Thu, Jan 17
I think Bash 5.0 is in sid, not testing yet. Are you sure it's related to Bash 5.0? Is there any possibility your upgrading some other software causing this?
Sun, Dec 30
That's exactly the point: I do want one common encryption key between the two cards: So I can distinguish between the two, but en-/decrypt with both.
One is on the GnuPG SmartCard, the other on a YubiKey - output --card-status (some things xxx'ed out) :
Fri, Dec 28
Please show us your output of gpg --card-status for each card, and tell us the reason why you think "the pgp db seems screwed up".
For my test, six distinct keys (three subkeys for each smartcard) works fine.
IIUC, you try to use same decryption key by two smartcards. Currently, it is not supported.
Thu, Dec 27
Is it an issue when you share an decryption key E among two smartcards?
I think that when there are six distinct keys (three subkeys for one smartcard each), it works fine.
I'll try to make reproducible test case.
Dec 19 2018
FWIW, the canonical way to make sure that gpg-agent has been started is to run
You're very welcome. In my instance, this is "resolved" - I now get the prompt I realised I needed so to me this bug could be considered closed or wontfix, but I'll leave you to do with it as you please.
Basically, you are right. In addition, gpg-agent asks scdaemon about list of card/token.
OK - so if an entry is not required in sshcontrol for a smart-card key - is the private key stub sufficiently detailed enough for the agent to realise that it can ask for that card to be inserted for an ssh connection?
sshcontrol entry is required for non-smartcard keys, but not for keys on smartcard. This is intentional. For gpg-agent and current format, it is only the information for gpg-agent to know if a key is for SSH or not.
Also - going back to sshcontrol - with an ssh key added to the agent with ssh-add, an entry in sshcontrol is required - but not for a key on a smartcard. Is that intentional, or just a byproduct of the smartcard diversion that happens?
Oh, wow - yes, adding to sshcontrol brings up the prompt - I do however need to stop the agent from being restarted on insertion for it to subsequently ask for the unlock.
I see your point. You are right. For SSH access, it just fails without asking insertion. It's not Windows specific.
I checked the change of history of gpg-agent, but I cannot find prompting insertion was supported.
So, I don't thin this is a regression.
Yes, it's running. I have a scheduled task that spawns a vbscript to ensure that gpg-agent is started on login, and restarts it on insertion of a card (specifically for two reasons: windows ssh clients don't typically start agents automatically, and windows can cause gpg-agent to get a but upset after a card is removed and re-inserted. Edit: although, I think that latter reason might be resolved now... I haven't investigated deeply. more info here and here).
Thanks for your information.
Hum, you are using gpg-agent for SSH access.
Dec 18 2018
When no card is inserted, usage of an ssh client simply fails to request insertion of the card for the stub keys present in ~/.gnupg/.
Dec 17 2018
It seems it's Ubuntu specific: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563
Please let us know the version of GnuPG, the output of gpg --card-status when inserted, and how gpg is not working well, etc.
Dec 12 2018
Nov 5 2018
No info received.
Oct 16 2018
I finally got around to look at your examples. Sorry for the delay. I can reproduce the issue and understand the problem.
Sep 21 2018
updated example sent.
Sep 11 2018
@dkg does --no-keyring solves the problem for you?
We assume that this has meanwhile been fixed.
Sep 7 2018
I think this might be a ticket in itself. If I send a PGP signed email to someone who then responds to me, there should ideally not be issues with it - although I think it would be important to separate which parts are signed and which are not.
header of mail forwarded. looks like it says utf-8. either way, it does work with the right key.
Received. Thanks, so this is PGP Inline. Encoding handling in PGP Inline is always "Guessing" as it is no where defined which encoding is used for the message.
interesting. email sent.
Mmh no, I can't reproduce this and my initial hunch was wrong. We do in fact handle encoding in that case.
Sep 4 2018
Aug 29 2018
@elonsatoshi: Were you able to check this with 2.2.9 which has a fix for the resolver?
Aug 24 2018
No response so closing as invalid.
May 17 2018
In another report, it turned out to be, that with a 64 bit outlook and GnuPG not installed in the standard location it came to this error. ( T3988 )
We've analyzed another report of this and the problem turned out to be that with a 64 bit outlook and GnuPG not installed in the standard location it came to this error. ( T3988 )
May 15 2018
Hi and thanks. Yes, I consistently reproduce. Here's the log file.
May 14 2018
Thanks for your report!
Apr 27 2018
Now there it gets complicated. According to the card software author in 3.3 and even 2.2 there is a fix. BUT there was a small amount of cards already created in 3.3 without the fix. Nobody ever told my how to diferentiate them.
There is no Version 3.3.1 you can by - it is only 3.3. So you can buy one and hope you have a good one.
At least this is my understanding.
Apr 26 2018
Does v3.3.1 fix this? (The release notes for it seem to imply that's not the case.)
Apr 19 2018
Let's use the new issue as the problem is described completely there and it makes it more clear.
Apr 18 2018
I already created a new issue for this in the new version of gpg4win (v3.1.0) with GpgOL v2.1.0. This is the issue: T3917.
Apr 13 2018
Apparently, your /lib/x86_64-linux-gnu/libgpg-error.so.0 is not the one you installed (I mean, libgpg-error version 1.27).
You need to install your new version of libgpg-error so that it is usable.
Please check your ldconfig or LD_LIBRARY_PATH, etc.
Apr 11 2018
Mar 22 2018
I'm closing this as I've got confirmation that one crash was fixed by disabling async encryption again. And a class of general "Crash when encrypting" bugs that were related to the communication between Kleopatra and GpgOL no longer exists as Kleopatra is no longer used when encrypting from GpgOL in gpg4win 3.1.0.
Mar 13 2018
Mar 12 2018
New cards will come with a fix. I am not sure whether a production run has yet been done, though.
From one user I have received a debug log of the current beta where it apparently crashes in the dtor of the mail object after send.