Page MenuHome GnuPG

gnupg (gpg22)Milestone
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Today

werner added a project to T5724: gpgconf --show-configs does not show the registry values : Windows.
Tue, Dec 7, 12:36 PM · Windows, gnupg (gpg22), Bug Report
werner claimed T5724: gpgconf --show-configs does not show the registry values .
Tue, Dec 7, 12:36 PM · Windows, gnupg (gpg22), Bug Report
werner triaged T5724: gpgconf --show-configs does not show the registry values as Normal priority.
Tue, Dec 7, 12:36 PM · Windows, gnupg (gpg22), Bug Report
gniibe triaged T5721: gpg22: Update *.m4 to prefer use of gpgrt-config and *.pc to *-config as Wishlist priority.
Tue, Dec 7, 8:00 AM · gnupg (gpg22)
gniibe added a project to T5120: Incompatible Ed25519 secret key (no-encryption): Testing.
Tue, Dec 7, 7:43 AM · Testing, gnupg (gpg22), Bug Report
gniibe added a comment to T5120: Incompatible Ed25519 secret key (no-encryption).

For GnuPG 2.2, it's better to be conservative (least change of behavior, if any).

Tue, Dec 7, 7:17 AM · Testing, gnupg (gpg22), Bug Report

Yesterday

gniibe closed T5644: Heuristic for default reader detection as Resolved.
Mon, Dec 6, 12:57 AM · Testing, Feature Request, gnupg (gpg22)

Thu, Nov 25

gniibe added a comment to T5120: Incompatible Ed25519 secret key (no-encryption).

My proposal is applying SOS (MPI with leading zero octets) patches, for 2.2, because there may be existing keys with SOS already.

Thu, Nov 25, 6:17 AM · Testing, gnupg (gpg22), Bug Report
gniibe reopened T5120: Incompatible Ed25519 secret key (no-encryption) as "Open".

It's not yet solved.

Thu, Nov 25, 6:14 AM · Testing, gnupg (gpg22), Bug Report

Tue, Nov 23

werner changed the status of T5644: Heuristic for default reader detection from Open to Testing.
Tue, Nov 23, 1:28 PM · Testing, Feature Request, gnupg (gpg22)
werner closed T5650: Check problems with gpgconf and global config files as Resolved.
Tue, Nov 23, 1:27 PM · Restricted Project, gnupg (gpg22)
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2021q4/000467.html on T5641: Release GnuPG 2.2.33.
Tue, Nov 23, 1:26 PM · Release Info, gnupg (gpg22)
werner updated the task description for T5641: Release GnuPG 2.2.33.
Tue, Nov 23, 11:56 AM · Release Info, gnupg (gpg22)
werner triaged T5703: Release GnuPG 2.2.34 as Low priority.
Tue, Nov 23, 11:47 AM · Release Info, gnupg (gpg22)
werner closed T5076: [solved] gpg-agent respawn another process randomly and causes cached passphrase check failed / expired as Resolved.
Tue, Nov 23, 9:18 AM · gnupg (gpg22), Bug Report
werner closed T5205: GNuPG compile error as Resolved.
Tue, Nov 23, 9:17 AM · gnupg (gpg22), toolchain, Support
werner closed T5120: Incompatible Ed25519 secret key (no-encryption) as Resolved.

I guess this is solved. Feel free to re-open and schedule for 2.2.34

Tue, Nov 23, 9:15 AM · Testing, gnupg (gpg22), Bug Report
werner lowered the priority of T5235: Delays in dirmngr http connections on Windows from Normal to Low.
Tue, Nov 23, 9:14 AM · can't replicate, dirmngr, ntbtls, Windows, gnupg (gpg22)
werner added a project to T5235: Delays in dirmngr http connections on Windows: can't replicate.

Might be a TOR Thing?

Tue, Nov 23, 9:14 AM · can't replicate, dirmngr, ntbtls, Windows, gnupg (gpg22)

Sat, Nov 13

werner closed T5685: Clear stale --trusted-key records from the trustdb, a subtask of T5058: Review --trusted-key, as Resolved.
Sat, Nov 13, 9:03 PM · gnupg (gpg23)
werner closed T5301: Decrypting a message that has multiple SKESK packets sometimes fails as Wontfix.
Sat, Nov 13, 2:43 PM · gnupg (gpg22), Bug Report
werner closed T5607: Fingerprint signing fails with 'gpg: signing failed: No secret key' as Resolved.
Sat, Nov 13, 2:42 PM · Support, Info Needed, gnupg (gpg22)

Fri, Nov 12

gniibe added a project to T5644: Heuristic for default reader detection: Testing.
Fri, Nov 12, 5:50 AM · Testing, Feature Request, gnupg (gpg22)

Nov 3 2021

ikloecker merged T5675: Kleopatra 3.1.16 / Keyservers related functions are not working into T5639: dirmngr uses the wrong Let's encrypt chain.
Nov 3 2021, 1:53 PM · gnupg (gpg22), dirmngr

Oct 27 2021

werner triaged T5607: Fingerprint signing fails with 'gpg: signing failed: No secret key' as Low priority.

Sure there are logs, see the options log-file and debug in the man pages.
To sign using specific subkey or the main key, use the fingerprint of the key and append an exclamation mark.
For example

Oct 27 2021, 1:12 PM · Support, Info Needed, gnupg (gpg22)

Oct 22 2021

werner moved T5650: Check problems with gpgconf and global config files from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Oct 22 2021, 12:25 PM · Restricted Project, gnupg (gpg22)
werner moved T5650: Check problems with gpgconf and global config files from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Oct 22 2021, 12:24 PM · Restricted Project, gnupg (gpg22)
werner changed the status of T5650: Check problems with gpgconf and global config files from Open to Testing.
Oct 22 2021, 12:22 PM · Restricted Project, gnupg (gpg22)
gniibe added a comment to T5644: Heuristic for default reader detection.

I put my initial try by rG752422a792ce: scd: Select a reader for PC/SC..

Oct 22 2021, 6:51 AM · Testing, Feature Request, gnupg (gpg22)
gniibe added a comment to T5644: Heuristic for default reader detection.

I found this: https://gist.github.com/PatrickLang/7be00ba46a43eca3ef64ffe64b494749#user-content-conflicts-with-windows-hello--virtual-smart-card

Oct 22 2021, 4:45 AM · Testing, Feature Request, gnupg (gpg22)

Oct 20 2021

werner closed T5655: In -de-vs mode it is not possible so verify sigs with Ed25519 release keys. as Resolved.

Yes, but it is more complicated to do because you need to download a binary version of the keys and check that they are authentic. Most users don't known it. Anyway, I meanwhile created a Brainpool release sign key and new VSD releases are signed with that. The override option does not really harm, but we can close this bug due to the new release key.

Oct 20 2021, 12:21 PM · gnupg (gpg22), Restricted Project

Oct 14 2021

swimmerm added a project to T5626: 'GPGCONF --list-dirs' command option on-screen displayed results show '%3a' unexpected and unneeded characters in each line displaying a C: drive path instead of simpler expected '...:C:\...' sub-strings with only valid ':' ('colon') characters present: gnupg (gpg22).
Oct 14 2021, 11:13 PM · gnupg (gpg22), UI, Not A Bug, gpg4win

Oct 13 2021

ikloecker added a comment to T5655: In -de-vs mode it is not possible so verify sigs with Ed25519 release keys..

Wouldn't it be safer to use gpgv for verifying the signature than to add a code path to gpg to circumvent the hard de-vs compliance check?

Oct 13 2021, 5:05 PM · gnupg (gpg22), Restricted Project
werner triaged T5655: In -de-vs mode it is not possible so verify sigs with Ed25519 release keys. as High priority.
Oct 13 2021, 3:01 PM · gnupg (gpg22), Restricted Project

Oct 12 2021

werner added a comment to T5644: Heuristic for default reader detection.

On my new Windows 10 laptop I see a "Windows Hello for Business 1". Thus put everything with "Windows Hello" at the end of the list or skip unless a reader-port is set. IIRC there are device with "virtual" or "Virtual" in their name, they don't make sense for us either. I would also put devices with "SCM" or "Identiv" to the top of the list. In particular the substrings "SPR532" seems to identify the Identiv SPR332 which is what we use here and actualay a suggested reader for GnUPG VS-Desktop.

Oct 12 2021, 8:44 AM · Testing, Feature Request, gnupg (gpg22)
gniibe added a comment to T5644: Heuristic for default reader detection.

Please tell me reader names to skip.

Oct 12 2021, 7:23 AM · Testing, Feature Request, gnupg (gpg22)

Oct 11 2021

werner triaged T5650: Check problems with gpgconf and global config files as High priority.
Oct 11 2021, 5:39 PM · Restricted Project, gnupg (gpg22)
gniibe claimed T5644: Heuristic for default reader detection.
Oct 11 2021, 6:47 AM · Testing, Feature Request, gnupg (gpg22)

Oct 8 2021

werner added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

There won't be any other 3.1 release - install GnuPG 2.2.32 on top of Gpg4win 3.1.16

Oct 8 2021, 3:18 PM · gnupg (gpg22), dirmngr
werner raised the priority of T5644: Heuristic for default reader detection from Normal to High.
Oct 8 2021, 2:51 PM · Testing, Feature Request, gnupg (gpg22)
bernhard added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

My experience on a Window 10 system (with Gpg4win 3.1.15 which has GnuPG 2.2.27) was, that removing the expired root certificate did not help with https://keyserver.ubuntu.com and the intermediate certificate was not in the windows store, so it could not be removed.

Oct 8 2021, 12:01 PM · gnupg (gpg22), dirmngr
ikloecker added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

Removing an intermediate cert from your local system doesn't help because any correctly configured server will send you all necessary intermediate certs together with the server cert. You'd have to remove the expired root certificate instead (see Workaround 1 on https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/). The problem is that this will break certificate verification for any servers that still use the old intermediate cert, e.g. keyserver.ubuntu.com.

Oct 8 2021, 9:16 AM · gnupg (gpg22), dirmngr

Oct 7 2021

werner added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

The LE web site has instruction on how to do this. However, it is complicated and depends on your system. The intermediate cert you listed is signed by the expired old root cert. If you remove this intermediate cert the other root cert will be found and we are done. The old LE certs had a 4 tier chain and the new one a 3 tier.
See https://dev.gnupg.org/rG341ab0123a8fa386565ecf13f6462a73a137e6a4 and https://letsencrypt.org/images/isrg-hierarchy.png

Oct 7 2021, 5:33 PM · gnupg (gpg22), dirmngr
werner triaged T5644: Heuristic for default reader detection as Normal priority.
Oct 7 2021, 4:07 PM · Testing, Feature Request, gnupg (gpg22)
bernhard added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

One problem I see is that keyserver.ubuntu.com delivers a problematic intermediate(?) certificate:

Oct 7 2021, 1:59 PM · gnupg (gpg22), dirmngr
bernhard added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

If there is no easy way to install a new version of GnuPG, e.g. for Gpg4win or for GNU/Linux distributions: It may make sense to have instructions for the workaround ready.

Oct 7 2021, 9:30 AM · gnupg (gpg22), dirmngr
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2021q4/000465.html on T5601: Release GnuPG 2.2.32.
Oct 7 2021, 7:55 AM · Release Info, gnupg (gpg22)

Oct 6 2021

werner added a comment to T5571: Release GnuPG 2.2.31.

Please update to 2.2.32 if you have problems with keyservers etc.

Oct 6 2021, 9:22 PM · Release Info, gnupg (gpg22)
werner closed T5584: gpg --list-packets lists wrong packets as Resolved.

Backported to 2.2.32

Oct 6 2021, 9:21 PM · gnupg (gpg22), Bug Report
werner closed T5639: dirmngr uses the wrong Let's encrypt chain as Resolved.
Oct 6 2021, 9:20 PM · gnupg (gpg22), dirmngr