Page MenuHome GnuPG

gpgmeProject
ActivePublic

Milestones

Details

Description

GnuPG Made Easy (GPGME) is a C language library that allows to add support for cryptography to a program. It is designed to make access to public key crypto engines like GnuPG or GpgSM easier for applications. GPGME provides a high-level crypto API for encryption, decryption, signing, signature verification and key management.

GPGME comes with language bindings for Common Lisp, C++, QT, Python2 and Python 3.

GPGME uses GnuPG and GpgSM as its backends to support OpenPGP and the Cryptographic Message Syntax (CMS).

Recent Activity

Yesterday

aheinecke added a comment to T7620: gpgme_get_key fails to detect secret encryption subkey after key generation on card (until context is recreated).

I do not think that this is the only place where such an issue occurs. Maybe we should make the documentation clearer about context key reuse. But the context is specifically designed to cache information about a key, so as to avoid memory overhead. I learned early on that its best for each new operation to use a new context. A context is basically an instance of gpg or gpgsm. So you start one process, ask it for a keylist, keep the process running, start another process, modify the key database, and then ask the first process again about his worldview. Either the first process is a bit confused because it has read data and then that data changed (what happens here) or it has no idea about the change since it was efficient and only read the database once. But here in this example you should be able to reproduce this also by making any other modifications to the key, adding other subkeys, userids etc. That GPGME even notices the secret key is more of a side effect of how the programming works because the GPGME gpg process will ask the gpg-agent (so a third process).

Wed, May 28, 9:19 PM · gnupg, gpgme, Bug Report

Tue, May 27

werner triaged T7660: GPGME invocation by cri-o hangs on gpgme_op_verify as Normal priority.
Tue, May 27, 4:29 PM · golang, gpgme, Bug Report

Fri, May 23

ebo moved T7600: Kleopatra: gpg.exe hangs on trying to exportably certify an already locally signed certificate with multiple UIDs from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Fri, May 23, 10:14 AM · Restricted Project, vsd33 (vsd-3.3.1), gpgme, gpd5x, kleopatra
ebo added a project to T7600: Kleopatra: gpg.exe hangs on trying to exportably certify an already locally signed certificate with multiple UIDs: Restricted Project.
Fri, May 23, 10:13 AM · Restricted Project, vsd33 (vsd-3.3.1), gpgme, gpd5x, kleopatra

Tue, May 20

timegrid moved T6907: gpgme: Explicitly tell gpg that we want to verify signed data from Restricted Project Column to Restricted Project Column on the Restricted Project board.

looks good to me on gpg4win-4.4.1-beta59@win10

Tue, May 20, 12:07 PM · gpgme, Restricted Project
ebo added a comment to T7600: Kleopatra: gpg.exe hangs on trying to exportably certify an already locally signed certificate with multiple UIDs.

Checked with Gpg4win-4.4.1-beta59, too, which contains gpgme 1.24.3. Works!

Tue, May 20, 11:10 AM · Restricted Project, vsd33 (vsd-3.3.1), gpgme, gpd5x, kleopatra
ebo closed T7524: Release GPGME 1.24.2 as Resolved.
Tue, May 20, 9:32 AM · gpgme, Release Info

Mon, May 19

werner closed T7659: Release GPGME 1.24.3 as Resolved.
Mon, May 19, 4:43 PM · Release Info, gpgme
werner updated the task description for T7524: Release GPGME 1.24.2.
Mon, May 19, 4:36 PM · gpgme, Release Info
werner added a comment to T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t.

We won't apply any fixes to the cpp, QT, or Python language bindings in the 1.24 branch. The Qt branch has been factored out to the gpgmeqt project on request from the KDE folks. And yes, we should add projects (tags) for gpgmepp and gpgmeqt.

Mon, May 19, 4:34 PM · gpgme, Bug Report
werner updated the task description for T7524: Release GPGME 1.24.2.
Mon, May 19, 4:26 PM · gpgme, Release Info
werner triaged T7659: Release GPGME 1.24.3 as Low priority.
Mon, May 19, 4:25 PM · Release Info, gpgme
ebo moved T6907: gpgme: Explicitly tell gpg that we want to verify signed data from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Mon, May 19, 11:48 AM · gpgme, Restricted Project
ebo moved T6688: Kleopatra GPGME: Reported assert on exit from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Mon, May 19, 11:47 AM · gpgme, kleopatra, Restricted Project

Thu, May 8

ikloecker added a comment to T7620: gpgme_get_key fails to detect secret encryption subkey after key generation on card (until context is recreated).

I think it would be much better if GnuPG automatically performed a key listing immediately after key generation when a smartcard is involved. This would allow GnuPG to detect the presence of the subkey on the card right away, rather than leaving it marked as a stub until the user manually lists keys.

Thu, May 8, 9:14 PM · gnupg, gpgme, Bug Report
Saturneric added a comment to T7620: gpgme_get_key fails to detect secret encryption subkey after key generation on card (until context is recreated).

I see that you generated the secret encryption subkey with backup. This means that the secret subkey is generated on your computer, then copied to the card, and then deleted from your computer. The deletion is the reason why the subkey is marked as stub. Only after listing the keys on the card gpg notices that the secret key is actually on the card.

Thu, May 8, 6:37 PM · gnupg, gpgme, Bug Report

Wed, May 7

ametzler1 added a comment to T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t.

works for me, thanks

Wed, May 7, 6:48 PM · gpgme, Bug Report

Tue, May 6

ikloecker added a comment to T7620: gpgme_get_key fails to detect secret encryption subkey after key generation on card (until context is recreated).

The first call of get_key receives the following key listing from gpg:

2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: sec:-:256:19:C4A24EB0B5F2E025:1746474606:::u:::s
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: cESCA:::D2760001240100000006180489130000::brainp
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: oolP256r1:23::0:<LF>
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: fpr:::::::::DEC0948C398A6E7B50746EC6C4A24EB0B5F2
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: E025:<LF>
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: grp:::::::::06BDACFBDEDBC5783A75AE5E7251FA3369C4
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: 0FF4:<LF>
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: uid:-::::1746474606::2222D8E2F373B9BDEE0DEA2A20A
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: 9402214E9F984::Eric <eric@bktus.com>::::::::::0:
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: <LF>
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: ssb:-:256:19:EAFC5EA29B758B22:1746474606::::::a:
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: ::D2760001240100000006180489130000::brainpoolP25
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: 6r1:23:<LF>
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: fpr:::::::::1AD596DDEC9B8CF3C1AC6C41EAFC5EA29B75
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: 8B22:<LF>
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: grp:::::::::52F0797C0B0439BBD718E2534D46656A6C45
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: 6A78:<LF>
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: ssb:-:256:18:A874804DB497B91C:1746474606::::::e:
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: ::#::brainpoolP256r1:23:<LF>
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: fpr:::::::::33B273C7BD46E4EB63DD6874A874804DB497
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: B91C:<LF>
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: grp:::::::::34A1F8D9B2AA0CF07C2E042D70E10F9D4EBE
2025-05-05 21:50:23 gpgme[57059]     _gpgme_io_read: check: E734:<LF>

Note the line

ssb:-:256:18:A874804DB497B91C:1746474606::::::e:::#::brainpoolP256r1:23:<LF>

where the # marks the subkey as stub.

Tue, May 6, 9:21 AM · gnupg, gpgme, Bug Report

Mon, May 5

Saturneric added a comment to T7620: gpgme_get_key fails to detect secret encryption subkey after key generation on card (until context is recreated).

I have now identified the exact conditions and a reproducible path for the issue I previously reported. I will also attach the relevant gpgme.log.

Mon, May 5, 10:01 PM · gnupg, gpgme, Bug Report
werner added a comment to T7620: gpgme_get_key fails to detect secret encryption subkey after key generation on card (until context is recreated).

I doubt that this is a gpgme problem. With a gpgme log we will be able see the exact commands send to gpg and replicate this on the command line.

Mon, May 5, 5:45 PM · gnupg, gpgme, Bug Report
ikloecker moved T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t from Backlog to QA for next release on the gpgme board.
Mon, May 5, 5:42 PM · gpgme, Bug Report
ikloecker closed T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t as Resolved.

Should be fixed.

Mon, May 5, 5:41 PM · gpgme, Bug Report
ikloecker added a comment to T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t.

For gpgme 2 we changed the data types of the time fields to unsigned: rMf2d40473b522e348d96a70c089d2191d0b978098 . Since this change breaks the ABI we use the above change for the 1.24 branch.

Mon, May 5, 5:41 PM · gpgme, Bug Report
werner changed the status of T3325: Allow encryption/signing in GPGME using a specified subkey from Open to Testing.
Mon, May 5, 4:46 PM · gpgme
werner triaged T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t as Normal priority.
Mon, May 5, 4:41 PM · gpgme, Bug Report
svuorela added a comment to T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t.

tested @ikloecker

Mon, May 5, 3:20 PM · gpgme, Bug Report
ikloecker added a comment to T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t.

The following patch for gpgme 1.24 should fix the test.

diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp
index 42046aa..2b14d90 100644
--- a/src/key.cpp
+++ b/src/key.cpp
@@ -633,7 +633,7 @@ time_t Subkey::creationTime() const
Mon, May 5, 3:15 PM · gpgme, Bug Report
svuorela added a comment to T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t.

I did a local change (on amdahl.d.o) changing _gpgme_subkey.expires to long long (ABI-break) and all tests succeeded.

Mon, May 5, 12:44 PM · gpgme, Bug Report
svuorela added a comment to T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t.

It looks like the entirety of gpgme timestamping was missed when the 64bit time transition happened in Debian and Ubuntu.

Mon, May 5, 12:43 PM · gpgme, Bug Report
ikloecker edited projects for T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t, added: gpgme; removed gpgmeqt, qt.

This looks like a problem in gpgme. struct _gpgme_subkey stores the expiration date as long int expires which is a signed 32-bit value on all 32-bit architectures. gpgmepp casts this to time_t, but that doesn't help if the 32-bit value is already negative. The same problem exists with all other timestamps in gpgme (i.e. key creation date, signature expiration date, etc.).

Mon, May 5, 12:14 PM · gpgme, Bug Report
werner reopened T3325: Allow encryption/signing in GPGME using a specified subkey as "Open".
Mon, May 5, 11:41 AM · gpgme
ikloecker added a comment to T7620: gpgme_get_key fails to detect secret encryption subkey after key generation on card (until context is recreated).

The logs of gpgme would be helpful, i.e. run your test program with GPGME_DEBUG=8:$(pwd)/gpgme-$(date +"%Y-%m-%d-%H%M%S").log to create a log file with gpgme's logs.

Mon, May 5, 11:07 AM · gnupg, gpgme, Bug Report

Apr 26 2025

ametzler1 created T7627: gpgme(qt) testsuite error on 32bit archs with 64bit time_t.
Apr 26 2025, 1:56 PM · gpgme, Bug Report

Apr 22 2025

werner added projects to T7620: gpgme_get_key fails to detect secret encryption subkey after key generation on card (until context is recreated): gpgme, gnupg.
Apr 22 2025, 9:35 AM · gnupg, gpgme, Bug Report

Apr 16 2025

ebo closed T7600: Kleopatra: gpg.exe hangs on trying to exportably certify an already locally signed certificate with multiple UIDs as Resolved.

This is resolved in the final Beta15.

Apr 16 2025, 10:35 AM · Restricted Project, vsd33 (vsd-3.3.1), gpgme, gpd5x, kleopatra

Apr 14 2025

ebo moved T7600: Kleopatra: gpg.exe hangs on trying to exportably certify an already locally signed certificate with multiple UIDs from Backlog to QA on the vsd33 board.
Apr 14 2025, 11:28 AM · Restricted Project, vsd33 (vsd-3.3.1), gpgme, gpd5x, kleopatra

Apr 11 2025

ballapete added a comment to T7533: gpgme-1.24.1 and gpgme-1.24.2 do not compile on Mac OS X 10.4.11, Tiger, because of problem with strcasecmp/strncasecmp in gpgme-tool.c.

patch set used.

Apr 11 2025, 9:01 PM · gpgme
ballapete added a comment to T7533: gpgme-1.24.1 and gpgme-1.24.2 do not compile on Mac OS X 10.4.11, Tiger, because of problem with strcasecmp/strncasecmp in gpgme-tool.c.

I tried to apply crude patches. Since _POSIX_C_SOURCE is defined when <string.h> is included (in pre-compiled source I see

Apr 11 2025, 8:57 PM · gpgme
werner added a comment to T7600: Kleopatra: gpg.exe hangs on trying to exportably certify an already locally signed certificate with multiple UIDs.

That error code is actually not an error code but it is the ERROR state from the Kleo SFM. We have seen that yesterday already.

Apr 11 2025, 3:42 PM · Restricted Project, vsd33 (vsd-3.3.1), gpgme, gpd5x, kleopatra
ebo added a comment to T7600: Kleopatra: gpg.exe hangs on trying to exportably certify an already locally signed certificate with multiple UIDs.

this exact case is fixed in VS-Desktop-3.3.90.12-Beta
Adding further UIDs and making more certifications still works, too.

Apr 11 2025, 3:15 PM · Restricted Project, vsd33 (vsd-3.3.1), gpgme, gpd5x, kleopatra
ebo updated the task description for T7600: Kleopatra: gpg.exe hangs on trying to exportably certify an already locally signed certificate with multiple UIDs.
Apr 11 2025, 2:48 PM · Restricted Project, vsd33 (vsd-3.3.1), gpgme, gpd5x, kleopatra

Apr 10 2025

ikloecker added a comment to T7600: Kleopatra: gpg.exe hangs on trying to exportably certify an already locally signed certificate with multiple UIDs.

Very likely this bug exists since 2017 when support for promotion of local certifications to exportable certifications was added.

Apr 10 2025, 3:57 PM · Restricted Project, vsd33 (vsd-3.3.1), gpgme, gpd5x, kleopatra
ikloecker changed the status of T7600: Kleopatra: gpg.exe hangs on trying to exportably certify an already locally signed certificate with multiple UIDs from Open to Testing.
Apr 10 2025, 3:54 PM · Restricted Project, vsd33 (vsd-3.3.1), gpgme, gpd5x, kleopatra
ikloecker added projects to T7600: Kleopatra: gpg.exe hangs on trying to exportably certify an already locally signed certificate with multiple UIDs: gpd5x, gpgme.

Fixed in gpgmepp for gpd5x. I think for VSD 3.3 we'll add a patch to gpg4win.

Apr 10 2025, 3:53 PM · Restricted Project, vsd33 (vsd-3.3.1), gpgme, gpd5x, kleopatra

Mar 19 2025

bjk added a comment to T3325: Allow encryption/signing in GPGME using a specified subkey .

Attached is a patch which adds gpgme_subkey_set_flag() to handle both encryption and signing keys. Or maybe it would be better to add another signing function that does recpstring?

Mar 19 2025, 3:38 AM · gpgme

Mar 14 2025

werner added a comment to T6694: Random numbers from gpgme.

BTW, do we really need a C++ API for this? Might make sense due to the need for a context.

Mar 14 2025, 1:10 PM · gpd5x, gpgpass, gpgme, Feature Request
werner changed the status of T6694: Random numbers from gpgme from Open to Testing.
Mar 14 2025, 1:09 PM · gpd5x, gpgpass, gpgme, Feature Request

Mar 10 2025

calvin added a comment to T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2.

This was using GCC to build, but on AIX. I believe support for dollar signs in identifiers are platform specific.

Mar 10 2025, 12:47 PM · gpgme, gnupg, pinentry
gniibe added a comment to T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2.

GCC allows dollars in identifier, that's the reason why we haven't encountered this issue, I suppose.

Mar 10 2025, 10:32 AM · gpgme, gnupg, pinentry
gniibe changed the status of T7541: libassuan AC_DEFINE_UNQUOTED m4 fix needs propagating to pinentry and gnupg2 from Open to Testing.
Mar 10 2025, 3:50 AM · gpgme, gnupg, pinentry