This is the current development version of GnuPG.
Details
Details
Description
Today
Today
@werner: gpg fails to batch import secret Kyber keys:
$ GNUPGHOME=/home/ingo/dev/g10/.gnupghomes/empty gpg --batch --import --verbose ~/dev/g10/testdata/exported/Kyber768_0xDD89C34EF2B69576_SECRET.asc gpg: WARNING: unsafe permissions on homedir '/home/ingo/dev/g10/.gnupghomes/empty' gpg: enabled compatibility flags: gpg: sec brainpoolP256r1/DD89C34EF2B69576 2024-11-14 Kyber768 <kyber768@example.net> gpg: using pgp trust model gpg: key DD89C34EF2B69576: public key "Kyber768 <kyber768@example.net>" imported gpg: key DD89C34EF2B69576/DD89C34EF2B69576: secret key imported gpg: key DD89C34EF2B69576/D07DD3BF9F1AAF4F: error sending to agent: IPC parameter error gpg: error reading '/home/ingo/dev/g10/testdata/exported/Kyber768_0xDD89C34EF2B69576_SECRET.asc': IPC parameter error gpg: import from '/home/ingo/dev/g10/testdata/exported/Kyber768_0xDD89C34EF2B69576_SECRET.asc' failed: IPC parameter error gpg: Total number processed: 0 gpg: imported: 1 gpg: secret keys read: 1
• ebo edited projects for T7757: Kleopatra: Error "no data" on decryption of tar.gpg archive, added: gpd5x (gpd-5.0.0); removed gpd5x.
• ebo edited projects for T1825: Add a re-encrypt to additional key, added: gpd5x (gpd-5.0.0); removed gpd5x.
• ebo edited projects for T7709: Decryption with ECC smartcard keys broken, added: gpd5x (gpd-5.0.0); removed gpd5x.
• ebo edited projects for T7730: gpg: retrieve a certificate from an LDAP server before sending it to the LDAP server, added: gpd5x (gpd-5.0.0); removed gpd5x.
• ebo edited projects for T7759: Kleopatra: Notepad encryption with S/MIME fails, added: gpd5x (gpd-5.0.0); removed gpd5x.
• ebo edited projects for T7855: keybox/keydb locking issue in 2.6 , added: gpd5x (gpd-5.0.0); removed gpd5x.
• ebo edited projects for T7983: gpg: the validity of a secret key is changed by making a certification with it, added: gpd5x (gpd-5.0.0); removed gpd5x.
Yesterday
Yesterday
• werner changed the status of T8026: Kleopatra: Export of multiple S/MIME certificates only exports one from Open to Testing.
• werner added a comment to T8026: Kleopatra: Export of multiple S/MIME certificates only exports one.
Thanks Ingo. It seems 2.5.17 is not too far away.
• ikloecker removed a project from T8026: Kleopatra: Export of multiple S/MIME certificates only exports one: kleopatra.
I can reproduce this on the command line:
C:\Users\g10code>"c:\Program Files\GnuPG\bin\gpgsm.exe" --export --armor 579BAF3DF16AD462457BCC0897ADBC143D76EA7B 5A2B80F98F518D50891B1F0C7C6131AD107F9938 DB625D2BBBB5A3FD985C0233249B03090E85D402
Issuer ...: /CN=CA IVBB Deutsche Telekom AG 20/OU=Bund/O=PKI-1-Verwaltung/C=DE
Serial ...: 02195D190EBE34
Subject ..: /CN=iOS Test-Smartcard iostest01.sc/OU=BSI/O=Bund/C=DE/SerialNumber=2
aka ..: iostest01.sc@bsi.bund.de
Keygrip ..: 527CE32FD0552D18479442EF90DD5E434C036329• ikloecker added a project to T8026: Kleopatra: Export of multiple S/MIME certificates only exports one: gnupg26.
I can reproduce the issue only (!!!) with keyboxd (on Windows).
Fri, Jan 9
Fri, Jan 9
• werner moved T7866: Allow separate LDAP keyserver for uploading from QA to WIP on the gnupg26 board.
• werner changed the status of T7990: export-minimal unexpectedly omits expired key from Open to Testing.
• werner added a comment to T7990: export-minimal unexpectedly omits expired key.
So w/o the new option we have:
timegrid added a comment to T7866: Allow separate LDAP keyserver for uploading.
The behaviour might have changed a bit because of the ldap: prefix i use now, or i have missed this case the last time:
Given some cert on the "download" server, I can find it, if dirmngr.conf contains only the "download" server, or if the "download" server is listed first:
• ebo added a project to T7804: de-vs compliance not shown if also password encrypted: test on hold.
testing will wait for special build
• werner moved T7298: gpg --quick-set-expire fails for V5 subkeys from QA to done on the gnupg24 board.
• werner added a comment to T7866: Allow separate LDAP keyserver for uploading.
Independent of keyserver order in dirmngr.conf, --search-keys still offers keys from the upload server, but the download fails:
• werner added a comment to T7866: Allow separate LDAP keyserver for uploading.
For "Although the upload server is used for upload, the gpg message still displays the first keyserver" see T8025
• werner triaged T8025: Display the correct LDAP server in gpg if the upload flag is in use. as Normal priority.
I am using that version and key daily. No problems seen.
timegrid closed T7893: GnuPG: Decryption fails if the pinentry dialog for the first tried recipient is canceled as Resolved.
Looks good to me on gpg4win-5.0.0-beta479 @ win11:
was tested already by timegrid
• ebo closed T7491: Confusing additional pinentry on creation of new keypair with ADSK configured as Resolved.
This does not happen any more, tested with Gpg4win-5.0.0-beta479
• ebo closed T7315: Allow export and import of PQC secret keys., a subtask of T6815: PQC encryption for GnuPG, as Resolved.
Tested with Gpg4win-5.0.0-beta479
in Gpg4win-5.0.0-beta479
with Gpg4win-5.0.0-beta479 the listing after creating the new key with ADSK looks ok now:
• werner edited projects for T6421: Improve error message if no reset code (PUK) is set, added: gnupg26; removed gnupg22, gnupg24.
I think we won't fix that for 2.2
• werner edited projects for T6436: Double pinentry on change password, added: gnupg26; removed gnupg24.
• werner moved T7730: gpg: retrieve a certificate from an LDAP server before sending it to the LDAP server from WiP to gnupg-2.2.52 on the gnupg22 board.
• werner moved T7914: Card s/n number missing in gpgsm from WiP to gnupg-2.2.52 on the gnupg22 board.
• werner closed T7805: Permission denied on batch deletion of mixed (openpgp+smime) certs, a subtask of T7855: keybox/keydb locking issue in 2.6 , as Resolved.
Thu, Jan 8
Thu, Jan 8
• werner changed the status of T7892: keyboxd: subkey listing issue with ADSKs from Open to Testing.
Wed, Jan 7
Wed, Jan 7
• ebo added a comment to T8012: Missing error on first key search without keyserver.
It looks similar if the key is in a WKD: First search fails without error, only "no certificates found" is shown. Clicking "Search" again results then in the expected key being found and shown.
• werner triaged T8019: gpg does not print warning about untrusted key when verifying signatures made by expired (and untrusted) keys as Normal priority.
Traditionally we have considered expired and revoked more or less similar. The idea is that an expired key might have been compromised but the owner did not found a way to revoke it. We may want to change this policy because some users don't care too much about expired keys (cf. T7990) .
• ikloecker added a comment to T8019: gpg does not print warning about untrusted key when verifying signatures made by expired (and untrusted) keys.
Interestingly, gpg also prints the warning about the missing trusted key signature when verifying a signature made with a revoked key that has a valid certification by a trusted key. This could be intentional (because the revocation invalidates all certifications), but it's still a bit surprising.
Tue, Jan 6
Tue, Jan 6
the13thletter added a comment to T8013: gpgconf does not support the --enable-win32-openssh-support option for gpg-agent.
Frankly, he OpenSSH support for Windows was experimental and I have never tested it. If it can be confirmed that this really works and is useful, it will be easy to add the opeion to gpgconf.