Page MenuHome GnuPG

FAQCommunication
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers (1)

Recent Activity

Mar 16 2022

gniibe closed T4931: gnupg unusable with a long path to $HOME as Resolved.
Mar 16 2022, 3:03 PM · Not A Bug, FAQ, gnupg

Oct 10 2021

calestyo added a comment to T5646: indicate wrong passphrase via exit status.

I did in fact check --status-fd before, but I'm not sure whether it gives me the information I wanted.

Oct 10 2021, 5:12 PM · gnupg, FAQ
werner closed T5646: indicate wrong passphrase via exit status as Resolved.

Please use the --status-fd interface. This yields all the info you need. An exit code is not distinct enough for such purpose and you need to check the status lines in any case. For scripting gpgme-tool or gpgme-json might be useful as well because they do all the nitty-gritty parts of using gpg correctly

Oct 10 2021, 4:15 PM · gnupg, FAQ

Sep 29 2021

bernhard added a comment to T3893: Timeout for receive-keys.

In my understanding, it should be possible to wait for the gpg command pipe from a different process and then terminate the connection on a timeout, kllling the process eventually. So the Enigmail side could implement something. These days I'm not sure what Enigmail uses for OpenPGP support. Thunderbird has moved on to a different implementation and Enigmail stops supporting Thunderbird 68 in two days https://www.enigmail.net/index.php/en/home/news/71-2021-08-31-end-of-support-for-thunderbird

Sep 29 2021, 4:12 PM · Enigmail, FAQ, gnupg

Sep 22 2021

werner closed T5618: GPG Key Server Doesn´t Work as Resolved.

Ah well, Kleopatra has a GUI to set the keyserver - that is probably easier to use.

Sep 22 2021, 7:17 PM · Support, FAQ, Keyserver, gpg4win

Sep 17 2021

luweitest added a comment to T5589: add context menu for normal operation after installation.

Thanks for the explanation. I understand gnupg-w32 is mainly for installing the command line component, yet adding a context menu for a specific file type is just as simple as importing a reg file like:

Sep 17 2021, 5:46 AM · Installer, FAQ, gpg4win

Sep 14 2021

aheinecke closed T5589: add context menu for normal operation after installation as Wontfix.

It is related in the following way:
The Gpg4win installer creates these context menu actions through the component GpgEX.
The Gpg4win installer does not support Windows XP anymore.

Sep 14 2021, 8:18 AM · Installer, FAQ, gpg4win
luweitest reopened T5589: add context menu for normal operation after installation as "Open".

What I need is exactly ikloecker described on Linux. The point is NSIS installer gnupg-w32-2.2.27_20210111.exe (and versions above, I am sure) do not create context menu shortcut. Windows XP is not the point. Same on another Windows 7 machine. Do you need I find another windows 10 machine to test? I think it's easier to check whether the installer has that feature or not.

Sep 14 2021, 4:26 AM · Installer, FAQ, gpg4win

Sep 9 2021

aheinecke closed T5589: add context menu for normal operation after installation as Wontfix.

No support for Windows XP anymore.

Sep 9 2021, 12:12 PM · Installer, FAQ, gpg4win
luweitest added a comment to T5589: add context menu for normal operation after installation.

Sorry, I should clarify that I am using the windows installer
gnupg-w32-2.2.27_20210111.exe on WindowsXpSp3. The installer do not create
any context menu since I use it. I use Gnupg with Enigmail in Thunderbird,
so Gpg4win is not preferred.

Sep 9 2021, 9:23 AM · Installer, FAQ, gpg4win

Sep 8 2021

werner edited projects for T5589: add context menu for normal operation after installation, added: gpg4win, FAQ, Installer; removed Feature Request.

This is a hard to solve problem in the NSIS installer: If you accidently started more than one installer they may both register files for update at the next restart. Now after the restart the file which is to be renamed does not anymore exist and thus a component or even library is not available. In this case it is GpgEX, the explorer plugin.

Sep 8 2021, 7:09 PM · Installer, FAQ, gpg4win

Aug 31 2021

werner closed T5580: gpg2 proves signature correct, even if empty file is removed as Resolved.

gpg verifies the content of the file and not its meta data (file name). Thus an empty file is identical to a non-existing file. The OpenPGP protocol does not allow to distinguish between a detached signature and an embedded signature if you sign an empty file.

Aug 31 2021, 7:53 AM · gnupg, FAQ

Aug 25 2021

werner triaged T5527: keys.gnupg.net is obsolete as Low priority.
Aug 25 2021, 4:31 PM · Keyserver, FAQ, Documentation
werner closed T5552: Key information loading is sometimes very slow. Suspected that the problem originated from gnupg. as Resolved.

Okay, I close this as a keyserver infrastructure problem. Feel free tore-open if you get other infos.

Aug 25 2021, 4:30 PM · FAQ, Keyserver, gnupg

Aug 13 2021

werner changed the edit policy for FAQ.
Aug 13 2021, 10:58 PM

Jun 22 2021

werner renamed T5504: git commit signing fails due to git's included gpg version. from Commit signing fails to git commit signing fails due to git's included gpg version..
Jun 22 2021, 5:33 PM · FAQ, gpg4win
werner edited projects for T5504: git commit signing fails due to git's included gpg version., added: FAQ; removed Bug Report.

So let's close this task.

Jun 22 2021, 5:32 PM · FAQ, gpg4win

Jun 3 2021

werner merged T5470: T5454 Continue Gpgme still shows secret flag even when the secret key content is missing into T5454: Failed to sign with subkey with a signature function using gpgme_op_keysign.
Jun 3 2021, 9:23 PM · FAQ, Support, gpgme
Saturneric closed T5454: Failed to sign with subkey with a signature function using gpgme_op_keysign as Resolved.
Jun 3 2021, 3:12 PM · FAQ, Support, gpgme

Jun 2 2021

werner closed T3714: Failing to decrypt due to missing MDC as Resolved.
Jun 2 2021, 11:05 AM · FAQ, kleopatra

May 31 2021

werner added a comment to T5454: Failed to sign with subkey with a signature function using gpgme_op_keysign.

Take care: It is not clear whether you may use a [C} subkey for certification. GnuPG currently accepts this but the RFC can also be read as primary keys needs to to do the certification.

May 31 2021, 2:54 PM · FAQ, Support, gpgme
ikloecker added a comment to T5454: Failed to sign with subkey with a signature function using gpgme_op_keysign.

For signing (aka certifying) another key you need a (sub)key with the "certify" capability. Your signing subkey can only be used for signing data but not for certifying keys. This isn't specific to gpgme. See https://datatracker.ietf.org/doc/html/rfc4880#section-5.2.3.21.

May 31 2021, 9:44 AM · FAQ, Support, gpgme

May 28 2021

werner edited projects for T5454: Failed to sign with subkey with a signature function using gpgme_op_keysign, added: Support, FAQ; removed Bug Report.

Yes, you need the secret part of the primary key. gpgme has this info but it is easy to miss. Even our gpgme/tests/run-keylist.c debug tool did not show it directly. I modified it to make this more clear, see the latest gpgme commit. Here is an example for my key:

$ ./run-keylist --verbose --with-secret  63113AE866587D0A
keyid   : 63113AE866587D0A
caps    : esc
flags   : secret
upd     : 0 (0)
fpr    0: AEA84EDCF01AD86C4701C85C63113AE866587D0A
grip   0: CE5C1F1B8C96F1A078A2D1932EEE738A854ED976
curve  0: ed25519
caps   0: sc
flags  0:
fpr    1: E05BA20ED4F17768613B03C53CD7B3A055039224
grip   1: 7A1E3130C9CBDBF203A0AD8E186D9C511D5019FF
curve  1: cv25519
caps   1: e
flags  1: secret
fpr    2: 8777461F2A074EBC480D359419CC1C9E085B107A
grip   2: FF35C6E765F440145095750DC97D43D496C5ABEA
curve  2: ed25519
caps   2: s
flags  2: secret
May 28 2021, 7:32 PM · FAQ, Support, gpgme

Apr 27 2021

werner added a comment to T5412: Getting "Invalid digest algorithm", when trying to generate ECDH keys, in batch mode.

The curve is not defined to be used for ECDH (encryption); in fact it should in general only be used with the EdDSA
algorithm. You need to use "Key-Type: eddsa". Note that the EdDSA signing algorithm is different than the commonly used ECDSA signing algorithm.

Apr 27 2021, 2:39 PM · FAQ, gnupg, OpenPGP
masoudbahar added a comment to T5412: Getting "Invalid digest algorithm", when trying to generate ECDH keys, in batch mode.

Thanks for the quick response Werner. I knew I could use it with quick-gen-key and I’ve updated my config file to have it as default.
But, just for my understanding, is there a reason ed25519 cannot be used with full-gen-key and gen-key in batch mode?

Apr 27 2021, 12:13 PM · FAQ, gnupg, OpenPGP
werner closed T5412: Getting "Invalid digest algorithm", when trying to generate ECDH keys, in batch mode as Resolved.
Apr 27 2021, 8:34 AM · FAQ, gnupg, OpenPGP
werner edited projects for T5412: Getting "Invalid digest algorithm", when trying to generate ECDH keys, in batch mode, added: gnupg, FAQ; removed gnupg (gpg23), Bug Report.

You can't use ecdh with ed25519.

Apr 27 2021, 8:33 AM · FAQ, gnupg, OpenPGP

Apr 12 2021

werner closed T5391: Website FAQ missing charset as Wontfix.

No Apache - No Default charset per suffix. The version for browsers is the HTML version.

Apr 12 2021, 5:43 PM · gpgweb, FAQ
Angel added a comment to T5367: PDF signed with --clearsign has image distorted..

The surprising thing is that it works at all. I wouldn't be surprised if certain would simply reject it as "not a pdf" given that the "%PDF-1.x" marker isn't at the beginning.

Apr 12 2021, 2:40 AM · Not A Bug, FAQ
Angel created T5391: Website FAQ missing charset.
Apr 12 2021, 2:14 AM · gpgweb, FAQ
Angel added a watcher for FAQ: Angel.
Apr 12 2021, 1:52 AM

Mar 27 2021

werner closed T5367: PDF signed with --clearsign has image distorted. as Resolved.
Mar 27 2021, 11:29 AM · Not A Bug, FAQ
werner edited projects for T5367: PDF signed with --clearsign has image distorted., added: FAQ, Not A Bug; removed Bug Report.

--clearsign may only be used for plain text documents due to line ending conversion etc.

Mar 27 2021, 11:29 AM · Not A Bug, FAQ

Jan 7 2021

werner edited projects for T4822: mlock requires privilege, added: FAQ; removed Bug Report.

It is possible to disable the mlock thingy and if that is not wanted the application should be modified to be suid(root) during Libgcrypt initialization - this is actually how we handle this in GnuPG. Or maybe I don't understand the bug described here. It seems to be more of a support question.

Jan 7 2021, 11:22 AM · FAQ, Solaris, libgcrypt

Dec 11 2020

TaaviE added a comment to T5177: GPG WKD lookup does not send correct SNI.

The specs might just want to say that it just expects the wildcard to be broken, not that it expects an empty record.

Dec 11 2020, 10:49 AM · FAQ, wkd
werner added a comment to T5177: GPG WKD lookup does not send correct SNI.

Than put something into the TXT - it does not matter and is only used to break the wildcard.

Dec 11 2020, 10:41 AM · FAQ, wkd

Dec 10 2020

TaaviE added a comment to T5177: GPG WKD lookup does not send correct SNI.

Cloudflare doesn't seem to allow empty DNS TXT records...

Dec 10 2020, 4:30 PM · FAQ, wkd
werner closed T5177: GPG WKD lookup does not send correct SNI as Resolved.

From the specs:

Dec 10 2020, 4:28 PM · FAQ, wkd

Aug 24 2020

werner closed T4993: Delete only private signing key from within gpg (without reimporting subkeys or 'rm ~/.gnupg/private-keys-v1.d/KEYGRIP.key') as Resolved.
Aug 24 2020, 7:49 AM · FAQ, gnupg (gpg22)

Aug 9 2020

werner closed T4862: pubkeys are imported despite the --no-auto-key-retrieve option as Resolved.

No more info was provided.

Aug 9 2020, 5:19 PM · Too Old, FAQ, gnupg
yearen added a comment to T5017: Kleopatra can't decrypt the tor. I can't verify the signature..

ı dont understand can you explain me more specific? which file name ? when ı select the Tor installer gpg cant decrypt it not signature file

Aug 9 2020, 12:24 AM · FAQ

Aug 8 2020

werner merged task T5017: Kleopatra can't decrypt the tor. I can't verify the signature. into Restricted Maniphest Task.
Aug 8 2020, 11:41 PM · FAQ
werner edited projects for T5017: Kleopatra can't decrypt the tor. I can't verify the signature., added: FAQ; removed Bug Report.

Download the corresponding tor signature file. Then enter that file name.

Aug 8 2020, 11:40 PM · FAQ

Jul 14 2020

n0542344 added a comment to T4993: Delete only private signing key from within gpg (without reimporting subkeys or 'rm ~/.gnupg/private-keys-v1.d/KEYGRIP.key').

Dear Werner!

Jul 14 2020, 11:49 AM · FAQ, gnupg (gpg22)
n0542344 added a comment to T4993: Delete only private signing key from within gpg (without reimporting subkeys or 'rm ~/.gnupg/private-keys-v1.d/KEYGRIP.key').

Dear Werner!

Jul 14 2020, 11:40 AM · FAQ, gnupg (gpg22)

Jul 13 2020

werner triaged T4993: Delete only private signing key from within gpg (without reimporting subkeys or 'rm ~/.gnupg/private-keys-v1.d/KEYGRIP.key') as Normal priority.

To change the expiration date, I would suggest to use

Jul 13 2020, 1:36 PM · FAQ, gnupg (gpg22)

Apr 30 2020

werner added a comment to T4931: gnupg unusable with a long path to $HOME.

Yes, with current gnupg it works w/o problems. Well, unless systemd decided to remove the directory. There is a loginctl(1) way to avoid this.

Apr 30 2020, 12:22 PM · Not A Bug, FAQ, gnupg
t8m added a comment to T4931: gnupg unusable with a long path to $HOME.

Also I suppose the 2.1.20 version above is typo and 2.2.20 is actually meant.

Apr 30 2020, 11:04 AM · Not A Bug, FAQ, gnupg
t8m added a comment to T4931: gnupg unusable with a long path to $HOME.

Can you please clarify? Let's assume I am using current gnupg version (2.2.20) and /run/user/$UID exists. Everything should work seamlessly, should it?

Apr 30 2020, 11:03 AM · Not A Bug, FAQ, gnupg
werner triaged T4931: gnupg unusable with a long path to $HOME as Normal priority.

You are still using the old way of having the sockets in ${GNUPGHOME:-~/.gnupg}. Since 2.2.13 we use

Apr 30 2020, 9:32 AM · Not A Bug, FAQ, gnupg