When will you start using GnuPG 2.1.x

Bob's Avatar

Bob

24 Jan, 2017 08:50 PM

Thanks for beta2

I posted on Dec. 31:

I'm already using ECC with curve255-19 keys. Will you switch to GnuPG 2.1.x for the release version? If not, when will you do so?

Can you already answer this question?
Regards!

  1. Support Staff 1 Posted by Steve on 20 Feb, 2017 04:26 PM

    Steve's Avatar

    Hey Bob,

    no we can not. At the moment the priority is to stabilize GPGMail on macOS 10.12. So GnuPG 2.1 is something we will look into once GPG Suite reaches stable on 10.12.

    Kindly,
    steve

  2. 2 Posted by Bob on 21 Feb, 2017 08:30 PM

    Bob's Avatar

    Really looking forward using 2.1.x.
    Considering the 2.0.x branch will reach end-of-life in 12/2017, I hope you “stabilise” soon and we have 2.1.x running by then.

    Nevertheless,
    thx for your reply and
    thank you to all of you for your work!

  3. Support Staff 3 Posted by Steve on 22 Feb, 2017 03:15 PM

    Steve's Avatar

    Bob, we have a ticket for this problem. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll stay in the loop and get notified as soon as we have news. Feel free to open a new discussions should you run into further problems or need assistance.

    And thanks a lot for your kind words.

    Kindly,
    steve

  4. Steve closed this discussion on 22 Feb, 2017 03:15 PM.

  5. Steve re-opened this discussion on 13 Jun, 2017 09:04 PM

  6. Support Staff 4 Posted by Steve on 13 Jun, 2017 09:04 PM

    Steve's Avatar

    Hi Bob,

    we have a first GPG Suite test build which integrates gpg 2.1. Here is the signature file for that release.

    It would be great if you could test this build and let us know if run into any trouble. Please note, that downgrading to the current beta release will require additional steps in case new keys were created using this test build. Depending on the test results, gpg 2.1 may soon land in the beta branch.

    All the best,
    steve

  7. 5 Posted by Bob on 14 Jun, 2017 04:55 AM

    Bob's Avatar

    Hi Steve,

    thanks for the update. I will try and keep you posted.

  8. Support Staff 6 Posted by Steve on 14 Jun, 2017 06:48 AM

    Steve's Avatar

    Cool. Looking forward to your feedback.

    Have a great day,
    steve

  9. 7 Posted by Bob on 16 Jun, 2017 03:38 PM

    Bob's Avatar

    Hi Steve!

    today I gave version 2.1 (3n) a try:
    - Installation was flawless. - All keys (public and private) of my previous 2.1.30 installation are all recognised.

    A minor issue in System Preferences / Settings:
    - my previously set keyserver (‘hkps://hkps.pool.sks-keyservers.net’) seems not to work

    Some major issues in Apple Mail:
    I have multiple keys (multiple email addresses and on RSA and EC per address)
    1) all combinations of email addresses and private keys are available in the “sender field” -- that's cool (in 2.0.30 I used only one key per address, so I didn't realise this feature if it has been there already)
    2) when sending a signed email, I will always be asked to enter the password of the same key, no matter what the default key (in System Preferences / ‘gpg.conf’) is, or which address/key combination I have chosen to send -- bad
    3) if the recipients also has multiple keys for the same email address I have no possibility to chose the encryption key -- not so good
    4) can we set a recipients default key?

    If I find any further issues, I keep you posted.
    If you have a new version, please let me know.

    Thx so far ...

  10. 8 Posted by Bob on 16 Jun, 2017 04:46 PM

    Bob's Avatar

    More news.

    I sent a signed email (sender address “A”, key “A2” EC) to myself (recipient address “B”, key “B1” RSA):
    - when selecting the message in the inbox message list (not sent!) I will be prompted to enter the passphrase for key “A2” - Why not for “B1”? - Shouldn't it be “A2” when selecting the message in the sent message list? - if no passphrase is entered (clicked the “cancel” button), the message will be shown decrypted anyway (obviously the passphrase is still in cache), but the padlock symbol is closed/locked - I will try after a reboot (so the cache should be empty, I didn't store the passphrase in my macOS keychain)

  11. 9 Posted by Bob on 16 Jun, 2017 05:17 PM

    Bob's Avatar

    I just found out that what I observed (and described in #2 of my post from Jun 16, 2017 @ 05:38 PM) is obviously already known: https://gpgtools.tenderapp.com/discussions/beta/1857-mail-signing-u...

    keep up the good work -- looking forward to your solution

  12. Support Staff 10 Posted by Steve on 18 Jun, 2017 05:09 PM

    Steve's Avatar

    Hi Bob,

    thanks very much for your feedback.

    1. System Preferences > GPG Suite

    We were able to reproduce issues when trying to switch to any of the hkp key servers. But the default hkps key server is actually working as expected. Can you confirm this observation? If not, what issues are you seeing using the default hkps key server?

    We have a ticket for the problem regarding the hkp: key servers. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll stay in the loop and get notified as soon as we have news. Feel free to open a new discussions should you run into further problems or need assistance.

    1. Random key selection

    This is actually a known issue with the 10.12 beta. I also connected this discussion with the according ticket for that, so we can update you, once a fix is available. That problem is not connected to the gpg 2.1 update but is a bug in GPGMail beta.

    Again, thanks for taking the time to test and providing feedback.

    Kind regards,
    steve

  13. Support Staff 11 Posted by Steve on 19 Jun, 2017 09:05 AM

    Steve's Avatar

    Regarding the key server issue:

    • open new finder window
    • press ⇧⌘G and paste the following ~/.gnupg

    Then check if a file called 'dirmngr.conf' exists in that folder.

    If that file does not exist at that location, please do the following:

    • open new finder window
    • press ⇧⌘G and paste the following /usr/local/MacGPG2/share/ca-certs.crt

    And attach that file to this discussion by visiting it in your browser.

    I'm setting this discussion to "private". That means only our core-team and the company hosting this support platform are able to access this discussion.

    All the best,
    steve

  14. 12 Posted by Bob on 19 Jun, 2017 08:22 PM

    Bob's Avatar

    Hi Steve,

    I experienced problems with earlier installations of 2.1.x (since .16 or 17 if i recall correctly). I also have a ‘ca-cert’ from a pervious install of “GnuPG for OS X” (https://sourceforge.net/p/gpgosx/docu/Download/)
    -rw-r--r-- 1 root wheel 270213 May 27 13:13 ca-certs.crt which differs from the one of your 3n version (at least in size):
    -rw-r--r-- 1 root wheel 272197 Jun 16 16:44 ca-certs.crt I'm attaching both of them (your server didn't want them -- see screendump, so I renamed them to ‘...txt’)

    I also have a certificate (‘sks-keyservers.netCA.pem’) which I do not exactly where I downloaded from, but I was pretty sure that the source was trustable. It is referenced in my ‘dirmngr.conf’ but is currently deactivated for obvious reasons.

    After all, I have to confess my ‘.gnupg’ directory (for version 2.1.21) already existed, so it can easily be, that there is a little file-fuss which I would happily correct if provided with good instructions.

    BTW: there is also a remnant of 2.0.30 in ‘.gnupg/gpg.conf’ regarding keyservers:
    keyserver hkps://hkps.pool.sks-keyservers.net which might be eliminated after all?

    PS.: I'm sorry I didn't do exactly as you requested but I thought in my situation it was better this way.

  15. Support Staff 13 Posted by Steve on 20 Jun, 2017 10:39 AM

    Steve's Avatar

    Hey Bob,

    can you please rename your .gnupg folder (to have a backup you can then later use again). Then restart your system and see if the key servers are working as expected.

    Currently gpg.conf is used for key server options. dirmngr.conf should not exist when using our MacGPG 2.1.

    /usr/local/MacGPG2/share/ca-certs.crt is created when installting MacGPG2.1, it contains the root-certs from macOS. MacGPG 2.1 uses that file as a default.

    /usr/local/MacGPG2/share/gnupg/sks-keyservers.netCA.pem is part of MacGPG 2.1 and also added to ca-certs.crt .

    Let us know how that goes.

    All the best,
    steve

  16. 14 Posted by Bob on 20 Jun, 2017 10:46 AM

    Bob's Avatar

    Hi Steve,

    I'll do as you wrote and start with a clean setup of GPGTools (3n). Will check how everything works before I merge my own files and settings.

    I can give you my feedback later this day.

  17. Support Staff 15 Posted by Steve on 20 Jun, 2017 11:25 AM

    Steve's Avatar

    Please do not use the 3n build. That was the very first test build for 2.1. Instead use the latest nightly build which now uses gpg 2.1 from here:
    https://releases.gpgtools.org/nightlies/

  18. 16 Posted by Bob on 20 Jun, 2017 07:45 PM

    Bob's Avatar

    Hi Steve!

    I did a clean install with 1922n.

    As for the keyserver thing:
    - After a clean install with default, everything worked fine and as expected. - After restoring my ‘.gnupg’ directory and a little bit of cleanup (removing broken pipes ‘S.*’ and file ‘dirmngr.conf’, setting the keyserver “hkps://hkps.pool.sks-keyservers.net” in my ‘gpg.conf’), no problems either.

    Thanks for clarification.
    Sorry for the confusion with my messed-up settings.

  19. Support Staff 17 Posted by Steve on 20 Jun, 2017 07:47 PM

    Steve's Avatar

    Thanks for the feedback. So we're down to the remaining known issue of random key selection when more then one key exists for the same email address.

  20. Support Staff 18 Posted by Steve on 20 Jun, 2017 07:50 PM

    Steve's Avatar

    To workaround that, you may want to temporarily disable all but one key for that email address. That way you can make sure the correct key is used. You can do that in GPG Keychain by double clicking the key and then tick the disable option on the first tab.

  21. 19 Posted by Bob on 20 Jun, 2017 09:28 PM

    Bob's Avatar

    Didn't realise that this option exists. I had temporarily removed my additional private keys (which is much easier with version 2.1.x than before due to the new storage format).

    Thanks and looking forward for your next “output”.

  22. Support Staff 20 Posted by Steve on 21 Jun, 2017 08:18 AM

    Steve's Avatar

    Great, I'm closing this discussion for now. It will be re-opened once the key selection bug has been fixed.

    You can re-open or file a new discussion anytime.

    Have a great day,
    steve

  23. Steve closed this discussion on 21 Jun, 2017 08:18 AM.

  24. Steve re-opened this discussion on 25 Aug, 2017 08:59 PM

  25. Support Staff 21 Posted by Steve on 25 Aug, 2017 08:59 PM

    Steve's Avatar

    Hi Bob,

    good news - the issue where key selection in the From: field was ignored when more than one secret key existed for the same email address, has been fixed. If you want to test the fix, please download our latest nightly GPG Suite. That page also has sig and SHA1 to verify the download.

    Best, steve

    Disclaimer: This is a development version which has not been thoroughly tested yet, so bugs or crashes are to be expected. Thanks for helping us test this fix.

  26. 22 Posted by Bob on 26 Aug, 2017 11:21 AM

    Bob's Avatar

    Hi Steve!

    Mail does now respect the default key selection from System Preferences.

  27. Support Staff 23 Posted by Steve on 26 Aug, 2017 12:46 PM

    Steve's Avatar

    Thanks for your feedback. That is good news.

    I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.

    Best, steve

  28. Steve closed this discussion on 26 Aug, 2017 12:46 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac