Page MenuHome GnuPG

Not A BugCommunication
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Thu, Dec 19

bitigchi closed T7454: Kleopatra: GnuPG System settings’ translations are not pulled as Invalid.

Installing language-pack-tr-base fixed the issue. Closing. Sorry for the noise.

Thu, Dec 19, 6:35 PM · Not A Bug, gnupg, Bug Report

Wed, Dec 18

werner reopened T7454: Kleopatra: GnuPG System settings’ translations are not pulled as "Open".
Wed, Dec 18, 5:25 PM · Not A Bug, gnupg, Bug Report
bitigchi added a comment to T7454: Kleopatra: GnuPG System settings’ translations are not pulled.

Actually not a bug: In my tests I forgot to unset LANGUAGES and LANG before calling gpg.

LANGUAGE= LANG= LC_MESSAGES=de_DE gpg

Thus this should work. But it did only work when I used

LANGUAGE= LANG= LC_MESSAGES=de_DE.UTF8 gpg

Thus the whole thing is related to the configuration of locale.alias and on whether LANGUAGE is set in the environment (for me it is set to en_US:en

Wed, Dec 18, 5:21 PM · Not A Bug, gnupg, Bug Report
werner closed T7454: Kleopatra: GnuPG System settings’ translations are not pulled as Resolved.

Actually not a bug: In my tests I forgot to unset LANGUAGES and LANG before calling gpg.

Wed, Dec 18, 3:28 PM · Not A Bug, gnupg, Bug Report

Mon, Dec 2

gniibe closed T7426: Retain binary representation of key for import->export (in particular, Ed25519 signature), a subtask of T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form , as Resolved.
Mon, Dec 2, 5:49 AM · Not A Bug, gnupg24, Bug Report

Mon, Nov 25

werner changed the status of T7426: Retain binary representation of key for import->export (in particular, Ed25519 signature), a subtask of T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form , from Open to Testing.
Mon, Nov 25, 11:13 AM · Not A Bug, gnupg24, Bug Report
gniibe added a subtask for T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form : T7426: Retain binary representation of key for import->export (in particular, Ed25519 signature).
Mon, Nov 25, 10:21 AM · Not A Bug, gnupg24, Bug Report
gniibe added a comment to T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form .

For this ticket, I reviewed the code around my SOS changes.
Because I'd like to focus the point of retaining binary representation when doing import->export,
I created another thicket: T7426

Mon, Nov 25, 10:21 AM · Not A Bug, gnupg24, Bug Report

Nov 20 2024

dkg added a comment to T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form .

thanks for the clarification. i was not objecting to the workflow, i was trying to understand so that i can interact with the bug tracker appropriately. I was unaware of the difference between "milestones" and other project tags. I'll try to get that right in the future.

Nov 20 2024, 3:52 PM · Not A Bug, gnupg24, Bug Report
werner triaged T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form as Low priority.
Nov 20 2024, 9:02 AM · Not A Bug, gnupg24, Bug Report
werner added projects to T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form : gnupg24, Not A Bug.

Please do not add milestone tags.

Nov 20 2024, 9:02 AM · Not A Bug, gnupg24, Bug Report

Sep 25 2024

werner edited projects for T6820: SCD: Invalid ID when decrypting with brainpool key , added: gnupg, Not A Bug; removed Restricted Project, gnupg22.
Sep 25 2024, 4:20 PM · Not A Bug, gnupg

Jun 25 2024

werner closed T7176: write_status_text_and_buffer fails to escape some non-printable characters as Resolved.

Reading the original bug report it is clear that this is not a gpg bug but a problem in the Python code. This should only be read as utf-8 if the NOTATION_FLAGS line indicated that this is human readable.

Jun 25 2024, 9:12 AM · Support, gnupg, Not A Bug

May 30 2024

dkg added a comment to T7137: unreliable RSA decryption.

It seems too late to reject on import, given that people might already have such a secret key in their ~/.gnupg/private-keys-v1.d/ They might have had it for years without knowing it, because the failure is so intermittent. They might just think that they did something wrong, and when they try again it works. It would be great to be more robust than that.

May 30 2024, 11:28 PM · OpenPGP, Not A Bug, gnupg
werner added a comment to T7137: unreliable RSA decryption.

In more than 25 years of OpenPGP we only had a few new implementations which got it wrong. I see no need to fix it here - maybe import could indeed reject such a key, though.

May 30 2024, 12:50 PM · OpenPGP, Not A Bug, gnupg

May 29 2024

dkg added a comment to T7137: unreliable RSA decryption.

Maybe there's a 4th possible option that's better than the three i identified?

May 29 2024, 9:14 PM · OpenPGP, Not A Bug, gnupg
dkg added a comment to T7137: unreliable RSA decryption.

So i see a range of ways that any OpenPGP software could deal with this:

May 29 2024, 9:13 PM · OpenPGP, Not A Bug, gnupg
werner closed T7137: unreliable RSA decryption as Resolved.

I can replicate that and it works if you disable the use of the CRT. Looking at the key:

pkey[0]: BC9E1CD66676208956B35357210C220508F9F883FE32F4D682CD36BFB4E8055938D4BA21C341D9F48527E420F951B80335B24DF6710F01C4364D554AF659FC35D322061B67CC2F303DC878076059E4F266CFAEF6AB7A29124E969B9C15B1FC2FBA0F0F90E6B059E36B5E3C9BEC4174162689108A1E0EF6D5DDEE61B6B48327A259746288A517B1D78A0E24F5EFF6E880FF39C0BEDDC464B66F787B559EC5487F248196C2CFB15730BD9695C48355DFB2839FA23D8A37FBD48C741F6BE19F9D48BF844C5147591E1E06803DA40BEA1186B3B39CDCBC0E7DAC9DACDBB60A20E56B7E6631E47A45989A256743FDD83C591CFD4110DEA1B04ADE91CCB575FB858C13
 pkey[1]: 010001
 skey[2]: 512FB977EB9872FECA8BDB96884A01A6AB2B7575D307B9ED4F55E777F2F55FBFFCBF4BF2D669D4D7F42CAC7C28F4ACC0ECEEF7B1D90E3D936850372352107F87E77E20A4D133C927F99FFD52277DEA17107BDA72A072AF950AB0B70023327E3B48D9CCB871237D3D6F6C9BA7FDB45AB46217E33FA01A8ED295795323E26505BC9471CAE4DDA94DBF4F35ED915B0CD025805DCA796EB6B208D8D3F63DBE52BC0045CF4CF9B128356359C7E55B661D7B9DCA57F8984095C5AD3FE4DBD19228B281D66609A154DD7E3EE940CFC66CC180DDC4DD00C45A52D5789286D89D49CA34E5F3C4E798D90955074DAE3D99F7F004CDFFBC9B8428E8EB603E240AE07BEE8D71
 skey[3]: F57D9F597750967DF272D9AC661DDC212D7C5CA4C6E91573A80756281351CDC3A2532B155D9251029F89A0A0807DF2BD177DC30FC6A847E07738B55606DF032ADAD8361E0AFEE9C0CF7D566793834977FAAE9C4B87132B94F665EFF463777CDE7EB89113FA3AAC194B6F2D30C40BE7C0DDE36A5855277C1E4D0204FC4C737BCB
 skey[4]: C4B135296B8F4390B953DDA84249FC8467CFF81FC715D1B5F3E01FCC8DC770813630AEA93982F2004705C4D272E07A10B1882AC5C09A45E88B14A1446B4C639B549420CE3BF90947E6E86503E426A8FDAC4C5CFC2809F5F0A1647ED5EE2457C054A40AA1F0666B28B2C970BE2093AE7B095A688B2D713CA8885826F23AFB37D9
 skey[5]: 0790A8E260C6CADC353FB3961D798EFD4F15F96752DA20B86841334C38861743DD7A1FEB2B750D0864F5901BE541B6C8FB63649B18FDC4A32A1233EF90872DCD35704A4B4063DB62752CF6A7FD00F086C6B1042A2B0CB6FB36B7D5269671DACF55242A838E60D514BA868354910CEB1C41FB9A43BF932B5036A6EFE35236FFC7
May 29 2024, 9:40 AM · OpenPGP, Not A Bug, gnupg

Apr 16 2024

matheusmoreira added a comment to T5783: All s2k hardenings silently ignored when exporting private keys.

What is the current status of this issue?

Apr 16 2024, 2:46 PM · Not A Bug, gpgagent, OpenPGP, gpg4win, gnupg

Mar 11 2024

werner closed T7038: gpg --recv-key return code is 0 as Wontfix.

It could have been discussed whether this makes sense. However, we can't change it anymore because it would change the behaviour. Consider a cron job which looks into a directory with keyids and imports them from a keyserver. It is totally fine if the script returns success if no keys are available.

Mar 11 2024, 1:03 PM · Not A Bug, gnupg, Bug Report

Mar 4 2024

Zymlex added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

In case if someone finds it through a search:

Mar 4 2024, 9:51 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Feb 21 2024

werner reopened T6729: scdaemon 'Operation not supported by device' on macOS unless racing for first (?) read on boot as "Open".

The solution seems to be a newer libccid version. If that is the case we may want to include the fix also in our own ccid driver.

Feb 21 2024, 2:45 PM · Feature Request, Not A Bug, gnupg, scd, MacOS
ncts added a comment to T6729: scdaemon 'Operation not supported by device' on macOS unless racing for first (?) read on boot.

Got this from my card vendor. Sonoma had a buggy CCID driver; compile one yourself and the bug's gone: https://forums.developer.apple.com/forums/thread/732091?answerId=768462022#768462022

Feb 21 2024, 11:05 AM · Feature Request, Not A Bug, gnupg, scd, MacOS

Jan 5 2024

werner moved T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent from Backlog to done on the gnupg24 board.
Jan 5 2024, 12:04 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Dec 11 2023

werner closed T6850: dirmngr fails `gpg --recv-key` in very non-obious way if local TOR node in SafeSocks mode is running as Wontfix.

For various reasons dirmngr requires and implements a full resolver and implements that. This way all DNS queries are passed through Tor. Thus this is a feature and not a bug. The error message could be better but we can only return what SOCKS tells us.

Dec 11 2023, 8:37 AM · gnupg, Tor, Not A Bug, dirmngr

Nov 27 2023

ebo edited projects for T6839: GpgOL: Keyresolver forbids to encrypt to (partially?) untrusted keys, added: Not A Bug; removed vsd32, Restricted Project.
Nov 27 2023, 10:28 AM · Not A Bug, libkleo

Nov 13 2023

werner closed T6814: Bad performance of gpg -K when have a lot of keys with keyboxd as Resolved.

That's right: -K is merely a -k which prints only keys which have at least one secret key or a stub key (for smartcards) available.

Nov 13 2023, 4:16 PM · gnupg, Not A Bug

Oct 16 2023

werner closed T6729: scdaemon 'Operation not supported by device' on macOS unless racing for first (?) read on boot as Invalid.

Funny error description from macOS. Looks that there is no device - your PC/SC test programs confirms this. Thus I don't think this is a bug in scdaemon.

Oct 16 2023, 1:30 PM · Feature Request, Not A Bug, gnupg, scd, MacOS
werner closed T6758: gpg-agent doesn't cache passwords in loopback pinentry mode as Resolved.

Sure it does not. That is the whole point of the loopback thing.

Oct 16 2023, 9:16 AM · Not A Bug

Jul 24 2023

ebo moved T5705: GnuPG: System wide configuration ignored when gpg.conf-2 exists from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Jul 24 2023, 2:13 PM · Not A Bug, gnupg, Restricted Project

May 15 2023

werner closed T6489: GPG 2.4.0 encrypted files in FIPS mode is non-compliant as Resolved.

GnuPG is and can't be FIPS-140-3 compliant due to the way it is implemented. We may eventually employ the new hash-and-sign API of Libgcrypt to move into this direction but that has not yet been done. However, this also requires the use of the new indicator API and the, well, a RedHat kernel.

May 15 2023, 8:51 PM · Not A Bug, gnupg, FIPS
werner closed T6490: GPG 2.4.0 encrypting files with `--openpgp` flag does not make the encrypted file adhere to OpenPGP RFC as Resolved.

--openpgp means the current OpenPGP standard as implemented by GnuPG. This was important in the first few years of OpenPGP but not anymore today. The option --rfc4880 might be what you want. Please keep also in mind that the preference list declares what a concrete implementation supports and not necessary what's in an RFC.

May 15 2023, 8:47 PM · Not A Bug, Bug Report

May 9 2023

werner closed T4669: Key expiration time sometimes improperly interpreted as a signed 32-bit value as Resolved.
May 9 2023, 7:50 AM · Not A Bug, OpenPGP, gnupg

Apr 12 2023

ebo removed a project from T6162: WKD entry confirmation error: Restricted Project.
Apr 12 2023, 4:16 PM · Not A Bug, wkd

Mar 15 2023

Tuyen added a comment to T6402: [gnupg] configure: --with-libksba-prefix overrided by --with-ksba-prefix.

Hi @werner,
I understand we should use --with-libksba-prefix, but it doesn't work:

Mar 15 2023, 10:42 AM · Not A Bug, Bug Report
werner closed T6402: [gnupg] configure: --with-libksba-prefix overrided by --with-ksba-prefix as Resolved.

That is not a bug but required for backward compatibility. See me/ksba.m4:

Mar 15 2023, 9:55 AM · Not A Bug, Bug Report

Mar 14 2023

werner closed T6406: gpg-agent: Fail on expiring YubiKey PIN as Resolved.
Mar 14 2023, 9:31 AM · Not A Bug, yubikey, gpgagent

Mar 13 2023

danisanti added a comment to T6406: gpg-agent: Fail on expiring YubiKey PIN.

I never made a threat model. But definitely *any* cracker, should be out of my system, either from governmental agencies or from a kiddo in Russia.
I know that I have someone that is remote accessing my machine, since I got some tells. And that this cracker have used my Emacs text editor.

Mar 13 2023, 10:00 PM · Not A Bug, yubikey, gpgagent
werner edited projects for T6406: gpg-agent: Fail on expiring YubiKey PIN, added: Not A Bug; removed Bug Report.

Smartcard PINs are different from passphrase for on-disk keys. Once a PIN is entered the smartcard is unlocked as long as it is powered up. In theory we could power down and power up the card to lock it. The question here is what is your threat model? If you have malware on your system it could simply brick your token or, more common, peek at your PIN.

Mar 13 2023, 7:29 AM · Not A Bug, yubikey, gpgagent

Feb 14 2023

werner added a comment to T6370: Print diagnostics to explain certain expiration cases.

I guess this is the first time such a key was reported. Printing diagnostics would be a bit of work because the code to compute th. expiration time is deep in gpg's guts.

Feb 14 2023, 5:19 PM · Feature Request, gnupg
positron added a comment to T6370: Print diagnostics to explain certain expiration cases.

The first signature is a direct key signature (class 0x1f) and this determines the expiration time. The usual case is to have the expiration time in the user id signatures. Our code does not allow to chnage the expiration time of direct key signature. This is because direct key signature are used by PGP and GnuPG only to add designated revokers. Gpg has no means to create a direct key signature like you have in your key.

Feb 14 2023, 10:39 AM · Feature Request, gnupg
werner edited projects for T6370: Print diagnostics to explain certain expiration cases, added: gnupg, Not A Bug; removed Bug Report.
Feb 14 2023, 10:10 AM · Feature Request, gnupg

Feb 1 2023

gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@MathiasMagnus This change is to support Win32-OpenSSH by gpg-agent emulation of ssh-agent; You can use gpg-agent emulation of ssh-agent when you use Win32-OpenSSH. That is, you can use GPG auth subkey for Win32-OpenSSH.

Feb 1 2023, 6:03 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Jan 31 2023

MathiasMagnus added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@gniibe Am I misunderstanding something? I thought that with this change one is able to connect from a Windows box to a Linux box and have GPG agent forwarding work. I am still hitting pretty much the same issue described here: https://github.com/PowerShell/Win32-OpenSSH/issues/1564
On my Windows endpoint I'm running gpg.exe version 2.4.0.49237 and in C:\Users\mate\AppData\Roaming\gnupg\gpg-agent.conf I have a single line enable-win32-openssh-support. Running gpg-connect-agent.exe reloadagent /bye I have a gpg-agent running. Get-Process gpg-agent shows that it's running. In my Windows env I have SSH_AUTH_SOCK set to \\.\pipe\openssh-ssh-agent and my Linux endpoint is configured in SSH config with

ForwardAgent yes
AddKeysToAgent yes
RemoteForward /run/user/1015/gnupg/S.gpg-agent C\:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra

As the remote end reports /run/user/1015/gnupg/S.gpg-agent that socket for agent-socket when issuing gpgconf --list-dirs and my local gpgconfg.exe --list-dirs reports C%3a\Users\mate\AppData\Local\gnupg\S.gpg-agent.extra where I transform %3a to \: manually. SSH authentication works perfectly, when connecting pinentry-qt pops up to unlock my key and when connecting to yet another machine, my SSH agent is forwarded again. However, gpg fails to use my agent. Issuing gpg --list-secret-keys --verbose prints the following to the console:

gpg --list-secret-keys --verbose
gpg: using pgp trust model
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
gpg: no running gpg-agent - starting '/usr/bin/gpg-agent'
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
gpg: waiting for the agent to come up ... (5s)
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
gpg: waiting for the agent to come up ... (4s)
gpg: waiting for the agent to come up ... (3s)
gpg: waiting for the agent to come up ... (2s)
gpg: waiting for the agent to come up ... (1s)
gpg: can't connect to the agent: End of file

What is missing to tie the knot on both ends without having to resort to 3rd party tools like @rupor-github 's agent-gui? The remote gpg version is 2.2.19, is that the issue? Must that also be 2.3.9+?

Jan 31 2023, 10:35 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Dec 22 2022

werner closed T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent as Resolved.
Dec 22 2022, 10:34 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Oct 28 2022

werner closed T6029: ntbtls: Require TLS 1.2 or later + AEAD by default as Resolved.

I can't see what we shall do here.

Oct 28 2022, 3:59 PM · Not A Bug, ntbtls

Sep 22 2022

luweitest added a comment to T6207: can't open gpg-agent.

Yes I do understand Windows XP is not supported. Just in case it is a minor problem that is easy to fix and will not cost you much effort. I'd like to add more information: I do not change
%LOCALAPPDATA%. There is no such environment variable. A similar environment variable is:
APPDATA=C:\Documents and Settings\myname\Application Data
I do set GNUPGHOME=E:\key, which I think should be allowed because I do not want my personal info be stored in system drive.

Sep 22 2022, 1:44 PM · Not A Bug, gnupg, Windows

Sep 21 2022

aheinecke closed T6207: can't open gpg-agent as Invalid.

This is a support question and not a bug. You should ask such questions on the channels for Gpg4win, which does the Community support for GnuPG on Windows: https://www.gpg4win.org/community.html

Sep 21 2022, 9:14 PM · Not A Bug, gnupg, Windows

Sep 15 2022

aheinecke added a comment to T6195: gpg: New key has unknown trust after generation.

To clarify that I meant that the underlying problem is our current keylisting speed in Kleopatra I have opened T6206.

Sep 15 2022, 4:35 PM · Not A Bug, gnupg
aheinecke added a comment to T6195: gpg: New key has unknown trust after generation.

keyboxd has nothing to do with this, it merely makes the lookup of keys a bit faster. The computation of the WoT itself takes long and there is no shortcut for it. Fortunately most users don't have a deeply meshed WoT with dedicated revokers etc., thus for them things are fast in the standard configuration.

Sep 15 2022, 4:17 PM · Not A Bug, gnupg