Page MenuHome GnuPG
Projects gnupg

gnupgProject
ActivePublic
Watch Project

Milestones
View All

Subprojects
View All

Members

  • This project does not have any members.
  • View All

Watchers (3)

Details

Description

Bugs, feature requests, memos, and support related to GnuPG.

Note that the tags gnug24, gnupg26 etc are used to indicate that a certain task is scheduled to be fixed in that version. This tag here is used if there is no concrete version affected or a schedule has not yet been set.

Recent Activity
View All

Yesterday

mfilippov added a comment to T8047: Support secure memory on Windows.

@werner I added an implementation https://dev.gnupg.org/D622
that matches Linux behavior and avoids the message about secure memory not being supported on Windows. The change is scoped to the pinentry tool and intentionally follows Linux behavior. Does this approach look reasonable to you?

Sun, Jan 25, 9:02 PM · Windows, gnupg, Feature Request
werner triaged T8055: pinentry-tty: Correct/Cancel/Wrong - what does "C" select? as Low priority.
Sun, Jan 25, 4:38 PM · gnupg, pinentry, Bug Report
werner added a comment to T8055: pinentry-tty: Correct/Cancel/Wrong - what does "C" select?.

I think "O" is a better key:

Sun, Jan 25, 4:37 PM · gnupg, pinentry, Bug Report
werner added a comment to T8055: pinentry-tty: Correct/Cancel/Wrong - what does "C" select?.

We need to change the accelerator. Right now gpg-agent uses

Sun, Jan 25, 4:14 PM · gnupg, pinentry, Bug Report
ametzler1 created T8055: pinentry-tty: Correct/Cancel/Wrong - what does "C" select?.
Sun, Jan 25, 7:47 AM · gnupg, pinentry, Bug Report

Fri, Jan 23

werner triaged T8047: Support secure memory on Windows as Low priority.

I don't think that we will implement that any time soon. Today we too often require more mlock-able memory than available and in this case Libgcrypt resorts to allocating new memory arenas which are not locked. This is not as worse as one might think: the majro advantage with secmem is that a free() on secmem allocated memory will also wipe that memory. A better solution has always been to use an encrypted swap/paging file. 25 years ago, it was not easy to configure but today there should be no problem and hopefully already the default.

Fri, Jan 23, 9:25 PM · Windows, gnupg, Feature Request
ebo removed a project from T4195: Fix time API in gpgme: Restricted Project.
Fri, Jan 23, 3:22 PM · gnupg, kleopatra, gpgme, Feature Request
ebo added a comment to T4195: Fix time API in gpgme.

While key generation works now with an expiry date up to 2106-02-04, the representation on the command line is a bit ugly.

Fri, Jan 23, 3:22 PM · gnupg, kleopatra, gpgme, Feature Request

Thu, Jan 15

werner set External Link to https://gnupg.org/blog/20251226-cleartext-signatures.html on T7900: Cleartext Signature Forgery in GnuPG.
Thu, Jan 15, 4:05 PM · Not A Bug, OpenBSD, gnupg
timegrid closed T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound) as Resolved.

Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:

  • with / without keyboxd
  • quitting kleopatra / killing all processes
Thu, Jan 15, 1:06 PM · gpd5x, gnupg, kleopatra
ikloecker moved T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound) from Backlog to QA on the gpd5x board.
Thu, Jan 15, 10:31 AM · gpd5x, gnupg, kleopatra
ikloecker changed the status of T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound) from Open to Testing.

I think this has been resolved in Gpg4win 5.

Thu, Jan 15, 10:31 AM · gpd5x, gnupg, kleopatra

Fri, Jan 9

werner closed T7994: Documentation: mention `status-fd` in "Programmatic use of GnuPG" as Resolved.

Will be in the next release.

Fri, Jan 9, 2:02 PM · gnupg, Documentation
werner removed a project from T6815: PQC encryption for GnuPG: gnupg26.

it does not make sense to have a workboard item for this parent ticket.

Fri, Jan 9, 1:40 PM · OpenPGP, PQC, gnupg
timegrid closed T7893: GnuPG: Decryption fails if the pinentry dialog for the first tried recipient is canceled as Resolved.

Looks good to me on gpg4win-5.0.0-beta479 @ win11:

Fri, Jan 9, 1:18 PM · gnupg26, gnupg
ebo closed T7491: Confusing additional pinentry on creation of new keypair with ADSK configured as Resolved.

This does not happen any more, tested with Gpg4win-5.0.0-beta479

Fri, Jan 9, 1:09 PM · gpgagent, gnupg26, gnupg
ebo closed T7315: Allow export and import of PQC secret keys., a subtask of T6815: PQC encryption for GnuPG, as Resolved.
Fri, Jan 9, 12:29 PM · OpenPGP, PQC, gnupg
ebo closed T7315: Allow export and import of PQC secret keys. as Resolved.

Tested with Gpg4win-5.0.0-beta479

Fri, Jan 9, 12:29 PM · gnupg26, OpenPGP, PQC, gnupg
ebo closed T7892: keyboxd: subkey listing issue with ADSKs as Resolved.

with Gpg4win-5.0.0-beta479 the listing after creating the new key with ADSK looks ok now:

Fri, Jan 9, 11:44 AM · gnupg26, Bug Report, keyboxd, gnupg
werner closed T7805: Permission denied on batch deletion of mixed (openpgp+smime) certs as Resolved.

Given that the 2.2 fix has been tested and resolved and we don't have another ticket for 2.6, we can close this one.

Fri, Jan 9, 11:07 AM · gnupg, vsd, kleopatra
werner closed T7904: GnuPG may downgrade digest algorithm to SHA1, a subtask of T7900: Cleartext Signature Forgery in GnuPG, as Resolved.
Fri, Jan 9, 11:01 AM · Not A Bug, OpenBSD, gnupg
werner closed T7904: GnuPG may downgrade digest algorithm to SHA1 as Resolved.

Note that for exploiting this bug a second preimage attack for SHA-1 is required. This kind of attack on SHA1 is not yet possible.

Fri, Jan 9, 11:01 AM · gnupg, Bug Report

Thu, Jan 8

werner changed the status of T7892: keyboxd: subkey listing issue with ADSKs from Open to Testing.
Thu, Jan 8, 4:13 PM · gnupg26, Bug Report, keyboxd, gnupg

Wed, Jan 7

andrewgdotcom added a comment to T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.

So why are there different grades of failure? Why is "invalid packet" a less scary error message than "WARNING: message was not integrity protected" when both are equally bad things?

Wed, Jan 7, 4:37 PM · Not A Bug, gnupg
werner added a comment to T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.

Right. And the MDC detects this and only if says okay you get a good decryption status back.

Wed, Jan 7, 11:57 AM · Not A Bug, gnupg
andrewgdotcom added a comment to T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.

This warning shall only show up if a message was really modified and not in case of

a simple truncation.

Wed, Jan 7, 10:42 AM · Not A Bug, gnupg

Mon, Jan 5

werner updated the task description for T7906: Memory Corruption in ASCII-Armor Parsing.
Mon, Jan 5, 4:27 PM · gnupg, Bug Report
werner changed the visibility for T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.
Mon, Jan 5, 11:27 AM · Not A Bug, gnupg
werner changed the visibility for T7901: Cleartext Signature Forgery in NotDashEscaped header implementation in GnuPG.
Mon, Jan 5, 11:26 AM · gnupg, Bug Report
werner changed the visibility for T7900: Cleartext Signature Forgery in GnuPG.
Mon, Jan 5, 11:26 AM · Not A Bug, OpenBSD, gnupg

Fri, Jan 2

werner changed the status of T7900: Cleartext Signature Forgery in GnuPG from Open to Testing.

(Testing for now for better visibility. Real or Semi-real bugs with fixes are already set to Resolved)

Fri, Jan 2, 4:38 PM · Not A Bug, OpenBSD, gnupg
werner changed the status of T7902: OpenPGP Cleartext Signature Framework, a subtask of T7900: Cleartext Signature Forgery in GnuPG, from Open to Testing.
Fri, Jan 2, 4:35 PM · Not A Bug, OpenBSD, gnupg
werner changed the status of T7902: OpenPGP Cleartext Signature Framework from Open to Testing.
Fri, Jan 2, 4:35 PM · Not A Bug, OpenPGP, FAQ, gnupg
werner closed T7903: Multiple Plaintext Attack on Detached PGP Signatures in GnuPG, a subtask of T7900: Cleartext Signature Forgery in GnuPG, as Resolved.
Fri, Jan 2, 4:24 PM · Not A Bug, OpenBSD, gnupg
werner closed T7903: Multiple Plaintext Attack on Detached PGP Signatures in GnuPG as Resolved.
Fri, Jan 2, 4:24 PM · Not A Bug, OpenPGP, gnupg
werner changed the status of T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks, a subtask of T7900: Cleartext Signature Forgery in GnuPG, from Open to Testing.
Fri, Jan 2, 4:22 PM · Not A Bug, OpenBSD, gnupg
werner changed the status of T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks from Open to Testing.

The described attack is not easy to understand and as of today the
gpg.fail website seems to have the same content as the draft we
received on 2025-10-23. There it states:

Fri, Jan 2, 4:22 PM · Not A Bug, gnupg

Wed, Dec 31

William closed T7941: gpg: keydb_search_first failed: SQL error as Resolved.

Fixed in 2.5.16

Wed, Dec 31, 2:19 AM · workaround, gnupg, Bug Report

Tue, Dec 30

werner updated the task description for T8001: Release GnuPG 2.4.9.
Tue, Dec 30, 1:49 PM · gnupg, Release Info
werner updated the task description for T7428: Release GnuPG 2.4.8.
Tue, Dec 30, 1:48 PM · gnupg, Release Info
werner triaged T8001: Release GnuPG 2.4.9 as Normal priority.
Tue, Dec 30, 1:48 PM · gnupg, Release Info
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2025q4/000500.html on T7995: Release GnuPG 2.5.16.
Tue, Dec 30, 10:19 AM · gnupg, Release Info
werner closed T7906: Memory Corruption in ASCII-Armor Parsing as Resolved.

Also fixed in the other active branches.

Tue, Dec 30, 9:56 AM · gnupg, Bug Report
werner closed T7906: Memory Corruption in ASCII-Armor Parsing, a subtask of T7900: Cleartext Signature Forgery in GnuPG, as Resolved.
Tue, Dec 30, 9:56 AM · Not A Bug, OpenBSD, gnupg
werner updated the task description for T7940: Release GnuPG 2.5.15.
Tue, Dec 30, 9:18 AM · gnupg, Release Info
werner updated the task description for T7995: Release GnuPG 2.5.16.
Tue, Dec 30, 9:16 AM · gnupg, Release Info
werner updated the task description for T7996: Release GnuPG 2.5.17.
Tue, Dec 30, 9:15 AM · gnupg, Release Info
werner updated the task description for T7996: Release GnuPG 2.5.17.
Tue, Dec 30, 9:15 AM · gnupg, Release Info

Mon, Dec 29

werner updated the task description for T7998: Release GnuPG 2.5.19.
Mon, Dec 29, 11:50 PM · Release Info, gnupg
werner updated the task description for T7999: Release GnuPG 2.5.18.
Mon, Dec 29, 11:49 PM · gnupg, Release Info