committed rMa9921d797b45: doc: Don't use AM_PATH_GPGME_PTHREAD any more. (authored by • gniibe).
doc: Don't use AM_PATH_GPGME_PTHREAD any more.
• gniibe changed the status of T6285: AM_PATH_GPGME_PTHREAD not ready for gpgrt-config transition from Open to Testing.
Now, the use of AM_PATH_GPGME_PTHREAD shows warning. Also I update the documentation.
l10n daemon script <scripty@kde.org> committed rKLEOPATRA9545bf6b76ea: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rLIBKLEO7b260d6b7637: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
• gniibe added a comment to T6271: The old FSF address in libgcrypt source code.
Modern way for license notice seems use of URL: https://www.gnu.org/prep/maintain/maintain.html#License-Notices-for-Code
https://www.gnu.org/licenses/gpl-howto.html
Nov 28 2022
Nov 28 2022
Fix range-loop-errors
• aheinecke committed rOef68c001ebc5: Ignore -Waddress warnings in -Werror mode (authored by • aheinecke).
Ignore -Waddress warnings in -Werror mode
• aheinecke committed rLIBKLEOa2541ecffdfb: Remove duplicated validity check for uids (authored by • aheinecke).
Remove duplicated validity check for uids
works
gpg: New export-filter export-revocs
cklassen committed rW597ace12fa95: removed telephone number of privacy commissioner (authored by cklassen).
removed telephone number of privacy commissioner
Muzaffer015 awarded rPTH3939b86b20d1: build: Prefer gpgrt-config when available. a 100 token.
gpg: Fix double-free in gpg --card-edit.
• ikloecker renamed T6282: Kleopatra: Smartcard dialog for Signature Card 2.0 does not show keys if one key wasn't imported from the card from Kleopatra smartcard dialog for Signature Card 2.0 to Kleopatra: Smartcard dialog for Signature Card 2.0 does not show keys if one key wasn't imported from the card.
Closing. Not a bug in pinentry. The user ID of the key is encoded incorrectly and pinentry just displays the incorrectly encoded user ID.
• werner committed rG2aacd843ad6b: gpg: Make --require-compliance work with out --status-fd (authored by • werner).
gpg: Make --require-compliance work with out --status-fd
• werner committed rD94098b71808f: swdb: Adjust for new location of versions.gnupg.org (authored by • werner).
swdb: Adjust for new location of versions.gnupg.org
• werner committed rDd50e44291126: swdb: Use config file for the upload location (authored by • werner).
swdb: Use config file for the upload location
• gniibe added a comment to T6288: Document gpgrt-config in detail or improve it to support simple invocation.
@ametzler1 Thanks a lot for your help.
l10n daemon script <scripty@kde.org> committed rKLEOPATRAe1716cc422cd: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA7c954e603d61: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
l10n daemon script <scripty@kde.org> committed rLIBKLEObe5c3b17da55: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRAef909246c4ad: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Nov 27 2022
Nov 27 2022
ametzler1 added a comment to T6288: Document gpgrt-config in detail or improve it to support simple invocation.
Something like this?
GIT_SILENT: prepare 22.12.0
GIT_SILENT: prepare 22.12.0
l10n daemon script <scripty@kde.org> committed rKLEOPATRA196f90509823: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA21edcef7bbaa: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Nov 26 2022
Nov 26 2022
jukivili added a comment to T5826: Improve detached signing and verification speed.
Any comments on applying these to gnupg-2.2?
GIT_SILENT: prepare 22.12.0
l10n daemon script <scripty@kde.org> committed rKLEOPATRA0357a1c33aa6: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Nov 25 2022
Nov 25 2022
ametzler1 added a comment to T6288: Document gpgrt-config in detail or improve it to support simple invocation.
• werner added a comment to T6288: Document gpgrt-config in detail or improve it to support simple invocation.
Bootstrapping is an issue. Recall that pkg-config is not a simple program but requires the use of glib (which depends on libffi, libmount, libpcre) - catch-22. Makes building GnuPG on AIX not actually easy.
ametzler1 added a comment to T6288: Document gpgrt-config in detail or improve it to support simple invocation.
FWIW I would vote for a) "document gpgrt-config in detail" and suggest using pkg-config (variant) for direct invokations. There seems to be little benefit in investing effort/complicating gpgrt-config when pkg-config works fine.
gpg: New option --list-filter
• ikloecker added a comment to T6289: Pinentry garbles international characters.
It's irrelevant whether you can trick the combination of gpg and PowerShell to show the wrong encoded user ID correctly. The user ID is still encoded wrongly and every standard-compliant implementation of OpenPGP will show garbage when displaying the user ID.
bjornbouetsmith added a comment to T6289: Pinentry garbles international characters.
Interestingly enough if I set LC_LCTYPE environment variable in powershell $env:LC_CTYPE = "C.UTF-8" - it behaves correctly and generates UTF-8 encoded names.
• ikloecker added a comment to T6289: Pinentry garbles international characters.
Looking at the hexdump of the user ID in the exported (and dearmored) public key this looks like a classic double-encoding problem, i.e. UTF-8 encoded UTF-8:
42 6A C3 83 C2 B8 72 6E
^^^^^^^^^^^bjornbouetsmith added a comment to T6289: Pinentry garbles international characters.
Just found out something weird - powershell tells me the default characterset is iso-8859-1
~~~
PS C:\Users\bbs> [System.Text.Encoding]::Default
bjornbouetsmith added a comment to T6289: Pinentry garbles international characters.
okay, installed 2.2.29 and tried showkey:
C:\Users\bbs> gpg.exe --show-key D:\bbs_gpg.public.pgp
pub rsa4096 2022-11-06 [SC]
0F20E48DEA9FD7A5626DBA0067BDA85044042E3B
uid Bjørn Bouet Smith <bjornsmith@gmail.com>
sub rsa4096 2022-11-06 [E]• ikloecker updated the task description for T5836: Kleopatra: Optionally, delete private key locally after moving a key to a smartcard.
• ikloecker changed the status of T5836: Kleopatra: Optionally, delete private key locally after moving a key to a smartcard from Open to Testing.
This is now ready for testing.
• ikloecker added a comment to T6289: Pinentry garbles international characters.
https://gpg4win.org/download.html, but there isn't a Gpg4win release with GnuPG 2.2.29. The most recent Gpg4win 3.x has GnuPG 2.2.28. (All releases of Gpg4win 4.x include GnuPG 2.3.x.)
• ikloecker committed rKLEOPATRA19aae7ca7b52: Update only the smart card we copied the key to (authored by • ikloecker).
Update only the smart card we copied the key to
• ikloecker committed rKLEOPATRA3495322bda49: Allow updating a single smart card (app) (authored by • ikloecker).
Allow updating a single smart card (app)
bjornbouetsmith added a comment to T6289: Pinentry garbles international characters.
Yes, seems so. In either case, there's nothing we can do anything about since the versions provided by us appear to work correctly.
But it is strange that the version can show the characters correctly - so it can encode and decode to the same output.
• ikloecker added a comment to T6289: Pinentry garbles international characters.
On Linux, I also get garbled output for your key:
$ gpg --show-key <bbs_gpg.public.pgp pub rsa4096/67BDA85044042E3B 2022-11-06 [SC] 0F20E48DEA9FD7A5626DBA0067BDA85044042E3B uid Bjørn Bouet Smith <bjornsmith@gmail.com> sub rsa4096/08D7C29E12A34AD2 2022-11-06 [E]
This indicates that the user ID was encoded incorrectly by the gpg included in git when you created the key.
bjornbouetsmith added a comment to T6289: Pinentry garbles international characters.
I am not sure if the export is correct - or if you need something else?
bjornbouetsmith added a comment to T6289: Pinentry garbles international characters.
If I import the keys into gpgwin it shows up garbled - both in the console version of gpg.exe and Kleopatra, but if I run
gpg.exe -k
With the old gpg version it shows up as:
/c/Users/bbs/.gnupg/pubring.kbx
-------------------------------
pub rsa4096 2022-11-06 [SC]
0F20E48DEA9FD7A5626DBA0067BDA85044042E3B
uid [ultimate] Bjørn Bouet Smith <bjornsmith@gmail.com>
sub rsa4096 2022-11-06 [E]bjornbouetsmith added a comment to T6289: Pinentry garbles international characters.
This is the key exported with:
gpg.exe --output D:\bbs_gpg.public.pgp --armor --export bjornsmith@gmail.com
bjornbouetsmith added a comment to T6289: Pinentry garbles international characters.
bjornbouetsmith added a comment to T6289: Pinentry garbles international characters.
It seems like gpgwin generates keys where the name are not compatible with each other.
• ikloecker added a comment to T6289: Pinentry garbles international characters.
How did you generate the key? On the command line? Which command line did you use? Can you attach the public key to this report?
dirmngr: Silence ocsp debug output.
bjornbouetsmith added a comment to T6289: Pinentry garbles international characters.
Also - gpgwin is no better:
