Page MenuHome GnuPG

werner (Werner Koch)
EngineeringAdministrator

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Saturday

  • Clear sailing ahead.

User Details

User Since
Mar 27 2017, 4:48 PM (238 w, 3 d)
Roles
Administrator
Availability
Available

Recent Activity

Yesterday

werner committed rG4cb44914b57a: common: Silence warning from unix_rootdir on systems w/o /proc (authored by werner).
common: Silence warning from unix_rootdir on systems w/o /proc
Wed, Oct 20, 5:10 PM
werner committed rGe293da3b2149: common,w32: Do not always print "Garbled console data" warning. (authored by werner).
common,w32: Do not always print "Garbled console data" warning.
Wed, Oct 20, 5:10 PM
werner added a comment to T5667: gpg(v) prints the human-readable form of notations to the status-fd.

So what is your bug report? Note that the NOTATION_FLAGS are only printed for human readable or critical notations.

Wed, Oct 20, 4:26 PM · Bug Report
werner lowered the priority of T5546: Kleopatra: After importing the first pubkey for a card from LDAP the keylistview is not refreshed from Normal to Low.

Lets downgrade the priority and keep it open in case we get reports from customers. The other option would be to replicate this here using our AD demo network. But that is a bit time consuming.

Wed, Oct 20, 12:26 PM · scd, Info Needed, Restricted Project, kleopatra
werner closed T5655: In -de-vs mode it is not possible so verify sigs with Ed25519 release keys. as Resolved.

Yes, but it is more complicated to do because you need to download a binary version of the keys and check that they are authentic. Most users don't known it. Anyway, I meanwhile created a Brainpool release sign key and new VSD releases are signed with that. The override option does not really harm, but we can close this bug due to the new release key.

Wed, Oct 20, 12:21 PM · gnupg (gpg22), Restricted Project
werner added a parent task for T5653: de-vs and GnuPG 2.3.3 error: T5362: Kleopatra: Add warning in compilance mode if gnupg version is not compliant.
Wed, Oct 20, 12:18 PM · Restricted Project, gnupg (gpg23), kleopatra
werner added a subtask for T5362: Kleopatra: Add warning in compilance mode if gnupg version is not compliant: T5653: de-vs and GnuPG 2.3.3 error.
Wed, Oct 20, 12:18 PM · Restricted Project, kleopatra
werner reassigned T5362: Kleopatra: Add warning in compilance mode if gnupg version is not compliant from aheinecke to ikloecker.
Wed, Oct 20, 12:16 PM · Restricted Project, kleopatra
werner triaged T5666: Create dropdown box for the reader-port option. as Normal priority.
Wed, Oct 20, 11:05 AM · Restricted Project, kleopatra, Feature Request
werner added a comment to T5664: npth-1.6: error: unknown type name ‘pthread_rwlock_t’.

Okay, any thing else missing in nPth?

Wed, Oct 20, 8:37 AM · npth, Bug Report

Tue, Oct 19

werner added a comment to T5662: Kleopatra: Show a list of detected card readers.

Yeah, that will be helpful. Thanks. FWIW GnuPG 2.2.32 also lists PC/SC readers and not just the Linux default of CCID readers.

Tue, Oct 19, 5:35 PM · Restricted Project, kleopatra, Feature Request
werner triaged T5663: Kleopatra's "Check for updates" does not work as Normal priority.

Version check is a data leak anyway and thus often disabled. Thus I don't see a risk for high value targets.

Tue, Oct 19, 2:59 PM · Restricted Project, gpg4win, kleopatra
werner added a comment to T5662: Kleopatra: Show a list of detected card readers.

Just to be sure: Can you c+p the strings?

Tue, Oct 19, 2:25 PM · Restricted Project, kleopatra, Feature Request
werner assigned T5664: npth-1.6: error: unknown type name ‘pthread_rwlock_t’ to gniibe.

Hello @gniibe, you did the last work on nPTh. Would you be so kind and look into this?

Tue, Oct 19, 1:06 PM · npth, Bug Report

Mon, Oct 18

werner claimed T3204: Include documentation for technicians in Gpg4win that matches the packaged versions of GnuPG, GPGME.
Mon, Oct 18, 4:42 PM · gpgweb, Windows, Documentation, gpg4win
werner added a comment to T3204: Include documentation for technicians in Gpg4win that matches the packaged versions of GnuPG, GPGME.

I would prefer to store legacy manuals on the web server. That is the easier solution.

Mon, Oct 18, 4:42 PM · gpgweb, Windows, Documentation, gpg4win
werner added a comment to T5661: Symmetric only encryption with Kleopatra.

Cool. Thanks.

Mon, Oct 18, 1:18 PM · Restricted Project, Feature Request, kleopatra
werner added a comment to T5645: RSA/DSA keygen modification for FIPS/ACVP testing.

( No need to certify the DSA things)

Mon, Oct 18, 11:16 AM · Testing, libgcrypt, FIPS, Bug Report
werner moved T5645: RSA/DSA keygen modification for FIPS/ACVP testing from Next to Done on the FIPS board.
Mon, Oct 18, 11:15 AM · Testing, libgcrypt, FIPS, Bug Report
werner moved T5617: fips: Check library integrity before running selftests from Next to Done on the FIPS board.
Mon, Oct 18, 11:14 AM · FIPS, libgcrypt, Bug Report

Sun, Oct 17

werner added a comment to T5656: Error emitted: gpg: error reading symlink '/proc/curproc/file': No such file or directory.

Urgs, I already implemented this:

Sun, Oct 17, 6:46 PM · gnupg (gpg23), MacOS, Bug Report
werner added a comment to T5656: Error emitted: gpg: error reading symlink '/proc/curproc/file': No such file or directory.

On macOS _NSGetExecutablePath could be used, but iiuc this requires linking against dyld. For other OSes we would also need more code. I doubt that this makes a lot of sense these days; but we should come up with a solution, even if that means we need an envvar to specify the location of that open gpgconf.ctl file.

Sun, Oct 17, 6:41 PM · gnupg (gpg23), MacOS, Bug Report

Sat, Oct 16

werner closed T5660: Second key decrypts messages it shouldn't as Resolved.

That looks like a support question. Please ask on a mailing list for help. Sorry, we can't do individual support here.

Sat, Oct 16, 4:23 PM · Support

Fri, Oct 15

werner triaged T5661: Symmetric only encryption with Kleopatra as High priority.
Fri, Oct 15, 4:37 PM · Restricted Project, Feature Request, kleopatra
werner committed rD16f1d665623b: web: Fix old signature key URL (authored by werner).
web: Fix old signature key URL
Fri, Oct 15, 12:30 PM
werner committed rDe2d4c796af58: web: Publish new signature key (authored by werner).
web: Publish new signature key
Fri, Oct 15, 12:13 PM

Thu, Oct 14

werner added a comment to T5652: Show the GnuPG version in Kleopatra.

Even better. Thanks,

Thu, Oct 14, 8:03 PM · Restricted Project, gpg4win, Feature Request, kleopatra
werner added a comment to T5652: Show the GnuPG version in Kleopatra.

A way to get the output of "gpgconf --show-versions" might also be useful. Actually this command could be used to get the versions.

Thu, Oct 14, 1:30 PM · Restricted Project, gpg4win, Feature Request, kleopatra
werner assigned T5652: Show the GnuPG version in Kleopatra to ikloecker.
Thu, Oct 14, 1:29 PM · Restricted Project, gpg4win, Feature Request, kleopatra
werner triaged T5657: dirmngr: libdns sends malformed dns requests as Normal priority.
Thu, Oct 14, 1:26 PM · Info Needed, Bug Report, dns, dirmngr
werner added a comment to T5657: dirmngr: libdns sends malformed dns requests.

dots are not allowed in hostnames.

Thu, Oct 14, 1:25 PM · Info Needed, Bug Report, dns, dirmngr

Wed, Oct 13

werner updated the task description for T5565: Release GnuPG 2.3.3.
Wed, Oct 13, 8:23 PM · gnupg (gpg23), Release Info
werner committed rG773b8fbbe915: gpg: New option --override-compliance-check (authored by werner).
gpg: New option --override-compliance-check
Wed, Oct 13, 5:39 PM
werner committed rGfb26e144adfd: gpg: New option --override-compliance-check (authored by werner).
gpg: New option --override-compliance-check
Wed, Oct 13, 5:27 PM
werner added projects to T5656: Error emitted: gpg: error reading symlink '/proc/curproc/file': No such file or directory: MacOS, gnupg (gpg23).

We now require a way to get the actual image of a process. For macOS the BSD method is used and we obviously need to find another way for macOS.

Wed, Oct 13, 5:03 PM · gnupg (gpg23), MacOS, Bug Report
werner triaged T5655: In -de-vs mode it is not possible so verify sigs with Ed25519 release keys. as High priority.
Wed, Oct 13, 3:01 PM · gnupg (gpg22), Restricted Project
werner triaged T5621: No '%ProgramData%\GNU', '%ProgramData%\GNU\etc', '%ProgramData%\GNU\etc\gnupg' or '%ProgramData%\GNU\etc\gnupg\trusted-certs' or '%ProgramData%\GNU\etc\gnupg\extra-certs' get created after setup as Normal priority.
Wed, Oct 13, 8:29 AM · Documentation, Not A Bug, gpg4win
werner committed rDa4f6a3a9040b: web: Release announcement for GnuPG 2.3.3 (authored by werner).
web: Release announcement for GnuPG 2.3.3
Wed, Oct 13, 8:23 AM

Tue, Oct 12

werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2021q4/000466.html on T5565: Release GnuPG 2.3.3.
Tue, Oct 12, 7:44 PM · gnupg (gpg23), Release Info
werner committed rDdbefe28fc81d: swdb: Release GnuPG 2.3.3 (authored by werner).
swdb: Release GnuPG 2.3.3
Tue, Oct 12, 6:20 PM
werner closed T5405: Release GnuPG 2.3.2 as Resolved.

The new bugs have been fixed in 2.3.3; see T5565.

Tue, Oct 12, 6:17 PM · gnupg (gpg23), Release Info
werner closed T5565: Release GnuPG 2.3.3 as Resolved.
Tue, Oct 12, 6:16 PM · gnupg (gpg23), Release Info
werner updated the task description for T5654: Release GnuPG 2.3.4.
Tue, Oct 12, 6:15 PM · gnupg (gpg23), Release Info
werner committed rGd7d26eff851a: Post release updates (authored by werner).
Post release updates
Tue, Oct 12, 6:11 PM
werner committed rG9470d0338364: Release 2.3.3 (authored by werner).
Release 2.3.3
Tue, Oct 12, 6:11 PM
werner committed rG10f52f9bf3bc: speedo: Put the keyboxd into the Windows installer (authored by werner).
speedo: Put the keyboxd into the Windows installer
Tue, Oct 12, 6:11 PM
werner committed rGbcd5feec0e91: tests: New way to make use of gpgconf.ctl in tests. (authored by werner).
tests: New way to make use of gpgconf.ctl in tests.
Tue, Oct 12, 6:11 PM
werner triaged T5654: Release GnuPG 2.3.4 as Low priority.
Tue, Oct 12, 6:09 PM · gnupg (gpg23), Release Info
werner triaged T5653: de-vs and GnuPG 2.3.3 error as Normal priority.
Tue, Oct 12, 4:56 PM · Restricted Project, gnupg (gpg23), kleopatra
werner triaged T5652: Show the GnuPG version in Kleopatra as Normal priority.
Tue, Oct 12, 4:44 PM · Restricted Project, gpg4win, Feature Request, kleopatra
werner added a comment to T5634: Failure with: make DESTDIR=xxx install .

I won't anymore follow the path of first doing a test install. That is way to hairy in respect to "make distcheck". Change is already in my working directory.

Tue, Oct 12, 2:38 PM · Bug Report
werner added a comment to T5590: OpenPGP: Curve 448, modernize?.

Is that really required? Should we wait what the conlusion of the WG will be?

Tue, Oct 12, 2:35 PM · OpenPGP, gnupg (gpg23)
werner added a comment to T5616: asn1-parse.y:861:20: error: 'yytoknum' undeclared.

Bison used to be the de-facto standard yacc ;-)

Tue, Oct 12, 2:33 PM · Testing, toolchain, libksba, Bug Report
werner added a comment to T5644: Heuristic for default reader detection.

On my new Windows 10 laptop I see a "Windows Hello for Business 1". Thus put everything with "Windows Hello" at the end of the list or skip unless a reader-port is set. IIRC there are device with "virtual" or "Virtual" in their name, they don't make sense for us either. I would also put devices with "SCM" or "Identiv" to the top of the list. In particular the substrings "SPR532" seems to identify the Identiv SPR332 which is what we use here and actualay a suggested reader for GnUPG VS-Desktop.

Tue, Oct 12, 8:44 AM · Feature Request, gnupg (gpg22)

Mon, Oct 11

werner raised the priority of T5616: asn1-parse.y:861:20: error: 'yytoknum' undeclared from Normal to High.

Thanks for your findings. I recall that I read this in the announcement and cursed about this new tendency in GNU to break long standing APIs.

Mon, Oct 11, 5:49 PM · Testing, toolchain, libksba, Bug Report
werner renamed T5649: Issue better error message for invalid OpenPGP RSA keys from GnuPG randomly generates invalid RSA signatures if secret key has P > Q. to Issue better error message for invalid OpenPGP RSA keys.
Mon, Oct 11, 5:45 PM · OpenPGP, gnupg (gpg23), Feature Request
werner triaged T5649: Issue better error message for invalid OpenPGP RSA keys as Normal priority.

OpenPGP requires the P < U property and gpg does also. In some parts of the GnuPG we re-calculate the CRT parameters but not in these code paths. Right, a better error message would be appropriate. I'll turn this into a feature request.

Mon, Oct 11, 5:45 PM · OpenPGP, gnupg (gpg23), Feature Request
werner triaged T5650: Check problems with gpgconf and global config files as High priority.
Mon, Oct 11, 5:39 PM · Restricted Project, gnupg (gpg22)
werner closed T5648: UPLOAD Keyserver / Kleopatra Gpg4win-3.1.16 Kleopatra as Resolved.

Please ask on a mailing list etc. This is a bug tracker and pnly very few people are reading your report.

Mon, Oct 11, 8:45 AM · Support
werner closed T5647: UPLOAD Keyserver as Invalid.
Mon, Oct 11, 8:42 AM
werner committed rGcf29c7dec0e8: Do not build keyxboxd if sqlite has been disabled. (authored by werner).
Do not build keyxboxd if sqlite has been disabled.
Mon, Oct 11, 7:54 AM
werner committed rG257632f58d92: build: Let the release target also sign the wixlib. (authored by werner).
build: Let the release target also sign the wixlib.
Mon, Oct 11, 7:54 AM

Sun, Oct 10

werner closed T5632: gpg-agent 2.3.2 conflicts with pcscd as Resolved.
Sun, Oct 10, 7:04 PM · Not A Bug, yubikey, scd, gnupg (gpg23)
werner closed T3412: gpg-agent manual page says to always add GPG_TTY to `.bashrc` as Resolved.
Sun, Oct 10, 7:02 PM · Not A Bug, gnupg
werner closed T5539: Key generation on OpenPGP Version 3.4 card fails as Resolved.

As long as we can't replicate this, it does not make sense to keep this bug open. Please re-open it if you run into it again in a replicatable way.

Sun, Oct 10, 6:59 PM · can't replicate, OpenPGP, scd, Bug Report, gpg4win
werner closed T5613: GpgEX does not use CSIDL_LOCAL_APPDATA as Resolved.

Fixed in gpgex 1.0.8

Sun, Oct 10, 6:53 PM · Windows, kleopatra, gpgex
werner closed T5622: 'HKLM\Software\GNU\GnuPG' registry key does not already exist after end of setup, but users might expect to find it as Resolved.
Sun, Oct 10, 6:49 PM · Not A Bug, gpg4win
werner closed T5621: No '%ProgramData%\GNU', '%ProgramData%\GNU\etc', '%ProgramData%\GNU\etc\gnupg' or '%ProgramData%\GNU\etc\gnupg\trusted-certs' or '%ProgramData%\GNU\etc\gnupg\extra-certs' get created after setup as Resolved.

Sure they don't get created - they are optional.

Sun, Oct 10, 6:48 PM · Documentation, Not A Bug, gpg4win
werner edited projects for T2337: gpg command line language wrong, added: Feature Request, gnupg (gpg23); removed Info Needed, Bug Report, gnupg (gpg20).

Thanks for the info.

Sun, Oct 10, 4:23 PM · gnupg (gpg23), Feature Request, gpg4win
werner closed T5646: indicate wrong passphrase via exit status as Resolved.

Please use the --status-fd interface. This yields all the info you need. An exit code is not distinct enough for such purpose and you need to check the status lines in any case. For scripting gpgme-tool or gpgme-json might be useful as well because they do all the nitty-gritty parts of using gpg correctly

Sun, Oct 10, 4:15 PM · gnupg, FAQ

Fri, Oct 8

werner closed T5472: Kleopatra not storing decrypted files as Resolved.
Fri, Oct 8, 7:33 PM · Support, kleopatra, Bug Report
werner triaged T5645: RSA/DSA keygen modification for FIPS/ACVP testing as High priority.
Fri, Oct 8, 3:34 PM · Testing, libgcrypt, FIPS, Bug Report
werner added projects to T5472: Kleopatra not storing decrypted files: kleopatra, Support.
Fri, Oct 8, 3:33 PM · Support, kleopatra, Bug Report
werner added a comment to T5472: Kleopatra not storing decrypted files.

Please hit "mostra de registro..." link in the blue box and show us its content (you may want to check that it does not show sensitive data)

Fri, Oct 8, 3:33 PM · Support, kleopatra, Bug Report
werner triaged T5435: GpgOL shows Insecure and won't decrypt instead there is an attachment as Normal priority.

Thanks for the log, however, I would suggest to use 3.1.16 and try again.

Fri, Oct 8, 3:27 PM · Info Needed, Bug Report, gpg4win
werner added a subtask for T5593: Gpg4Win displayed 'PATH env variable too big' error during setup: T5605: After end of v3.1.16 setup Kleopatra desktop icon was created with wrong saved path for own icon.
Fri, Oct 8, 3:24 PM · Bug Report, gpg4win
werner added a parent task for T5605: After end of v3.1.16 setup Kleopatra desktop icon was created with wrong saved path for own icon: T5593: Gpg4Win displayed 'PATH env variable too big' error during setup.
Fri, Oct 8, 3:24 PM · Bug Report, gpg4win
werner triaged T5605: After end of v3.1.16 setup Kleopatra desktop icon was created with wrong saved path for own icon as Low priority.
Fri, Oct 8, 3:24 PM · Bug Report, gpg4win
werner closed T5633: gpg key generation failure as Wontfix.
Fri, Oct 8, 3:23 PM · MacOS, Bug Report
werner closed T5642: gpg: keyserver send failed: Network is unreachable as Resolved.
Fri, Oct 8, 3:22 PM · Support
werner added a comment to T5645: RSA/DSA keygen modification for FIPS/ACVP testing.

Do we really need to support DSA in FIPS mode? I mean standard DSA and not ECDSA.

Fri, Oct 8, 3:22 PM · Testing, libgcrypt, FIPS, Bug Report
werner closed T5643: Downgrade gpg as Resolved.
Fri, Oct 8, 3:19 PM · Info Needed, Support
werner added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

There won't be any other 3.1 release - install GnuPG 2.2.32 on top of Gpg4win 3.1.16

Fri, Oct 8, 3:18 PM · gnupg (gpg22), dirmngr
werner raised the priority of T5644: Heuristic for default reader detection from Normal to High.
Fri, Oct 8, 2:51 PM · Feature Request, gnupg (gpg22)

Thu, Oct 7

werner edited projects for T5642: gpg: keyserver send failed: Network is unreachable, added: Support; removed Bug Report.
Thu, Oct 7, 5:41 PM · Support
werner closed T5611: 2.3.2: test suite is failing as Resolved.
Thu, Oct 7, 5:35 PM · Support, gnupg (gpg23)
werner edited projects for T5643: Downgrade gpg, added: Support, Info Needed; removed Bug Report.
Thu, Oct 7, 5:34 PM · Info Needed, Support
werner added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

The LE web site has instruction on how to do this. However, it is complicated and depends on your system. The intermediate cert you listed is signed by the expired old root cert. If you remove this intermediate cert the other root cert will be found and we are done. The old LE certs had a 4 tier chain and the new one a 3 tier.
See https://dev.gnupg.org/rG341ab0123a8fa386565ecf13f6462a73a137e6a4 and https://letsencrypt.org/images/isrg-hierarchy.png

Thu, Oct 7, 5:33 PM · gnupg (gpg22), dirmngr
werner triaged T5644: Heuristic for default reader detection as Normal priority.
Thu, Oct 7, 4:07 PM · Feature Request, gnupg (gpg22)
werner added a comment to T5643: Downgrade gpg.

You should never ever downgrade. What is the problem with the new 2.2.32?

Thu, Oct 7, 8:29 AM · Info Needed, Support
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2021q4/000465.html on T5601: Release GnuPG 2.2.32.
Thu, Oct 7, 7:55 AM · Release Info, gnupg (gpg22)

Wed, Oct 6

werner committed rDa7c5dd23a1e5: swdb: GnuPG 2.2.32 (authored by werner).
swdb: GnuPG 2.2.32
Wed, Oct 6, 10:09 PM
werner added a comment to T5642: gpg: keyserver send failed: Network is unreachable.

I can't tell you why you get this error. However, since Oct 1 the keyserver access does in many case not work anymnore. This has been fixed in GnuPG 2.2.32, which I released a few minutes ago. You may install this on top of gpg4win 3.1.16.

Wed, Oct 6, 9:26 PM · Support
werner added a comment to T5571: Release GnuPG 2.2.31.

Please update to 2.2.32 if you have problems with keyservers etc.

Wed, Oct 6, 9:22 PM · Release Info, gnupg (gpg22)
werner closed T5584: gpg --list-packets lists wrong packets as Resolved.

Backported to 2.2.32

Wed, Oct 6, 9:21 PM · gnupg (gpg22), Bug Report
werner closed T5639: dirmngr uses the wrong Let's encrypt chain as Resolved.
Wed, Oct 6, 9:20 PM · gnupg (gpg22), dirmngr
werner closed T5601: Release GnuPG 2.2.32 as Resolved.
Wed, Oct 6, 9:19 PM · Release Info, gnupg (gpg22)
werner committed rGbb750cf4bae3: Post release updates (authored by werner).
Post release updates
Wed, Oct 6, 9:15 PM
werner committed rG476096099db9: Release 2.2.32 (authored by werner).
Release 2.2.32
Wed, Oct 6, 9:15 PM
werner triaged T5641: Release GnuPG 2.2.33 as Low priority.
Wed, Oct 6, 9:14 PM · Release Info, gnupg (gpg22)