- User Since
- Mar 27 2017, 4:49 PM (275 w, 9 h)
May 2 2022
Apr 5 2022
(Werner just told me that I was mistaken and he needs to take a look. There was a mixup because of the 2018 CVE number.)
Apr 1 2022
I don't see a point in trying to make the fancy curses pinentry work on small terminals.
Mar 31 2022
From my point of view it should be fixed by adding line-breaks to make it work on small terminals. It is better to break the formatting, but allow it, instead of bailing out and leaving the user only with the option to use the more complicated interface. This problem could also affect other password entries where a longer information is displayed.
An alternative to password creation in small terminals could be https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html#Unattended-GPG-key-generation
@LRitzdorf it should work if you enter an acceptable passphrase. (I've just tried with 56x51 widthxheight and it worked)
Not in the way it is used by gpg. See T5880
Mar 30 2022
Mar 16 2022
The current links should be replaced or removed.
Mar 15 2022
One solution is to remove GPA and pinenty-gtk completely, as the used GTK+ version 2 is end-of-life. @aheinecke already asked on https://lists.wald.intevation.org/pipermail/gpg4win-users-en/2022-March/001740.html for reasons to keep GPA. (For which we should make a new issue).
Mar 14 2022
because libexpat does contain vulnerabilties
What are the other to places?
A simple first step would be to install pinentry-gtk only in the GPA variant.
I agree. @cklassen can you make a suggestion?
Mar 11 2022
Mar 7 2022
Mar 3 2022
Feb 25 2022
@TheParanoidProgrammer this looks like a very good and thorough analysis, thanks again!
Feb 24 2022
@TheParanoidProgrammer thanks for investigating further. It is highly appreciated!
Feb 23 2022
Feb 22 2022
@NoSubstitute It is okay for me to keep this issue, if most people prefer it this way, was just asking.
Ah, just seeing that this issue is resolved. Shall we open a new one to be well structured?
(If we reopen this one, there is a lot of old information in here that does not apply anymore before the fixes that went into dirmngr/gnupg).
Does gpg4win ship a TLS library with gpg or does it use a system default?
@ikloecker thanks for the hint (At first it looked like a different defect.)
Feb 21 2022
As soon as I change the value and check the "dirmngr"file, it is overwriten with the "keyserver hkps://" value again.
@werner the main issue here, that Hakan has found a usability problem:
Feb 18 2022
We (@hakan-int and myself) saw the problematic behaviour in one setting. It was a VM where Gpg4win had been installed, deinstalled and reinstalled again. We still try to find out how to reliably recreate the situation and what is the difference between a working and a non-working case.
Feb 17 2022
In https://wald.intevation.org/forum/forum.php?thread_id=2395&forum_id=21&group_id=11 "Kim Nilsson on 2022-02-15 16:48" reports that
Feb 8 2022
You may have to restart the dirmngr to see the log-file option be honored. The gpg request to dirmngr should be visible in the log.
@mieth can you enable the dirmngr log and give it more message, you'll be able to diagnose the problem further. There have been problems in the past with the contents of the certificate store of Windows. It does not look like this is the problem you are facing, but the diagnostic messages should be helpful.
Jan 31 2022
Jan 18 2022
Jan 10 2022
Ubuntu have been syncing since 7th December: https://firstname.lastname@example.org/msg07174.html
Why the Ubuntu server? AFAIU it does not sync with other servers and it has some tained pubkeys (which is both fine as a choice of this service, it just does not seem to fit the purposes best).
Jan 5 2022
Dec 23 2021
both versions had issues(( and send two requests to RU and EN comunity . No answer for two days already
@alexnadtoka When using Gpg4win-4.0.0 or 3.3.16 with an updated GnuPG the validation of dirmngr works fine with the Let's encrypt certificates again. If you have one of these versions, and you still have problems, you need to be more specific about which connection you are referring to.
Maybe it is best to ask on one of community channels (e.g. the gnupg-users mailinglist, see https://gnupg.org/documentation/mailing-lists.html )
Dec 22 2021
Dec 21 2021
Dec 20 2021
Oct 25 2021
Thanks for creating the issue.
Oct 23 2021
(Ah seems I needed to do any comment, before the inline comment was published at all.)
@ikloecker I've added the following inline comment above (but I am not sure if it was visible, it still says "unsubmitted", whatever that means)
I've also experimentally pressed "raise concern" hoping it would by inline comment visible. Anyway I've meant to only make a suggestion:
Oct 20 2021
This commit changed the behaviour:
When changing the filel contents of C:\Program Files (x86)\Gpg4win\VERSION from
the update check works again.
Well spotted @ikloecker !
@ikloecker Note you can easily setup a test instance using one of Microsoft'S test VMs, see https://lists.wald.intevation.org/pipermail/gpg4win-devel/2021-October/001769.html
We should disable the menu button until it is fixed. I think it should be on the roadmap of 4.0 to have this working.
Oct 19 2021
Adding GPGME_DEBUG with 9 to the logs, there is not much more to see:
With the following settings done as described at
@werner can you prioritize?
This has not been set high on the priorities, because keyserver access works for most with Gpg4win (and thus GnuPG) on windows. A recent exception has been occurred about a month ago with Let's encrypt expired root certificate. So currently for Gpg4win 3.1.16 you need to update to a newer GnuPG (Version 2.2.32 at time of writing), by installing the simple installer,e.g. https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.32_20211006.exe
Oct 18 2021
@werner, because we have talked about it:
Oct 13 2021
@rupor-github no problem for the delay. Thanks for explaining!
Oct 8 2021
My experience on a Window 10 system (with Gpg4win 3.1.15 which has GnuPG 2.2.27) was, that removing the expired root certificate did not help with https://keyserver.ubuntu.com and the intermediate certificate was not in the windows store, so it could not be removed.
Oct 7 2021
One problem I see is that keyserver.ubuntu.com delivers a problematic intermediate(?) certificate:
If there is no easy way to install a new version of GnuPG, e.g. for Gpg4win or for GNU/Linux distributions: It may make sense to have instructions for the workaround ready.
Sep 29 2021
Looks like this should be handled in the Enigmail tracker, if being handled at all.
Hi @Lambd0x, with Thunderbird having migrated to a different main OpenPGP implementation and Enigmail not supporting old thunderbirds version anymore (in two days https://www.enigmail.net/index.php/en/home/news/71-2021-08-31-end-of-support-for-thunderbird) and new GnuPG versions over the last three years. Do you still have problems?
In my understanding, it should be possible to wait for the gpg command pipe from a different process and then terminate the connection on a timeout, kllling the process eventually. So the Enigmail side could implement something. These days I'm not sure what Enigmail uses for OpenPGP support. Thunderbird has moved on to a different implementation and Enigmail stops supporting Thunderbird 68 in two days https://www.enigmail.net/index.php/en/home/news/71-2021-08-31-end-of-support-for-thunderbird
Enigmail's support for Thunderbird 68 ends in two days:
@rupor-github no problem! :)
Sep 28 2021
@rupor-github thanks for your explanations and the contribution to the GnuPG and crypto Free Software code base!
There is a user report that got things to work with https://github.com/rupor-github/win-gpg-agent
Aug 30 2021
The problem was created during a migration of the host operating system and acme client tools.
Jul 30 2021
bug has been closed as Wontfix [..] I see no reason to continue the discussion in the bugtracker.
Jul 28 2021
It is now over 10 months that the proponents of these additions have not followed up on the discussion.
dlopen'ing of gpgme is NOT SUPPORTED. It is in general not a good idea to do this on standard Unix systems.
Jul 27 2021
Reading the mozilla entry more carefully, there still seems to be an issue.
@kaie, thanks for the pointer!
Jul 24 2021
Using GPGME is probably the best way, even if gpgme-json might also work for some operations.
Jul 21 2021
ok i found it just add "trust-model always" in gpg.conf
Hmm your log does not seem to indicate that the key is requested by GnuPG,
e.g. something like
rmngr[6077.5]: DBG: chan_5 <- KS_GET -- =email@example.com
Jul 20 2021
i dont have one what shoud i put in it
Tried it myself, getting the pubkey seems to work here.
Debian gnupg Version: 2.2.27-2~bpo10+1
Jul 19 2021
Did you try "--auto-key-retrieve"?