User Details
- User Since
- Mar 27 2017, 4:48 PM (251 w, 1 d)
- Roles
- Administrator
- Availability
- Available
Yesterday
$ gpg --debug 0 --gpgconf-test gpg: reading options from '/etc/gnupg/gpg.conf' gpg: reading options from '/home/foo/.gnupg/gpg.conf' gpg: reading options from '[cmdline]' gpg: reading options from '/etc/gnupg/common.conf' gpg: reading options from '/home/foo/.gnupg/common.conf'
vitusb: We had this discussion on cryptography@ years ago. No need to start it again - or well, try it over there. This is a bug tracker and not a discussion forum.
ikloecker: gpgconf.conf ist not anymore used since we have the global config files.
This is related to the fix for T5100. We had to to remove the version number from the AID and gpg --card-status takes the version number from the AID. gpg-card was fixed for this but gpg --card-status not.
--apply-defaults is an obsolete option because we now have global config files. I would also like to get rid of --debug-level but that won't be easy. Using --debug LIST_OF_DEBUG_FLAGS is a more versatile way of specifying debug options.
Nope. The double quote indicates a string. See the man page.
Mon, Jan 17
Sending a private key with just the local protection is not a good idea. It is better to export the key and then send it in an encrypted mail - for example in symmetric mode with a strong password.
Please no holy wars on the type of curves. NIST as its opinon, Europe has its opinion, DJB has of course a different opinion. Please use the the cryptography ML for such political/technical discussions.
Fri, Jan 14
Wed, Jan 12
No, these are simply the technically available algorithms. I'll see what I can do.
I don't know about pinentry-mac but it seems to be another name for
one our our regular pinentry variants.
Rename the file and you are done.
Thanks for diving into the history of that code.
Tue, Jan 11
Yes, we should introduce an INDICATOR_KDF thing.
The primary version of that script is in libgpg-error. Thus it needs to be fixed therefirst.
Mon, Jan 10
We use GetConsoleOutputCP but fallback to GetACP if the former fails. For some reasons one of the functions seems to return 437.
Given that you are already using libgcrypt 1.9, can you please try gnupg 2.3.4.
That is annoying enough that we should do a new release. I close this bug, though.
For the next release I'll change the gnupg.net mappings to use the Ubuntu server also for non-TLS connections.
Sun, Jan 9
Sat, Jan 8
See T5758. The workaround is not to set a reader-port.
Wed, Jan 5
Tue, Jan 4
Mon, Jan 3
We have full Unicode support on the command line since 2.2.28 (2021-06-10)
Sun, Jan 2
Thu, Dec 30
Backport done but diligent testing is required.
Thu, Dec 23
The debug log was from gpg and not from dirmngr and thus it is not helpful. I also guess that an older dirmngr was still running, because the LE bug has been fixed in 2.3.4.
The odds for this case are infinitesimal so this should not have high priority. I consider this only a code-is-as-specified thing.
Wed, Dec 22
The problem is just that there are not that much keyservers left and thus I added those running by large organisations. I really don't want to overload your servers. I would also trust nlnet more than canoncial which is why I started with them.
Its all a mess. Maybe no keyserver should be the default.
Please see https://gnupg.org
Tue, Dec 21
FWIW, We have a similar mechanism for the secure memory
That is a security feature of WIndows. We can't do much about it except for bad hacks. Checkout Kleopatra to see how you can improve this.
Things are not that easy. I actually introduced a bug in 2.3.4. Here is a comment from my working copy:
For support please use the mailing list and not the bug tracker.
Seen. @jukivili can you please add it to the AUTHORS file?