From patrick at enigmail.net Sun Jul 3 17:54:15 2022 From: patrick at enigmail.net (Patrick Brunschwig) Date: Sun, 3 Jul 2022 17:54:15 +0200 Subject: Looking for new Maintainer for gpgOSX In-Reply-To: <69d13c70-ef12-1092-2368-c46d17fcacf8@enigmail.net> References: <69d13c70-ef12-1092-2368-c46d17fcacf8@enigmail.net> Message-ID: <286c6e29-d5d9-3aeb-ff2d-fe77a4433c27@enigmail.net> I'm happy to announce that Ralph Seichter has taken over the lead for gpgOSX. Ralph already started to work on the code, and I transferred the ownership of the project to him. Many thanks to Ralph for takin over so quickly! -Patrick Patrick Brunschwig wrote on 26.06.2022 18:12: > gpgOSX is a free pre-packaged install-able distribution of standard > GnuPG 2.x for macOS. I am maintaining it since the release of GnuPG > 2.1.0 back in 2014. > > As many of you know, I'm also maintaining Enigmail. Since OpenPGP > support is part of Thunderbird, my involvement with Enigmail has reduced > a lot, and so has my involvement with GnuPG. Furthermore, I don't have a > Mac anymore, and it has become more and more difficult and cumbersome to > continue maintaining and building gpgOSX. I am therefore looking for > someone who would want to step in and take over the project. > > If you're interested, then please get in touch with me. > > Thanks, > Patrick -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 834 bytes Desc: OpenPGP digital signature URL: From deceroadiez at gmx.es Sun Jul 3 18:43:16 2022 From: deceroadiez at gmx.es (Diez) Date: Sun, 03 Jul 2022 18:43:16 +0200 Subject: Presentation. Migration to subkeys Message-ID: <8f993ca5c70bbf2051c7bb97350fa26851d51e44.camel@gmx.es> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello all, I'm new at this list. I'm using OpenPGP with GPG since some years ago, I'm using as "usual way": a pair of keys copying from one device to other. I'm interested in subkeys and offline master key, I'd like to migrate mine pairs but in "minimal effort": I'd like to no reupload any public key to any server, I have all mine master keys for Certify and Sign, but I'm afraid it not would be possible, I'd like to have master keys only with Certify usage, but when I add a subkey for Sign, GPG signs with new subkey and receipts can't verify because don't have new public subkey. Is it possible "extract" Sign usage from master key an put it into a subkey with the same ID and fingerprint? I'm think no. This email is to verify that, indeed, it is not possible. Regards and thanks in advanced, I hope I've explained right. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEy6dICl+822eFf1TTQ0yUXBJ4L9cFAmLBxyQACgkQQ0yUXBJ4 L9dX/g//dqJsyHFzGj04OY3Pw+si8ukca4CCbf6kAzakbxDEz5X+KmwJP4NvNx6r s433zOWvH8Y8aAhrOiGUvoG4Akh60HkE7iqyf8fIR0n5QqsbLv+7zxvtdazI0CWn mvJFUJbh+a9niLN/l8w5gLSHv4EEniB+btMmaMtkMuXwpOE0tcq+5o9ZYB5L/A43 dtQ9yhakGYwjNAHRUlGfzPlVH5bhbszVBp9egMig2QqwiBabHJtiVQCpRFUmdXzp N9VOb8syGOT+YDBxdRLYVSAb4n9IANi0G2y3SQVZcvWmbAG0ranCqzX8dNVVXztt Q8yC5CIbMV5ME+Ay3g45U0SOfsLVVZGSMV/7mewQ8qyHIkexr/D/sQgTOKmP/l/u sB/151Un3QdebrQxPev0bZRvDkM0c4qKU6xfG46x3+p5R+L2E0sw7DWN3LeVD5QX flCnjno1ff6WhQH53EQRBxwiRHsBj2VWPTU8YhoMatKntwv1hSSqFrEJdv5/rK52 NOd3LeG/oMzHRaclqFWTaDvQoyslOwfxvzyG4ledpiOHr4lhXXtAw6BSJe9ELrdW RUldJ0mWLc/ZPcTX0pRgN/DpecFxUsIbBNKCk2JkcJpUHHpiDbUyXhSm9+GwjfFd YHFEMYDa8G8fKlddm8ZKHLGqRRd1bEsvdM9AEzRa15OiFJAU0K0= =Q1GM -----END PGP SIGNATURE----- From jcb62281 at gmail.com Mon Jul 4 03:36:40 2022 From: jcb62281 at gmail.com (Jacob Bachmeyer) Date: Sun, 03 Jul 2022 20:36:40 -0500 Subject: Presentation. Migration to subkeys In-Reply-To: <8f993ca5c70bbf2051c7bb97350fa26851d51e44.camel@gmx.es> References: <8f993ca5c70bbf2051c7bb97350fa26851d51e44.camel@gmx.es> Message-ID: <62C24428.7030705@gmail.com> Diez via Gnupg-users wrote: > Is it possible "extract" Sign usage from master key an put it into a > subkey with the same ID and fingerprint? I'm think no. > > This email is to verify that, indeed, it is not possible. > If I understand correctly, "same ID and fingerprint" would mean that it is *exactly* the same key, so while it might be possible to arrange a PGP certificate like this, you would gain nothing: the subkey would be an exact copy of the master key. -- Jacob From wk at gnupg.org Wed Jul 6 20:38:04 2022 From: wk at gnupg.org (Werner Koch) Date: Wed, 06 Jul 2022 20:38:04 +0200 Subject: GnuPG 2.2.36 released Message-ID: <878rp6ulwz.fsf@wheatstone.g10code.de> Hi! This is a quick announcement that a new GnuPG release for 2.2 is available. We will also preprare a 2.3 release in the next days but due to summer holidays things are a bit delayed. See also https://dev.gnupg.org/T5949 Shalom-Salam, Werner Noteworthy changes in version 2.2.36 (2022-07-06) ------------------------------------------------- * g10: Fix possibly garbled status messages in NOTATION_DATA. This bug could trick GPGME and other parsers to accept faked status lines. [T6027, CVE-2022-34903] * gpg: Handle leading zeroes in Ed25519 private keys and reverse change regarding Ed25519 SOS encoding as introduced with 2.2.34. [T5120] * gpg: Allow Unicode file names for iobuf_cancel under Windows. * gpgsm: Improve pkcs#12 import. [T6037,T5793,T4921,T4757] * scd,p15: Fix reading certificates w/o length info. * scd,p15: Improve the displayed S/N for Technology Nexus cards. * scd,openpgp: Add workaround for ECC attribute on Yubikey. [T5963] * scd: Fix use of SCardListReaders for PC/SC. [T5979] * gpgconf: New short options -X and -V. * Make sure to always set CONFIDENTIAL flag in Assuan. [T5977] Release-info: https://dev.gnupg.org/T5949 -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From ralph at ml.seichter.de Thu Jul 7 05:35:57 2022 From: ralph at ml.seichter.de (Ralph Seichter) Date: Thu, 07 Jul 2022 05:35:57 +0200 Subject: GnuPG 2.2.36 released In-Reply-To: <878rp6ulwz.fsf@wheatstone.g10code.de> References: <878rp6ulwz.fsf@wheatstone.g10code.de> Message-ID: <87o7y11tnm.fsf@ra.horus-it.com> * Werner Koch via Gnupg-users: > This is a quick announcement that a new GnuPG release for 2.2 is > available. GnuPG for OS X / macOS version 2.2.36 is now available via the URL https://sourceforge.net/projects/gpgosx/files/ . This is the first relase since Patrick Brunschwig passed stewardship of the project to me, so please note the following changes: 1.) Starting today, disk images (*.dmg) are signed with a new ed25519 key (EAB0FE4FF793D9E7028EC8E2FD56297D9833FF7F). This key has been uploaded to pgp.mit.edu today, but the site is once again very sluggish and it might take a while to sync the key to other pool members. For this reason, I'll include the public key here: -----BEGIN PGP PUBLIC KEY BLOCK----- mDMEYsY2JRYJKwYBBAHaRw8BAQdAHRCBW5+Dhmt7pdtksvpIkk3/SY8oULxLR6hs xg0yT/+0K1JhbHBoIFNlaWNodGVyIChHbnVQRyBmb3IgT1MgWCBzaWduaW5nIGtl eSmIlgQTFgoAPhYhBOqw/k/3k9nnAo7I4v1WKX2YM/9/BQJixjYlAhsDBQkJZgGA BQsJCAcDBRUKCQgLBRYDAgEAAh4FAheAAAoJEP1WKX2YM/9/HN8BAOcfzou/g9KI YRXA4ePZlVGSZrKCwfE4LL23YfikJr5jAQDKQRW4IQnYPHvlyHAHpcxDD/U/c1VO MylkSvfkkSBmBw== =MgmS -----END PGP PUBLIC KEY BLOCK----- 2.) The Install.pkg file included in the disk image is unsigned, because I have not subscribed to Apple's developer program. I am not sure yet if I will do so in the future. Thus, it might be necessary to right-click on Install.pkg and using the popup menu instead of double-clicking, depending on the version of macOS you are using. Should you wish to contact me off-list regarding the GnuPG for OS X project, please send mail to "gpgosx ~AT~ seichter ~DOT~ de". -Ralph From ralph at ml.seichter.de Thu Jul 7 05:03:18 2022 From: ralph at ml.seichter.de (Ralph Seichter) Date: Thu, 07 Jul 2022 05:03:18 +0200 Subject: Looking for new Maintainer for gpgOSX In-Reply-To: <286c6e29-d5d9-3aeb-ff2d-fe77a4433c27@enigmail.net> References: <69d13c70-ef12-1092-2368-c46d17fcacf8@enigmail.net> <286c6e29-d5d9-3aeb-ff2d-fe77a4433c27@enigmail.net> Message-ID: <87r12x1v61.fsf@ra.horus-it.com> * Patrick Brunschwig: > Many thanks to Ralph for takin over so quickly! Thank you for faithfully taking care of GnuPG for OS X for many years, even though in the end you did not own a Mac anymore. I hope you will continue your excellent work on Enigmail. -Ralph From andrewg at andrewg.com Thu Jul 7 23:50:26 2022 From: andrewg at andrewg.com (Andrew Gallagher) Date: Thu, 7 Jul 2022 22:50:26 +0100 Subject: GnuPG 2.2.36 released In-Reply-To: <87o7y11tnm.fsf@ra.horus-it.com> References: <87o7y11tnm.fsf@ra.horus-it.com> Message-ID: > On 7 Jul 2022, at 04:47, Ralph Seichter via Gnupg-users wrote: > > 1.) Starting today, disk images (*.dmg) are signed with a new ed25519 > key (EAB0FE4FF793D9E7028EC8E2FD56297D9833FF7F). This key has been > uploaded to pgp.mit.edu today, but the site is once again very sluggish > and it might take a while to sync the key to other pool members. For > this reason, I'll include the public key here: As of 2130Z today this key still had not reached pgpkeys.eu, so I have just uploaded it there by hand; most other syncing servers should have it within the hour. I can see it is also available on keys.openpgp.org. Sadly, I would recommend against the use of pgp.mit.edu, as it is one of the most consistently unreliable keyservers. The graphs at https://spider.pgpkeys.eu/graphs now show a crude ?N nines? reliability estimate for each available keyserver - this is based on an hourly poll and is only capable of resolving up to three nines, but it should give you a rough guide to which keyservers have a track record of responsiveness. A From bronger at physik.rwth-aachen.de Fri Jul 8 06:41:17 2022 From: bronger at physik.rwth-aachen.de (Torsten Bronger) Date: Fri, 8 Jul 2022 06:41:17 +0200 Subject: Cannot import private key into gpgsm In-Reply-To: <87y1y4xssr.fsf@physik.rwth-aachen.de> (Torsten Bronger's message of "Fri, 10 Jun 2022 20:44:04 +0200") References: <87y1y4xssr.fsf@physik.rwth-aachen.de> Message-ID: <87wncorzbm.fsf@physik.rwth-aachen.de> Hall?chen! Torsten Bronger writes: > For signing emails, I requested an S/MIME certificate using the > German academic DFN service. At the end of this process, I get a > .p12 file (PKCS12). I can convert this file to PEM using > > openssl pkcs12 -in TorstenBronger.p12 -nodes -out /tmp/temp.pem > > In the PEM file, I can see four certificates (my own and the > chain) and the private key. But importing the .p12 file into > gpgsm fails: With GnuPG 2.2.36, this problem is indeed gone. Thank you! Regards, Torsten Bronger. -- Torsten Bronger -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5461 bytes Desc: not available URL: From ralph at ml.seichter.de Fri Jul 8 18:44:31 2022 From: ralph at ml.seichter.de (Ralph Seichter) Date: Fri, 08 Jul 2022 18:44:31 +0200 Subject: GnuPG 2.2.36 released In-Reply-To: References: <87o7y11tnm.fsf@ra.horus-it.com> Message-ID: <87let38sgg.fsf@ra.horus-it.com> * Andrew Gallagher: > As of 2130Z today this key still had not reached pgpkeys.eu, so I have > just uploaded it there by hand; most other syncing servers should have > it within the hour. Thanks, Andrew. For possible future key uploads, I'll keep in mind that pgp.mit.edu is not the most viable choice these days. Using it has been my habit for so many years that I forgot the server pool has changed considerably. -Ralph From konstantin at linuxfoundation.org Fri Jul 8 22:55:07 2022 From: konstantin at linuxfoundation.org (Konstantin Ryabitsev) Date: Fri, 8 Jul 2022 16:55:07 -0400 Subject: GnuPG 2.2.36 released In-Reply-To: <878rp6ulwz.fsf@wheatstone.g10code.de> References: <878rp6ulwz.fsf@wheatstone.g10code.de> Message-ID: <20220708205507.xntfat76w5wieh2d@meerkat.local> On Wed, Jul 06, 2022 at 08:38:04PM +0200, Werner Koch via Gnupg-users wrote: > Hi! > > This is a quick announcement that a new GnuPG release for 2.2 is > available. We will also preprare a 2.3 release in the next days but due > to summer holidays things are a bit delayed. Hello: I'm trying to verify swdb.lst.sig, but I can't: $ gpg --verify swdb.lst.sig gpg: assuming signed data in 'swdb.lst' gpg: Signature made Wed 06 Jul 2022 02:26:07 PM EDT gpg: using ECDSA key 02F38DFF731FF97CB039A1DA549E695E905BA208 gpg: Can't check signature: No public key That key doesn't appear to be provided via https://gnupg.org/signature_key.asc. -K From kloecker at kde.org Fri Jul 8 23:07:36 2022 From: kloecker at kde.org (Ingo =?ISO-8859-1?Q?Kl=F6cker?=) Date: Fri, 08 Jul 2022 23:07:36 +0200 Subject: GnuPG 2.2.36 released In-Reply-To: <20220708205507.xntfat76w5wieh2d@meerkat.local> References: <878rp6ulwz.fsf@wheatstone.g10code.de> <20220708205507.xntfat76w5wieh2d@meerkat.local> Message-ID: <1826251.tdWV9SEqCh@daneel> On Freitag, 8. Juli 2022 22:55:07 CEST Konstantin Ryabitsev via Gnupg-users wrote: > I'm trying to verify swdb.lst.sig, but I can't: > > $ gpg --verify swdb.lst.sig > gpg: assuming signed data in 'swdb.lst' > gpg: Signature made Wed 06 Jul 2022 02:26:07 PM EDT > gpg: using ECDSA key 02F38DFF731FF97CB039A1DA549E695E905BA208 > gpg: Can't check signature: No public key > > That key doesn't appear to be provided via > https://gnupg.org/signature_key.asc. Yes, it is. ``` $ curl https://gnupg.org/signature_key.asc | gpg --import [...] gpg: key 549E695E905BA208: 1 signature not checked due to a missing key gpg: key 549E695E905BA208: public key "GnuPG.com (Release Signing Key 2021)" imported gpg: Total number processed: 4 gpg: imported: 4 $ gpg -k 02F38DFF731FF97CB039A1DA549E695E905BA208 pub brainpoolP256r1/549E695E905BA208 2021-10-15 [SC] [expires: 2029-12-31] 02F38DFF731FF97CB039A1DA549E695E905BA208 uid [ unknown] GnuPG.com (Release Signing Key 2021) ``` See https://dev.gnupg.org/T5949#159890 for why it doesn't work for you. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: This is a digitally signed message part. URL: From wkuz at op.pl Sat Jul 9 23:01:13 2022 From: wkuz at op.pl (wkuz at op.pl) Date: Sat, 9 Jul 2022 23:01:13 +0200 Subject: Error importing secret key Message-ID: <20220709230113.4e48029d@op.pl> Hello! Some time ago I have made a backup of my secret key and all the subkeys, and then deleted by-hand the master secret key by rm ~/.gnupg/private-keys-v1.d/[keygrip].key The subkeys were moved to a yubikey. Everything was great. Now I wanted to import my master key for a moment... and here we have a problem. Right now what happens, after running gpg --import secret_key.asc is: 1) gpg complains: gpg: key D444252908A80B6D: "sxrmn" not changed gpg: key D444252908A80B6D/D444252908A80B6D: error sending to agent: Invalid argument gpg: key D444252908A80B6D: secret key imported gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys unchanged: 1 2) gpg -K is aware of the master secret key, though it says it's not there: sec# ed25519 2022-07-06 [SC] 902404424B39514B6126A2F2D444252908A80B6D uid [ absolutne ] sxrmn ssb> cv25519 2022-07-06 [E] ssb> ed25519 2022-07-06 [S] 3) seret subkeys get imported (now they are back on yubikey, but they got imported OK) So... any ideas why this happens and what can I do about it? -- xWK -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 228 bytes Desc: Podpis cyfrowy OpenPGP URL: From wkuz at op.pl Sat Jul 9 23:39:19 2022 From: wkuz at op.pl (wkuz at op.pl) Date: Sat, 9 Jul 2022 23:39:19 +0200 Subject: Error importing secret key Message-ID: <20220709233919.4669bba8@op.pl> Hello! Some time ago I have made a backup of my secret key and all the subkeys, and then deleted by-hand the master secret key by rm ~/.gnupg/private-keys-v1.d/[keygrip].key The subkeys were moved to a yubikey. Everything was great. Now I wanted to import my master key for a moment... and here we have a problem. Right now what happens, after running gpg --import secret_key.asc is: 1) gpg complains: gpg: key D444252908A80B6D: "sxrmn" not changed gpg: key D444252908A80B6D/D444252908A80B6D: error sending to agent: Invalid argument gpg: key D444252908A80B6D: secret key imported gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys unchanged: 1 2) gpg -K is aware of the master secret key, though it says it's not there: sec# ed25519 2022-07-06 [SC] 902404424B39514B6126A2F2D444252908A80B6D uid [ absolutne ] sxrmn ssb> cv25519 2022-07-06 [E] ssb> ed25519 2022-07-06 [S] 3) seret subkeys get imported (now they are back on yubikey, but they got imported OK) So... any ideas why this happens and what can I do about it? -- xWK From minasargyrou at outlook.com Sun Jul 10 12:10:35 2022 From: minasargyrou at outlook.com (Minas Argyrou) Date: Sun, 10 Jul 2022 10:10:35 +0000 Subject: gpa.exe hungs when click on "smartcards" AND scdaemon cannot recognise SC-HSM In-Reply-To: <87y1xi1a9o.fsf@wheatstone.g10code.de> References: <87y1xi1a9o.fsf@wheatstone.g10code.de> Message-ID: My apologies for the late response. So, you are suggesting that the reader might be the problem? Because, as far as I know, they are a very common reader and the same reader works for OpenSC, PKCS11, Windows minidriver etc. for both the SC-HSM and every other card I have tried. I couldn?t find definitively if it supports Extended-Length APDUs though, it is just not mentioned in any of the technical specifications of the company. I am using the latest GPG4Win package released. You have mentioned some samples, would it be possible that you try them when you have some time? Any suggestions for a card reader besides the ACR38U-N1? Thanks, Minas -----Original Message----- From: Werner Koch Sent: Monday, 27 June, 2022 16:55 To: Minas Argyrou via Gnupg-users Cc: Minas Argyrou Subject: Re: gpa.exe hungs when click on "smartcards" AND scdaemon cannot recognise SC-HSM On Fri, 24 Jun 2022 20:47, Minas Argyrou said: >> scdaemon[xxxxx]: detected reader 'ACS ACR38U 0' scdaemon[xxxxx]: Never got them to run properly. Just stay way from this reader type. > I was never able to get the SC-HSM to work with GnuPG, even though it is > supposedly supported. This is the current time I am trying to figure it out. I have samples here but unfortnately did not came around to test them. However, there are updates to the pkcs#15 handling in the latest GnuPG releases. You may want to check that you are using 2.2.35 or 2.3.6. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6027 bytes Desc: not available URL: From konstantin at linuxfoundation.org Mon Jul 11 14:50:24 2022 From: konstantin at linuxfoundation.org (Konstantin Ryabitsev) Date: Mon, 11 Jul 2022 08:50:24 -0400 Subject: GnuPG 2.2.36 released In-Reply-To: <1826251.tdWV9SEqCh@daneel> References: <878rp6ulwz.fsf@wheatstone.g10code.de> <20220708205507.xntfat76w5wieh2d@meerkat.local> <1826251.tdWV9SEqCh@daneel> Message-ID: <20220711125024.d5d2qvhpjobcs2v3@meerkat.local> On Fri, Jul 08, 2022 at 11:07:36PM +0200, Ingo Kl?cker wrote: > > That key doesn't appear to be provided via > > https://gnupg.org/signature_key.asc. > > Yes, it is. > > ``` > $ curl https://gnupg.org/signature_key.asc | gpg --import > [...] > gpg: key 549E695E905BA208: 1 signature not checked due to a missing key > gpg: key 549E695E905BA208: public key "GnuPG.com (Release Signing Key 2021)" > imported > gpg: Total number processed: 4 > gpg: imported: 4 > > $ gpg -k 02F38DFF731FF97CB039A1DA549E695E905BA208 > pub brainpoolP256r1/549E695E905BA208 2021-10-15 [SC] [expires: 2029-12-31] > 02F38DFF731FF97CB039A1DA549E695E905BA208 > uid [ unknown] GnuPG.com (Release Signing Key 2021) > ``` > > See https://dev.gnupg.org/T5949#159890 for why it doesn't work for you. Ah, okay, that's unfortunate. I guess I'll skip this release, since I can't verify it without building gnupg from scratch (without verifying it first). -K From aheinecke at gnupg.org Mon Jul 11 14:53:17 2022 From: aheinecke at gnupg.org (Andre Heinecke) Date: Mon, 11 Jul 2022 14:53:17 +0200 Subject: [Announce] GnuPG 2.3.7 released Message-ID: <2424321.n8N17B9FeY@hopper> Hello! We are pleased to announce the availability of a new GnuPG release: 2.3.7. This release fixes CVE-2022-34903 which could be used to inject wrong status information in signatures. The status information could then be abused to display a wrong validity in Kleopatra and other users of GPGME. What is GnuPG ============= The GNU Privacy Guard (GnuPG, GPG) is a complete and free implementation of the OpenPGP and S/MIME standards. GnuPG allows to encrypt and sign data and communication, features a versatile key management system as well as access modules for public key directories. GnuPG itself is a command line tool with features for easy integration with other applications. The separate library GPGME provides a uniform API to use the GnuPG engine by software written in common programming languages. A wealth of frontend applications and libraries making use of GnuPG are available. As an universal crypto engine GnuPG provides support for S/MIME and Secure Shell in addition to OpenPGP. GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License. Three different series of GnuPG are actively maintained: - Version 2.3 is the current stable version with a lot of new features compared to 2.2. This announcement is about the latest release of this series. - Version 2.2 is our LTS (long term support) version and guaranteed to be maintained at least until the end of 2024. See https://gnupg.org/download/index.html#end-of-life - Version 1.4 is only maintained to allow decryption of very old data which is, for security reasons, not anymore possible with other GnuPG versions. Noteworthy changes in version 2.3.7 (2022-07-11) ------------------------------------------------ * gpg: Fix possibly garbled status messages in NOTATION_DATA. This bug could trick GPGME and other parsers to accept faked status lines. [T6027, CVE-2022-34903] * gpg: Look up user ID to revoke by UID hash. [T5936] * gpg: Setup the 'usage' filter property for export. [rG7aabd94b81] * gpg,w32: Allow Unicode filenames for iobuf_cancel. [rG4ee2009083] * gpg: Fix reading AEAD preference. [T6019] * gpgsm: New option --compatibility-flags. [rGf0b373cec9] * gpgsm: Rework the PKCS#12 parser to support DFN issued keys. [T6037] * agent: New option --no-user-trustlist and --sys-trustlist-name. [T5990] * agent: Pop up dialog window for confirmation, when specified so. [T5099] * agent: Show "Label:" field of private key when prompt the insertion. [T5986] * agent: Handle USAGE information in KEYINFO. [rG295a6a7591] * agent,ssh: Make not-inserted OpenPGP.3 keys available for SSH. [T5996] * agent,ssh: Support "Use-for-ssh" flag in private key. [T5985] * agent: New field "Prompt" to prevent asking card key insertion. [T5987] * agent: Support --format=ssh option for READKEY. [T6012] * agent: Add KEYATTR command. [T5988] * agent: Flush before calling ftruncate. [T6035] * agent: Do not consider --min-passphrase-len for the magic wand. [rGae2f1f0785] * kbx: Fix a race condition which results no status report. [T5948] * scd:openpgp: Fix a segv for cards supporting unknown curves. [T5963] * scd:p15: Fix reading certificates without length info. * scd:p15: Improve the displayed S/N for Technology Nexus cards. * scd:openpgp: Add workaround for ECC attribute on Yubikey. [T5963] * scd,piv: Fix status report of KEYPAIRINFO. [rG64c8786105] * scd:nks: Support the Telesec ESIGN application. [T5219, T4938] * scd: Fix use of SCardListReaders for PC/SC. [T5979] * scd: Support automatic card selection for READCERT with keygrip. [T6003] * scd: Support specifying keygrip for learn command. [T6002] * dirmngr: Fix for Windows when build against GNUTLS. [T5899] * gpg-connect-agent: Add --unbuffered option. * gpg-connect-agent: Add a way to cancel an INQUIRE. [T6010] * gpgconf: New short options -V and -X Release-info: https://dev.gnupg.org/T5947 Getting the Software ==================== Please follow the instructions found at or read on: GnuPG may be downloaded from one of the GnuPG mirror sites or direct from its primary FTP server. The list of mirrors can be found at . Note that GnuPG is not available at ftp.gnu.org. The GnuPG source code compressed using BZIP2 and its OpenPGP signature are available here: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.3.7.tar.bz2 (7421k) https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.3.7.tar.bz2.sig An installer for Windows without any graphical frontend except for a very minimal Pinentry tool is available here: https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.3.7_20220711.exe (4761k) https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.3.7_20220711.exe.sig The source used to build the Windows installer can be found in the same directory with a ".tar.xz" suffix. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a version of GnuPG installed, you can simply verify the supplied signature. For example to verify the signature of the file gnupg-2.3.7.tar.bz2 you would use this command: gpg --verify gnupg-2.3.7.tar.bz2.sig gnupg-2.3.7.tar.bz2 This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by one or more of the release signing keys. Make sure that this is a valid key, either by matching the shown fingerprint against a trustworthy list of valid release signing keys or by checking that the key has been signed by trustworthy other keys. See the end of this mail for information on the signing keys. * If you are not able to use an existing version of GnuPG, you have to verify the SHA-1 checksum. On Unix systems the command to do this is either "sha1sum" or "shasum". Assuming you downloaded the file gnupg-2.3.7.tar.bz2, you run the command like this: sha1sum gnupg-2.3.7.tar.bz2 and check that the output matches the next line: 9255a70a984bfbfa5312a9a52a1cf47cb0d1fc84 gnupg-2.3.7.tar.bz2 00a8f8d18681604eba4fa6e5437be30a66879456 gnupg-w32-2.3.7_20220711.tar.xz ef971b8add3894536ae4738c98dd220550b1ac9f gnupg-w32-2.3.7_20220711.exe Internationalization ==================== This version of GnuPG has support for 26 languages with Chinese (traditional and simplified), Czech, French, German, Italian, Japanese, Norwegian, Polish, Russian, and Ukrainian being almost completely translated. Documentation and Support ========================= The file gnupg.info has the complete reference manual of the system. Separate man pages are included as well but they miss some of the details available only in the manual. The manual is also available online at https://gnupg.org/documentation/manuals/gnupg/ or can be downloaded as PDF at https://gnupg.org/documentation/manuals/gnupg.pdf You may also want to search the GnuPG mailing list archives or ask on the gnupg-users mailing list for advise on how to solve problems. Most of the new features are around for several years and thus enough public experience is available. https://wiki.gnupg.org has user contributed information around GnuPG and relate software. In case of build problems specific to this release please first check https://dev.gnupg.org/T5654 for updated information. Please consult the archive of the gnupg-users mailing list before reporting a bug: https://gnupg.org/documentation/mailing-lists.html. We suggest to send bug reports for a new release to this list in favor of filing a bug at https://bugs.gnupg.org. If you need commercial support go to https://gnupg.com or https://gnupg.org/service.html. If you are a developer and you need a certain feature for your project, please do not hesitate to bring it to the gnupg-devel mailing list for discussion. Thanks ====== Since 2001 maintenance and development of GnuPG is done by g10 Code GmbH and has mostly been financed by donations. Three full-time employed developers as well as two contractors exclusively work on GnuPG and closely related software like Libgcrypt, GPGME and Gpg4win. Fortunately, and this is still not common with free software, we have now established a way of financing the development while keeping all our software free and freely available for everyone. Our model is similar to the way RedHat manages RHEL and Fedora: Except for the actual binary of the MSI installer for Windows and client specific configuration files, all the software is available under the GNU GPL and other Open Source licenses. Thus customers may even build and distribute their own version of the software as long as they do not use our trademark GnuPG VS-Desktop?. We like to thank all the nice people who are helping the GnuPG project, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word, answering questions on the mailing lists, or helping with donations. *Thank you all* Your GnuPG hackers p.s Those of you with standing SEPA donations, please cancel them or consider to redirect your funds to other projects which are more in need of financial support. The donations done via Stripe or PayPal have already been canceled. p.s. This is an announcement only mailing list. Please send replies only to the gnupg-users at gnupg.org mailing list. p.p.s List of Release Signing Keys: To guarantee that a downloaded GnuPG version has not been tampered by malicious entities we provide signature files for all tarballs and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these four keys: rsa3072 2017-03-17 [expires: 2027-03-15] 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28 Andre Heinecke (Release Signing Key) ed25519 2020-08-24 [expires: 2030-06-30] 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA Werner Koch (dist signing 2020) ed25519 2021-05-19 [expires: 2027-04-04] AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD Niibe Yutaka (GnuPG Release Key) brainpoolP256r1 2021-10-15 [expires: 2029-12-31] 02F3 8DFF 731F F97C B039 A1DA 549E 695E 905B A208 GnuPG.com (Release Signing Key 2021) The keys are available at https://gnupg.org/signature_key.html and in any recently released GnuPG tarball in the file g10/distsigkey.gpg . Note that this mail has been signed by a different key. Since Werner Koch is currently only partially available this Announcement was signed by Andre Heinecke. -- GnuPG e.V., Rochusstr. 44, D-40479 D?sseldorf. VR 11482 D?sseldorf Vorstand: W.Koch, B.Reiter, A.Heinecke Mail: board at gnupg.org Finanzamt D-Altstadt, St-Nr: 103/5923/1779. Tel: +49-211-28010702 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 5655 bytes Desc: This is a digitally signed message part. URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From ralph at ml.seichter.de Mon Jul 11 22:22:50 2022 From: ralph at ml.seichter.de (Ralph Seichter) Date: Mon, 11 Jul 2022 22:22:50 +0200 Subject: [Announce] GnuPG for OS X 2.3.7 released In-Reply-To: <2424321.n8N17B9FeY@hopper> References: <2424321.n8N17B9FeY@hopper> Message-ID: <87v8s3bdr9.fsf@ra.horus-it.com> GnuPG for OS X / macOS release 2.3.7 is now available for download via https://sourceforge.net/p/gpgosx/docu/Download/ . The disk image signature key was uploaded to keyservers on 2022-07-07 and should now be widely available. It can also be downloaded using https://www.seichter.de/pgp/gpgosx-signing.asc . pub ed25519/FD56297D9833FF7F 2022-07-07 [SC] [expires: 2027-07-06] Key fingerprint = EAB0 FE4F F793 D9E7 028E C8E2 FD56 297D 9833 FF7F uid [ultimate] Ralph Seichter (GnuPG for OS X signing key) Important: Starting with this release, GnuPG 2.3.x is installed in /usr/local/gnupg-2.3 instead of the previously hardcoded directory /usr/local/gnupg-2.2. This enables installing both stable and LTS releases of GnuPG for OS X side by side, for advanced users' needs. The one caveat is that the latest installation will replace existing soft links in /usr/local/{bin,lib}. Please use absolute paths like /usr/local/gnupg-2.2/bin/gpg2 if necessary. -Ralph From bernhard at intevation.de Wed Jul 13 09:45:24 2022 From: bernhard at intevation.de (Bernhard Reiter) Date: Wed, 13 Jul 2022 09:45:24 +0200 Subject: GnuPG 2.2.36 released In-Reply-To: <20220711125024.d5d2qvhpjobcs2v3@meerkat.local> References: <878rp6ulwz.fsf@wheatstone.g10code.de> <1826251.tdWV9SEqCh@daneel> <20220711125024.d5d2qvhpjobcs2v3@meerkat.local> Message-ID: <202207130945.32297.bernhard@intevation.de> Am Montag 11 Juli 2022 14:50:24 schrieb Konstantin Ryabitsev via Gnupg-users: > > See https://dev.gnupg.org/T5949#159890 for why it doesn't work for you. > > Ah, okay, that's unfortunate. I guess I'll skip this release, since I can't > verify it without building gnupg from scratch (without verifying it first). Maybe it helps to report the problem of missing crypto algorithms to your GNU/Linux distribution. -- https://intevation.de/~bernhard ? +49 541 33 508 3-3 Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: This is a digitally signed message part. URL: From bernhard at intevation.de Wed Jul 13 09:47:45 2022 From: bernhard at intevation.de (Bernhard Reiter) Date: Wed, 13 Jul 2022 09:47:45 +0200 Subject: GnuPG 2.2.36 released In-Reply-To: <87o7y11tnm.fsf@ra.horus-it.com> References: <878rp6ulwz.fsf@wheatstone.g10code.de> <87o7y11tnm.fsf@ra.horus-it.com> Message-ID: <202207130947.45913.bernhard@intevation.de> Hi Ralf, Am Donnerstag 07 Juli 2022 05:35:57 schrieb Ralph Seichter via Gnupg-users: > GnuPG for OS X / macOS version 2.2.36 is now available via the URL > https://sourceforge.net/projects/gpgosx/files/ . > > This is the first relase since Patrick Brunschwig passed stewardship of > the project to me, thanks for maintaining the package! (And many thanks to Patrick for having done so before!) Best Regards, Bernhard -- https://intevation.de/~bernhard ? +49 541 33 508 3-3 Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: This is a digitally signed message part. URL: From tmz at pobox.com Wed Jul 13 15:22:36 2022 From: tmz at pobox.com (Todd Zullinger) Date: Wed, 13 Jul 2022 09:22:36 -0400 Subject: GnuPG 2.2.36 released In-Reply-To: <202207130945.32297.bernhard@intevation.de> References: <878rp6ulwz.fsf@wheatstone.g10code.de> <1826251.tdWV9SEqCh@daneel> <20220711125024.d5d2qvhpjobcs2v3@meerkat.local> <202207130945.32297.bernhard@intevation.de> Message-ID: Bernhard Reiter wrote: > Am Montag 11 Juli 2022 14:50:24 schrieb Konstantin Ryabitsev via Gnupg-users: >>> See https://dev.gnupg.org/T5949#159890 for why it doesn't work for you. >> >> Ah, okay, that's unfortunate. I guess I'll skip this release, since I can't >> verify it without building gnupg from scratch (without verifying it first). > > Maybe it helps to report the problem of missing crypto algorithms to your > GNU/Linux distribution. They aren't really missing but rather intentionally removed due to legal issues on Fedora/Red Hat. This came up not so long ago: https://lists.gnupg.org/pipermail/gnupg-users/2022-May/066054.html With the current Fedora (36), it's possible to enable these ciphers via '--with brainpool' when building the libgcrypt srpm. Hopefully the legal issues will be cleared sometime soon and Fedora will stop stripping brainpool. It's frustrating that the releases are signed with a cipher that cannot be verified on a reasonably popular distro. -- Todd -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 543 bytes Desc: not available URL: From konstantin at linuxfoundation.org Wed Jul 13 18:55:48 2022 From: konstantin at linuxfoundation.org (Konstantin Ryabitsev) Date: Wed, 13 Jul 2022 12:55:48 -0400 Subject: GnuPG 2.2.36 released In-Reply-To: References: <878rp6ulwz.fsf@wheatstone.g10code.de> <1826251.tdWV9SEqCh@daneel> <20220711125024.d5d2qvhpjobcs2v3@meerkat.local> <202207130945.32297.bernhard@intevation.de> Message-ID: <20220713165548.pyjbb53gzrh4wkaz@meerkat.local> On Wed, Jul 13, 2022 at 09:22:36AM -0400, Todd Zullinger via Gnupg-users wrote: > > Maybe it helps to report the problem of missing crypto algorithms to your > > GNU/Linux distribution. > > They aren't really missing but rather intentionally removed > due to legal issues on Fedora/Red Hat. This came up not so > long ago: > > https://lists.gnupg.org/pipermail/gnupg-users/2022-May/066054.html Correct. RH considers Brainpool curves potentially patent-encumbered. > With the current Fedora (36), it's possible to enable these > ciphers via '--with brainpool' when building the libgcrypt > srpm. > > Hopefully the legal issues will be cleared sometime soon and > Fedora will stop stripping brainpool. > > It's frustrating that the releases are signed with a cipher > that cannot be verified on a reasonably popular distro. Indeed! For now, I worked around by verifying the signature on the swdb.lst file on a system where I have gnupg22-static installed, so I was able to build updated packages for my copr repos. Thanks, -Konstantin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: From mcr+ietf at sandelman.ca Wed Jul 13 16:24:29 2022 From: mcr+ietf at sandelman.ca (Michael Richardson) Date: Wed, 13 Jul 2022 10:24:29 -0400 Subject: GnuPG 2.2.36 released In-Reply-To: References: <878rp6ulwz.fsf@wheatstone.g10code.de> <1826251.tdWV9SEqCh@daneel> <20220711125024.d5d2qvhpjobcs2v3@meerkat.local> <202207130945.32297.bernhard@intevation.de> Message-ID: <29906.1657722269@localhost> Todd Zullinger via Gnupg-users wrote: > It's frustrating that the releases are signed with a cipher that cannot > be verified on a reasonably popular distro. At least, multiple signatures could be made. -- Michael Richardson . o O ( IPv6 I?T consulting ) Sandelman Software Works Inc, Ottawa and Worldwide -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 515 bytes Desc: not available URL: From Amit1.Tiwari at hsc.com Thu Jul 21 13:46:53 2022 From: Amit1.Tiwari at hsc.com (Amit 1 Tiwari) Date: Thu, 21 Jul 2022 11:46:53 +0000 Subject: getting error: gpg: NOTE: THIS IS A DEVELOPMENT VERSION! Message-ID: Hi all, I have created gnupg executable and installed it on windows. when i try to use option gpg --search-key it is giving me following error. gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! How can i make an executable that support above operation (--search-key, --send-key etc.). Regards, Amit Tiwari DISCLAIMER: This electronic message and all of its contents, contains information which is privileged, confidential or otherwise protected from disclosure. The information contained in this electronic mail transmission is intended for use only by the individual or entity to which it is addressed. If you are not the intended recipient or may have received this electronic mail transmission in error, please notify the sender immediately and delete / destroy all copies of this electronic mail transmission without disclosing, copying, distributing, forwarding, printing or retaining any part of it. Hughes Systique accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus. -------------- next part -------------- An HTML attachment was scrubbed... URL: From patrick at enigmail.net Fri Jul 22 13:26:50 2022 From: patrick at enigmail.net (Patrick Brunschwig) Date: Fri, 22 Jul 2022 13:26:50 +0200 Subject: Request for Comment: keys.openpgp.org Organization Message-ID: <8332a395-59ca-0c69-48cd-c850230d480e@enigmail.net> This is a cross-post to openpgp-email at enigmail.net, gnupg-users at gnupg.org, autocrypt at lists.mayfirst.org and openpgp at ietf.org. Please reply to openpgp-email at enigmail.net During the last OpenPGP Email Summit[1] we agreed that we would like to transition the keyserver on keys.openpgp.org (KOO) from a one-person show into an open community project. Vincent, Lars, dkg and I volunteered to form a Bootstrapping Committee that would propose a new structure and governing rules for this community by end of July. I'm very happy to announce today that we completed this task ahead of time. We have prepared a proposal for a constitution, together with several supporting documents, and would now like to invite everyone interested in OpenPGP for feedback to our proposals. Please provide your feedback until Aug. 21, 2022 on the OpenPGP Summit Email list (openpgp-email at enigmail.net). Below is a summary of the proposed constitution. The complete constitution and all supporting documents can be found on Gitlab: https://gitlab.com/hagrid-keyserver/bootstrap-committee/-/tree/main We are planning to set up the organization according the following schedule (under the assumption that the feedback is such that the schedule is feasible): 1. Comment period for the constitution: until Aug. 21, 222 2. Publish first version of constitution: 1w later 3. Invitation for voting body +4w 4. First election of the board +2w 5. Publish election results +3d 6. Install 1st Board We agreed that Patrick will be responsible for the complete process. Summary of the keys.openpgp.org Constitution ============================================ High Level Summary ------------------ keys.openpgp.org (KOO) is a service providing a verifying key server to the OpenPGP ecosystem. The service is operated by the operations team as guided by the Board. The Board is elected by the Voting Body, which is formed by individuals that are active in the OpenPGP ecosystem. The Board --------- The Board offers advice, guidance, and support to the operations team, and helps ensure the ongoing operation of the KOO service. If and when the KOO organization gets funds, the Board decides how to spend them. The Board consists of 3-5 individuals. Board members are elected for a 1-year term, and may be on the Board for up to 3 years in a row. Board votes are decided by simple majority, except when replacing the whole operations team, which must be a unanimous vote by all members. The Board nominates one of its members as secretary. The secretary takes meeting minutes and organizes the next election. Board meeting minutes are published. The Board takes care of KOO Enhancement Proposals (KEP) that may be submitted by any voting member. Any KEP requires adoption by at least one Board member in order to be considered by the Board. The Board may approve or reject any KEP under consideration, or may ask the KEP author for revisions before re-consideration. Board members self-nominate themselves via a public mailing list. Elected members are asked to ensure that no organization or affiliation is over-represented in the Board. The Voting Body --------------- The voting body serves to elect the Board Members. It consists of voting members. Eligible for membership are all those individuals who use OpenPGP, implement it, provide services to help use it, produce documentation, provide training, etc. Voting members are nominated by existing members and approved by the Board. Membership expires after 3 years of inactivity (defined by participating in the votes and elections). Membership in the initial voting body is open to anyone who has attended any of the past OpenPGP E-mail Summits[2]. This only applies to the election of the first Board. The Operations Team ------------------- The operations team maintains the Hagrid software, and operates the servers providing the service of the key server. It has final say in how the software works, and how the service is provided. The operations team reports on their activities to the Board and the public. The operations team is self-organized, except for the right of the Board to replace the operations team entirely. Initial Formation of the KOO Organization ----------------------------------------- The KOO Bootstrap Committee will organize the process to establish the KOO organization as follows: 1. Request for feedback from the OpenPGP community (public announcement). 2. Incorporate the community feedback and publish the 1st KOO Constitution. 3. Invite attendees of the past OpenPGP E-mail Summits to join the Voting Body. 4. Organize the election of the first Board. 5. The constitution is considered ratified once the 1st elected Board is installed. In order to ensure continuity, 2 of the 5 initial Board members will have a term limit of max. 2 years. Voting Process -------------- Voting and elections are done publicly and are attributable. Votes for Board elections are done by signed commits via merge requests on a dedicated git repository. Changing the Constitution ------------------------- The constitution may be changed by voting by the Voting Body. To pass, a change must receive at least 67% of the votes given, and at least 50% of the eligible voters must vote. We are looking forward to a fruitful discussion and hope that we can reach an agreement for how to set up and structure KOO. dkg, Lars, Patrick, Vincent [1] https://wiki.gnupg.org/OpenPGPEmailSummit202205 [2] https://wiki.gnupg.org/OpenPGPEmailSummits -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 834 bytes Desc: OpenPGP digital signature URL: From bernhard at intevation.de Wed Jul 27 15:18:52 2022 From: bernhard at intevation.de (Bernhard Reiter) Date: Wed, 27 Jul 2022 15:18:52 +0200 Subject: Redhat/Fedora still disabling brainpool curves (was: GnuPG 2.2.36 released In-Reply-To: References: <878rp6ulwz.fsf@wheatstone.g10code.de> <202207130945.32297.bernhard@intevation.de> Message-ID: <202207271518.59471.bernhard@intevation.de> Am Mittwoch 13 Juli 2022 15:22:36 schrieb Todd Zullinger via Gnupg-users: > > Maybe it helps to report the problem of missing crypto algorithms to your > > GNU/Linux distribution. > > They aren't really missing but rather intentionally removed > due to legal issues on Fedora/Red Hat. This came up not so > long ago: > > https://lists.gnupg.org/pipermail/gnupg-users/2022-May/066054.html Thanks for the pointer, reading the fedora discussion: https://lists.fedoraproject.org/archives/list/legal at lists.fedoraproject.org/thread/WUQNAB4EPWSJMMVECL2TZGKB5KIDESII/#ZWQUWUYR7VVG6EXSXZYES5MWCWWKBNKG > Hopefully the legal issues will be cleared sometime soon and > Fedora will stop stripping brainpool. The last ping there was on April. As there is no open issue where users can track the progress on the Fedora legal team, maybe asking for an update after a quarter of a year is okay. (If you are a Fedora user and want brainpool algorithms included. ;) ) Regards Bernhard -- https://intevation.de/~bernhard ? +49 541 33 508 3-3 Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: This is a digitally signed message part. URL: