Page MenuHome GnuPG

Not A BugCommunication
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Aug 13 2021

werner changed the edit policy for Not A Bug.
Aug 13 2021, 11:10 PM

Jun 26 2021

werner added a comment to T5496: [Problem Report] Add a new Cross-Platform Frontend Software for gnupg to the List.

wk at gnupg dot org but better avoid any HTML parts etc.

Jun 26 2021, 9:22 AM · Info Needed, Not A Bug

Jun 25 2021

Saturneric added a comment to T5496: [Problem Report] Add a new Cross-Platform Frontend Software for gnupg to the List.

Thank you, this is my great honor!
If it is convenient, can you provide an email address? So that I can elaborate to you.

Jun 25 2021, 2:20 PM · Info Needed, Not A Bug
werner closed T5069: Concurrent auto-start of gpg-agent by multiple gpg instances. as Resolved.
Jun 25 2021, 11:29 AM · Not A Bug, No Response, Info Needed, gnupg (gpg22), Windows, Bug Report
werner closed T5496: [Problem Report] Add a new Cross-Platform Frontend Software for gnupg to the List as Resolved.

Thanks. I added it to the list. If you have not yet done this I would suggest to write a note to gnupg-users.

Jun 25 2021, 9:26 AM · Info Needed, Not A Bug

Jun 19 2021

Saturneric created T5496: [Problem Report] Add a new Cross-Platform Frontend Software for gnupg to the List.
Jun 19 2021, 10:19 PM · Info Needed, Not A Bug

Apr 16 2021

gniibe closed T5134: GPG - will not sign nor verify the pin when using a contactless reader as Resolved.
Apr 16 2021, 4:25 AM · Not A Bug, scd, Bug Report

Apr 12 2021

Angel added a comment to T5367: PDF signed with --clearsign has image distorted..

The surprising thing is that it works at all. I wouldn't be surprised if certain would simply reject it as "not a pdf" given that the "%PDF-1.x" marker isn't at the beginning.

Apr 12 2021, 2:40 AM · Not A Bug, FAQ

Mar 27 2021

werner closed T5367: PDF signed with --clearsign has image distorted. as Resolved.
Mar 27 2021, 11:29 AM · Not A Bug, FAQ
werner edited projects for T5367: PDF signed with --clearsign has image distorted., added: FAQ, Not A Bug; removed Bug Report.

--clearsign may only be used for plain text documents due to line ending conversion etc.

Mar 27 2021, 11:29 AM · Not A Bug, FAQ

Mar 6 2021

werner closed T5339: "web of trust" don't work - Don't import the validity of third parties as Resolved.

See the release notes for GnuPG 2.2.17 (T4606 first item). You need to import your peer's signature from a different source; e.g. ask them to send you your signed key by mail.

Mar 6 2021, 11:24 AM · Not A Bug, gpg4win

Jan 5 2021

werner triaged T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set as Low priority.
Jan 5 2021, 9:31 AM · Not A Bug, S/MIME, gpgme

Nov 26 2020

gniibe closed T4153: no dirmngr.log created after previous command 'KS_GET' failed: Operation not permitted as Invalid.

The log file specified in .gnupg/dirmngr.conf is created at the start of dirmngr.
dirmngr is invokded by the first call of gpg, and it keeps running and handle next request from second invocation of gpg.
So, nothing is problem.

Nov 26 2020, 6:47 AM · Not A Bug

Oct 1 2020

werner closed T5089: gnupg-2.2.20 build error as Resolved.

You used custom options which did not pick up the proper libksba. Install libksba correctly then try again. Please direct further questions to the mailing list and please build the latest version 2.2.23 and not an arbitrary old version.

Oct 1 2020, 5:53 PM · Not A Bug

Aug 29 2020

werner edited projects for T5033: dirmngr does not seem to use the default .gnupg directory if GNUPGHOME is not set, added: Not A Bug, gnupg; removed Info Needed, Bug Report.
Aug 29 2020, 5:18 PM · gnupg, Not A Bug

Aug 28 2020

gniibe added projects to T4710: Cannot use Secure PIN Entry for Reset Code: Documentation, Not A Bug.
Aug 28 2020, 6:48 AM · Not A Bug, Documentation, OpenPGP, scd, Bug Report

Aug 25 2020

werner closed T4881: "User ID" (Subject, subjectAltName) validity is inaccurate in gpgsm with sample certs. as Resolved.

The CRL states how long it is valid and we cache it for about that time.
OCSP responses are by definition not cachable but we allow for a clock skew of 10 minutes.

Aug 25 2020, 1:22 PM · Not A Bug, gnupg (gpg22), S/MIME

Aug 19 2020

werner triaged T4881: "User ID" (Subject, subjectAltName) validity is inaccurate in gpgsm with sample certs. as Low priority.
Aug 19 2020, 1:50 PM · Not A Bug, gnupg (gpg22), S/MIME

Aug 11 2020

werner closed T5020: Exclude 3DES Cipher and SHA1 Digest as Resolved.

OpenPGP (RFC-4880) requires support for 3DES and SHA-1 thus you can't disable them. However, they are not used in practice because the key preference guarantee the use of more modern algorithms,

Aug 11 2020, 1:59 PM · OpenPGP, gnupg, Not A Bug

Jul 31 2020

werner updated the task description for T5007: Imported key cannot be used to encrypt..
Jul 31 2020, 9:36 AM · Not A Bug, gpg4win
werner closed T5007: Imported key cannot be used to encrypt. as Resolved.

Iyou look at the key on the command line (or with Kleopatra's certificate manager), for example by using "gpg --list-key foo@bar.com" or by applying the command "gpg --show-keys" on the pasted keyblock you get this:

Jul 31 2020, 9:36 AM · Not A Bug, gpg4win

Jul 16 2020

werner edited projects for T3471: gpgme decryptverify indicating wrongly an error., added: gnupg, Not A Bug; removed gpgme.

I don't see any error here. There is a trailing LF on the binary data which gpg rightfully complains about.

Jul 16 2020, 3:06 PM · Not A Bug, gnupg, Bug Report

Jun 18 2020

werner closed T4976: Revocation Date after importing a Rev-Cert as Resolved.
Jun 18 2020, 10:33 AM · gnupg, Not A Bug

May 8 2020

aheinecke closed T4922: GPGME_CREATE_NOEXPIRE seems not to be available since 1.8.0 as Resolved.

Thanks for the patch, applied!
You are correct the NEWS file states that this was added in 1.9.0

May 8 2020, 12:35 PM · patch, Not A Bug, gpgme, Documentation

May 5 2020

bernhard added a comment to T4935: online libgcrypt manual 1.8.5 2020-05-04 has false UPDATED date.

Taking a look at other GNU manuals, both GNU make and GNU Bison have a better phrasing,
so I suggest the Bison way (https://www.gnu.org/software/bison/manual/html_node/index.html):

This manual (7 December 2019) is for GNU Bison (version 3.5), the GNU parser generator.

May 5 2020, 12:31 PM · Not A Bug, libgcrypt
bernhard added a comment to T4935: online libgcrypt manual 1.8.5 2020-05-04 has false UPDATED date.

Ah, okay, then the phrasing is missleading, the sentence looks like libgcrypt was released on this date and not the manual.

May 5 2020, 9:01 AM · Not A Bug, libgcrypt

May 4 2020

werner closed T4935: online libgcrypt manual 1.8.5 2020-05-04 has false UPDATED date as Resolved.

Nope, that is correct, the last update of the manual was

May 4 2020, 7:14 PM · Not A Bug, libgcrypt

Apr 25 2020

dup edited projects for T4922: GPGME_CREATE_NOEXPIRE seems not to be available since 1.8.0 , added: Not A Bug, patch; removed Bug Report.
Apr 25 2020, 10:39 PM · patch, Not A Bug, gpgme, Documentation

Mar 24 2020

werner closed T4887: GPG is throwing error while doing (encryption+sign) or Decryption as Invalid.

@sarman: Your question is actually a support question and not a bug report. Please read the documentation, use the public help channels (so that other can also learn from the issue), or get in touch with a commercial support provider.

Mar 24 2020, 10:48 AM · Not A Bug, Solaris, gnupg, Documentation

Mar 20 2020

dkg added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

That option does the same as --disable-dirmngr which in trun has the same effect as disable-crl-checks

Mar 20 2020, 4:49 PM · Not A Bug, S/MIME, gpgme
dkg added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

@werner wrote:

Mar 20 2020, 4:45 PM · Not A Bug, S/MIME, gpgme
aheinecke added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

Sample how GpgOL handles this: https://dev.gnupg.org/source/gpgol/browse/master/src/keycache.cpp;6f5f48c3d60e0af52f1a9f0e51f60ee653eeeb31$269

Mar 20 2020, 11:03 AM · Not A Bug, S/MIME, gpgme
aheinecke added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

I think what you're saying that there is *no way* to use GPGME in offline mode to validate x.509 certificates, and this is by design. Am I understanding that right?

Mar 20 2020, 11:00 AM · Not A Bug, S/MIME, gpgme
werner added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

After disabling the CRL check again in gpgsm.conf

Mar 20 2020, 8:56 AM · Not A Bug, S/MIME, gpgme

Mar 19 2020

dkg added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

I see no difference between the last two example stanzas that show you running ../run-verify. Are they supposed to have different output?

Mar 19 2020, 10:58 PM · Not A Bug, S/MIME, gpgme
dkg added a comment to T4881: "User ID" (Subject, subjectAltName) validity is inaccurate in gpgsm with sample certs..

I'm aware of the metadata leakage risks of OCSP, and i share your concerns about them.

Mar 19 2020, 10:14 PM · Not A Bug, gnupg (gpg22), S/MIME
werner added a comment to T4881: "User ID" (Subject, subjectAltName) validity is inaccurate in gpgsm with sample certs..

OCSP can't be the default because it enables a web bug. The responder immediately sees when a signature is verified or a data is encrypted to a certificate.

Mar 19 2020, 7:00 PM · Not A Bug, gnupg (gpg22), S/MIME
dkg added a comment to T4881: "User ID" (Subject, subjectAltName) validity is inaccurate in gpgsm with sample certs..

If CRLs or OCSP are a MUST in a given profile, and the cert chain has OCSP but no CRL, it seems like that profile should then try OCSP, rather than failing.

Mar 19 2020, 6:53 PM · Not A Bug, gnupg (gpg22), S/MIME
werner added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

That option does the same as --disable-dirmngr which in trun has the same effect as disable-crl-checks; see gnupg/sm/server.c#option_handler. If you want to check the validity of the cert you check the TRUST status lines. This is what gpgme does for you. An example is gpgme.tests/gpgsm/t-verify. You can run the tests also manually, I do this as follows:

Mar 19 2020, 6:25 PM · Not A Bug, S/MIME, gpgme
dkg added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

I think what you're saying that there is *no way* to use GPGME in offline mode to validate x.509 certificates, and this is by design. Am I understanding that right?

Mar 19 2020, 5:25 PM · Not A Bug, S/MIME, gpgme
werner edited projects for T4881: "User ID" (Subject, subjectAltName) validity is inaccurate in gpgsm with sample certs., added: Not A Bug; removed Bug Report.
Mar 19 2020, 1:07 PM · Not A Bug, gnupg (gpg22), S/MIME
werner edited projects for T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set, added: Not A Bug; removed Bug Report.

I can see no bug here. See my comment over at T4881.

Mar 19 2020, 1:06 PM · Not A Bug, S/MIME, gpgme

Jan 11 2020

werner closed T4806: File decrypts without password as Resolved.

It is a feature not a bug. For symmetric encryption the gpg-agent remembers the passphrase used for the encryption and thus for some time or until /gpgconf --reload gpg-agent/ it tries that passphrase for decryption.

Jan 11 2020, 10:19 AM · Not A Bug

Sep 6 2019

werner closed T2203: gpgconf fail to start gpg-agent as Invalid.

This seems to be closely related to T4319 and due to to some, ahem, interesting configuration.

Sep 6 2019, 5:25 PM · Not A Bug

Jun 25 2019

werner closed T4579: RSA CRT decryption occasional failure as Invalid.
Jun 25 2019, 1:28 PM · OpenPGP, Not A Bug
Anthony added a comment to T4579: RSA CRT decryption occasional failure.

I see. Thanks for your explanation.

Jun 25 2019, 12:07 PM · OpenPGP, Not A Bug

Jun 24 2019

werner edited projects for T4579: RSA CRT decryption occasional failure, added: Not A Bug, OpenPGP; removed Bug Report.

I see. Thus the problem is that IPWorksOpenPGP does not create proper OpenPGP private keys. I guess they use OpenSSL with their different CRT parameter style and do not convert them correctly. RFC-4880 says this in 5.5.3:

The secret key is this series of multiprecision integers:
o  MPI of RSA secret exponent d;
o  MPI of RSA secret prime value p;
o  MPI of RSA secret prime value q (p < q);
o  MPI of u, the multiplicative inverse of p, mod q.
Jun 24 2019, 2:37 PM · OpenPGP, Not A Bug

Jun 4 2019

gniibe closed T4546: make check error on gnupg-2.2.15 and gpgme-1.13.0 as Resolved.
Jun 4 2019, 1:52 AM · Not A Bug, gnupg, gpgme, Bug Report

May 31 2019

gniibe added a comment to T4546: make check error on gnupg-2.2.15 and gpgme-1.13.0.

FYI, pEp annoyance was addressed and handled here: https://bugs.debian.org/891882
By this patch: https://sources.debian.org/src/enigmail/2:2.0.11+ds1-1/debian/patches/0002-Avoid-auto-download-of-pEpEngine-Closes-891882.patch/

May 31 2019, 7:57 AM · Not A Bug, gnupg, gpgme, Bug Report

May 30 2019

ideaantenna added a comment to T4546: make check error on gnupg-2.2.15 and gpgme-1.13.0.

Thank you for your response.

May 30 2019, 9:44 PM · Not A Bug, gnupg, gpgme, Bug Report