Page MenuHome GnuPG

gnupgProject
ActivePublic

Milestones

Subprojects

Members

  • This project does not have any members.
  • View All

Recent Activity

Today

werner added a comment to T6220: gpg --full-generate-key does not use max RSA keysize when --enable-large-rsa is set.

Add --expert.

Wed, Sep 28, 10:23 AM · g10code (gnupg-2.2), gnupg, Bug Report
2l47 added a comment to T6220: gpg --full-generate-key does not use max RSA keysize when --enable-large-rsa is set.

Perhaps --full-generate-key should provide more algorithm choices, then, e.g. ed25519?

Wed, Sep 28, 9:26 AM · g10code (gnupg-2.2), gnupg, Bug Report
werner closed T6220: gpg --full-generate-key does not use max RSA keysize when --enable-large-rsa is set as Wontfix.

Sorry, this as been discussed ad nausea. We try our best to help people not to use useless and harmful (e.g. performance of the WoT) algorithm choices.

Wed, Sep 28, 9:17 AM · g10code (gnupg-2.2), gnupg, Bug Report

Yesterday

2l47 added projects to T6220: gpg --full-generate-key does not use max RSA keysize when --enable-large-rsa is set: gnupg, g10code (gnupg-2.2).
Tue, Sep 27, 11:40 PM · g10code (gnupg-2.2), gnupg, Bug Report

Thu, Sep 22

luweitest added a comment to T6207: can't open gpg-agent.

Yes I do understand Windows XP is not supported. Just in case it is a minor problem that is easy to fix and will not cost your much effort. I'd like to add more information: I do not change
%LOCALAPPDATA%. There is no such environment variable. A similar environment variable is:
APPDATA=C:\Documents and Settings\myname\Application Data
I do set GNUPGHOME=E:\key, which I think should be allowed because I do not want my personal info be stored in system drive.

Thu, Sep 22, 1:44 PM · Not A Bug, gnupg, Windows
werner added a comment to T6142: On Windows, gpg 2.3.7 thinks the certificates of major keyservers have expired.

We should close this. The recent fix in 2.2 and the forthcoming 2.3 does everything we want. In the meantiime or if further problems turn up, --ignore-cert is a good workaround.

Thu, Sep 22, 10:49 AM · workaround, gnupg, Keyserver, Bug Report
werner changed the status of T6142: On Windows, gpg 2.3.7 thinks the certificates of major keyservers have expired from Open to Testing.
Thu, Sep 22, 10:46 AM · workaround, gnupg, Keyserver, Bug Report
werner removed a project from T6187: import of p12 file fails with "invalid crypto engine": Restricted Project.
Thu, Sep 22, 10:41 AM · kleopatra, gpgme, gnupg, Restricted Project
werner changed the status of T6200: gnupg: GPG_ERR_SOURCE_DEFAULT should be defined from Open to Testing.
Thu, Sep 22, 10:40 AM · gnupg

Wed, Sep 21

aheinecke closed T6207: can't open gpg-agent as Invalid.

This is a support question and not a bug. You should ask such questions on the channels for Gpg4win, which does the Community support for GnuPG on Windows: https://www.gpg4win.org/community.html

Wed, Sep 21, 9:14 PM · Not A Bug, gnupg, Windows

Tue, Sep 20

werner added a comment to T6207: can't open gpg-agent.

No, it does not matter.

Tue, Sep 20, 9:51 AM · Not A Bug, gnupg, Windows

Mon, Sep 19

luweitest added a comment to T6207: can't open gpg-agent.
E:\key>gpgconf --list-dirs
sysconfdir:C%3a\Documents and Settings\All Users\Application Data\GNU\etc\gnupg
bindir:C%3a\Program Files\gnupg\bin
libexecdir:C%3a\Program Files\gnupg\bin
libdir:C%3a\Program Files\gnupg\lib\gnupg
datadir:C%3a\Program Files\gnupg\share\gnupg
localedir:C%3a\Program Files\gnupg\share\locale
socketdir:E%3a\key
dirmngr-socket:E%3a\key\S.dirmngr
agent-ssh-socket:E%3a\key\S.gpg-agent.ssh
agent-extra-socket:E%3a\key\S.gpg-agent.extra
agent-browser-socket:E%3a\key\S.gpg-agent.browser
agent-socket:E%3a\key\S.gpg-agent
homedir:E%3a\key
Mon, Sep 19, 5:12 AM · Not A Bug, gnupg, Windows

Fri, Sep 16

werner added a comment to T4436: gpgsm refuses to encrypt with failure to check CRL.

I just fixed a bug related to the DP. That might be related. See rG0c8299e2b56ef2e1

Fri, Sep 16, 4:54 PM · gnupg, S/MIME
werner closed T1141: dirmngr does not try all CRL DPs if first fetchable CRL is too old as Resolved.

That particular bug seems to have been solved a long time ago. I stumbled upon up while fixing a DP bug today.

Fri, Sep 16, 4:43 PM · gnupg, Bug Report, dirmngr
werner added projects to T6207: can't open gpg-agent: Windows, gnupg.
Fri, Sep 16, 10:40 AM · Not A Bug, gnupg, Windows

Thu, Sep 15

aheinecke added a comment to T6195: gpg: New key has unknown trust after generation.

To clarify that I meant that the underlying problem is our current keylisting speed in Kleopatra I have opened T6206.

Thu, Sep 15, 4:35 PM · Not A Bug, gnupg
aheinecke triaged T6206: Kleopatra: Listing certificates initially just takes too long. as Normal priority.
Thu, Sep 15, 4:34 PM · S/MIME, gnupg, kleopatra
aheinecke added a comment to T6195: gpg: New key has unknown trust after generation.

keyboxd has nothing to do with this, it merely makes the lookup of keys a bit faster. The computation of the WoT itself takes long and there is no shortcut for it. Fortunately most users don't have a deeply meshed WoT with dedicated revokers etc., thus for them things are fast in the standard configuration.

Thu, Sep 15, 4:17 PM · Not A Bug, gnupg

Wed, Sep 14

werner added a comment to T6195: gpg: New key has unknown trust after generation.

keyboxd has nothing to do with this, it merely makes the lookup of keys a bit faster. The computation of the WoT itself takes long and there is no shortcut for it. Fortunately most users don't have a deeply meshed WoT with dedicated revokers etc., thus for them things are fast in the standard configuration.

Wed, Sep 14, 4:23 PM · Not A Bug, gnupg
aheinecke closed T6195: gpg: New key has unknown trust after generation as Resolved.

I agree. We have to get rid of auto check trustdb and such stuff. I always found that impossible to program around because it either takes a long time (check-trustdb) or it might return invalid results (no check).
The solution for this is keyboxd.

Wed, Sep 14, 12:27 PM · Not A Bug, gnupg
werner placed T6195: gpg: New key has unknown trust after generation up for grabs.

If you run gpg --export-ownertrust you will notice that the trust has been set to ultimate (value is 6). However, due to the no-auto-check-trustdb in your gpg.conf that will valeu will only be shown after running gpg --check-trustdb. The value shown in the key listing is the computed value and the computation is done by --check-trustdb. I don't see a bug here.

Wed, Sep 14, 11:06 AM · Not A Bug, gnupg
gniibe claimed T6200: gnupg: GPG_ERR_SOURCE_DEFAULT should be defined.

Pushed changes.

Wed, Sep 14, 10:01 AM · gnupg

Tue, Sep 13

ikloecker changed the status of T6187: import of p12 file fails with "invalid crypto engine" from Open to Testing.

The export/backup of the secret part of S/MIME certificates has been fixed with T6189: Secret key backup of S/MIME certificate creates bad result. An exported certificate should now be imported without problems.

Tue, Sep 13, 9:10 AM · kleopatra, gpgme, gnupg, Restricted Project

Mon, Sep 12

ikloecker added a comment to T6187: import of p12 file fails with "invalid crypto engine".

Now "BER error" is reported, if the user tries to import a .p8 certificate. (The certificate exported by Kleopatra wasn't stored as PKCS#12, but presumably as PKCS#8 which gpgsm cannot import. See T6189: Secret key backup of S/MIME certificate creates bad result.)

Mon, Sep 12, 9:39 AM · kleopatra, gpgme, gnupg, Restricted Project
werner claimed T6195: gpg: New key has unknown trust after generation.
Mon, Sep 12, 8:26 AM · Not A Bug, gnupg

Fri, Sep 9

aheinecke closed T6190: GPGSM: Import / Export of raw and p8 certs / containers broken as Invalid.
--import [files]
       Import  the certificates from the PEM or binary encoded files as well as from signed-only messages.
       This command may also be used to import a secret key from a PKCS#12 file.
Fri, Sep 9, 4:17 PM · gnupg, S/MIME

Thu, Sep 8

ikloecker created T6195: gpg: New key has unknown trust after generation.
Thu, Sep 8, 10:26 AM · Not A Bug, gnupg

Wed, Sep 7

werner added a comment to T6187: import of p12 file fails with "invalid crypto engine".

BTW, gnupg/doc/DETAILS tells that the fingerprint is optional:

Wed, Sep 7, 4:46 AM · kleopatra, gpgme, gnupg, Restricted Project
gniibe added a comment to T6187: import of p12 file fails with "invalid crypto engine".

Pushed the fix for GPG_ERR_INV_ENGINE.

Wed, Sep 7, 4:29 AM · kleopatra, gpgme, gnupg, Restricted Project
gniibe added a comment to T6187: import of p12 file fails with "invalid crypto engine".

gpgsm may emit S IMPORT_PROBLEM 1 (with no fingerprint information) when it cannot find valid fingerprint.
I think that this case should be handled correctly by GPGME, not returning GPG_ERR_INV_ENGINE.

Wed, Sep 7, 4:27 AM · kleopatra, gpgme, gnupg, Restricted Project

Tue, Sep 6

aheinecke lowered the priority of T6190: GPGSM: Import / Export of raw and p8 certs / containers broken from Normal to Low.
Tue, Sep 6, 1:19 PM · gnupg, S/MIME
aheinecke renamed T6190: GPGSM: Import / Export of raw and p8 certs / containers broken from GPGSM: Import / Epxort of raw and p8 certs / containers broken to GPGSM: Import / Export of raw and p8 certs / containers broken.
Tue, Sep 6, 1:18 PM · gnupg, S/MIME
aheinecke closed T6189: Secret key backup of S/MIME certificate creates bad result, a subtask of T6190: GPGSM: Import / Export of raw and p8 certs / containers broken, as Resolved.
Tue, Sep 6, 1:18 PM · gnupg, S/MIME
aheinecke added a subtask for T6190: GPGSM: Import / Export of raw and p8 certs / containers broken: T6189: Secret key backup of S/MIME certificate creates bad result.
Tue, Sep 6, 1:18 PM · gnupg, S/MIME
aheinecke triaged T6190: GPGSM: Import / Export of raw and p8 certs / containers broken as Normal priority.
Tue, Sep 6, 1:16 PM · gnupg, S/MIME
aheinecke added a comment to T6187: import of p12 file fails with "invalid crypto engine".

Ok. That is about the Invalid Crypto Engine. But this does not explain why a .p12 export via Kleopatra leads to this error when we export a valid certificate. The same thing I do with Kleopatra on the Command Line works:

Tue, Sep 6, 11:42 AM · kleopatra, gpgme, gnupg, Restricted Project
ikloecker placed T6187: import of p12 file fails with "invalid crypto engine" up for grabs.

The error is generated in parse_import in gpgme/src/import.c:

if (errno || args == tail || *tail != ' ')
  {
    /* The crypto backend does not behave.  */
    free (import);
    return trace_gpg_error (GPG_ERR_INV_ENGINE);
  }
Tue, Sep 6, 11:34 AM · kleopatra, gpgme, gnupg, Restricted Project
ikloecker claimed T6187: import of p12 file fails with "invalid crypto engine".
Tue, Sep 6, 11:33 AM · kleopatra, gpgme, gnupg, Restricted Project

Sat, Sep 3

werner triaged T6185: `gpg2 --list-keys --with-colons > /dev/full` exits with status 0 as Low priority.

The more relavant error is that there is no status output on failure which is what gpgme uses (due to double forking).

Sat, Sep 3, 1:08 PM · Bug Report, gnupg
werner closed T6186: gpgv does not support --exit-on-status-write-error as Resolved.

gpgv returns success iff the signature is valid. That is the whole purpose of this tool.

Sat, Sep 3, 1:02 PM · gnupg
DemiMarie created T6186: gpgv does not support --exit-on-status-write-error.
Sat, Sep 3, 7:33 AM · gnupg
DemiMarie created T6185: `gpg2 --list-keys --with-colons > /dev/full` exits with status 0.
Sat, Sep 3, 6:45 AM · Bug Report, gnupg

Fri, Sep 2

vitusb added projects to T6184: zlib version 1.2.12 actually used by GnuPG / Gpg4Win suffers from CVE-2022-37434 / 2 patches are available: gnupg, gpg4win.
Fri, Sep 2, 6:44 PM · Not A Bug, kleopatra, gpg4win
ikloecker added a comment to T5620: GnuPG, pinentry: Passphrase pattern error / warning does not match new logic.

I have introduced this hint exactly because it's impossible to describe the rules automatically.

Fri, Sep 2, 4:28 PM · gnupg, Restricted Project
ikloecker added a comment to T5620: GnuPG, pinentry: Passphrase pattern error / warning does not match new logic.

These hints are taken from the help.txt file.

Fri, Sep 2, 4:28 PM · gnupg, Restricted Project
ikloecker added a comment to T5620: GnuPG, pinentry: Passphrase pattern error / warning does not match new logic.

gpg-agent passes to pinentry a short and a long hint for the passphrase constraints (see constraints-hint-* in pinentry.texi). If these hints are set, then pinentry shows them even before the user has started to enter a passphrase. The error message can then simply be "Read the hint, stupid!". Just kidding, of course.

Fri, Sep 2, 4:27 PM · gnupg, Restricted Project
werner added a comment to T5542: w32: Values under HKLM ignored if HKCU entry for GnuPG exists.

Can you please give a more detailed example with regedit files to demonstrate that?

Fri, Sep 2, 3:15 PM · Windows, gnupg, Restricted Project
werner lowered the priority of T5620: GnuPG, pinentry: Passphrase pattern error / warning does not match new logic from Normal to Low.

Can't we get them from the help.txt file? Putting a tooltip into the pattern file would be an option but needs substantial changes,

Fri, Sep 2, 3:13 PM · gnupg, Restricted Project
werner closed T6173: Invalid signing-key when doing a signature-check of GnuPG installer-packages, signed by Werner Koch's signing-key in de-vs Mode (aka VS-NfD Mode) as Resolved.
Fri, Sep 2, 3:06 PM · Restricted Project, workaround, gnupg
werner closed T6177: GnuPG mishandles write errors on status fd and stdout as Wontfix.
Fri, Sep 2, 8:47 AM · gnupg