Page MenuHome GnuPG

Not A BugCommunication
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Mon, May 15

werner closed T6489: GPG 2.4.0 encrypted files in FIPS mode is non-compliant as Resolved.

GnuPG is and can't be FIPS-140-3 compliant due to the way it is implemented. We may eventually employ the new hash-and-sign API of Libgcrypt to move into this direction but that has not yet been done. However, this also requires the use of the new indicator API and the, well, a RedHat kernel.

Mon, May 15, 8:51 PM · Not A Bug, gnupg, FIPS
werner closed T6490: GPG 2.4.0 encrypting files with `--openpgp` flag does not make the encrypted file adhere to OpenPGP RFC as Resolved.

--openpgp means the current OpenPGP standard as implemented by GnuPG. This was important in the first few years of OpenPGP but not anymore today. The option --rfc4880 might be what you want. Please keep also in mind that the preference list declares what a concrete implementation supports and not necessary what's in an RFC.

Mon, May 15, 8:47 PM · Not A Bug, Bug Report

Tue, May 9

werner closed T4669: Key expiration time sometimes improperly interpreted as a signed 32-bit value as Resolved.
Tue, May 9, 7:50 AM · Not A Bug, OpenPGP, gnupg

Apr 12 2023

ebo removed a project from T6162: WKD entry confirmation error: Restricted Project.
Apr 12 2023, 4:16 PM · Not A Bug, wkd

Mar 15 2023

Tuyen added a comment to T6402: [gnupg] configure: --with-libksba-prefix overrided by --with-ksba-prefix.

Hi @werner,
I understand we should use --with-libksba-prefix, but it doesn't work:

Mar 15 2023, 10:42 AM · Not A Bug, Bug Report
werner closed T6402: [gnupg] configure: --with-libksba-prefix overrided by --with-ksba-prefix as Resolved.

That is not a bug but required for backward compatibility. See me/ksba.m4:

Mar 15 2023, 9:55 AM · Not A Bug, Bug Report

Mar 14 2023

werner closed T6406: gpg-agent: Fail on expiring YubiKey PIN as Resolved.
Mar 14 2023, 9:31 AM · Not A Bug, yubikey, gpgagent

Mar 13 2023

danisanti added a comment to T6406: gpg-agent: Fail on expiring YubiKey PIN.

I never made a threat model. But definitely *any* cracker, should be out of my system, either from governmental agencies or from a kiddo in Russia.
I know that I have someone that is remote accessing my machine, since I got some tells. And that this cracker have used my Emacs text editor.

Mar 13 2023, 10:00 PM · Not A Bug, yubikey, gpgagent
werner edited projects for T6406: gpg-agent: Fail on expiring YubiKey PIN, added: Not A Bug; removed Bug Report.

Smartcard PINs are different from passphrase for on-disk keys. Once a PIN is entered the smartcard is unlocked as long as it is powered up. In theory we could power down and power up the card to lock it. The question here is what is your threat model? If you have malware on your system it could simply brick your token or, more common, peek at your PIN.

Mar 13 2023, 7:29 AM · Not A Bug, yubikey, gpgagent

Feb 14 2023

werner added a comment to T6370: Print diagnostics to explain certain expiration cases.

I guess this is the first time such a key was reported. Printing diagnostics would be a bit of work because the code to compute th. expiration time is deep in gpg's guts.

Feb 14 2023, 5:19 PM · Feature Request, gnupg
positron added a comment to T6370: Print diagnostics to explain certain expiration cases.

The first signature is a direct key signature (class 0x1f) and this determines the expiration time. The usual case is to have the expiration time in the user id signatures. Our code does not allow to chnage the expiration time of direct key signature. This is because direct key signature are used by PGP and GnuPG only to add designated revokers. Gpg has no means to create a direct key signature like you have in your key.

Feb 14 2023, 10:39 AM · Feature Request, gnupg
werner edited projects for T6370: Print diagnostics to explain certain expiration cases, added: gnupg, Not A Bug; removed Bug Report.
Feb 14 2023, 10:10 AM · Feature Request, gnupg

Feb 1 2023

gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@MathiasMagnus This change is to support Win32-OpenSSH by gpg-agent emulation of ssh-agent; You can use gpg-agent emulation of ssh-agent when you use Win32-OpenSSH. That is, you can use GPG auth subkey for Win32-OpenSSH.

Feb 1 2023, 6:03 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Jan 31 2023

MathiasMagnus added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@gniibe Am I misunderstanding something? I thought that with this change one is able to connect from a Windows box to a Linux box and have GPG agent forwarding work. I am still hitting pretty much the same issue described here: https://github.com/PowerShell/Win32-OpenSSH/issues/1564
On my Windows endpoint I'm running gpg.exe version 2.4.0.49237 and in C:\Users\mate\AppData\Roaming\gnupg\gpg-agent.conf I have a single line enable-win32-openssh-support. Running gpg-connect-agent.exe reloadagent /bye I have a gpg-agent running. Get-Process gpg-agent shows that it's running. In my Windows env I have SSH_AUTH_SOCK set to \\.\pipe\openssh-ssh-agent and my Linux endpoint is configured in SSH config with

ForwardAgent yes
AddKeysToAgent yes
RemoteForward /run/user/1015/gnupg/S.gpg-agent C\:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra

As the remote end reports /run/user/1015/gnupg/S.gpg-agent that socket for agent-socket when issuing gpgconf --list-dirs and my local gpgconfg.exe --list-dirs reports C%3a\Users\mate\AppData\Local\gnupg\S.gpg-agent.extra where I transform %3a to \: manually. SSH authentication works perfectly, when connecting pinentry-qt pops up to unlock my key and when connecting to yet another machine, my SSH agent is forwarded again. However, gpg fails to use my agent. Issuing gpg --list-secret-keys --verbose prints the following to the console:

gpg --list-secret-keys --verbose
gpg: using pgp trust model
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
gpg: no running gpg-agent - starting '/usr/bin/gpg-agent'
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
gpg: waiting for the agent to come up ... (5s)
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
getsockopt SO_ERROR failed
connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed.
gpg: waiting for the agent to come up ... (4s)
gpg: waiting for the agent to come up ... (3s)
gpg: waiting for the agent to come up ... (2s)
gpg: waiting for the agent to come up ... (1s)
gpg: can't connect to the agent: End of file

What is missing to tie the knot on both ends without having to resort to 3rd party tools like @rupor-github 's agent-gui? The remote gpg version is 2.2.19, is that the issue? Must that also be 2.3.9+?

Jan 31 2023, 10:35 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Dec 22 2022

werner closed T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent as Resolved.
Dec 22 2022, 10:34 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Oct 28 2022

werner closed T6029: ntbtls: Require TLS 1.2 or later + AEAD by default as Resolved.

I can't see what we shall do here.

Oct 28 2022, 3:59 PM · Not A Bug, ntbtls

Sep 22 2022

luweitest added a comment to T6207: can't open gpg-agent.

Yes I do understand Windows XP is not supported. Just in case it is a minor problem that is easy to fix and will not cost you much effort. I'd like to add more information: I do not change
%LOCALAPPDATA%. There is no such environment variable. A similar environment variable is:
APPDATA=C:\Documents and Settings\myname\Application Data
I do set GNUPGHOME=E:\key, which I think should be allowed because I do not want my personal info be stored in system drive.

Sep 22 2022, 1:44 PM · Not A Bug, gnupg, Windows

Sep 21 2022

aheinecke closed T6207: can't open gpg-agent as Invalid.

This is a support question and not a bug. You should ask such questions on the channels for Gpg4win, which does the Community support for GnuPG on Windows: https://www.gpg4win.org/community.html

Sep 21 2022, 9:14 PM · Not A Bug, gnupg, Windows

Sep 15 2022

aheinecke added a comment to T6195: gpg: New key has unknown trust after generation.

To clarify that I meant that the underlying problem is our current keylisting speed in Kleopatra I have opened T6206.

Sep 15 2022, 4:35 PM · Not A Bug, gnupg
aheinecke added a comment to T6195: gpg: New key has unknown trust after generation.

keyboxd has nothing to do with this, it merely makes the lookup of keys a bit faster. The computation of the WoT itself takes long and there is no shortcut for it. Fortunately most users don't have a deeply meshed WoT with dedicated revokers etc., thus for them things are fast in the standard configuration.

Sep 15 2022, 4:17 PM · Not A Bug, gnupg

Sep 14 2022

werner added a comment to T6195: gpg: New key has unknown trust after generation.

keyboxd has nothing to do with this, it merely makes the lookup of keys a bit faster. The computation of the WoT itself takes long and there is no shortcut for it. Fortunately most users don't have a deeply meshed WoT with dedicated revokers etc., thus for them things are fast in the standard configuration.

Sep 14 2022, 4:23 PM · Not A Bug, gnupg
aheinecke closed T6195: gpg: New key has unknown trust after generation as Resolved.

I agree. We have to get rid of auto check trustdb and such stuff. I always found that impossible to program around because it either takes a long time (check-trustdb) or it might return invalid results (no check).
The solution for this is keyboxd.

Sep 14 2022, 12:27 PM · Not A Bug, gnupg
werner placed T6195: gpg: New key has unknown trust after generation up for grabs.

If you run gpg --export-ownertrust you will notice that the trust has been set to ultimate (value is 6). However, due to the no-auto-check-trustdb in your gpg.conf that will valeu will only be shown after running gpg --check-trustdb. The value shown in the key listing is the computed value and the computation is done by --check-trustdb. I don't see a bug here.

Sep 14 2022, 11:06 AM · Not A Bug, gnupg

Sep 3 2022

werner closed T6184: zlib version 1.2.12 actually used by GnuPG / Gpg4Win suffers from CVE-2022-37434 / 2 patches are available as Resolved.
Sep 3 2022, 8:48 PM · Not A Bug, kleopatra, gpg4win

Sep 2 2022

werner closed T6178: es_write_sanitized swallows errors as Resolved.

Standard behaviour for stdio functions.

Sep 2 2022, 8:46 AM · Not A Bug, gpgrt

Aug 25 2022

werner closed T6162: WKD entry confirmation error as Resolved.

You get this error because the key has been created in gnupg mode (and not in de-vs) and thus it has these preferences.

Aug 25 2022, 3:30 PM · Not A Bug, wkd

Jul 13 2022

gniibe closed T5286: Calculate Z hash for sm2 as Resolved.

Reading through the report, the spec., and current implementation, I concluded that this is not a bug, thus, I'm closing this.

Jul 13 2022, 6:57 AM · Not A Bug, Info Needed, libgcrypt, Feature Request

Jun 16 2022

werner edited projects for T6033: Regression in GnuPG 2.2.34 with some ECC keys, added: Not A Bug, Windows, gnupg (gpg22); removed Bug Report.

You deleted the socket file but you did not restart the agent. Thus gpg can't contact the agent anymore. On Windows we use a socket emulation which requires the socket's file only for a new connection (to get the port and magic cookie).

Jun 16 2022, 6:48 PM · Bug Report, gnupg (gpg22)

Mar 16 2022

gniibe closed T4931: gnupg unusable with a long path to $HOME as Resolved.
Mar 16 2022, 3:03 PM · Not A Bug, FAQ, gnupg

Feb 25 2022

werner closed T5823: DNS srv problem with Tor transparent proxy as Resolved.
Feb 25 2022, 9:15 AM · Not A Bug

Feb 23 2022

werner closed T5838: gpg card not getting detected as Resolved.
Feb 23 2022, 4:07 PM · Not A Bug, scd, gnupg, RHEL

Feb 14 2022

gniibe closed T5814: gpg-agent can't find existing 'pinentry', searches 'Pinentry' (uppercase'P') instead as Resolved.
Feb 14 2022, 10:46 AM · Not A Bug, Bug Report

Jan 18 2022

arkadesOrg added a comment to T5789: gpg --list-options [comp] has missing closing quotes for strings.

Excuse me you are right of course. man gpgconf | grep quot says it all.

Jan 18 2022, 8:14 PM · Not A Bug, Bug Report
arkadesOrg added a comment to T5789: gpg --list-options [comp] has missing closing quotes for strings.

man gpg | grep quote nor man gpgconf | grep quote does not tell anything about it. I recognized the single opening quote of "string at post processing the output of gpgconf --list-options to generate a gpgconf.conf template. I just expected a closing quote for "string".

Jan 18 2022, 8:09 PM · Not A Bug, Bug Report
werner changed the status of T5784: Prioritization of weak Brainpool-Curves, when de-vs aka VS-NfD mode is activated (compliance de-vs) from Resolved to Wontfix.

vitusb: We had this discussion on cryptography@ years ago. No need to start it again - or well, try it over there. This is a bug tracker and not a discussion forum.

Jan 18 2022, 7:20 PM · Not A Bug, gpg4win, gnupg
aheinecke added a comment to T5784: Prioritization of weak Brainpool-Curves, when de-vs aka VS-NfD mode is activated (compliance de-vs).

These curves are not the default in the compliance mode "gnupg" only if you explicitly switch to the BSI defined "VS-NfD" mode they become default.

Jan 18 2022, 8:26 AM · Not A Bug, gpg4win, gnupg
werner closed T5789: gpg --list-options [comp] has missing closing quotes for strings as Resolved.

Nope. The double quote indicates a string. See the man page.

Jan 18 2022, 7:21 AM · Not A Bug, Bug Report

Jan 17 2022

vitusb added a comment to T5783: All s2k hardenings silently ignored when exporting private keys.

Sending a private key with just the local protection is not a good idea.

Jan 17 2022, 6:11 PM · Not A Bug, gpgagent, OpenPGP, gpg4win, gnupg
vitusb added a comment to T5784: Prioritization of weak Brainpool-Curves, when de-vs aka VS-NfD mode is activated (compliance de-vs).

Please no holy wars on the type of curves. NIST as its opinon, Europe has its opinion, DJB has of course a different opinion. Please use the the cryptography ML for such political/technical discussions.

Jan 17 2022, 5:41 PM · Not A Bug, gpg4win, gnupg
werner closed T5783: All s2k hardenings silently ignored when exporting private keys as Resolved.

Sending a private key with just the local protection is not a good idea. It is better to export the key and then send it in an encrypted mail - for example in symmetric mode with a strong password.

Jan 17 2022, 10:48 AM · Not A Bug, gpgagent, OpenPGP, gpg4win, gnupg
werner closed T5784: Prioritization of weak Brainpool-Curves, when de-vs aka VS-NfD mode is activated (compliance de-vs) as Resolved.

Please no holy wars on the type of curves. NIST as its opinon, Europe has its opinion, DJB has of course a different opinion. Please use the the cryptography ML for such political/technical discussions.

Jan 17 2022, 10:43 AM · Not A Bug, gpg4win, gnupg

Dec 21 2021

werner closed T5746: Pinetry always loses focus after popping up under Windows as Resolved.

That is a security feature of WIndows. We can't do much about it except for bad hacks. Checkout Kleopatra to see how you can improve this.

Dec 21 2021, 6:11 PM · Not A Bug, pinentry

Dec 10 2021

werner closed T5726: Setting "compliance de-vs" in gpg.conf with libgcrypt 1.9.0 and newer causes confusing error messages as Resolved.

The first is a warning and the other error codes are exactly what we want.

Dec 10 2021, 1:53 PM · Not A Bug, libgcrypt, gnupg

Nov 25 2021

werner closed T5705: GnuPG: System wide configuration ignored when gpg.conf-2 exists as Resolved.

Not a bug but a limitation of 2.2's option listing: In contrast to 2.3 we can't *show* the used options via gpgconf correcly if there is a conflict between global and local options. However, the actually *used* values are different and correct according to the config. In particular a global forced option overrides any local or command line option.

Nov 25 2021, 4:11 PM · Not A Bug, gnupg, Restricted Project

Oct 14 2021

swimmerm added a project to T5626: 'GPGCONF --list-dirs' command option on-screen displayed results show '%3a' unexpected and unneeded characters in each line displaying a C: drive path instead of simpler expected '...:C:\...' sub-strings with only valid ':' ('colon') characters present: gnupg (gpg22).
Oct 14 2021, 11:13 PM · gnupg (gpg22), UI, Not A Bug, gpg4win
swimmerm renamed T5626: 'GPGCONF --list-dirs' command option on-screen displayed results show '%3a' unexpected and unneeded characters in each line displaying a C: drive path instead of simpler expected '...:C:\...' sub-strings with only valid ':' ('colon') characters present from 'GPGCONF --list-dirs' command option on-screen displayed results show '%3a' unexpected and unneeded characters in each line displaying a C: drive path instead of simpler expected '...:C:\...' sub-string with only valid ':' ('colon') characters present to 'GPGCONF --list-dirs' command option on-screen displayed results show '%3a' unexpected and unneeded characters in each line displaying a C: drive path instead of simpler expected '...:C:\...' sub-strings with only valid ':' ('colon') characters present.
Oct 14 2021, 11:11 PM · gnupg (gpg22), UI, Not A Bug, gpg4win
swimmerm renamed T5626: 'GPGCONF --list-dirs' command option on-screen displayed results show '%3a' unexpected and unneeded characters in each line displaying a C: drive path instead of simpler expected '...:C:\...' sub-strings with only valid ':' ('colon') characters present from 'GPGCONF --list-dirs' command option on-screen displayed results show '%3a' unexpected and unneeded characters in each line displaying a C: drive path instead of simpler expected ':C:\' string with only valid ':' ('colon') characters present to 'GPGCONF --list-dirs' command option on-screen displayed results show '%3a' unexpected and unneeded characters in each line displaying a C: drive path instead of simpler expected '...:C:\...' sub-string with only valid ':' ('colon') characters present.
Oct 14 2021, 11:10 PM · gnupg (gpg22), UI, Not A Bug, gpg4win
swimmerm renamed T5626: 'GPGCONF --list-dirs' command option on-screen displayed results show '%3a' unexpected and unneeded characters in each line displaying a C: drive path instead of simpler expected '...:C:\...' sub-strings with only valid ':' ('colon') characters present from 'GPGCONF --list-dirs' command option on-screen displayed results show '%3a' unexpected characters strings in each line displaying a C: drive path instead of simpler expected ':C:\' string with only valid ':' ('colon') characters present to 'GPGCONF --list-dirs' command option on-screen displayed results show '%3a' unexpected and unneeded characters in each line displaying a C: drive path instead of simpler expected ':C:\' string with only valid ':' ('colon') characters present.
Oct 14 2021, 11:09 PM · gnupg (gpg22), UI, Not A Bug, gpg4win

Oct 13 2021

werner triaged T5621: No '%ProgramData%\GNU', '%ProgramData%\GNU\etc', '%ProgramData%\GNU\etc\gnupg' or '%ProgramData%\GNU\etc\gnupg\trusted-certs' or '%ProgramData%\GNU\etc\gnupg\extra-certs' get created after setup as Normal priority.
Oct 13 2021, 8:29 AM · Documentation, Not A Bug, gpg4win

Oct 12 2021

swimmerm added a comment to T5626: 'GPGCONF --list-dirs' command option on-screen displayed results show '%3a' unexpected and unneeded characters in each line displaying a C: drive path instead of simpler expected '...:C:\...' sub-strings with only valid ':' ('colon') characters present.

Just adding this note because a next step I'm also evaluating in my current T5593 configuration status it to temporarily create a new Gpg4win 3.1.16 hybrid configuration by also adding latest GnuPG v2.2.31 to see if all issues I reported here are still present (which is also quite probable).
Also because of T5593 it would just be quite interesting to see if GnuPG v2.2.31 too might experience same T5593 path related error.

Oct 12 2021, 6:13 PM · gnupg (gpg22), UI, Not A Bug, gpg4win