Re: [Announce] GnuPG 2.2.22 released

2020-08-31 Thread Werner Koch via Gnupg-users 
Hi!

As a workaround please run --gpg --card-status after plugging in a Gnuk
token.  We are working on a fix; see https://dev.gnupg.org/T5039


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.2.22 released

2020-08-31 Thread Michał Górny via Gnupg-users 
On Fri, 2020-08-28 at 21:39 +0200, mlnl via Gnupg-users wrote:
> Hi,
> 
> today, i have compiled 2.2.22 under Debian Buster. Decryption of
> files fail in terminal. Decryption of e-mails with Claws-Mail fail too.
> For Claws i had compiled and installed gpgme-1.12.1. I'm using a Yubikey
> for key storage & usage. Works flawless with GnuPG 2.2.21.
> 
> From my gpg-agent.log:
> 
> 2020-08-28 21:20:46 gpg-agent[23604] SIGUSR2 received - updating card event 
> counter
> 2020-08-28 21:20:46 gpg-agent[23604] DBG: chan_11 <- ERR 100663297 
> Allgemeiner Fehler  
> 2020-08-28 21:20:46 gpg-agent[23604] smartcard decryption failed: Allgemeiner 
> Fehler 
> 2020-08-28 21:20:46 gpg-agent[23604] command 'PKDECRYPT' failed: Allgemeiner 
> Fehler 
> 2020-08-28 21:20:46 gpg-agent[23604] DBG: chan_10 -> ERR 100663297 
> Allgemeiner Fehler 
> 
> 2020-08-28 21:21:05 gpg-agent[23604] smartcard decryption failed: Dateiende
> 2020-08-28 21:21:05 gpg-agent[23604] command 'PKDECRYPT' failed: Dateiende 
> 2020-08-28 21:21:05 gpg-agent[23604] DBG: chan_10 -> ERR 67125247 Dateiende 
> 
> 
> 2020-08-28 21:21:13 gpg-agent[23604] error accessing card: Datenübergabe 
> unterbrochen (broken pipe)
> 2020-08-28 21:21:13 gpg-agent[23604] smartcard decryption failed: 
> Datenübergabe unterbrochen (broken pipe)
> 2020-08-28 21:21:13 gpg-agent[23604] command 'PKDECRYPT' failed: 
> Datenübergabe unterbrochen (broken pipe)
> 2020-08-28 21:21:13 gpg-agent[23604] DBG: chan_10 -> ERR 67141741 
> Datenübergabe
> unterbrochen (broken pipe) 
> 
> I went back to 2.2.21.
> 

Maybe it's the same root cause as https://dev.gnupg.org/T5039

-- 
Best regards,
Michał Górny



signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.2.22 released

2020-08-31 Thread mlnl via Gnupg-users 
Hi Werner,

Werner Koch  wrote:

> Please run this command:
> 
>   gpg-connect-agent 'scd getinfo version' /bye
> 
> and check that the returned version is 2.2.22.  Also run the gpg
> command with option --verbose to get more diagnostics.

$ systemctl --user start gpg-agent.service
$ gpg-connect-agent 'scd getinfo version' /bye
D 2.2.22
OK

And i don't know why, but encryption and decryption works in
terminal today (the outputs with --verbose --verbose are looking OK) :)

The other thing is Claws-Mail. I can't check signatures or
decrypte-mails. With the hint from Michał Górny (gpg --card-status) it
works. Without gpg --card-status i get (with claws-mail --debug):

prefs_gpg.c:668:unset
GPG_AGENT_INFO=/run/user/1000/gnupg/S.gpg-agent:0:1
sgpgme.c:716:setting gpgme CTYPE locale sgpgme.c:723:setting gpgme
CTYPE locale to: de_DE.UTF-8 sgpgme.c:730:setting gpgme locale to UTF8:
de_DE.UTF-8 sgpgme.c:733:done
sgpgme.c:741:setting gpgme MESSAGES locale
sgpgme.c:748:setting gpgme MESSAGES locale to: de_DE.UTF-8
sgpgme.c:754:setting gpgme locale to UTF8: de_DE.UTF-8
sgpgme.c:758:done
sgpgme.c:767:GpgME Protocol: OpenPGP
Version: 2.2.22 (req 1.4.0)
Executable: /usr/local/bin/gpg
sgpgme.c:767:GpgME Protocol: CMS
Version: 2.2.22 (req 2.0.4)
Executable: /usr/local/bin/gpgsm
sgpgme.c:767:GpgME Protocol: GPGCONF
Version: 2.2.22 (req 2.0.4)
Executable: /usr/local/bin/gpgconf
sgpgme.c:767:GpgME Protocol: Assuan
Version: 1.0.0 (req 1.0.0)
Executable: /run/user/1000/gnupg/S.gpg-agent
sgpgme.c:767:GpgME Protocol: UIServer
Version: 1.0.0 (req 1.0.0)
Executable: /run/user/1000/gnupg/S.uiserver
sgpgme.c:767:GpgME Protocol: Spawn
Version: 1.0.0 (req 1.0.0)
Executable: /nonexistent
prefs_gpg.c:521:Saving GPG config
prefs.c:295:Found [GPG]
plugin.c:527:Plugin PGP/Core (from
file /usr/lib/x86_64-linux-gnu/claws-mail/plugins/pgpcore.so) loaded
plugin.c:527:Plugin PGP/inline (from
file /usr/lib/x86_64-linux-gnu/claws-mail/plugins/pgpinline.so) loaded
plugin.c:527:Plugin PGP/MIME (from
file /usr/lib/x86_64-linux-gnu/claws-mail/plugins/pgpmime.so) loaded

signature checking:

pgpmime.c:189:Checking PGP/MIME signature
sgpgme.c:465:data 0x72d1a7190810 (2903 618)
mimeview.c:1132:mimeview_check_sig_thread_cb
sgpgme.c:110:err code 9
sgpgme.c:110:err code 9

decryption:

procheader.c:174:generic_get_one_field: empty line
message/rfc822 (offset:0 length:7882 encoding: 6)
multipart/encrypted (offset:4131 length:3751 encoding: 6)
application/pgp-encrypted (offset:4278 length:11 encoding:
6) application/octet-stream (offset:4414 length:3429 encoding: 6)
messageview.c:1400:decrypting message part
sgpgme.c:465:data 0x7ffde758bef0 (4414 3429)
prefs_gpg.c:668:unset
GPG_AGENT_INFO=/run/user/1000/gnupg/S.gpg-agent:0:1 sgpgme.c:505:can't
decrypt (Dateiende) pgpmime.c:343:plain is null!


-- 
mlnl


pgpi0nuCUr9_K.pgp
Description: Digitale Signatur von OpenPGP
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.2.22 released

2020-08-30 Thread Michał Górny via Gnupg-users 
On Fri, 2020-08-28 at 21:39 +0200, mlnl via Gnupg-users wrote:
> Hi,
> 
> today, i have compiled 2.2.22 under Debian Buster. Decryption of
> files fail in terminal. Decryption of e-mails with Claws-Mail fail too.
> For Claws i had compiled and installed gpgme-1.12.1. I'm using a Yubikey
> for key storage & usage. Works flawless with GnuPG 2.2.21.
> 

I suppose I'm hitting the same problem.  With 2.2.22, I need to manually
run 'gpg --card-status' after rebooting to get Nitrokey working.

-- 
Best regards,
Michał Górny



signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.2.22 released

2020-08-30 Thread Werner Koch via Gnupg-users 
On Fri, 28 Aug 2020 21:39, mlnl said:

> For Claws i had compiled and installed gpgme-1.12.1. I'm using a Yubikey
> for key storage & usage. Works flawless with GnuPG 2.2.21.

Please run this command:

  gpg-connect-agent 'scd getinfo version' /bye

and check that the returned version is 2.2.22.  Also run the gpg command
with option --verbose to get more diagnostics.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] GnuPG 2.2.22 released

2020-08-28 Thread mlnl via Gnupg-users 
Hi,

today, i have compiled 2.2.22 under Debian Buster. Decryption of
files fail in terminal. Decryption of e-mails with Claws-Mail fail too.
For Claws i had compiled and installed gpgme-1.12.1. I'm using a Yubikey
for key storage & usage. Works flawless with GnuPG 2.2.21.

From my gpg-agent.log:

2020-08-28 21:20:46 gpg-agent[23604] SIGUSR2 received - updating card event 
counter
2020-08-28 21:20:46 gpg-agent[23604] DBG: chan_11 <- ERR 100663297 Allgemeiner 
Fehler  
2020-08-28 21:20:46 gpg-agent[23604] smartcard decryption failed: Allgemeiner 
Fehler 
2020-08-28 21:20:46 gpg-agent[23604] command 'PKDECRYPT' failed: Allgemeiner 
Fehler 
2020-08-28 21:20:46 gpg-agent[23604] DBG: chan_10 -> ERR 100663297 Allgemeiner 
Fehler 

2020-08-28 21:21:05 gpg-agent[23604] smartcard decryption failed: Dateiende
2020-08-28 21:21:05 gpg-agent[23604] command 'PKDECRYPT' failed: Dateiende 
2020-08-28 21:21:05 gpg-agent[23604] DBG: chan_10 -> ERR 67125247 Dateiende 


2020-08-28 21:21:13 gpg-agent[23604] error accessing card: Datenübergabe 
unterbrochen (broken pipe)
2020-08-28 21:21:13 gpg-agent[23604] smartcard decryption failed: Datenübergabe 
unterbrochen (broken pipe)
2020-08-28 21:21:13 gpg-agent[23604] command 'PKDECRYPT' failed: Datenübergabe 
unterbrochen (broken pipe)
2020-08-28 21:21:13 gpg-agent[23604] DBG: chan_10 -> ERR 67141741 Datenübergabe
unterbrochen (broken pipe) 

I went back to 2.2.21.

-- 
mlnl

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[Announce] GnuPG 2.2.22 released

2020-08-27 Thread Werner Koch via Gnupg-users 
Hello!

We are pleased to announce the availability of a new GnuPG release:
version 2.2.22.  This is maintenace release with some minor changes.
See below for details.


What is GnuPG
=

The GNU Privacy Guard (GnuPG, GPG) is a complete and free implementation
of the OpenPGP and S/MIME standards.

GnuPG allows to encrypt and sign data and communication, features a
versatile key management system as well as access modules for public key
directories.  GnuPG itself is a command line tool with features for easy
integration with other applications.  The separate library GPGME provides
a uniform API to use the GnuPG engine by software written in common
programming languages.  A wealth of frontend applications and libraries
making use of GnuPG are available.  As an universal crypto engine GnuPG
provides support for S/MIME and Secure Shell in addition to OpenPGP.

GnuPG is Free Software (meaning that it respects your freedom).  It can
be freely used, modified and distributed under the terms of the GNU
General Public License.


Noteworthy changes in version 2.2.22


  * gpg: Change the default key algorithm to rsa3072.

  * gpg: Add regular expression support for Trust Signatures on all
platforms.  [#4843]

  * gpg: Fix regression in 2.2.21 with non-default --passphrase-repeat
option.  [#4991]

  * gpg: Ignore --personal-digest-prefs for ECDSA keys.  [#5021]

  * gpgsm: Make rsaPSS a de-vs compliant scheme.

  * gpgsm: Show also the SHA256 fingerprint in key listings.

  * gpgsm: Do not require a default keyring for --gpgconf-list.  [#4867]

  * gpg-agent: Default to extended key format and record the creation
time of keys.  Add new option --disable-extended-key-format.

  * gpg-agent: Support the WAYLAND_DISPLAY envvar.  [#5016]

  * gpg-agent: Allow using --gpgconf-list even if HOME does not
exist.  [#4866]

  * gpg-agent: Make the Pinentry work even if the envvar TERM is set
to the empty string.  [#4137]

  * scdaemon: Add a workaround for Gnuk tokens <= 2.15 which wrongly
incremented the error counter when using the "verify" command of
"gpg --edit-key" with only the signature key being present.

  * dirmngr: Better handle systems with disabled IPv6.  [#4977]

  * gpgpslit: Install tool.  It was not installed in the past to avoid
conflicts with the version installed by GnuPG 1.4.  [#5023]

  * gpgtar: Handle Unicode file names on Windows correctly (requires
libgpg-error 1.39).  [#4083]

  * gpgtar: Make --files-from and --null work as documented.  [#5027]

  * Build the Windows installer with the new Ntbtls 0.2.0 so that TLS
connections succeed for servers demanding GCM.

  Release-info: https://dev.gnupg.org/T5030


Getting the Software


Please follow the instructions found at  or
read on:

GnuPG 2.2.22 may be downloaded from one of the GnuPG mirror sites or
direct from its primary FTP server.  The list of mirrors can be found at
.  Note that GnuPG is not
available at ftp.gnu.org.

The GnuPG source code compressed using BZIP2 and its OpenPGP signature
are available here:

 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.22.tar.bz2 (6932k)
 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.22.tar.bz2.sig

An installer for Windows without any graphical frontend except for a
very minimal Pinentry tool is available here:

 https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.22_20200827.exe (4183k)
 https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.22_20200827.exe.sig

The source used to build the Windows installer can be found in the same
directory with a ".tar.xz" suffix.

A new version of the GnuPG Desktop for Windows (aka Gpg4win) featuring
this version of GnuPG will be released shortly.


Checking the Integrity
==

In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:

 * If you already have a version of GnuPG installed, you can simply
   verify the supplied signature.  For example to verify the signature
   of the file gnupg-2.2.22.tar.bz2 you would use this command:

 gpg --verify gnupg-2.2.22.tar.bz2.sig gnupg-2.2.22.tar.bz2

   This checks whether the signature file matches the source file.
   You should see a message indicating that the signature is good and
   made by one or more of the release signing keys.  Make sure that
   this is a valid key, either by matching the shown fingerprint
   against a trustworthy list of valid release signing keys or by
   checking that the key has been signed by trustworthy other keys.
   See the end of this mail for information on the signing keys.

 * If you are not able to use an existing version of GnuPG, you have
   to verify the SHA-1 checksum.  On Unix systems the command to do
   this is either "sha1sum" or "shasum".  Assuming you downloaded the
   file gnupg-2.2.22.tar.bz2,