From mikhail at filippov.me  Sat Jun  6 19:04:56 2026
From: mikhail at filippov.me (Mikhail Filippov)
Date: Sat, 6 Jun 2026 21:04:56 +0400
Subject: [PATCH] w32: Modernize dialog for Windows Vista and later.
Message-ID: <6b89d6f0-983b-4b5a-b0b5-9163edb72675@filippov.me>

I updated the basic pinentry to look more native on modern operating 
systems. I also included an SVG file for the GnuPG logo, which I created 
manually in Inkscape based on a 128?128 icon. It will help if someone 
needs to regenerate icons in different sizes in the future.

--
 From 4be04ecc4d9f5ac2a9f8502ec16cf1d53ec7a4fd Mon Sep 17 00:00:00 2001
From: Mikhail Filippov <mikhail at filippov.me>
Date: Thu, 2 Apr 2026 00:39:40 +0300
Subject: [PATCH] w32: Modernize dialog for Windows Vista and later.

* w32/app.manifest: New.? Declare Common Controls v6 dependency
for visual styles and PerMonitorV2 DPI awareness.
* w32/pinentry-w32.rc: Embed app.manifest.? Switch from DIALOG to
DIALOGEX with DS_SHELLFONT and Segoe UI 9pt.? Reflow controls per
Microsoft UX guidelines; tighten IDC_PINENT_TEXT to 12 DLU so the
themed edit text sits at the optical centre and align
IDC_PINENT_PROMPT to that baseline.? Size IDC_PINENT_DESC to 56
DLU, the smallest height that fits the seven-line CHV1 prompt
with "Remaining attempts: N" without truncation; the standard
five-line CHV1 prompt fits with a small bottom padding.
* w32/main.c (set_bitmap): Use the smaller of width/height from
MapDialogRect so the icon stays square.? Select the closest bitmap
that is at least as large as the target size to prefer downscaling
over upscaling.
* w32/gnupg-logo.svg: New.? Vector source for the GnuPG logo,
traced from the original artwork in Inkscape.
* w32/logo-32.bmp, w32/logo-48.bmp, w32/logo-64.bmp,
w32/logo-96.bmp, w32/logo-128.bmp: Regenerate as 4-bit BMPs with
full 16-entry palettes using standard gray (192,192,192) background.
* w32/Makefile.am (EXTRA_DIST): Add app.manifest and gnupg-logo.svg.
(pinentry-w32.o): Depend on app.manifest.
--

The previous BMPs had truncated palettes (biClrUsed=4 with only
4 palette entries) which caused LR_LOADTRANSPARENT to silently
fail on Windows 10 and later.? The new BMPs use standard gray
(192,192,192) as background which LR_LOADMAP3DCOLORS correctly
maps to the current COLOR_3DFACE.

Signed-off-by: Mikhail Filippov <mikhail at filippov.me>
---
 ?w32/Makefile.am? ? ?|? ?4 ++--
 ?w32/app.manifest? ? |? 27 +++++++++++++++++++++++++++
 ?w32/gnupg-logo.svg? |? ?6 ++++++
 ?w32/logo-128.bmp? ? | Bin 8262 -> 8310 bytes
 ?w32/logo-32.bmp? ? ?| Bin 582 -> 630 bytes
 ?w32/logo-48.bmp? ? ?| Bin 1222 -> 1270 bytes
 ?w32/logo-64.bmp? ? ?| Bin 4738 -> 2166 bytes
 ?w32/logo-96.bmp? ? ?| Bin 4678 -> 4726 bytes
 ?w32/main.c? ? ? ? ? |? 37 +++++++++++++++++++++++--------------
 ?w32/pinentry-w32.rc |? 23 +++++++++++++----------
 ?10 files changed, 71 insertions(+), 26 deletions(-)
 ?create mode 100644 w32/app.manifest
 ?create mode 100644 w32/gnupg-logo.svg

diff --git a/w32/Makefile.am b/w32/Makefile.am
index 12c66db..b8913b5 100644
--- a/w32/Makefile.am
+++ b/w32/Makefile.am
@@ -21,7 +21,7 @@

 ?logos = logo-32.bmp logo-48.bmp logo-64.bmp logo-96.bmp logo-128.bmp

-EXTRA_DIST = $(logos)
+EXTRA_DIST = $(logos) app.manifest gnupg-logo.svg

 ?bin_PROGRAMS = pinentry-w32

@@ -37,6 +37,6 @@ pinentry_w32_LDADD = pinentry-w32.o \
 ? ? ?../pinentry/libpinentry.a ../secmem/libsecmem.a \
 ? ? ? ? ?$(COMMON_LIBS)

-pinentry-w32.o: pinentry-w32.rc resource.h $(logos)
+pinentry-w32.o: pinentry-w32.rc resource.h $(logos) app.manifest
 ? ? ?$(WINDRES) -I.. -v -o $@ $<

diff --git a/w32/app.manifest b/w32/app.manifest
new file mode 100644
index 0000000..1df9c45
--- /dev/null
+++ b/w32/app.manifest
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
+? <assemblyIdentity
+? ? version="1.0.0.0"
+? ? processorArchitecture="*"
+? ? name="Pinentry.Native"
+? ? type="win32"/>
+
+? <dependency>
+? ? <dependentAssembly>
+? ? ? <assemblyIdentity
+? ? ? ? type="win32"
+? ? ? ? name="Microsoft.Windows.Common-Controls"
+? ? ? ? version="6.0.0.0"
+? ? ? ? processorArchitecture="*"
+? ? ? ? publicKeyToken="6595b64144ccf1df"
+? ? ? ? language="*"/>
+? ? </dependentAssembly>
+? </dependency>
+
+? <application xmlns="urn:schemas-microsoft-com:asm.v3">
+? ? <windowsSettings>
+? ? ? <dpiAwareness 
xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">PerMonitorV2,PerMonitor</dpiAwareness>
+? ? ? <dpiAware 
xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
+? ? </windowsSettings>
+? </application>
+</assembly>
diff --git a/w32/gnupg-logo.svg b/w32/gnupg-logo.svg
new file mode 100644
index 0000000..32a905e
--- /dev/null
+++ b/w32/gnupg-logo.svg
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg xmlns="http://www.w3.org/2000/svg"
+? ? ?viewBox="0 0 135.46667 135.46667"
+? ? ?width="512" height="512">
+? <path fill="#0093dd" d="M 59.823116,0.6505142 C 33.424751,3.3209141 
9.6008502,23.020126 2.6727271,48.739529 -5.0920409,74.955285 
4.1821124,105.71285 26.476279,121.99397 50.510296,140.57285 
87.131257,140.29225 110.57095,120.8201 130.39179,105.35661 
139.47113,78.166884 133.89692,53.782548 129.04711,29.671972 
110.1959,8.7825409 86.201889,2.665949 77.637514,0.34886499 
68.639437,-0.28140778 59.823116,0.6505142 Z M 19.387529,102.91095 C 
18.123916,93.886617 16.860304,84.862285 15.596691,75.837952 
18.334517,75.628087 21.072344,75.418221 23.81017,75.208356 
22.948201,60.379658 18.535893,44.20332 26.679545,30.523169 
40.509034,5.4042563 78.02201,-3.9695957 100.81121,14.479783 c 
12.68511,9.636418 16.33212,27.139862 12.64981,42.048487 
-0.75113,6.055367 -2.39888,13.026997 -8.65507,15.655865 C 
86.421565,81.109288 65.608234,81.975391 46.165542,87.330688 
35.897701,90.057496 27.65418,96.608106 19.387529,102.91095 Z M 
30.76004,46.876129 C 34.232961,41.700172 37.40321,34.49382 
42.755298,30.026479 56.149842,17.013637 76.79832,12.241874 
94.572436,17.914305 79.174613,6.3777104 56.69968,11.007477 
43.436591,23.661005 36.84759,29.73856 31.985893,37.918207 
30.76004,46.876129 Z M 47.186997,73.319541 C 62.701102,72.908845 
78.145215,71.150681 93.631546,70.199584 94.456878,59.869371 
99.030816,48.449719 92.985802,38.890097 86.300254,27.875439 
70.703139,26.34686 60.18498,32.44983 51.381662,36.844762 
46.02764,46.487378 46.456214,56.250707 c -0.09795,5.701396 
0.696628,11.371045 0.730783,17.068834 z m 68.235033,1.259194 c 
-2.81354,12.784604 -5.60854,25.573985 -8.66049,38.304445 
-22.670902,3.3379 -45.297033,7.03929 -67.788023,11.43435 
10.546197,-7.1233 24.04929,-5.4569 35.64442,-9.75717 8.907683,-2.73318 
17.438715,-6.9731 24.554199,-13.04093 -13.833165,4.1626 
-27.974702,7.99067 -42.508048,8.31718 4.281175,-2.15319 11.32367,-2.0521 
16.554765,-3.80334 14.650452,-3.40432 29.165607,-10.178193 
38.682487,-22.202021 -10.15936,5.195687 -20.627431,10.22973 
-32.107244,11.564185 -2.721155,0.696051 -13.397047,2.063515 
-5.776411,-0.187622 14.891042,-4.380705 28.762985,-11.683876 
41.404345,-20.629077 z"/>
+</svg>
diff --git a/w32/logo-128.bmp b/w32/logo-128.bmp
index 
883475b3f4654c63807961cc00641b4ab120723d..b6ce2000634440202b380d883d632b3b957c7614 
100644
GIT binary patch
literal 8310
zcmb7JYiw1=5#DocOr=Vd?Q5F!S1&HF=0_F4P#XT+048aZN=dMdLmSD27~EG%8ZfUE
z(IhySByJm0oCa`J%EL9psTAHOF0Dc^25wcU3B<4dE7<p*z5lAFP^&YuvyXG`IhSOm
zd(Z6de6zE&GqZd4EctG0N>FKq|2gp6!9P!w0tF={MDmO3R}NMDUAS;TT=;Xp_)Gs8
z at z?Wz5+9sBC@!7&l^A??tH|`M5r04YsQAb47mJS$d_&xL`>SGT at 0Y~Lo>DQoN5B&V
z#1yY)-R^6W%E;Na6{#4um}YOm=Hp`ujsO0Y&brSdp{nJ)1uJT}b4kot1<l^V{m$4%
z(BOv8rb43eeS--QclO?2Fjiqh;s==k%BlEA<`(jYS`t5u(w&9mPv1?0#FItfQsz$;
z7vMb{tGrUdKb#6F9H at TtE^sMxF9!g@%CvW2l-sW7s8QYj?9)MvQ%k&njJcf+yU$O$
zkRUw}Yl4TB?QU<VT(E8*JAV+1wfrGxNSB<}&&+pr&K1e!n~(jo5R5I^)h^1=i60ww
z|I9Pfg*T&N%lXLFyp%E^hnVg1-s#@Bv|M;K4eb#k{FfY<CQDv7!xQ0Od28cR(4uB#
zp@>f-Ot@$=h=-bgrF-L&a#4v|1a0xA9 at RWcx(eXf;19Mv2s{-v4O@;mD>9KbKqeMN
z!coH6XUdTW%(>Z$2rH2IWgK40k-ew_iuhXXy0?`*$3qqf7(Xn^Kl6kV0RNRWYMEa&
zEl7Aj31fowp*1uI!rVt)*KGr|PRRuMv6dfoR%CdC;r{}$=9)+t|2<L&m;TYUo7#=V
zZW{q*O6*AopXi9d%aNnaOXt_Na3tM+o&lv9VxDj;ICU%vFXf$coy~KT%ePQC53vzT
z`W5qYR)I&O;n at 1Wvm57nH7%G^2GWG^Iu!RsgHLp+mgs*UCCq3!J}FNr8*W#8b^>J}
zyjaO~uP6rz?{nOJpLxv$(E9nm6_YRw8O2+$b&zJTm^t+XJXFYUDXN5j6nwbyp$$0a
zuP}Z*g*72)L2^&n^b at Jc0GhuVEije){U)eDxfko%^t4`Xk9l0yiF=CH^bLh4drYJR
zr{5U3l%KEwb|5J~CcIkD at p9oL&}bQ-JWhZ_FLx^gC~>!-YudXJxLn`WN!`pI)WLQC
zF_fpwaTCd??Jw6>ziziq!lzQm_ERm744{^i=Hjg~LunS+&$?IOew4u$pLS2}K$1K_
zr4Ho`CA0%ttfJ6+k}LP2*|TT@?LZQhX6OF^6$29-2!pZipN7S+YQb|6?mgOpWENtW
zSK~c`3o+}RC;{>^BrtFJeh>wFk9Hu59>f*)1tAtj3mC at J+l*~vay%`J1Ib?qq0*t;
z!Q+Df7$u_Qc7lK;oURUOm4OMg=G?K~;KhusnFze}_kw`LlbLMVI1qZ^v&5TkvUpLc
zY#kQj9|3bE8Z#$Ehwi#1I2$QfGBRMbGMdLe{Ue}(*EpCq4m6SCY?w<MtRj*P`uJ|~
zl1^`4<4Y!A=F+@#;7W!{Wo_ULPh$Mvl!FHK#)0xpWlFrxB>@?*<%UmUxtBpeg>fLc
zgOZ1o7=BTu;3SsCZNxZ`JjlyW;TI(U)|~ebw!;uafOVh~yz~7#8mn5p1+;&#07wER
z1IddViysxkgUM+BU;(F6jsx+=&*2v at 1@{leLlWp<Qr_CGC>?(B0$~4m6*B;o?CNLf
z34h~Vin{ztYje5?n7Wes&FF^ND<*oiBsseNZg`ae5O7VSa{Zc;(!nopu3xrv-gNMl
zP?`Cf<wq))vGpd)yM1)@>XmbU+_h<K{jzz}Z98PKZ59AjJ_CQM=<N)-*{aY#a^>7_
zUumshHeV}K6-=>gQV`*Wu)(wJ(W`x+%wwd;mz^ndH$B`C4&xQy4#Ep|ITwp`Hm$nx
zza!j9^<OK7nB$6*0`w6nB;}yO#~hbn2iL{x3L#bX1oyiW7&Dx(gX?1B!}KDd4?JIY
zS~G at rQb-J52f1Sa-{PGV!b#PLW<qn6+7)#C_g`9jA!6{ic!rL7vb|;yCxzJjVtSD<
z7Pjs&VJ)q#18T(J%?dwd#Ex50P6~>_=ad7RJrktd<opGsUfuZdO at x{KLw;<1!AW5;
z<C_e at NgoEiXy07eJ8>26hF7mZXoUBysLz0h;|3Le1p at pVR+Krx#E;Jb=)A72=lv5z
z=}s6S#($(%(Kw*rWT)!jWBlLXO at A(3(hEaVaquzmZ}Hmez#}^t?&@#zr|wiwt-p~E
z5oH|6v0q$@Gb-vqA!dvNpzunyKH`DkxVpB3yN!O}bLK39{x>V7IP3vKL+QCbj0cA>
zzJU09n-qs#6&G*(UyqLsW-T%Prg9J%1G#W%cL<JJ3~0lO`D4l at PBAvD90~T2)}dM{
zq3L9R`K#nShxk1X%#ies0$gT)p_HR-P5HNjSFyC$pe*qR!or_UfW)i~NZIWvJx0U?
ztohh~)sCx!g{*U*ek;Fc%#O>HojyZ2pRzIO2wyh&oKiCJ^8&n0aJ;;%tIlTVohAJ`
z4bKiM;M}<I2E^eoby5vQ33&TNniY5<q<~&p=vMBj?V&@MR&%j at QQ?KTj#P4TtGOK>
zY6CU);1Hzkp=`|DEIpKQH8{zhg;Lb}gPy6FqxeXlM3))JYjgzgtFzKU4ak<ZAwbUm
zi2P8GlxWnKBKd*G6_Wmy%j=bfCZ51e1eT2%1>n57k0cCtKIp(X<UX`bJOT0`xXZep
zGF{1r&F#Bd>udw|D38^f0W|0sCVzf_-f at vnm5K^Y=_l<uj`~99J8~!x_GwzPMm}k}
z#`?&@-kzoC{hpNWVikx;bisOQ=TW`-0*@keO25oKUx2a=<h}n%*#@A#rCi_^wSofw
zb=NDvDO7Ua6Kv#s;ge5bWgxI(E;C(s=_oNBybUPd`8Gt<={N!O#%p7lCBUSyDBr<r
zlzf~397!4442}d$8jDhZ&iDf>v?IHWbkTj%ZBaB^Aonw>(s!7ljdNW-uNrG}U~Un^
z3-KML!1eo)E3s+}s=03Xj-X3&<<r>lI<z0sZSIpl0QhfGV~P3>HPYQ$H@~{Nx~6vB
zKDxYG1aimIF3!-iGo%4sF+nEe4_Wz<zMh_*zH4elOMj=XfDFhXydM!>UZNSmO^JTt
z#b%$D!&?O;UO`0`6b>bSSTT4DU)A|T4!4mhXJzp1Hxi7Ee1Aum6j)Efhl^{Yqa%Zz
zYALG at fFjC1*j-ROvO3t^T$WeX)UR!>gHJJ7O16P^>I$#`sv7kDUDgP27|EhH;@ny>
zR`L6B4zBz{1 at FG(5c)u|GIKwg5T<!F=)K-dxO<bsYl>m1PYaNPZSd_!m*mRhAatl$
zTG6aCUz;Qi at Y_!v-T_p=XBWD>ynOf3QApL+j1mB!Zr~1JSNk!#!F9jF=&_=o2~t+e
z;3s=fG$PdME!g7vE=U+=4+=5HRui at Gv5M`GA368AKfvRaQ^ThAp1!`Gw_2O$*@Xy?
F_<v1*fkFTP

literal 8262
zcmbVRJCfrz5G6-WT{Rk90Fn}i8tMicY_`YnJ$wmY!e{V3T;;&I<4x_d`}evVBtU8g
zRYL-eey?9QKu{We`S!I=(!SF5C;I!v{^sci>QSrH^v93-#}@wk>(^=e`}d!x?|=R_
z{rlfP(_^<?sqH%KOkQ3ooV59E$E`oLTmaVl+pX_6u&&U|@c|8sE6*b4XC*8dmHTC&
zwl%+JNZWsgU<W=;#{|3ZV}fDsNaUc1-O2+i_g#WYF6YL5Gnm_IHzP at YzFl`IUK&Uq
zAbFD5-$E*8n1LrRdv&N{ltErPjd69xrVOVnI{J;zbl#x|OzPcRJdKPZ4gz>|1z at td
zE5))-B!xwH8(xV}t>#GR2x!7K1DqU7N(52;J_^rFadIr!SsMZUm4c4qaUKu#Oa|`e
zwFfBQ)26LrUkTU`PY9Ip at z6|T%;B-~bI9}c_PCy%*a3>4Zj3`STZVIAUL1H8fWT5s
z8KEX?IFIGUp=CD&v?4a$Vd at cB=9T7(Ld?rXY#Yc2oopaJ5gL3-fTs4F#Hy1*;H_+Q
z75Oi_3{t#{W&pg9GRd8xC%KMEc)b>(spjNcNC;1lF;-^UaAXoPjxW=vqbjO+a(AJO
zrKTIA7|)Iha^dFBN|B-Q(ZDB0918H=Vk;==%YLp~;CxP}hNS>6D}WB=dB9A*)9De%
zU+X3MO-}A-IQQQk%|qnVl8=>B at KIa$kq)0=dVunxYr-_agGW_Y#bczlbfsrt5gaiY
zV$%JrY`z(MGJ(0v#pXG>n_}BRJef9==~QdJas*!C5_owa)yLM7vlwjyE&|QX$w4j5
zAf;e5HBD4`o2$B)#f^lrWHKJLb~ki5g$oJ5n4@;_BL=NOaXe*Rbx>G%)0Q~9-CtJW
za`G|p>GDxkd#!ot3QF=cjI5e*-Fk4cZ9WARGFBJh5B&&F-YXGgv6>Of18YInam$Zz
zvjL~uQ+PX~O?62ds9>{=gWF8X!bPW3`w*Y1_5#s?pXp_N*c=ucD8Ds$a~(8W_}SMl
z<I^L!jCiUewKKr;0-xWm9hMcrOKgSw2#0k(^XHh<(mGI(m&A7puVf`BYIBIGVzA4z
zcyTxWOz<H*@<;+QzU=512pnt`+4d=X6*jqKJmis#<PpAp#>DDOdHoLYSfBwu(jUYJ
z9?vXE%ke*h&-?djyg!HW{Bo5J@&15CO$YJQ3Wx9N1Di~oq89n_e;yyX9OFI1pf7><
z?5GamkmN^&s#|aIF8u)h?s$Lyw4VS5 at v%cQ-d(Y~cp2U3fusYx7oBQW;qnB&FgLY~
zcP$^ld(o+8UA&8eIK3B%p5BHO)3tDXocm7N$NQo&1}>k$-x8kJ|DFE0xhRn9o!zCu
z%mb_y<Cj7gZg6PtYrJfE<SGMBf*VL%yw1_p%(7)0yjaMgwm==l6K1m#%@>o|U-?3<
zTL6gj_(gmXiU$=b!kF(Hyue*6L+|jZ8EAcQBfjN>0u;i(BS+6FcrZn7YP4b at R}Q`S
z|0QYwtp{noe>osGn- at C&6tNYc&V03qFd!6<tE+_7*yW?QAr$YPC;-pir(#Z!1w72+
z#755tQW?2K9MnY#coMCODVD=_s}RO1i!{X<8&fFMA8dYxNJ96}l?WQRW|mAyfEh`3
z5aT&2$%N(0ww%CgRDe)R=O+-YccxT}z96X|mB~)tm+~d~G$A!I<@w93V{%8-wlRd#
zmXrjP?7r!9FyA~nYili5u4c>LGDxzr*2ylK3`Y(t`s8S5TVtVtkjl4v8jygtJdHQY
zUx#li$k_}DBvL~t0~4Ucl?X;DymrI40%SwZ-6Be*x8YY6&>dY`KY2T{v~Bk6$ik>;
zR9(<U!iDLCn7y|x?*Tj{@w?eYqgIMgwpg*408_WvaH6kJXF}0`fb`@W6;`!*26Pru
z-&>IoJnWWLW|09r7LF^;eu}6xFnI!4UwEEcQn-+K10SdtF3UL)q!3*DW<}DRb#>hv
z1 at 0tsNX@OQj+LMjM`p^(eLDofdX?pS?=jq8Zj{3{*!4ds&%k5nQML4EU;Oj(IXDqu
s=kZ#4JE(kUrC$3bUnpezHcq>P6~hOAzh>(Ar_(2XKR0cim)A=5|H>#hg#Z8m

diff --git a/w32/logo-32.bmp b/w32/logo-32.bmp
index 
38d60183cab4c7c44a6ce2eb33481e876cffa794..2ec7837efd61313ef6da15433b57816615aeb639 
100644
GIT binary patch
literal 630
zcmXw$U1-x#6vt26r3${(6$gEbT5zzJ6%+>gP$n|RDnwBHn1w2`ii(JiiW62*=fu4@
zH<4PXI*P7X3*tw$AF+y^ZdoIOThV3lakEWM-ef2i&yC$5PHz6cb8_#wIh}jLHn0??
zXDfx!2o9R)jYN6Zy8q!M%c58;Lh)@L-W6WK`&<f2ukXXu%iA#h>?+JYJp)QI0ACW_
z at by6lRAL_ZezzIaaUK@O08|Pl+rd=bl!pY%kUgm&Nq^J;-D+NAz(`mHEs`;L;~qo$
zQ3Bj)L{m-<hX{S7jvNXrT~r@?xAy8mfFA49Z1hP+Sc at -!i<cQN)yWIT9NJHT*M=1a
z{?@1WHYrBXZ3Yjs(-xwsPn#s1 at EfA-5&=`bJ}@4~QbhNG{Y2^q;-71w2(F}S?bL+p
zz|8{I&Ihon)Vx-g+_r(wzfYmA85w{LefxH9<hlxFH0rnv&}OJ|HtB1nee1Xcu$^^a
z1Z`<V4SxabU>?uHAQ}?RulidMz*-vTR{cZpV>N<v9JE>WqqI-OkMq2+#`2eme{kcH
zBWRZh=pyAud8O(agPuBK#R-00<l?$`vE4pWo}r&Pxa_2w33mc)yE<tQ>E{5vw9*_q
zXWhxMAkx}vT-lQA_paaUJW^tqm%jOS=d;nFmK;k1bSN3Gr|-CDq%mIZP<bZ2KNPz|
P)3L;L#b)I<{g(X)L6RMt

literal 582
zcmZWmyHN!(43vGO%=puQ?Mn#nqz(vPMjMnw1Jpqs5K#ar8N)E_%6=qhMz(hKx9=Y=
zQCu!K at 1SjIkQ-PK_+M|QlA*poiF~{~%IDj&eE)ojQMBh=b~ha|SL90QgnvYm(VYsO
zalj6F^dz#8z)h*9iPcX>VWbGNnl;BL)~iZ1ld_0tXaubu5fYq;IxxmeDXpRdvCZ~1
zBc`nl*mZ9by(h;&_izZxAV5j at BoiM9&V>XpwjgGlW6X5LaB_@=IY?++a{4Roc>Kdr
zxd>#3e^Uv%qcDVdG>wV)9AZPwz4L@=4csZ)Svf9*?`0S;&96|#AgL-J0pS=0f|b!F
Y7sVzN0KZoj2^luLm^<)*DU at mc0=oo26951J

diff --git a/w32/logo-48.bmp b/w32/logo-48.bmp
index 
53c627433ac98952d232a0f442c4c7a4484f919d..1c7611cacde804d8e40ab1fcefe3af4de014c720 
100644
GIT binary patch
literal 1270
zcmYjRT}V at L6hHTFYS7Cn2zy(l_VJ`xt at 34MT1J6MW<wvA7SgAdS!kq#J~bSbeMr)X
z%2+uxiiIvW7i8tKD?w!HwjOit-m|xQ2&8lFhj!rH|KWGe`JHqA=f7>=``ZkvoTKkr
z(p+5y&>Sv0mMzxQLO#}TI1J(8AcRAM at NVc8ydUg=5B^RVec1|QzEd#nb->rBCGhQ$
z4JNv?Vd}mGqIc3D)(H?L)kP?7|AH7DJj|R6B07So%Je;M#t`vXT!RsnXI29RDES#P
za8!Ec at f;~N&^Gi_cgbgThp7Wm_8zHiAJW)<=q0wyabz at b?MOvCXQi|@O&)`L`d;3K
z18u&!gqpBc4X1<{Dg$;9vZd5*u5eNhk94*9;-Bmw_TdD<=8!=X4P34Dy|IED<x+rk
zIA%DAXMgP>s6!;8D(vZ>ci>dbN<#2Eh#tJTS<)Obbvd;U3J_<lX%f1GO06Z?d;W&>
zBX<SeQt2X0Il**6b10*S4+i}il<g`YA2roHu2D at lZ0aqKBfhRe*-qVx#oe?QlD`ev
zS0pOjib?I7#G)o21>)c8)qRLF9;!|8s$^Ak6WwH~n;HsXVwJ^kFkKu!w$i;zC<mN`
zXXR_|Wk)52cC9dFJ>iva1JAFYE8mePIv7f^a(o>bn2L at 0LAb~!2 at e1*nvK5z*0V`T
z>Hr2l1CUObBI&rBgGgpAV3r6Ap*EPCK at ytM#F&TFO8jmWRg(q65;TK4aLWSDF at I<|
zDsF6_o1mDHt<19;V2>Wpw at 9-*rX?hEZC1$CaZV<@p7to)GoAC#<vaDzLJ$>CIn$p2
zoX`@;qPjB{eigSwuLYKe*pZ~NLLa^dCLV#R(*V21srx$=ZkAFm^&KXxnIA16?0oRN
zkyn%+pQWaVNO77TULs3aLLa`*5k4~F=!Y%z&I~!J)U!!@NZL&uqh&g74oxr{z#2}-
z8ICmO(O*U(>{j$2o^S$_)nE(Cfv&c$GIJmGph;RkPHuyZ?L(gjYsBNpg-SLFKb3)y
zUuYE_(aU-?A2d^>v2f+mqUPvbgN1Qnr!TI2e$hJ?Ir~3Mp6sUHFVV<-qgnU|p}$vW

literal 1222
zcma)6J5ua05FFX0R9UMF$Z|rsmTo{mM#_0O1V`Wu9DytFB4TnP0w}s$lGnR0VXE}&
znd$k+^6mZWl}YX}-(Vcua8?zMSl+JdAj0wfWcKm$V4we<?fd7;N|!u)e^~mduX%<K
z<U*6D3Y)pT%LzVLMDzaS(YebCtCYNNT%jo{i%%)dQuPom6(u9Dp*n2L(3FCVop7*A
zoJRyI%oHIu-25S>35rP$*<4p3t1>UZ4aKcCoCR142tX8V>=6tG$OSm&$wuxZj6A5!
zQs}hx#~)@3bYHT_vI at l+{V?H})Y;ksTCTJS$A*`jX65CUgmsLzyUIjU#{z~uj<(R2
z^>FyJt3%s>ai~oza>ot8MQz`3 at Ijnc2X^)q2QfR=aPt2FM+?l+4(6M^(}gMjOI&pw
z|F<WuJGtN?9vFl;{V3okzTjT0<QlBwkvNqZ6%d4=E<o^#Bnw-j*a5FqkHv!sj+Gub
zwe*c3Vg|ZXY+7eZCM{kb&*&SIV*5gwgz!ipXeH4q6CFWcSCoX0a#LjGN);XQ)SpjO
zRN{(&Joz&40S01{sOOBgg;#MRgbKDTp}BA5z+z#$iy{~kzd*>ARmWNF{y*~zBm#lV

diff --git a/w32/logo-64.bmp b/w32/logo-64.bmp
index 
7d4ca29a5d0df6662fcf9cce90b867367d3098ef..f517b9206752b63819863c6c15b37e3b3a49cce8 
100644
GIT binary patch
literal 2166
zcmZuyT})h65T1K?izI!4LZiMdfg<`u8`0v6OG8WAY67+V7=1wGS7W4#bkR0qt)<XN
zQf&Dxn2Lo8Wosg}(9|uO)&dRm!4$%e`>4R~&c10x-1^PA_wHV_liags=KE&OoH=vO
z?s>UBo|M#M%)sY1KaHH2L4YT1HNFI>@=Z)k(8Mht{pcH`pKe~I+hZ5$?zOWt{q1p@
z8LpxGgGKbq#TRM5Cyf?5l4<GuR$4yiq+h=vTE=ISwCWx|bLhsYJvL)>s^<wR5*q)&
z6*XHEz2=sI${1|VwCv`uUSm2Nq|ktC6G7WQ`!ME?S?IiME-Fv?c&hscJ0tL36eM!=
zG6&iVJ>B<Xlm&N;a6rt#%N4mr4Z~5&r6|6|Yq)LP=(JG+`4-_d1D0{)n>tr&kw at in
z&BUGF7!F294r!@-tG#Rmcp(aJ%tV;OV+G>)F7wwafZi9y*PA at eSNuGg1K=g*RhJOr
zY?WIc>Zqvd at n1)I5jA{7 at PkozHJNVDE$%_}o`fbDYOTCzivX|jH`A)z^cZkiV9P9z
zezZBnVqId2*f~^6^fYt7RUnHNcpo+QL2Dy=UB=xY8xri4+N_t6+SUVEo*PMjD`F9*
zPZc(dFir;muO>LW%(aLXOCdOzlhqQrMDG9(xUu^%vY_Oa*e1pgCDkmIs(sf!fh^TQ
zCDmMkgCSF8`m5hRBl9+tDd2`b3X#<?Y{gh8(@RPOA4U3WsHPGvt;%Y$g#!I~!RJ1<
zj=`X8+v_ocOuD5&ywWF|F#XLS#p<FAr22rbdcjFdv=eZDt4EOaIk at r~NP(`Cf@?9B
zmUSk=YjEY at ECzm{@P^Y(m4&&xQe?U04<iC_$S>n<g(F^g`QA|1>H3OHavT%Dlu^NL
zefCc&(c{X~AoMHTYthw-m~_SZN^m(TOB$ie`EYm^1D{p6Po{>TFQh?{zcLD)oHkq*
zlm_L1SH}P0vY~iE)>>t(g}TXK3KACqvV!w at 1pXUvbv|=AU*=M%oAUo%bjfE_WvOsm
zeOPea3%p-tQA;T>v_d!K55fDOG^*QKONU`lOBsYaCLYRHRcoXYm%2%ozwBT9(R!`0
zwNZ9H5|)GvX%yVcl83bUcNCAOT03r{Mn_9z94syX&yn*wJTm+y;b$o1oK=ODvacj)
zXRv^7Ub3KiH&DMdH=?3~xFHASG1`7X0)z*o!=(Oy%CA)D6N+1OW4 at zh=HXIDrkKU9
z{y!w`JEXU&_cUo=<zbhC(I3VGC~0G#*?~6<yE$U}^TsqI!hC`peUolGA<iE at Vd#!N
z=J^E5_755h8`cB7YN^@ivm>M*3k}M{DUvAFjsCkizGS}ZqV2um@$#KOwP!O?tG_IF
zqTPO6N22r#c;B0j9&K)SIX(}4sv at aDe;ZpUlkLmD$KUNcX at 3L(W0H(Nps51f>>^KB
zQ at M-Mee2L{l71D0LkX}XV*TfO<ptd&c_1u)wo4dE#Up`}GO>%6hvzLc-c(uX>Gm(y
h{TBvxM++Wak)_M8JOU=#wy$~U=DnfLa%pBu{sr4V{%!yO

literal 4738
zcma)9`*Rb=9sknKUFGeFi5#mz?u}c?I3U+X)VS5)dV(F1DNY)vA;yl2i(3kQ6r*vC
zYs<(?kR^`jZX at iZfjk?a;n at U|(1h@&Kp+s_)?2b6X at BcK(Y at QfI|+%VJ0odt_xt&L
zpZnd at lh00+f;uL?1F(?Hn%HL!nACN61R!CipV!EW^2y2ovk`#%JIL=V--oX!0lt|6
znE4ApX3_$)uLIoMN#v%i at bxaT_Xe52N%miz2QzOG%-dxD9f0)fKZN`563osD$nLVk
z%x(^nZ#iIg4}#R&Rd8?bBanG#0c78G!pwU=f#jZQnB83qsl7Fj{@WtRyuTP`_WcxQ
z_b-8a2Yv>LeNB+u-wde(9!MWt4w*wwLG0kKA$$0jF!T2nkT~=_BoD8IdmlUvsSjR&
z^oOe;bEF-zM>`;Xq#I^FdJz&we-EjT*FyS}KS1W#I*5I;0kZ#C5AkCIF!N~-BtG2;
z$<MryIz9-|&qg5q`JW(md=#=Lh9G{z2Qw!(LE_{XBu{OI<cSGLo%TcOWDurLz6|Lz
z<B&cTg6OF*WX^7Z*l8K!=R%M;gCTkL6-b?nK>GX+h at O89GXI=}_=TO2y*LGli at P9k
z;jfUq^adm^z6YtxZ$kRgZirrbA2MI;f!G)OAbWW)#4qoM#FYb({PG~At{#HvE5~5^
z>W7fNb{L}9jzH|Iqma1%5hSi1hvbcqA$k3Cn7)1*Qa4UO`sPW9-aG at bTW2AD`y3?h
zoQK4%E0DbXB_!`&fV;Q9g7lrMkea>-(L2{6cJ~Ivr*A?cdJB at V+i*8F4b$-`q!M>v
zI+liLA_mcT24aaU#FI0SOwGb{`Wr~4??W{6FNkIT4e`u>KrB9Fj5j>(UQi(j6$|Q?
z_sUo<E>~<-!hwP172o3!;?;o=#|g{&w#rg5>4G&JaG7}qr3A`1;?0Xjae;8bg1phi
z6 at V!X;;Q?<#fI><$4!RLBC{WF2^Xl;7bLlj*eM7m-Sq+n#J6nI<sX~`D^&R<Fa7zM
z8uLRrgi!G~;*B=yIO3eo4~TfEy`j3?j0$*AX;0B)cIO*wb$ZrMNTFc&6Lwz9B$Ghh
zg#`G;d^pJ%Nqd>Y-Qjz6YOMPi_d*gDEi-6k0l}IF;l{J2HAEvd*5)!(7rEc&6Uc+5
zhCG`gWhirmOw}DS0Z1~AgoY~BwVu2nZY|8Z$^P^D8i!dUE9ua(<x!VPgW5Cs#ZD%c
z`-70#UfbO19qn#)J9u&g+9N82dWwEv)PcN`%LV4m5wb2F4#{|3l?ge6iqWHNzeTS^
zA8{TDWqG)q2V#ix1$ipa<$Tmj2(TvTXCaW?L>Rfdav%j$gc|%J4z`g@;96E at 6*LFZ
zsPfEp;-11F=I|iX{C>5I$eo(Ey=pvUhl(GQM6VX at 99T(-)oeA<et;H_D<*H(@C(&`
zut`;GB9_Sk_naK4IyISXLS6fSr;;259+fl_i2NuM;zkHvxJ7lxrq&qt&MRy^JmSil
zd~$ECg_KgIKP*)<JaUo<L>^P0Dpg-ZDb(-Ks+>uwKcp>qaB#rMA<L-PtnFC+qBKao
zaZx-e(ulW4QKZS}zsR&=e6rucn at 5ea(ksetD%q&vl`;>Ew9cPfaPWC#ZNlQPgV#?w
z`URG3)V?+Yugu6v at vUyEF1MN3A);n*LZ2MzTdh?PZ`-liO7S$8c_fk~g#zOP9!DNU
zjVxi8<{kI)5G at +?QXVwtLBbgKdz^w65hV2E)mjB`YkMgbnv_^I=Rl3ABnJH+);oB<
zb-Sh?HLs%6GIyh=-RLPqr!0r_8S&)CrPK=4U}0H7u4avjM-KgZl09|Hp6l}Z35h~u
z at PzsWU0$WIFV&w>y at 9V%nkN}1vtX}sxtm+se$(Sss}*-uYR)SJ0!u%cqE-W6sk5qD
z=odGt8WPSur#X18Pxl|&b71<E>!Oax)%p at I81{1$x}R7uB#asIu#VMetO-W^c)g#A
z;o|r at W?;L4x3m0_6^pK36pP|{2a_1k at yNyMhpgBQe5g2HU_D<iA0ByF{Sv&>zz6A}
z($%nuB|s|@>qWq=-K_V#dZS!}T7Bg+l#MaG9`req;c7z;zPNsVl#0mfwGt9`X#Iod
zpCFqo1;yjfqhY2Z#L5dT!&?91c}4#)&5&GQto{tVNSg-F_mS&Fv$c-k*C;hkI at pM2
zU|s-9e9ERW7>4vuQC`7xDcSYUr)L0H<pJ4)ZGxh;`atRhvWdMqSc&bCaxWDbEOM8j
zdc8tvemI|EExo_U4LBSY<+d7TfTu75CB`cQWvBO-w3RxG6zJBHP8vdXE#<n=tErd#
z6v28fR_<?QkZ6c?CYEH}QkH81dGTbYhlIRU*+F(~!N;6!A@~5Yu{I)&R~cDA=3%3}
zBWnF3{k&uL{$eJ0+=0q9Ke4yIyo at w5-sW6|4Y)X>8n!}nhlJ3j+K(11s;iJ-?1X~B
z at jy@`B)iH`?@wC}q3CC)Xq~d?K$d>ygCd<Pr#y?>6=8EAcU{_|8o*n(ll=*SN6o5a
z(J%V`)04j!UaR_q1X5yBs1~8}_J{mslGYGO)ShFY$|U!x1iV8 at ijsU(*3Mpg^E64p
z5 at PDAyfsR&md0 at 2IEfw}sh^8DYjum4-efZQKPPwg5yCO$7VLOXyTTCOLW5`;R3Z}&
zxJXryo7>T_s;B>VZH<){uPjOdMP`Glu;5GbFQNrgFA^unzre1Ba`N6gXU=zF?vEOK
z<ggg&Am#A5Ppi8E2KiUC5=+*oZ at OX_V}D;)SN{aY#3{*N&GDuui`lL*VV_%l`$9q!
zxqOvXDNHYNIWkgbMVxEop~@)--fS;bGJ#N4*H|DFR!1l>)>+OWQ^nx_QcejZd1(1#
ziV@^*ho!u-cFB^O%5n?&?^D`5L_+ZY3>p8iPOvJ$XM;D}T)mUuVtFoeSl%`^*z?>n
Rx69>T_Ut;ZZ`;FE{}(xWi|zmb

diff --git a/w32/logo-96.bmp b/w32/logo-96.bmp
index 
f0496c88fadd1a4c71d0a354b4d5643043491c83..522f27a47c32415654a337002d385fc026da4225 
100644
GIT binary patch
literal 4726
zcmai2Yfw~W82-+(YBT)^7rOmh4axe23TpKS5wXZ-yrN~zY$|~lX1uj%nvp34sZCmF
zX#Bvki$>0r3PMN?DFUv|G@^3*tGIi<{il;5(|bE-&z at cMo7r=|^M23!e(&`=@7cUJ
zf<8qf2-m6b3&_t<UYNmv^|Z(NmkN*gYj1B??HAhAA8k$Q&(_nbqxrbHc;=w$I=xd}
zIa#9qKCxK+(~zsK)lXN~>n5wd+9%Y&A+H)dq~Hz$+{4H&J$gmM7&%|L1b2A&$S6HE
zglHUQ_u;&Uqm6=NHX1piU0eMR;qa`uiYVuZ)Mkyz;8_<ZoY~B?V=*L!gB53!t7N>E
zL^|$aewWluvqIV=M>^G~dE}EMCV0OAN#AdadDFpme^CO1u^!hWd$WsbS`+oUlwiVa
z21O3%8QCRuS4JJuVQRWHN&#(XM7yh&PV(hQP6$!!e{<tCDzsO$9%x3EdBEb><=Z&C
zx6y%z=|FREj!K(XQrBbI5?<(JaEfP6^YR)$6vVs|%lzLQ_!O6TVi~EOgAiYKQS~Vx
zgmYsIFR at J5HQKqDAx0)@b=<}qpT{Ey2j#hM6=PD`fN<MyF^sp264>QndG#sEY+>-!
z!-~1d!oMy!>t=RU73UXi$2i~QOxT4>e+izrEv(!hbXDeMV`+9$_Lm{~jue7h9cD4R
z_D+Lh9zBD}yZ~uYQ3%wDjxs3jYBsM<%_wc%4EPsmffX_iz*hU?kk&*0UcZqO^egok
zQHEir)VL7%>Up>%8Rm&B<pb1s+TRQy{#n4?GFB!*1Iau`MtVcE+<^GEVR~12lWQc^
zP65-p7vQMAzNS=W2=0#2B}HR?1r9RmX$1|StvZ0 at Iv)BfmzB^#8rcF;DPTIXP^k&X
z`74k-I~>wsYBnwQ71V^Z#%h0u*FIM2Wt@>A>HC;yU;E$p`<6p4Urbe!GEfA>Spo8u
zdh(bJ<w>M=nws+2khxg`h6W$NrHzDFQ}(&yY at UO%TsL&X&jHiJspP3>fblAQyX%CD
zHqB9<wO4m at z@W%5y4nQ0d3XwHTpXRi at MdQQ!T=Z`_e63nJk)E!_SQJ9kYUA^Hp1%)
z%my9Kis8YrIi)9^n?Oo<=GHU5;T62!@jLMlyXUyN7=tf>)LlI9!0get<Kg%OrzpQB
zVHs0G0 at hoG_*;p1prqNhLrPGEX?>6OxtkP^w%70r at ctsMFg;9mTr<XCP`>%cMp1)H
zv+)X+HsZDKNR^ySiF_F!ga8r!f!K7o4e>BALvf_cm_B(TPvy!lWs~ud5TPYQ0WqPw
z<)^Pd4Hhq*YqJ^iF9--+H6+t7M4BYlgMsezN2=aimOnied<(BmYw$K&SH$Ca*&OI;
z3BZD}!Gha&$!Iz)Y$8rbP~s72;l<A}7E&~J#EL$41tj39RO!$m8Dg(p0hE6+>6W7{
zG0_mO*%gq0=R=mt1fXV{;H?UfykaU|@l1n5R`iH8BF#}T33$$3IS}=oddAxolYr;i
z at H8@Rc$eHEj5HGPEJ+SfeT(Wv!@)8ZUTRz9_KG~aA`|3`=cFDx#D9;(i=2jMSbrOz
z;D3=X^a?rXY&@MuEQ7Ct=Kz}lc{AB~E08ve;8{*2R~!p?j~`uR1u{8)*e`Dy at TYen
z;;q2gc!?y}9R!;WI6M(kzC^tG$VT$yHb;i>@SbBsAS%WYT5&sw^G)gwiiaJ9R&5}K
z+@&W64cTi3;C<SL`{HcDK~P7<N{{u~h(u9?IvUQ53TO;?>q5rK)p|9Mn)i^CBMoIb
zzCRbA$I*rslhsraige=$0o~I`3aOPA7VdV_hIwp~ZfpPsxa>N42s?XgTp|jr9RP|n
zWK;s!j=q5X0gO!hybQlf1PP<K_5~6KdwD}=czM?EEPrH=z^SRytS-+rgie)7S8dEZ
z3hx!OYpbOVbtP6uY<!5)uzj71tp$y=qVn?MJf7nfyAn|c^hP{JETu7m-C&Y|Htx3Q
z>>+H}3-ygGi|V{%)>`c<&?!eDw=p at Aer#b<i7!yh_z)_D`xWZQ9@|J<;sMzZ30M!-
z`vao|u?lZVV8EWR*GYXE_S2C~AOT)g|Ha%WB0(KHF^FXB1iZ$tGGqOy9;uurK)6kW
zAJ}&t)*R!h5a6Lt1D^t`*|bJDd<BarV`*;(p8MgOxj>>e5k9Dj^YfRL)Sd7vT(jb6
zvv_|&jn1M`={wLGJ=oJT7=?ZhJKr$u;u`b;8KDGAE0vCH0QyOlvR|8gbi{FZ)}zqy
zY9tytrFAVW=MS&(!~CsLazq>$AH4gJp^q4p;hQl7TLERf8nQlm+#FMWMuz at 4?|W82
zJXX1p@|;NwBek(SPG5`R8w0M?Okyy*f^#PUW at 5&2`1c}yKNqVs&}R3KRpr~N;e#!D
zd9^cdTyXIHS}9#L1-^qH^#_VFpdF at gK~{8=Llb1W2%emh>XWU|UImx<T}$xzKVXW|
Aod5s;

literal 4678
zcmb7HO|tVe5R~)SQWeJ+P~;8EJm&^1z8!a9#f`WEx8NKU8xFvhB}GAZ&x|bD%6oiM
zmFTZ$rsqeF^ZgHBZb|Y5-{0Z$qkpFK4Q3FW|MsnYxWmsMKd1EPuRo=~e*Y!?^Y7p3
zIgqWCdA^l(a5UH|^Oe3*n&vV%K5T8Xf$e+#%*WkrSEbv*UcbCoT%CNRFo35t_a>Xw
z5RNQ2kaqe4{z_p3<t{ljgtW9~W6sRn$|*tAng(gjJRsMR$|a1}k!&avqpKyhJ$x?}
z=##xp)&`{yWjf&Bt0hg?Ia{Z4aIl+qMezc$u+uv at m>0;C5-Od8lX+=GVGEC22a%j`
z9%Crzym62NVB;J&CX5Q-)S!o>Ey{DVLOTlqYLN%gGCdm`(5x!HN+=)gYfbXd5K8zO
z at epoZwq5lEF^f)!bY3SklhH#aoe-6aHcnrx*}dXDL$tl-6V^72gJr}5P;#HIN|vPH
zry?Y7&*vbiyN4D}CiKLyk-7N&SKrxz0w8_jPmJaj+4MtAtUY4utbp4r4bV0`gAs4b
z)HwwBC95^aLi0iUp4oxIO1Bp;SbFm?F-lG`&^9(#S(RNe3%t3f$6cs!anIl<Ja~ol
zKNwI$KDX!>;AN=6Lr?d0cL30K^W|!ck*8j|$0)NAcq4Yg`|WbnQVXyczBe8#ZwM%@
zQLx1l6^P>)8q+hItGAEw)(?O#j=vbbl%wUkb{B#7(OR#9+KE~YE+m)i6C_!(P3JcU
zmGpr3j$^Y(=DF-I9J|7l?KnEL;%ytw<h3e%f`^t$8D3MxM~BuEKqXfCa4==t<xP;B
zuFRtCfK|M04<0LDi#Nv)r&06&(!Sw?ruT!V0aW9_?IjN^wm-*PAtP;Hi+>A8pdyKN
z<>QUwYrkKqzPFz6-iThXC5XMW-{aS~_%HG9IUAvRk^dha&YW1_gI|r;?OTC?_euk=
zPW%{;WF7F~uiE!`4Tk3M1j2q1ClBn1H`oG*oq)_;c=uQFUN6Iw@>NIB%)%c700oN7
zh+7W)W6_D}SNk*x5njH`6U at AuYY!+C3~u;^3nKvR=BWszMyLPGTnTRh5PP+C=fLR*
z at Ajn1=Zs!;s7G5SVP1Q_Fnh55ZV#vDRu%AD=R$QrBr=77w|EML!VXuEp`58eayhPz
zUJX<8?~5FqezXL%-|J%+Z|B`_2-Ck98+_BgmRFCUp2UO^1s(E$(A{Hq5J($wUQ-n%
zqkikP(IEY$S!b+e00+C<9e{JXuVN)25<~|Iu(nh%C#ujJCQS6gomP;Y&U}+n-M9Fk
z5IV57#N0<P^c3(1dMa^z2RpDmm~T_0H$41r18^%>x*EnL2WCdiLVxzx6zrSahhq!b
z5B#M;{RZt58!DOA2zBqDAsZ at K5ki4GltFInAl@Z=1;9t-O(iSF{g&vay at rQ}NWb1I
rdv`%4MvFmi?CWDVvIN4rG}OZ4Y24<(H~061>Nd7=$Lm$M6^s7>bsg57

diff --git a/w32/main.c b/w32/main.c
index b6243f5..f821fb5 100644
--- a/w32/main.c
+++ b/w32/main.c
@@ -270,20 +270,29 @@ set_bitmap (HWND dlg, int item)
 ? ? ?}
 ? ?/* fprintf (stderr, "MapDialogRect: %d/%d\n", rect.right, 
rect.bottom); */

-? switch (rect.right)
-? ? {
-? ? case 32: resid = IDB_ICON_32; break;
-? ? case 48: resid = IDB_ICON_48; break;
-? ? case 64: resid = IDB_ICON_64; break;
-? ? case 96: resid = IDB_ICON_96; break;
-? ? default: resid = IDB_ICON_128;break;
-? ? }
-
-? bitmap = LoadImage (GetModuleHandle (NULL),
-? ? ? ? ? ? ? ? ? ? ? MAKEINTRESOURCE (resid),
-? ? ? ? ? ? ? ? ? ? ? IMAGE_BITMAP,
-? ? ? ? ? ? ? ? ? ? ? rect.right, rect.bottom,
-? ? ? ? ? ? ? ? ? ? ? (LR_SHARED | LR_LOADTRANSPARENT | 
LR_LOADMAP3DCOLORS));
+? /* Use the smaller dimension so the icon stays square and fits
+? ? ?the control without clipping.? Pick the closest bitmap that is
+? ? ?at least as large as the target to avoid upscaling.? */
+? {
+? ? long sz = rect.right < rect.bottom ? rect.right : rect.bottom;
+
+? ? if (sz <= 32)
+? ? ? resid = IDB_ICON_32;
+? ? else if (sz <= 48)
+? ? ? resid = IDB_ICON_48;
+? ? else if (sz <= 64)
+? ? ? resid = IDB_ICON_64;
+? ? else if (sz <= 96)
+? ? ? resid = IDB_ICON_96;
+? ? else
+? ? ? resid = IDB_ICON_128;
+
+? ? bitmap = LoadImage (GetModuleHandle (NULL),
+? ? ? ? ? ? ? ? ? ? ? ? MAKEINTRESOURCE (resid),
+? ? ? ? ? ? ? ? ? ? ? ? IMAGE_BITMAP,
+? ? ? ? ? ? ? ? ? ? ? ? sz, sz,
+? ? ? ? ? ? ? ? ? ? ? ? (LR_SHARED | LR_LOADTRANSPARENT | 
LR_LOADMAP3DCOLORS));
+? }
 ? ?if (!bitmap)
 ? ? ?{
 ? ? ? ?fprintf (stderr, "LoadImage failed: %s\n",? w32_strerror (-1));
diff --git a/w32/pinentry-w32.rc b/w32/pinentry-w32.rc
index a54bf3a..91e9977 100755
--- a/w32/pinentry-w32.rc
+++ b/w32/pinentry-w32.rc
@@ -21,6 +21,8 @@
 ?#include <windows.h>
 ?#include "resource.h"

+CREATEPROCESS_MANIFEST_RESOURCE_ID RT_MANIFEST "app.manifest"
+
 ?/*
 ? * Main dialog
 ? */
@@ -31,18 +33,19 @@ IDB_ICON_64? ? BITMAP? ?DISCARDABLE ?"logo-64.bmp"
 ?IDB_ICON_96? ? BITMAP? ?DISCARDABLE? ?"logo-96.bmp"
 ?IDB_ICON_128? ?BITMAP? ?DISCARDABLE? ?"logo-128.bmp"

-IDD_PINENT DIALOG DISCARDABLE? 0, 0, 230, 125
-STYLE DS_MODALFRAME | DS_SYSMODAL | WS_POPUP | WS_CAPTION | WS_SYSMENU
+IDD_PINENT DIALOGEX 0, 0, 260, 129
+STYLE DS_SETFONT | DS_SHELLFONT | WS_POPUP | WS_CAPTION | WS_SYSMENU
+EXSTYLE WS_EX_DLGMODALFRAME
 ?CAPTION "Pinentry"
-FONT 10, "MS Sans Serif"
+FONT 9, "Segoe UI"
 ?BEGIN
 ? ? ?CONTROL? ? ? ? ?"", IDC_PINENT_ICON,
 ? ? ? ? ? ? ? ? ? ? ?"Static", SS_BITMAP|SS_CENTERIMAGE,
-? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?5,? 5,? 32, 32
-? ? LTEXT? ? ? ? ? ?"", IDC_PINENT_DESC,? 45,? 5, 180, 65
-? ? RTEXT? ? ? ? ? ?"", IDC_PINENT_PROMPT, 5, 75,? 60, 12
-? ? EDITTEXT? ? ? ? IDC_PINENT_TEXT,? ? ? 70, 75, 155, 12, ES_PASSWORD 
| ES_AUTOHSCROLL
-? ? CTEXT? ? ? ? ? ?"", IDC_PINENT_ERR,? ? 5, 90, 220, 12
-? ? DEFPUSHBUTTON? ?"O&K", IDOK,? ? ? ? ? 50, 105, 85, 14
-? ? PUSHBUTTON? ? ? "&Cancel", IDCANCEL, 140, 105, 85, 14
+? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?7,? ?7,? 32,? 32
+? ? LTEXT? ? ? ? ? ?"", IDC_PINENT_DESC,? 46,? ?7, 207,? 56
+? ? RTEXT? ? ? ? ? ?"", IDC_PINENT_PROMPT, 7,? 72,? 55,? ?8
+? ? EDITTEXT? ? ? ? IDC_PINENT_TEXT,? ? ? 65,? 70, 188,? 12, 
ES_PASSWORD | ES_AUTOHSCROLL
+? ? CTEXT? ? ? ? ? ?"", IDC_PINENT_ERR,? ? 7,? 91, 246,? 10
+? ? DEFPUSHBUTTON? ?"O&K", IDOK,? ? ? ? ? 96, 108,? 75,? 14
+? ? PUSHBUTTON? ? ? "&Cancel", IDCANCEL, 178, 108,? 75,? 14
 ?END

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x9B2CA65FC13232FD.asc
Type: application/pgp-keys
Size: 7705 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20260606/029e7715/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20260606/029e7715/attachment-0001.sig>

From mikhail at filippov.me  Sat Jun  6 19:09:30 2026
From: mikhail at filippov.me (Mikhail Filippov)
Date: Sat, 6 Jun 2026 21:09:30 +0400
Subject: [PATCH] scd:openpgp: Fix CHV1 retry counter byte index.
Message-ID: <5c0b1ca6-9ccb-46dc-941e-94452c7dc4e6@filippov.me>

 From 0000000000000000000000000000000000000001 Mon Sep 17 00:00:00 2001
From: Mikhail Filippov <mikhail at filippov.me>
Date: Wed, 13 May 2026 00:30:00 +0200
Subject: [PATCH] scd:openpgp: Fix CHV1 retry counter byte index.

* scd/app-openpgp.c (get_remaining_tries): Read value[4] not value[1]
for chvno==1.
--

Regression introduced by commit 2239f687bb14428b6167517f92ae74077f96b8b7
("scd:openpgp: UI improvement for use of PIN-entry.", GnuPG-bug-id 6425),
which refactored the function from the boolean parameter "adminpw"
(with byte index 4 for the user PIN) to a "chvno" integer.? In the
rewrite the CHV1 branch ended up reading value[1], which is the PW1
max-length byte of DO 0x00C4, not the PW1 error counter byte.? Per the
OpenPGP card 3.x spec the PW Status Bytes are laid out
[validity, PW1 max, RC max, PW3 max, PW1 err, RC err, PW3 err]
(0-indexed: 0..6), so the correct index for the CHV1 retry counter is 4.

The consequence is that get_remaining_tries always returns the PW1 max
length (commonly 127) for chvno==1 instead of the real retry counter.
Downstream this means build_enter_pin_prompt sees remaining=127, which
then fails the "remaining < 3" guard in get_prompt_info, so the
"Remaining attempts: N" warning is never appended to the SETDESC
payload sent to pinentry.? Users with a lowered CHV1 (1 or 2 tries
left) get no warning before they lock the card.

The CHV3 branch (value[6]) is unaffected and the CHV2 branch (value[5],
RC error counter) was added by the same refactor and is correct.

Signed-off-by: Mikhail Filippov <mikhail at filippov.me>
---
 ?scd/app-openpgp.c | 2 +-
 ?1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index abcdef0..abcdef1 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -1511,7 +1511,7 @@ get_remaining_tries (app_t app, int chvno)
 ? ? ? ?xfree (relptr);
 ? ? ? ?return -1;
 ? ? ?}
-? remaining = value[(chvno == 3)? 6 : ((chvno == 2)? 5: 1)];
+? remaining = value[(chvno == 3)? 6 : ((chvno == 2)? 5: 4)];
 ? ?xfree (relptr);
 ? ?return remaining;
 ?}
--
2.54.0.windows.1


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x9B2CA65FC13232FD.asc
Type: application/pgp-keys
Size: 7705 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20260606/827e9bea/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20260606/827e9bea/attachment.sig>

From glopglop at riseup.net  Sun Jun  7 18:36:53 2026
From: glopglop at riseup.net (Glop)
Date: Sun, 7 Jun 2026 18:36:53 +0200
Subject: [PATCH] gpg: Exclude revoked UTKs from the key validation process.
Message-ID: <aiWeJfVnMOFElUpa@riseup.net>

* g10/trustdb.c (validate_keys): Remove revoked keys from the UTK list.
--

Along the lines of commit 19f2f00bfd30ca2389318d11047346a5ade95e75
for expired keys, revoked ultimately trusted keys should not be used
for trust computation.

Signed-off-by: Glop <glopglop at riseup.net>
---

Hello all,

It seems to me that there is an issue in the key validation process
when an ultimately trusted key is revoked: while I would expect the
revoked key (and its signatures) to become untrusted after revocation,
it doesn't seem to be the case, and its signatures on other keys are
still taken into account when computing their validity.

In order to reproduce this:
1. Generate a new public/secret key pair (say, MyKey).
2. Import a new public key in the keyring (say, OtherKey).
3. Sign OtherKey using MyKey.
4. Check that OtherKey has now `full` validity.
5. Revoke MyKey.
6. Run `gpg --check-trustdb` to forcefully update the trust DB.
7. Check the validity of OtherKey: it still shows `full`, while
   it should in fact be `unknown`, since MyKey's signature should
   not be trusted anymore.

I tried this on the GnuPG 2.4 and 2.5 branches, and both are impacted.

>From what I could test, the attached patch (adapted from 19f2f00bfd)
fixed this. I hope this will help :)

Thank you very much!

Glop

 g10/trustdb.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/g10/trustdb.c b/g10/trustdb.c
index 9c26a8336..f6bbc8cb6 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -2253,6 +2253,13 @@ validate_keys (ctrl_t ctrl, int interactive)
                       keystr(k->kid));
           continue;
         }
+      if (pk->flags.revoked)
+        {
+          if (!opt.quiet)
+            log_info (_("Note: ultimately trusted key %s revoked\n"),
+                      keystr(k->kid));
+          continue;
+        }
 
       {
         struct key_item *ki = copy_key_item (k);
-- 
2.54.0



From gniibe at fsij.org  Tue Jun  9 04:22:52 2026
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Tue, 09 Jun 2026 11:22:52 +0900
Subject: [PATCH] scd:openpgp: Fix CHV1 retry counter byte index.
In-Reply-To: <5c0b1ca6-9ccb-46dc-941e-94452c7dc4e6@filippov.me>
References: <5c0b1ca6-9ccb-46dc-941e-94452c7dc4e6@filippov.me>
Message-ID: <87y0gozc3n.fsf@haruna.fsij.org>

Hello,

Mikhail Filippov wrote:
> Subject: [PATCH] scd:openpgp: Fix CHV1 retry counter byte index.

Thank you for your patch.  Manually applied and pushed.

"Manually" neans that: For some reason, your message has non-breaking
space (the 0xc2 0xa0 byte sequence).  It's not good in my tooling.
-- 


From devm23k73ju29h3r at dolce-energy.com  Tue Jun  9 10:11:21 2026
From: devm23k73ju29h3r at dolce-energy.com (devm23k73ju29h3r at dolce-energy.com)
Date: Tue, 9 Jun 2026 10:11:21 +0200
Subject: =?UTF-8?Q?=5BFeature_Request=5D_multiple_files_s=C3=A9lection_in_ad?=
 =?UTF-8?Q?dition_to_password_and_=22no_file=22_agent?=
Message-ID: <f58e96e4-9ba1-4e82-9827-d5b22e49bf02@dolce-energy.com>

Hi,

since password requirements are getting worst each year, soon it will be 
impossible to remember one (and more if you try to use something that 
you can remember) I'm waiting for the update of 
https://www.hivesystems.com/blog/are-your-passwords-in-the-green?utm_source=tabletext 
to see new requirements.

More due to IA hype, computing power will increase (and if not pure 
computing power of a single system, there will be several system to make 
parallel work)

Even I find it more and more problematic, so not speaking of my mother....

I use veracrypt for long now, as well as keepassXC. What I love is the 
ability to use a file in addition to the password, this solve the issue 
of strengh really fine, just have to remember a file or 2 or more 
(sadely only one file for keepassXC) and it compute a password based on 
the file content (didn't looked the code, but doing a sha256 hash will 
produce a 64 [A-Z][a-z][0-9] password, that is purely random, so no dict 
attack, and surely strength that won't allow even brute force parallel 
attack)

this require lite knowledge to remember and every file can be used, just 
peak your favorite familly photo, vacation photo, song, a video... 
anything as long you won't modify it.... easy....

so I would like to use the same for my GPG keys... (and ssh keys)

some ideas :? allow in pinentry to enter a password, select multiple 
files.... for each entry, compute a hash of the content, apply 
deciphering in recurse (decipher one time with the first hash, then 
decipher the result with the second...)

this would not even allow to know if the password provided was truly 
guessed : the result is still random bytes, so you can't know you truly 
guessed the password, so even a weak password could become strong (I'm 
right?)

another thing that bother me is the storage of private keys... ok they 
are protected, armored... but they are still on disk... I still use ssh 
agent because of this : keepassXC can store the private key and feed it 
to the ssh agent without temporary file (pure memory transfert)

for gpg, I use a veracrypt container to store the keys and mount it, 
hopefully gpg-agent do detect that new files are available and parse 
them. BUT veracrypt don't allow to "timeout mount / screenlock unmount" 
so, if I forget to unmount it, the files are accessible the time I 
notice that I forgot...

and last, there is feature I like in veracrypt : the possibility to give 
a false information, imagine my familly was kidnapped, I'm asked to send 
a authenticated email to someone in my firm, so that it perform some 
action... I have to choose... familly? work?... and so disclose the 
unlock information.

what I would love, is the veracrypt threat security mechanism : 2 
private keys in the same key file, if I provide one password/file I get 
the 1rst key, if I provide another I get the second key. This could 
allow to disclose "I'm under threat" information without anyone knowing 
it, I just choose the key, provide the "I'm under threat" information to 
the person, write the requested message, encrypt it, sign it, send it, 
and on the other end, the receiver see the message... and see that I'm 
under threat, can take appropriate action...

for some sensitive firm, this is unvaluable information... and the 
threatener can't know what I've done... everything is fine, having 2 
keyfiles is an option, but a clever person can see that I've 2 
identities and can take unknown consequences actions.

thanks and regards
JL


From rjh at sixdemonbag.org  Tue Jun  9 20:08:06 2026
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 9 Jun 2026 14:08:06 -0400
Subject: =?UTF-8?Q?Re=3A_=5BFeature_Request=5D_multiple_files_s=C3=A9lection?=
 =?UTF-8?Q?_in_addition_to_password_and_=22no_file=22_agent?=
In-Reply-To: <f58e96e4-9ba1-4e82-9827-d5b22e49bf02@dolce-energy.com>
References: <f58e96e4-9ba1-4e82-9827-d5b22e49bf02@dolce-energy.com>
Message-ID: <ef8f2c16-c2e0-4d6e-a7c7-68cf3e370c3c@sixdemonbag.org>

> More due to IA hype, computing power will increase (and if not pure 
> computing power of a single system, there will be several system to make 
> parallel work)

Argon2 and PBKDF2 are both designed to be highly resistant to brute 
forcing. Brute force attacks on Argon2/PBKDF2 passphrases are really not 
a thing.

> I use veracrypt for long now, as well as keepassXC. What I love is the 
> ability to use a file in addition to the password, this solve the issue 
> of strengh really fine, just have to remember a file or 2 or more 
> (sadely only one file for keepassXC) and it compute a password based on 
> the file content (didn't looked the code, but doing a sha256 hash will 
> produce a 64 [A-Z][a-z][0-9] password, that is purely random, so no dict 
> attack, and surely strength that won't allow even brute force parallel 
> attack)

This sounds like a misfeature for GnuPG. I would like to see this not 
adopted.

> this require lite knowledge to remember and every file can be used, just 
> peak your favorite familly photo, vacation photo, song, a video... 
> anything as long you won't modify it.... easy....

ID3 tags in MP3s and/or Exif tags in JPEGs are specifically intended to 
be modifiable, and some applications will silently update ID3 tags 
and/or Exif tags without explicitly telling you. (E.g., if an MP3 has 
ID3 v1 tags, your music player might silently upgrade them to ID3 v2 tags.)

> this would not even allow to know if the password provided was truly 
> guessed : the result is still random bytes, so you can't know you truly 
> guessed the password, so even a weak password could become strong (I'm 
> right?)

This is not how entropy and information theory work.

> what I would love, is the veracrypt threat security mechanism : 2 
> private keys in the same key file, if I provide one password/file I get 
> the 1rst key, if I provide another I get the second key. This could 
> allow to disclose "I'm under threat" information without anyone knowing 
> it

If you get arrested by the secret police, they *will* know about 
Veracrypt and the second passphrase option. They will demand both and 
won't stop torturing you until you provide them.

What's worse is if you're not using this feature. The secret police are 
now torturing you for a passphrase that doesn't exist and you can't give 
them. This also means *you can't make the torture stop*.

This is a horrible misfeature of Veracrypt. It's going to get one of 
their users killed someday, if it hasn't already.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20260609/7eb7822a/attachment.sig>

From devm23k73ju29h3r at dolce-energy.com  Wed Jun 10 23:25:48 2026
From: devm23k73ju29h3r at dolce-energy.com (devm23k73ju29h3r at dolce-energy.com)
Date: Wed, 10 Jun 2026 23:25:48 +0200
Subject: =?UTF-8?Q?Re=3A_=5BFeature_Request=5D_multiple_files_s=C3=A9lection?=
 =?UTF-8?Q?_in_addition_to_password_and_=22no_file=22_agent?=
In-Reply-To: <ef8f2c16-c2e0-4d6e-a7c7-68cf3e370c3c@sixdemonbag.org>
References: <f58e96e4-9ba1-4e82-9827-d5b22e49bf02@dolce-energy.com>
 <ef8f2c16-c2e0-4d6e-a7c7-68cf3e370c3c@sixdemonbag.org>
Message-ID: <71dd08bf-0870-4438-bb85-20a06f79a5fd@dolce-energy.com>


Le 09/06/2026 ? 20:08, Robert J. Hansen via Gnupg-devel a ?crit?:
>> More due to IA hype, computing power will increase (and if not pure 
>> computing power of a single system, there will be several system to 
>> make parallel work)
>
> Argon2 and PBKDF2 are both designed to be highly resistant to brute 
> forcing. Brute force attacks on Argon2/PBKDF2 passphrases are really 
> not a thing.

I'm not speaking of the algorithm that are secure, but even the best 
ciphering algorithm is weak if you have a 1 digit password...

the key here is the limit of human brain... remembering a pure random 12 
char is too much for most people, me including

>
>> I use veracrypt for long now, as well as keepassXC. What I love is 
>> the ability to use a file in addition to the password, this solve the 
>> issue of strengh really fine, just have to remember a file or 2 or 
>> more (sadely only one file for keepassXC) and it compute a password 
>> based on the file content (didn't looked the code, but doing a sha256 
>> hash will produce a 64 [A-Z][a-z][0-9] password, that is purely 
>> random, so no dict attack, and surely strength that won't allow even 
>> brute force parallel attack)
>
> This sounds like a misfeature for GnuPG. I would like to see this not 
> adopted.
I see it as a way to improve the security...
>
>> this require lite knowledge to remember and every file can be used, 
>> just peak your favorite familly photo, vacation photo, song, a 
>> video... anything as long you won't modify it.... easy....
>
> ID3 tags in MP3s and/or Exif tags in JPEGs are specifically intended 
> to be modifiable, and some applications will silently update ID3 tags 
> and/or Exif tags without explicitly telling you. (E.g., if an MP3 has 
> ID3 v1 tags, your music player might silently upgrade them to ID3 v2 
> tags.)
it's up to me to ensure it won?t... I've no such application that update 
exif/id3tag and also check for file corruption (or some intruder 
injection) via cron job... never detected any.
>
>> this would not even allow to know if the password provided was truly 
>> guessed : the result is still random bytes, so you can't know you 
>> truly guessed the password, so even a weak password could become 
>> strong (I'm right?)
>
> This is not how entropy and information theory work.

I'm not understanding the sentence... what I'm saying is :

if I cipher a file with a strong password created with information 
hashed from a file (that will likely create uniq data, since even a 
CRC32 has? 1 in 4.29 billion chance to create the same crc... and crc32 
is not comparable to sha256 and others) that can include even not 
type-able characters

and then cipher the result with a weak password

if an attacker try to bruteforce it, of course the weak password will be 
easily broken, but what the attacker get is a ciphered result. The 
attacker can't know if the password was guessed because the result is 
still a ciphered result.

if I only use a file to create the password, it's weaker than a password 
: the attacker has only to try every file one by one and even if I have 
lot of photo, videos and songs, it will succeed

it require several information to succeed : the password, how many file 
I used, and the order of the files/password... the 3 informations are 
easy to remember, when a strong password "~-'wH[+5^g.m" is difficult to 
remember

>
>> what I would love, is the veracrypt threat security mechanism : 2 
>> private keys in the same key file, if I provide one password/file I 
>> get the 1rst key, if I provide another I get the second key. This 
>> could allow to disclose "I'm under threat" information without anyone 
>> knowing it
>
> If you get arrested by the secret police, they *will* know about 
> Veracrypt and the second passphrase option. They will demand both and 
> won't stop torturing you until you provide them.
>
> What's worse is if you're not using this feature. The secret police 
> are now torturing you for a passphrase that doesn't exist and you 
> can't give them. This also means *you can't make the torture stop*.
>
> This is a horrible misfeature of Veracrypt. It's going to get one of 
> their users killed someday, if it hasn't already.

if you get arrested by the secret police, they will assume you hidden 
some sensitive information somewhere else in another ciphered file. And 
that you disclosed the information that is meaningless. so they will 
continue torture you to death for you to disclose the other true file 
that contain the true information, that don't exist... lol... ciphering 
any information is horrible misfeature of ciphering tools ;)

best regards



From rjh at sixdemonbag.org  Wed Jun 10 23:57:50 2026
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 10 Jun 2026 17:57:50 -0400
Subject: =?UTF-8?Q?Re=3A_=5BFeature_Request=5D_multiple_files_s=C3=A9lection?=
 =?UTF-8?Q?_in_addition_to_password_and_=22no_file=22_agent?=
In-Reply-To: <71dd08bf-0870-4438-bb85-20a06f79a5fd@dolce-energy.com>
References: <f58e96e4-9ba1-4e82-9827-d5b22e49bf02@dolce-energy.com>
 <ef8f2c16-c2e0-4d6e-a7c7-68cf3e370c3c@sixdemonbag.org>
 <71dd08bf-0870-4438-bb85-20a06f79a5fd@dolce-energy.com>
Message-ID: <8c1dd2c4-dc86-49e2-ac31-f605c1fc5e2d@sixdemonbag.org>

> I'm not speaking of the algorithm that are secure, but even the best 
> ciphering algorithm is weak if you have a 1 digit password...

Yes. So don't use one.

> the key here is the limit of human brain... remembering a pure random 12 
> char is too much for most people, me including

Yes. So use one you can remember, along with an appropriate key 
derivation function like Argon2, PBKDF2, or the one OpenPGP used prior 
to the advent of Argon2 and PBKDF2.

> it's up to me to ensure it won?t... I've no such application that update 
> exif/id3tag and also check for file corruption (or some intruder 
> injection) via cron job... never detected any.

I'm glad you haven't had this experience. As soon as you do and discover 
your encrypted documents are now unreadable, you might change your mind.

> if I cipher a file with a strong password created with information 
> hashed from a file (that will likely create uniq data, since even a 
> CRC32 has? 1 in 4.29 billion chance to create the same crc... and crc32 
> is not comparable to sha256 and others) that can include even not type- 
> able characters
> 
> and then cipher the result with a weak password
> 
> if an attacker try to bruteforce it, of course the weak password will be 
> easily broken, but what the attacker get is a ciphered result. The 
> attacker can't know if the password was guessed because the result is 
> still a ciphered result.

You've invented a primitive key derivation function.

Why is this better than Argon2 or PBKDF2, are modern, peer-reviewed, and 
successfully deployed key derivation functions?

> if you get arrested by the secret police, they will assume you hidden 
> some sensitive information somewhere else in another ciphered file.

Let's say, for sake of argument, you're a human rights worker in Gaza 
who uses VeraCrypt to secure your laptop's hard drive. You get caught up 
in an IDF dragnet. You fully cooperate with the IDF, showing them all 
your data. There's nothing on it, nothing, to suggest you're a 
terrorist. But the IDF still isn't going to let you go, because *how can 
they know you're cooperating?*

You can't prove to them that you're being honest. And that means instead 
of being allowed to go free, you're going to spend time in detention 
until some intelligence spook is able to make an assessment of your risk 
level if released. It could be months.

(No one should try to hijack this into an Israel-vs-Gaza discussion. I'm 
sure many of us have strong feelings on the subject, but please express 
them somewhere else.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20260610/86a0bb09/attachment.sig>

From devm23k73ju29h3r at dolce-energy.com  Thu Jun 11 13:41:33 2026
From: devm23k73ju29h3r at dolce-energy.com (devm23k73ju29h3r at dolce-energy.com)
Date: Thu, 11 Jun 2026 13:41:33 +0200
Subject: =?UTF-8?Q?Re=3A_=5BFeature_Request=5D_multiple_files_s=C3=A9lection?=
 =?UTF-8?Q?_in_addition_to_password_and_=22no_file=22_agent?=
In-Reply-To: <8c1dd2c4-dc86-49e2-ac31-f605c1fc5e2d@sixdemonbag.org>
References: <f58e96e4-9ba1-4e82-9827-d5b22e49bf02@dolce-energy.com>
 <ef8f2c16-c2e0-4d6e-a7c7-68cf3e370c3c@sixdemonbag.org>
 <71dd08bf-0870-4438-bb85-20a06f79a5fd@dolce-energy.com>
 <8c1dd2c4-dc86-49e2-ac31-f605c1fc5e2d@sixdemonbag.org>
Message-ID: <4b4d9bd2-82fe-4956-a967-a372bac2669d@dolce-energy.com>


Le 10/06/2026 ? 23:57, Robert J. Hansen via Gnupg-devel a ?crit?:
>> the key here is the limit of human brain... remembering a pure random 
>> 12 char is too much for most people, me including
>
> Yes. So use one you can remember, along with an appropriate key 
> derivation function like Argon2, PBKDF2, or the one OpenPGP used prior 
> to the advent of Argon2 and PBKDF2.
so the one you used on every website, every ssh key, every gpg key, that 
is created with the same pattern you usually use on all password that 
leaked on the darknet? that i weak to dictonary attack? (just because 
you're human, and human construct itself on patterns it employ)
>
>> it's up to me to ensure it won?t... I've no such application that 
>> update exif/id3tag and also check for file corruption (or some 
>> intruder injection) via cron job... never detected any.
>
> I'm glad you haven't had this experience. As soon as you do and 
> discover your encrypted documents are now unreadable, you might change 
> your mind.
it's 15 year or more that I use this... yes it might end unreadable, but 
a ssd contr?ler dying will have the same effet, a sector corruption on 
the header of a cipher storage will also...
>
>> if I cipher a file with a strong password created with information 
>> hashed from a file (that will likely create uniq data, since even a 
>> CRC32 has? 1 in 4.29 billion chance to create the same crc... and 
>> crc32 is not comparable to sha256 and others) that can include even 
>> not type- able characters
>>
>> and then cipher the result with a weak password
>>
>> if an attacker try to bruteforce it, of course the weak password will 
>> be easily broken, but what the attacker get is a ciphered result. The 
>> attacker can't know if the password was guessed because the result is 
>> still a ciphered result.
>
> You've invented a primitive key derivation function.
>
> Why is this better than Argon2 or PBKDF2, are modern, peer-reviewed, 
> and successfully deployed key derivation functions?
i'm not, i'm just storing something in my brain that I can remember 
easely and feed to some "modern, peer-reviewed, and successfully 
deployed key derivation functions"
>
>> if you get arrested by the secret police, they will assume you hidden 
>> some sensitive information somewhere else in another ciphered file.
>
> Let's say, for sake of argument, you're a human rights worker in Gaza 
> who uses VeraCrypt to secure your laptop's hard drive. You get caught 
> up in an IDF dragnet. You fully cooperate with the IDF, showing them 
> all your data. There's nothing on it, nothing, to suggest you're a 
> terrorist. But the IDF still isn't going to let you go, because *how 
> can they know you're cooperating?*
>
> You can't prove to them that you're being honest. And that means 
> instead of being allowed to go free, you're going to spend time in 
> detention until some intelligence spook is able to make an assessment 
> of your risk level if released. It could be months.
>
> (No one should try to hijack this into an Israel-vs-Gaza discussion. 
> I'm sure many of us have strong feelings on the subject, but please 
> express them somewhere else.)
>
there are thousand of people sentenced to death without any single 
evidence, number of people sent to jail waiting for death execution and 
freed with a "mea culpa" with life impossible to recover (technically 
sending them to street life and death)... Sadely if some policemen 
decided you have to be the culpit, even if you fully cooperate, they 
will find what they will choose to be a proof, a corrupted file without 
header that you recovered, that contain random data, can be chosen to be 
a ciphered file.

how many people have been sentenced to death and executed during WWII 
without any evidence? just because you said hello to a suspicious guy 
that was suspected to be in the resistance?

sadely, even if you cooperate fully, you won't prove them that you're 
honest if they decided otherwise, just the fact you sent an email to 
this list, that you have some gpg key you played with... What you write 
today because you've some free speech possibilities can be used as an 
evidence elsewhere. I was questioned just because I went with some 
friends on a road trip in Morocco 9 years ago and that there was still a 
stamp on my passport, they asked be detailed information that I don't 
even remember, where exactly I stayed (it's a road trip, you decide 
where you stay day by day, with precise adress, phone, name of the 
persons I met...), and the more I couldn't say, the more they were 
digging and the only thing that saved me is the boarding of the plane. 
Stayed questionned 3 hours just because of some vacation I don't 
remember in detail but that was really nice and enjoyable. Did I prove 
to them I'm beeing honest? not sure, I just think that I won't go to the 
country that questionned me 3 hours without any reason anymore... 
technically I'm just suspicious if I just protect my data from beeing 
read by google and cipher it using gpg! Just because I don't like that 
someone that have no right to do it, eavesdrop, just because I store my 
vacation photo on a ciphered drive just in case it get stolled and I 
don't like the idea of having all my photos somewhere owned by someone I 
don't know. As long as I protected something, there is a non 
negligeable? possibility I stored some evidence somewhere else... be 
assured that if they decided, you will be the culpit. If they need a 
culpit, you'll be the culpit. If they want you to be a terrorist, you'll 
be a terrorist.

Even if you collaborate, the only way for someone to be sure that you 
didn't lied or hide some information is death (and even there, there is 
doubt) because you assume that at some point, a person will value more 
it's life than the information.
Even if nothing ciphered, all in clear text, there are lot of "justice 
mistake" with people sent to jail, without real evidence. Just because 
they were at the wrong time, wrong place, and that they have to be the 
culpit. How many people died just because of their origin?

so, ok, you can say veracrypt can put you to death, but this means that 
the threatener has enough knowledge to know there might be 2 way and 2 
information, which is not given, the only thing that can save you is 
buying enough time by giving them a decoy that seems enough valuable to 
take time to try it. If a person threaten you to gain access to your 
firm, he can still kill you after verifying he got the access, 
collaborating is not giving you the assurance he won?t do what you want 
to avoid.



From rjh at sixdemonbag.org  Thu Jun 11 14:25:44 2026
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 11 Jun 2026 08:25:44 -0400
Subject: =?UTF-8?Q?Re=3A_=5BFeature_Request=5D_multiple_files_s=C3=A9lection?=
 =?UTF-8?Q?_in_addition_to_password_and_=22no_file=22_agent?=
In-Reply-To: <4b4d9bd2-82fe-4956-a967-a372bac2669d@dolce-energy.com>
References: <f58e96e4-9ba1-4e82-9827-d5b22e49bf02@dolce-energy.com>
 <ef8f2c16-c2e0-4d6e-a7c7-68cf3e370c3c@sixdemonbag.org>
 <71dd08bf-0870-4438-bb85-20a06f79a5fd@dolce-energy.com>
 <8c1dd2c4-dc86-49e2-ac31-f605c1fc5e2d@sixdemonbag.org>
 <4b4d9bd2-82fe-4956-a967-a372bac2669d@dolce-energy.com>
Message-ID: <68b581ca-bd9b-4e06-bced-de945549361f@sixdemonbag.org>

> so the one you used on every website, every ssh key, every gpg key, that 
> is created with the same pattern you usually use on all password that 
> leaked on the darknet? that i weak to dictonary attack? (just because 
> you're human, and human construct itself on patterns it employ)

What? No.

I memorize a 128-bit random sequence for my passphrase manager and use 
that to store everything else, and each year I print out the contents 
and drop a copy in my bank safe deposit box.

>> I'm glad you haven't had this experience. As soon as you do and 
>> discover your encrypted documents are now unreadable, you might change 
>> your mind.
 >
> it's 15 year or more that I use this...

When playing Russian roulette, the fact you haven't died yet should not 
fill you with confidence for the future.

>> You've invented a primitive key derivation function.
>>
>> Why is this better than Argon2 or PBKDF2, are modern, peer-reviewed, 
>> and successfully deployed key derivation functions?
 >
> i'm not, i'm just storing something in my brain that I can remember 
> easely

No, you've literally invented a primitive KDF.

Why use that primitive KDF over PBKDF2 or Argon2?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20260611/8866319b/attachment.sig>

From devm23k73ju29h3r at dolce-energy.com  Thu Jun 11 19:57:06 2026
From: devm23k73ju29h3r at dolce-energy.com (devm23k73ju29h3r at dolce-energy.com)
Date: Thu, 11 Jun 2026 19:57:06 +0200
Subject: =?UTF-8?Q?Re=3A_=5BFeature_Request=5D_multiple_files_s=C3=A9lection?=
 =?UTF-8?Q?_in_addition_to_password_and_=22no_file=22_agent?=
In-Reply-To: <68b581ca-bd9b-4e06-bced-de945549361f@sixdemonbag.org>
References: <f58e96e4-9ba1-4e82-9827-d5b22e49bf02@dolce-energy.com>
 <ef8f2c16-c2e0-4d6e-a7c7-68cf3e370c3c@sixdemonbag.org>
 <71dd08bf-0870-4438-bb85-20a06f79a5fd@dolce-energy.com>
 <8c1dd2c4-dc86-49e2-ac31-f605c1fc5e2d@sixdemonbag.org>
 <4b4d9bd2-82fe-4956-a967-a372bac2669d@dolce-energy.com>
 <68b581ca-bd9b-4e06-bced-de945549361f@sixdemonbag.org>
Message-ID: <bfb58564-5a0c-4ee2-909b-ceabaa69dd3b@dolce-energy.com>


Le 11/06/2026 ? 14:25, Robert J. Hansen via Gnupg-devel a ?crit?:
>> so the one you used on every website, every ssh key, every gpg key, 
>> that is created with the same pattern you usually use on all password 
>> that leaked on the darknet? that i weak to dictonary attack? (just 
>> because you're human, and human construct itself on patterns it employ)
>
> What? No.
>
> I memorize a 128-bit random sequence for my passphrase manager and use 
> that to store everything else, and each year I print out the contents 
> and drop a copy in my bank safe deposit box.
>
>>> I'm glad you haven't had this experience. As soon as you do and 
>>> discover your encrypted documents are now unreadable, you might 
>>> change your mind.
> >
>> it's 15 year or more that I use this...
>
> When playing Russian roulette, the fact you haven't died yet should 
> not fill you with confidence for the future.

lol, with copies of required files stored in multiple locations and 
duplicated at random place I only know? this is a strange russian 
roulette... what is great with file, is that they don't have to be 
hidden, I don't have to have a single armored file... anything on my 
computer can serve as a key, and the more they are common, the less 
likely it can be guessed... it got corrupted? fine... I've another 
elsewhere... they are just regular files, if you don't know the value, 
it's like having a raw gemstone : it looks like a regular stone, only 
someone that know will make it jewellery

anyway, if I want to play russian roulette, it's my right, no? or do 
you've also the right to say that it's evil and say how user should 
behave for their own good? as long as I choose it for myself, I know the 
consequences, you might find it dangerous, what is next? you'll forbid 
me to climb? do speleology? diving? skitouring? I don't force you to it, 
you're free! I'm not some dictaror or inquisitor of the faith that say 
what is right to think or do...

>
>>> You've invented a primitive key derivation function.
>>>
>>> Why is this better than Argon2 or PBKDF2, are modern, peer-reviewed, 
>>> and successfully deployed key derivation functions?
> >
>> i'm not, i'm just storing something in my brain that I can remember 
>> easely
>
> No, you've literally invented a primitive KDF.
>
> Why use that primitive KDF over PBKDF2 or Argon2?

great, so I invented a way to transform something I know in some 
computer mind reading that is able to derivate something I know into 
something a computer can use... I should put a patent on it "something 
you have in your brain, that a software can use without having you to 
perform actions into a derived cryptographic key"... the information is 
not the file itself... it's just a bunch of bytes... even a regular txt 
file can be used... what is important is not the file, it's HOW I KNOW 
how to use it.

the user can steal my passphrase manager, it's easy : find -type f 
-iname "*.kbdx", but to unlock it it has also to steal all the drive, 
hoping the drive contains the required file to unlock it... and also 
steal every storage I have... and then try all what comes into his 
mind?? did I used just a strong password? how many file did I used? in 
what order? just files or files with a password? do I have stored all 
the required files on the same drive? or did I scattered them on 
multiple storage? did I used a decoy? did I only used a part of a file? 
or multiple files catened together and removed? well good luck!

for me, remembering is easy, I just have some memory of some events, or 
something I like, maybe some pdf i like? or a bd scan? an ebook? maybe 
the file is freely available on the internet? and know the way to use 
them... it's much more easier for me than even remembering s at 0g!A, but 
for someone else? he will never know my life, what memory is used. he 
can hack my computer using a zero day vulnerability... what will he do 
with this? he got my passkey database... and? can he bruteforce it? for 
bruteforce, you need something that is predictable, not something that 
is a bunch of any combination the user can invent. The only way to know 
it is a RAT, but, maybe I also use a fido key to store some secret? 
hahaha...

what produce PBKDF2 or Argon2? they produce something that looks like 
random bytes of a given size, it's easy to know that this file is likely 
a result of a key derivation....



From rjh at sixdemonbag.org  Thu Jun 11 20:39:01 2026
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 11 Jun 2026 14:39:01 -0400
Subject: =?UTF-8?Q?Re=3A_=5BFeature_Request=5D_multiple_files_s=C3=A9lection?=
 =?UTF-8?Q?_in_addition_to_password_and_=22no_file=22_agent?=
In-Reply-To: <bfb58564-5a0c-4ee2-909b-ceabaa69dd3b@dolce-energy.com>
References: <f58e96e4-9ba1-4e82-9827-d5b22e49bf02@dolce-energy.com>
 <ef8f2c16-c2e0-4d6e-a7c7-68cf3e370c3c@sixdemonbag.org>
 <71dd08bf-0870-4438-bb85-20a06f79a5fd@dolce-energy.com>
 <8c1dd2c4-dc86-49e2-ac31-f605c1fc5e2d@sixdemonbag.org>
 <4b4d9bd2-82fe-4956-a967-a372bac2669d@dolce-energy.com>
 <68b581ca-bd9b-4e06-bced-de945549361f@sixdemonbag.org>
 <bfb58564-5a0c-4ee2-909b-ceabaa69dd3b@dolce-energy.com>
Message-ID: <d4fb2a3e-44f9-4e23-bac7-722e487d15e2@sixdemonbag.org>

> anyway, if I want to play russian roulette, it's my right, no? or do 
> you've also the right to say that it's evil and say how user should 
> behave for their own good?

You are coming onto this mailing list and asking people to volunteer to 
undertake software engineering work. The people who do this don't work 
for you. They don't work for me, either. They volunteer to serve *the 
community*.

If you want your idea to be picked up and turned into running code, you 
need to persuade *the community* that this is a good idea, that it will 
be useful for a lot of people, and that it follows the best practices of 
cryptographic engineering.

The developers will, of course, work on what they want to work on. But 
if you want these ideas of yours to make it into GnuPG, you're going to 
need to explain what GnuPG is currently lacking, how your plan addresses 
that lack, and what makes your idea sound engineering.

> what produce PBKDF2 or Argon2?

This sounds like an ideal time for you to do some reading on Wikipedia.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20260611/cdc1202f/attachment.sig>

From devm23k73ju29h3r at dolce-energy.com  Fri Jun 12 20:34:26 2026
From: devm23k73ju29h3r at dolce-energy.com (devm23k73ju29h3r at dolce-energy.com)
Date: Fri, 12 Jun 2026 20:34:26 +0200
Subject: =?UTF-8?Q?Re=3A_=5BFeature_Request=5D_multiple_files_s=C3=A9lection?=
 =?UTF-8?Q?_in_addition_to_password_and_=22no_file=22_agent?=
In-Reply-To: <d4fb2a3e-44f9-4e23-bac7-722e487d15e2@sixdemonbag.org>
References: <f58e96e4-9ba1-4e82-9827-d5b22e49bf02@dolce-energy.com>
 <ef8f2c16-c2e0-4d6e-a7c7-68cf3e370c3c@sixdemonbag.org>
 <71dd08bf-0870-4438-bb85-20a06f79a5fd@dolce-energy.com>
 <8c1dd2c4-dc86-49e2-ac31-f605c1fc5e2d@sixdemonbag.org>
 <4b4d9bd2-82fe-4956-a967-a372bac2669d@dolce-energy.com>
 <68b581ca-bd9b-4e06-bced-de945549361f@sixdemonbag.org>
 <bfb58564-5a0c-4ee2-909b-ceabaa69dd3b@dolce-energy.com>
 <d4fb2a3e-44f9-4e23-bac7-722e487d15e2@sixdemonbag.org>
Message-ID: <af460a2e-e089-4835-aa97-8a3e313aaf79@dolce-energy.com>


Le 11/06/2026 ? 20:39, Robert J. Hansen via Gnupg-devel a ?crit?:
>> anyway, if I want to play russian roulette, it's my right, no? or do 
>> you've also the right to say that it's evil and say how user should 
>> behave for their own good?
>
> You are coming onto this mailing list and asking people to volunteer 
> to undertake software engineering work. The people who do this don't 
> work for you. They don't work for me, either. They volunteer to serve 
> *the community*.
>
> If you want your idea to be picked up and turned into running code, 
> you need to persuade *the community* that this is a good idea, that it 
> will be useful for a lot of people, and that it follows the best 
> practices of cryptographic engineering.
>
> The developers will, of course, work on what they want to work on. But 
> if you want these ideas of yours to make it into GnuPG, you're going 
> to need to explain what GnuPG is currently lacking, how your plan 
> addresses that lack, and what makes your idea sound engineering.
>
convince? ok, what was your answers? "I'm against it" "you'll loose your 
files" "memorize 16 extended ASCII random sequence and rent a safe into 
your bank to have a backup"

you won't convince someone that already decided, same as you end to jail 
because a cop decided you're the culpit...

end of discussion, there is nothing to add, the door was closed even 
before the asking, whatever I'll add as argument will be just lost of 
energy and time

thanks and regards



From rjh at sixdemonbag.org  Fri Jun 12 23:23:15 2026
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 12 Jun 2026 17:23:15 -0400
Subject: =?UTF-8?Q?Re=3A_=5BFeature_Request=5D_multiple_files_s=C3=A9lection?=
 =?UTF-8?Q?_in_addition_to_password_and_=22no_file=22_agent?=
In-Reply-To: <af460a2e-e089-4835-aa97-8a3e313aaf79@dolce-energy.com>
References: <f58e96e4-9ba1-4e82-9827-d5b22e49bf02@dolce-energy.com>
 <ef8f2c16-c2e0-4d6e-a7c7-68cf3e370c3c@sixdemonbag.org>
 <71dd08bf-0870-4438-bb85-20a06f79a5fd@dolce-energy.com>
 <8c1dd2c4-dc86-49e2-ac31-f605c1fc5e2d@sixdemonbag.org>
 <4b4d9bd2-82fe-4956-a967-a372bac2669d@dolce-energy.com>
 <68b581ca-bd9b-4e06-bced-de945549361f@sixdemonbag.org>
 <bfb58564-5a0c-4ee2-909b-ceabaa69dd3b@dolce-energy.com>
 <d4fb2a3e-44f9-4e23-bac7-722e487d15e2@sixdemonbag.org>
 <af460a2e-e089-4835-aa97-8a3e313aaf79@dolce-energy.com>
Message-ID: <88278325-8e36-46dc-87d8-501a2353516d@sixdemonbag.org>

> convince? ok, what was your answers? "I'm against it"

I am against it, yes. This first paraphrasing of yours is accurate.

> "you'll loose your files"

This is one of the reasons I gave against it. Data loss happens.

> "memorize 16 extended ASCII random sequence and rent a safe into 
> your bank to have a backup"

My password manager is protected by a 22-character base64 password, but 
otherwise yes, this is what I do.

Memorizing one random 22-character password is something many users (not 
all, but many) can do. It's no harder than memorizing digits of pi.

A lot of people have safe deposit boxes where they store important 
documents like property deeds and passports. I just include a printout 
of my passwords in mine.

> end of discussion, there is nothing to add, the door was closed even 
> before the asking, whatever I'll add as argument will be just lost of 
> energy and time
You are free to ask for whatever features you like, and the developers 
are free to work on whatever they wish. I'm just a user who is 
unpersuaded by your idea and would prefer if the devs worked on other 
things.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20260612/c2bde95c/attachment-0001.sig>

From pl at gnupg.org  Mon Jun 15 14:14:05 2026
From: pl at gnupg.org (Philip)
Date: Mon, 15 Jun 2026 14:14:05 +0200
Subject: [PATCH] gpg: Exclude revoked UTKs from the key validation process.
In-Reply-To: <aiWeJfVnMOFElUpa@riseup.net>
References: <aiWeJfVnMOFElUpa@riseup.net>
Message-ID: <20260615141405.33b578f4@conway.g10code.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

thank you for the report.

On Sun, 7 Jun 2026 18:36:53 +0200
Glop via Gnupg-devel <gnupg-devel at gnupg.org> wrote:

> In order to reproduce this:
> 1. Generate a new public/secret key pair (say, MyKey).
> 2. Import a new public key in the keyring (say, OtherKey).
> 3. Sign OtherKey using MyKey.
> 4. Check that OtherKey has now `full` validity.
> 5. Revoke MyKey.
> 6. Run `gpg --check-trustdb` to forcefully update the trust DB.
> 7. Check the validity of OtherKey: it still shows `full`, while
>    it should in fact be `unknown`, since MyKey's signature should
>    not be trusted anymore.
> 
> I tried this on the GnuPG 2.4 and 2.5 branches, and both are impacted.

I could not reproduce this with GnuPG 2.4.9 and 2.5.20.
After Step 6 `gpg --check-trustdb` the formerly "[  full  ]" trusted
key is shown with "[ unknown]" trust.
In your test, was the 'OtherKey' maybe signed by any other keys than
'MyKey'?

Philip
-----BEGIN PGP SIGNATURE-----

iJEEARYKADkWIQR0sOOYYQjr3oh+QUt7hfBywO1/7gUCai/sjRsUgAAAAAAEAA5t
YW51MiwyLjUrMS4xMiwyLDIACgkQe4XwcsDtf+4dhAEAjYb4ooEWttws+l6Vm5Ow
PFrXaxMp8Td1TMwlD0tVfx0A/0xHWtFrDY+Srov2xJwT2AohXJwL2Ca+ABK+qBoO
IC4K
=XtYK
-----END PGP SIGNATURE-----