FAQCommunication
ActivePublic

Members

  • This project does not have any members.

Watchers

  • This project does not have any watchers.

Recent Activity

Apr 30 2020

werner added a comment to T4931: gnupg unusable with a long path to $HOME.

Yes, with current gnupg it works w/o problems. Well, unless systemd decided to remove the directory. There is a loginctl(1) way to avoid this.

Apr 30 2020, 12:22 PM · FAQ, gnupg
t8m added a comment to T4931: gnupg unusable with a long path to $HOME.

Also I suppose the 2.1.20 version above is typo and 2.2.20 is actually meant.

Apr 30 2020, 11:04 AM · FAQ, gnupg
t8m added a comment to T4931: gnupg unusable with a long path to $HOME.

Can you please clarify? Let's assume I am using current gnupg version (2.2.20) and /run/user/$UID exists. Everything should work seamlessly, should it?

Apr 30 2020, 11:03 AM · FAQ, gnupg
werner triaged T4931: gnupg unusable with a long path to $HOME as Normal priority.

You are still using the old way of having the sockets in ${GNUPGHOME:-~/.gnupg}. Since 2.2.13 we use

Apr 30 2020, 9:32 AM · FAQ, gnupg

Apr 16 2020

werner removed a project from T3714: Failing to decrypt due to missing MDC: gnupg.
Apr 16 2020, 9:47 AM · FAQ, kleopatra

Apr 7 2020

werner closed T4909: gpg2: "decryption failed: No secret key" DBG: search.keyring.c.1109, parse.keyring.c.415 as Resolved.

That smells very much like an old and insecure version 3 key. We don't allow them anymore - use gpg 1 to decrypt old material but never use that key to sign stuff or give it to others to encrypt to you. It is just too weak.

Apr 7 2020, 8:59 PM · FAQ

Mar 4 2020

werner added a comment to T4862: pubkeys are imported despite the --no-auto-key-retrieve option.

keyserver-URL needs to be replaced with with a keyserver URL, like

hkps://hkps.pool.sks-keyservers.net
Mar 4 2020, 9:34 AM · FAQ, gnupg

Mar 1 2020

cipherpunks added a comment to T4862: pubkeys are imported despite the --no-auto-key-retrieve option.

In my particular case, I want to find out if an email address has a publickey associated to it that is publically available anywhere. I do not want to import the key automatically. I used to use this command:

Mar 1 2020, 5:00 PM · FAQ, gnupg

Feb 29 2020

werner edited projects for T4862: pubkeys are imported despite the --no-auto-key-retrieve option, added: gnupg, FAQ; removed Bug Report.

--auto-key-retrieves tries to find a key when verifying a signature. --locate-key however does the same as what -r does and locates a key for further use. If you don't what that, don't include a key discovery mechanism in the the auto-key-locate like (wkd in this case, which is anyway the default).

Feb 29 2020, 5:49 PM · FAQ, gnupg

Feb 20 2020

werner closed T4845: error generating key pair as Invalid.
Feb 20 2020, 9:02 PM · FAQ, gpg4win

Feb 14 2020

werner added projects to T4845: error generating key pair: gpg4win, FAQ.

Older version of GnuPG had a rare bug in the keyring update code.

Feb 14 2020, 2:18 PM · FAQ, gpg4win

Dec 16 2019

werner changed the status of T4775: gpg-connect-agent mangles output of scd random command from Invalid to Resolved.

[When changing a bug to a possible FAQ item it should be resolved and not marked as invalid]

Dec 16 2019, 4:31 PM · FAQ
werner closed T4775: gpg-connect-agent mangles output of scd random command as Invalid.

All output of Assuan data lines is percent escaped. That is obvious because it is a line based format. You need to unescape it. Either use command line option

--decode

in-line command

/decode

or use

/datafile NAME

to write to a file.

Dec 16 2019, 1:43 PM · FAQ

Nov 14 2019

werner closed T4749: --passphrase-fd 0 not working from command line as Invalid.

This is a bug tracker and not a general help line. You are better off asking on the gnupg-uisers mailing list.

Nov 14 2019, 10:49 AM · FAQ, gnupg

Sep 30 2019

werner edited projects for T4708: gpg cannot retrieve key via wkd from http2 server, added: Documentation, FAQ; removed Bug Report.
Sep 30 2019, 9:39 AM · FAQ, Documentation, dirmngr

Sep 27 2019

werner closed T4711: Misleading error messages and debug logs for DNS failures while fetching via WKD as Resolved.

Do not use this legacy debug stuff. Use --debug CATEGORY. For example

Sep 27 2019, 10:52 AM · FAQ

May 2 2019

steve added a comment to T3902: Use the term password instead of passphrase.

Users keep showing up in our support, confused by this inconsistency. This problem continues in 2020. What's holding this back?

May 2 2019, 11:25 PM · FAQ, Documentation, gnupg (gpg23)

Mar 18 2019

werner closed T3065: dirmngr: proxy issues with dnslookup causing failure as Invalid.

No we can't we need to know the IP addresses to handle the pools. I have given a workaround for you in my previous comment. You can also use install Tor which we can use for DNS resolving.

Mar 18 2019, 7:26 PM · gnupg (gpg22), dns, dirmngr

Feb 4 2019

aheinecke claimed T3902: Use the term password instead of passphrase.

First of all I find PIN a very bad term. "Personal Identification Number" for example for my Gnuk token is confusing. I use a string there,... So let us use PIN only where it really has to be a number. Otherwise it is a Password.

Feb 4 2019, 1:47 PM · FAQ, Documentation, gnupg (gpg23)
werner added a comment to T3902: Use the term password instead of passphrase.

Despite that I created this task, I am still not not convinced that removing the term passphrase is a good idea. If we do this in gnupg we would need to change all strings to make it clear that the passphrase is used to protect one's own key and has nothing to do with encryption etc. In fact the term PIN would be better because it is common knowledge that you use a PIN to get access to something you own. There would be less confusion on the purpose of the passphrase. Sure PIN is usually considered to be a number. However my bank allows a string to be used as, what they call, PIN.

Feb 4 2019, 11:26 AM · FAQ, Documentation, gnupg (gpg23)
aheinecke added a comment to T3902: Use the term password instead of passphrase.

There has been some progress here. At least we no longer use "passphrase" in new code. We still have not yet replaced all old occurances.

Feb 4 2019, 10:41 AM · FAQ, Documentation, gnupg (gpg23)

Dec 28 2018

werner renamed T4299: Problem to verify PGP key used by Microsoft from Problem to verify PGP key to Problem to verify PGP key used by Microsoft.
Dec 28 2018, 6:14 PM · gpgol, gpg4win
JW-D added a comment to T4299: Problem to verify PGP key used by Microsoft.

I contacted Microsoft Security Response Center (MSRC) in regard to this matter. They confirmed the failed PGP key verification, but have not yet any explanation for that.

Dec 28 2018, 4:12 PM · gpgol, gpg4win

Dec 21 2018

BenM added a comment to T4299: Problem to verify PGP key used by Microsoft.

What are MS doing when they get it right, though? I'd look at the differences between those two to identify what they've messed up here.

Dec 21 2018, 8:18 PM · gpgol, gpg4win
werner updated subscribers of T4299: Problem to verify PGP key used by Microsoft.

Thanks. The mail is a standard, non-crypto mail with one attachment. That attachment is a TNEF file which has according to ytnef(1) just one file. That file has the name gpgolPGP.dat and contains a clearsigned message.

Dec 21 2018, 1:19 PM · gpgol, gpg4win
JW-D added a comment to T4299: Problem to verify PGP key used by Microsoft.

Sure, I zipped the eml which failed and I´ll send it by e-mail to you

Dec 21 2018, 9:38 AM · gpgol, gpg4win
werner added a comment to T4299: Problem to verify PGP key used by Microsoft.

Is it possible that you upload or send me a copy of such a mail (wk gnupg.org)? ZIP or tar the eml file and send it in an encrypted mail to me to make sure it won't be modified on the transport.

Dec 21 2018, 8:37 AM · gpgol, gpg4win

Dec 20 2018

JW-D added a comment to T4299: Problem to verify PGP key used by Microsoft.

I checked my mails in detail, and I can confirm that the error occurs only with "Microsoft security update releases". Indeed "Microsoft security advisory notification" and "Microsoft security update summary for..." will be verified correctly.

Dec 20 2018, 9:39 PM · gpgol, gpg4win
jmrexach added a comment to T4299: Problem to verify PGP key used by Microsoft.

I agree. It also happens to me. But only with mails coming from "Microsoft security update releases". Mails coming form "Microsoft security advisory notification" and Microsoft security update summary for..." are ok and are signed by the same key. It could be some trouble in MS automated email treatment.

Dec 20 2018, 7:50 PM · gpgol, gpg4win
werner edited projects for T4299: Problem to verify PGP key used by Microsoft, added: FAQ, OpenPGP; removed Bug Report.
Dec 20 2018, 8:40 AM · gpgol, gpg4win

Dec 14 2018

wheelerlaw added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.
So if your DNS resolver does not tell us the IP addresses, we can't do anything about it.
Dec 14 2018, 7:25 PM · gnupg (gpg22), dns, dirmngr

Dec 11 2018

werner edited projects for T3065: dirmngr: proxy issues with dnslookup causing failure, added: FAQ; removed gnupg (gpg22).
Dec 11 2018, 3:48 PM · gnupg (gpg22), dns, dirmngr

Nov 5 2018

werner edited projects for T3118: gpg --sign --local-user ... fails with smartcard, added: gnupg; removed gnupg (gpg22).
Nov 5 2018, 9:39 AM · gnupg, Documentation, FAQ

Jun 6 2018

werner added a comment to T3714: Failing to decrypt due to missing MDC.

BTW, you now need to use --rfc2440 to create a non-mdc message for testing.

Jun 6 2018, 4:30 PM · FAQ, kleopatra

Jun 1 2018

aheinecke added a commit to T3714: Failing to decrypt due to missing MDC: rO9f7ec6eb2962: Add distinct error for legacy nomdc.
Jun 1 2018, 3:00 PM · FAQ, kleopatra
aheinecke added a comment to T3714: Failing to decrypt due to missing MDC.

It's nice. Although for now I've only added a message in the legacy_cipher_nomdc case:

Jun 1 2018, 2:57 PM · FAQ, kleopatra
werner added a comment to T3714: Failing to decrypt due to missing MDC.

I justed commited some gadgets to gpgme which might be helpful But please show warnings etc before you use that new option.

Jun 1 2018, 1:51 AM · FAQ, kleopatra

Apr 13 2018

aheinecke created T3903: Kleopatra: Use the term password instead of passphrase.
Apr 13 2018, 1:58 PM · FAQ, Documentation, gnupg (gpg23)
werner created T3902: Use the term password instead of passphrase.
Apr 13 2018, 1:55 PM · FAQ, Documentation, gnupg (gpg23)

Apr 11 2018

JJworx added a comment to T3893: Timeout for receive-keys.

You are right in that enigmail uses no-auto-check-trustdb

Apr 11 2018, 10:23 AM · Enigmail, FAQ, gnupg
JJworx added a comment to T3893: Timeout for receive-keys.

As far as I understand your comment there is already a timeout of 15s per connection. But as you wrote, it doesn't fit all cases. In my case, gpg.exe just stayed open indefinitely.

Apr 11 2018, 10:23 AM · Enigmail, FAQ, gnupg
werner triaged T3893: Timeout for receive-keys as Low priority.

man dirmngr

Apr 11 2018, 10:12 AM · Enigmail, FAQ, gnupg

Jan 19 2018

aheinecke added a comment to T3714: Failing to decrypt due to missing MDC.
I have not checked whether we make this available in the GPGME API
Jan 19 2018, 7:37 AM · FAQ, kleopatra

Jan 18 2018

werner added a comment to T3714: Failing to decrypt due to missing MDC.

There can't be an MDC warning if MDC is not used ;-)

Jan 18 2018, 7:37 PM · FAQ, kleopatra
aheinecke added a project to T3714: Failing to decrypt due to missing MDC: gnupg.

As far as I can see GnuPG does not emit appropriate status lines:

Jan 18 2018, 1:29 PM · FAQ, kleopatra

Jan 8 2018

Lloyd added a comment to T3714: Failing to decrypt due to missing MDC.

In the folder %APPDATA%\gnupg create a file named gpg.conf (or edit it if it exists) and put the line "ignore-mdc-error" in there. This should globally set this option and gpgol will also respect this.

Jan 8 2018, 11:25 AM · FAQ, kleopatra
aheinecke added a comment to T3714: Failing to decrypt due to missing MDC.
In T3714#109045, @Lloyd wrote:

I appreciate the dangers. Whilst I try and persuade the sender to deal with the issue at their end, is there anyway to include this option in GpgOL on a temporary basis?

Jan 8 2018, 8:06 AM · FAQ, kleopatra

Jan 6 2018

werner renamed T3714: Failing to decrypt due to missing MDC from Failing to decrypt to Failing to decrypt due to missing MDC.
Jan 6 2018, 11:49 AM · FAQ, kleopatra
werner assigned T3714: Failing to decrypt due to missing MDC to aheinecke.

Andre, I assign this to you. If you don't think that a better warning in Kleopatra is needed, please close the report.

Jan 6 2018, 11:47 AM · FAQ, kleopatra

Jan 5 2018

Lloyd added a comment to T3714: Failing to decrypt due to missing MDC.

OK. Thank you for that.

Jan 5 2018, 5:17 PM · FAQ, kleopatra