May 5 2019
Jun 18 2018
It's in 2.2.4 and 1.4.23.
Jun 12 2018
ee1fc420fb9741b2cfaea6fa820a00be2923f514 contains a proposed fix for this.
Jun 11 2018
Jun 8 2018
@dkg can you please take this up with Debian and other distros? See the commit for a brief description.
May 2 2018
Apr 13 2018
Applied to STABLE-BRANCH-1-4, too.
Good catch. Thanks. Fixed in STABLE-BRANCH-2-2.
Feb 5 2018
FYI : when submitting a buffer composed of
- a leading 00 byte,
- the 255 bytes encrypted session key value
to HSM/PKCS11 for decyption, decrypt returns without any errors, and returned plain session key is the one expected.
Feb 3 2018
Some enlightenments here because i may have not mention some info in the first place :
Feb 2 2018
Our HSM is a certified FIPS 140-2, sec level3, hardware module, exposing a PKCS#11 v2.30 spec compliant API.
What kind of hardware token?
Feb 1 2018
Dec 4 2017
Nov 21 2017
It's fixed in master.
It is good to backport this to GnuPG 2.2 and GnuPG 1.4.
Nov 1 2017
Oct 24 2017
Won't we fixed for 1.4 and 2.0 (which is too close to EOL). Has been fixed for master; see T2359.
GnuPG 1.4 is only for old features. New features are only supported by GnuPG 2.2.
Oct 22 2017
Same issue exists in 2.2:
Oct 20 2017
Won't be fixed for 1.4.
There should be a backup file in these cases.
I would suggest to close this as won't fix.
In 2.2 we implemented --import-option show-only which dies the right thing, that is to use the reguarl key-listing code. Backporting this to 1.4 does not make sense - people should move on and use gpg 2.2.
Given that we received no info after nearly two years, shouldn't we simply assume that this bug as been fixed?
This patch was released with 1.4.22
Aug 15 2017
It's been a month since last release, no error reports so far.
Aug 9 2017
Aug 7 2017
No worries :)
Aug 5 2017
Done with commit rGa69464b0b6da.
ah, great! sorry i got confused :)
Aug 4 2017
I only removed the documentation in the STABLE-BRANCH-1-4. Nobody said we want to remove this feature, and it is still documented in STABLE-BRANCH-2-0 and master.
fwiw, faked-system-time is used in several non-gnupg packages in debian already.
I just removed the paragraph (gpgtwoone is not used anymore anyways). Fixed in eb15d5ed8.