Hi, thank you for responding :)
Yves-Alexis Perez <cor...@debian.org> (Mo 05 Nov 2012 18:45:00 CET): > On mar., 2012-10-23 at 13:12 +0200, Heiko Schlittermann wrote: > > Package: libassuan0 > > Version: 2.0.3-1 > > Severity: important > > Tags: upstream patch > > > > I used a 4096bit key for encryption (using the GnuPG crypto-stick). > > Encryption worked, but decryption didn't work (gpg2 didn't find > > the secret key.) > > > > gpg2 uses libassuan to talk to some daemons/agents. > > gpg (1.x) worked, but only if there was no gnupg-agent running. > > > > Patch: > > http://lists.gnupg.org/pipermail/gnupg-users/2012-June/044868.html > > > > I applied this patch and re-built libassuan0-* and gnupg2. This > > seems to fix the issue. > > The patch is wrong, according to > http://lists.gnupg.org/pipermail/gnupg-devel/2009-October/025412.html According to this above message, my crypt-stick should not expose this bug (SN:0000113A). But it does. > A better patch was once sent to the same mailing list the following > month: > http://lists.gnupg.org/pipermail/gnupg-devel/2009-November/025421.html > by Klaus Flittner (on CC:). > > This was never applied because of the lack of copyright assignment. > > Imho this is a simple bugfix which is not even copyrightable, but IANAL. > I've ported the patch to the current gnupg 2.0.19 in Wheezy and sid > (it's attached). Ok, I'll test it here. But it will not happen sooner than thursday. > I intend to (re)submit it to upstream but it won't work on 2.1 / git > HEAD right now and I lack the time to properly port it right now. > > I think it'd still be nice to push it to gnupg in Debian so we can use > 4096 encryption with smartcard, although it might be worth having > upstream comment on the technical part before. Yep. I'm not able to decide, if the suggested protocol change breakes other applications. As the line length extension broke gpa for me. I think, here recompilation would have been sufficient, but I didn't test it. -- Heiko
signature.asc
Description: Digital signature
