Home Original page

♟ bernhard

I guess you need to report this to Debian as their new sqv tools seems to be broken.

A workaround I've found is to give the public key directly in /etc/apt/sources.list.d/gnupg.sources.

Trying to do the verification outside of apt-get:

This ticket is explicitly about Kleopatra included in Gpg4win.

Kleopatra is also run on GNU/Linux Distributions.

Still good for experiments.

A brief update: This feature has not made it onto the roadmap of specific things to implement so far.

https://lists.gnupg.org/pipermail/gnupg-devel/2024-December/035686.html <- is a question to see if the situation has changed meanwhile. (I've send it to the list because the topic affects several things in the application and thus ggoes beyond an issue like this one.)

This has been fixed meanwhile. (I can confirm the fix with kmail2 6.2.1 (24.08.1))

Because a user in https://mstdn.social/deck/@GnuPG/113011825339406300 did read the documentation, I had a look in the documentation and in other public definitions (e.g. https://www.gnu.org/software/tar/manual/html_node/Formats.html#Formats) and I can understand the questions of the user.

bernhard set External Link to https://mstdn.social/deck/@GnuPG/113011825339406300 on T7271: clarify tar format of gpgtar in documentation.

Followup: Using edge and a restart did not trigger the installation of of CN=ISRG Root X1,O=Internet Security Research Group,C=US.

I've checked the windows configuration and the automatic update of root certificates is not switched off.
Looking into the windows events view I did not see the certificate update, but after a while I did (restarts, edge attempts installation of firefox). So probably the edge view may have triggered this update, but it did not show directly in the cert store and thus not for Gnupg.

next I'll turn up dirmngr's logging

Since only https fails for you.

The usability challenge here is what happens if the encryption does not work for some files in between:

This is a KDE bug and not really appropriate for this tracker.

Also noticed this and created an upstream report as well: https://bugs.kde.org/show_bug.cgi?id=485308

Sorry, I did not know (or had forgotten, I did search the tracker first).
What is the rationale for not signing the uninstallers?

With Gpg4win-4.3.1 I consider this solved:

A user also report this problem with Microsoft365 and Outlook Versions 2302 and 2208. (Exchange is the latest online-Version.
Assuming current Gpg4win v4.2.0)

A user also report this problem with Microsoft365 and Outlook Versions 2302 and 2208. (Exchange is the latest online-Version.)

Would it be a workaround idea to double the attachments, so that the original ones would be used as reference for embedded viewing? And the other to be shown?

In any case this is technically required

@dvratil cool, I'm looking forward to it!

in our study we've found that personal users often did not know that their software is capable of sending encrypted email. I blieve that most of them want a protected communication by default. (I may have seen surveys about this at some time as well.) If the recipient has published their public key, they are indicating that they can receive encrypted email.

Saving an attached messaged (in mbox format) is something that I sometimes want. It should be okay to implement.

Remove adjective "anonymous" for bitcoin payments

Improve Makefile to consider donation-form*.html4

Removing link to twitter.com/gnuprivacyguard

Replace link to twitter with link to mastodon

it would break the verification of too many signatures.

The default time period for warning about pubkey expiration is 14 days in the old Kontact (IIRC).

Yes I am an admin on the https://pypi.org/project/gpg/ package.

As I assume that many people have HTML emails still turned on, and have no crashes, there probably are more conditions that have to be met to trigger this crash.

bernhard renamed T6339: Outlook crashes when selecting a contact (with HTML mails enabled) from Outlook crashes when selecting a contact to Outlook crashes when selecting a contact (with HTML mails enabled).

Thought about this for a while and rephrased and thus repopened.
I think it would be good to remove or explain the sha1sum checksums in the announcements.
Whether they are replaced by something else, e.g. sha256sum is of lesser importance.

bernhard renamed T6334: Remove or explain sha1sum in announcement mails from Move to sha256sums in the announcments (for GnuPG) to Remove or explain sha1sum in announcement mails.

Shouldn't we remove the sha1sum then as well? Or add an explanation?

Fix typo in draft-koch-openpgp-webkey-service

The current WKD/WKS draft offers no direct guidance to WKD clients about the type of filtering they should do.

Fixed, to be released with Gpg4win 4.0.5.

Fix sha256sum usage output.

@ametzler1 thanks for the feedback!

Or better:

  • If it is was broken for you and works now, let us know here.
  • if "lists." still is there in email addresses somewhere, please also list.

Thanks!

https://lists.gnupg.org/mailman/listinfo/gnupg-devel has `To post a message to all the list members, send email to gnupg-devel@gnupg.org." now, which seems fine, it was wrong before.

@werner also I suggest to check the default setting for this, see https://www.list.org/mailman-install/customizing.html and you can use the scripts mentioned there to check the configuration of several mailinglists at once and change it, if you know, which one is to blame, e.g. the host_name value.

@werner
Can you take a look at the host_name setting at the [General Options] configuration page for the lists in question,
e.g. https://lists.gnupg.org/mailman/admin/gnupg-devel

bernhard renamed T5816: mailing list address confusion (lists.gnupg.org shown, but does not work) from gcrypt mailing list is down to mailing list address confusion (lists.gnupg.org shown, but does not work).

As 2.3.7 was released on the 11th of July, see https://lists.gnupg.org/pipermail/gnupg-announce/2022q3/000474.html
I guess that this issue should be closed and some issues moved to one with 2.3.8.

Priorities went off this task for three years now. Is "Release Info" still the right tag?

bernhard changed Version from gpgol 2.5.1; gpg4win 4.0.0; outlook version 2203 to gpgol 2.5.1; gpg4win 4.0.0; outlook version 2203 Gpg4win 4.0.2 on T5926: GPGOL - Leere Nachricht kann nicht signiert werden (empty message email can't be signed or encrypted).

bernhard renamed T5926: GPGOL - Leere Nachricht kann nicht signiert werden (empty message email can't be signed or encrypted) from GPGOL - Leere Nachricht kann nicht signiert werden to GPGOL - Leere Nachricht kann nicht signiert werden (empty message email can't be signed or encrypted).

Add EN version of privacy policy

(Werner just told me that I was mistaken and he needs to take a look. There was a mixup because of the 2018 CVE number.)

bernhard renamed T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals from pinentry: pinentry-curses doesn't allow to set no password or weak passwords on small terminals to pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals.

I don't see a point in trying to make the fancy curses pinentry work on small terminals.

From my point of view it should be fixed by adding line-breaks to make it work on small terminals. It is better to break the formatting, but allow it, instead of bailing out and leaving the user only with the option to use the more complicated interface. This problem could also affect other password entries where a longer information is displayed.

bernhard renamed T4924: pinentry: pinentry-curses doesn't allow to set no password or weak passwords on 80 char width and smaller terminals from pinentry: pinentry-curses doesn't allow to set no password on small terminals to pinentry: pinentry-curses doesn't allow to set no password or weak passwords on small terminals.

@LRitzdorf it should work if you enter an acceptable passphrase. (I've just tried with 56x51 widthxheight and it worked)

Not in the way it is used by gpg. See T5880

The current links should be replaced or removed.

One solution is to remove GPA and pinenty-gtk completely, as the used GTK+ version 2 is end-of-life. @aheinecke already asked on https://lists.wald.intevation.org/pipermail/gpg4win-users-en/2022-March/001740.html for reasons to keep GPA. (For which we should make a new issue).

because libexpat does contain vulnerabilties

What are the other to places?

A simple first step would be to install pinentry-gtk only in the GPA variant.

I agree. @cklassen can you make a suggestion?

Remove Jan-Oliver as Geschäftsführer Intevation

Improve support-de more canonical email address

@TheParanoidProgrammer this looks like a very good and thorough analysis, thanks again!

Fix minor typo in get-gpg4win.htm4

@TheParanoidProgrammer thanks for investigating further. It is highly appreciated!

Update systemrequirements

@NoSubstitute It is okay for me to keep this issue, if most people prefer it this way, was just asking.

Ah, just seeing that this issue is resolved. Shall we open a new one to be well structured?
(If we reopen this one, there is a lot of old information in here that does not apply anymore before the fixes that went into dirmngr/gnupg).

Does gpg4win ship a TLS library with gpg or does it use a system default?

@ikloecker thanks for the hint (At first it looked like a different defect.)