Page MenuHome GnuPG
Projects gnupg gnupg24 gnupg-2.4.4

gnupg24 (gnupg-2.4.4)Milestone
ActivePublic
Watch Project

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity
View All

Mar 6 2024

lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

I've sent you an email about it. It might have html elements due to markdown-here.

Mar 6 2024, 5:02 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

Sorry, for not following up earlier. Can you please do me a favor and run the last tests again, this time adding -v and --debug 1 to the invocation? Feel free to forward the output to my private address is that is easier (wk at gnupg.org).

Mar 6 2024, 12:19 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Mar 4 2024

werner added a comment to T6944: The default card key generation keeps an unprotected backup of the encryption key on disk.

See also: https://gnupg.org/blog/20240125-smartcard-backup-key.html

Mar 4 2024, 3:38 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report

Feb 7 2024

lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

The additional debug info are:

gpgsm: DBG: p12_parse:1998: err=0 prk=0x0000000000000000,0x0000000000000000
gpgsm: DBG: p12_parse:2006: err=0 prk=0x0000000000000000,0x0000000000000000
gpgsm: DBG: p12_parse:2021: err=0 prk=0x0000000000000000,0x0000000000000000
gpgsm: DBG: p12_parse:2054: err=0 prk=0x0000000000000000,0x0000000000000000
gpgsm: DBG: p12_parse:2061: err=0 prk=0x0000000000000000,0x0000000000000000
gpgsm: DBG: p12_parse:2069: err=0 prk=0x0000000000000000,0x0000000000000000
gpgsm: DBG: p12_parse:2081: err=0 prk=0x0000000000000000,0x0000000000000000
gpgsm: error parsing or decrypting the PKCS#12 file
gpgsm: total number processed: 4
gpgsm:              unchanged: 4
Feb 7 2024, 6:32 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

0001-Test-patch.patch3 KBDownload

Feb 7 2024, 9:09 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Feb 6 2024

lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

Could you write a quick patch file for that? (I don't have a working source build, I am using the Fedora spec file + patches)

Feb 6 2024, 5:18 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

The old debug output is in genral okay but what I would do is to add a couple of log_debug calls like

Feb 6 2024, 5:16 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

@werner I managed to recover the old .p12 that has the error. And this is still replicable. Is there a debug flag that would be useful or can we setup some private live-debugging for this?

Feb 6 2024, 12:18 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Feb 5 2024

werner added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

I would have expected an error message right after

Feb 5 2024, 8:09 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Feb 4 2024

Angel added a comment to T6972: Explicitly deprecate --use-embedded-filename -- it is hazardous.

I agree. Any automatic use of the embedded filename will be potentially problematic security-wise. The only safe use is probably as a value in an interactive dialog, and even then, only if the user doesn't accept a dangerous value.

Feb 4 2024, 11:51 PM · Documentation, gnupg, patch
Angel merged T2759: Misleading error message when trying to sign with an expired key into T4704: Wrong error message when key is expired.
Feb 4 2024, 3:55 AM · gnupg24 (gnupg-2.4.4), UI, Bug Report

Feb 2 2024

dkg added a comment to T6972: Explicitly deprecate --use-embedded-filename -- it is hazardous.

The patch supplied here should apply to STABLE-BRANCH-2-4, but it should also be easy enough to backport to STABLE-BRANCH-2-2 and STABLE-BRANCH-1-4. For GnuPG master, i recommend actually removing the option.

Feb 2 2024, 9:14 PM · Documentation, gnupg, patch
dkg created T6972: Explicitly deprecate --use-embedded-filename -- it is hazardous.
Feb 2 2024, 9:12 PM · Documentation, gnupg, patch
lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

Unfortunately I have deleted the .p12 with the CA chain, and I don't know how I've generated it. It also contained my production certificates so, kinda sensitive to upload here.

Feb 2 2024, 5:49 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

Okay, I push the change for the extended salt size. Regarding the import of CA certificates, I have not seen any problems. In fact it is pretty common. Did you test with with 2.4.4. A test file would be helpful.

Feb 2 2024, 5:33 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

Ok, I have tried again the series of workarounds that I initially posted on the main description, and I managed to fix it by striping the CA certificates. So the current issues here are:

Feb 2 2024, 2:01 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
lecris updated the task description for T6757: gpgsm 2.4 Fails to import P12 certificate/key.
Feb 2 2024, 1:45 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Jan 30 2024

lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

We got a bit further, not sure what debug level you want, guru I've found to be too excessive:

Jan 30 2024, 12:20 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

Can you please try this patch:

Jan 30 2024, 11:50 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
lecris reopened T6757: gpgsm 2.4 Fails to import P12 certificate/key as "Open".

@werner I have just tested this, and although it fixed it for one certificate, this one in this issue still fails. Here is the new debug given

Jan 30 2024, 9:17 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
lecris reopened T6757: gpgsm 2.4 Fails to import P12 certificate/key, a subtask of T6752: New minip12 does not import from Firefox anymore, as Open.
Jan 30 2024, 9:17 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Jan 29 2024

ebo closed T6806: Fix off by one day in the expiry date calculation, a subtask of T6736: Year 2038 issue for key validity date, as Resolved.
Jan 29 2024, 1:27 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Bug Report

Jan 26 2024

werner moved T6902: gpgconf: the questionable value 256 for flags in gpgrt_opt_t from Backlog to gnupg-2.2.43 on the gnupg22 board.
Jan 26 2024, 1:49 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4)
werner closed T6902: gpgconf: the questionable value 256 for flags in gpgrt_opt_t as Resolved.

Is in 2.4.4 and will go into 2.2.43

Jan 26 2024, 1:48 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4)

Jan 25 2024

werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2024q1/000481.html on T6578: Release GnuPG 2.4.4.
Jan 25 2024, 6:14 PM · gnupg24 (gnupg-2.4.4), Release Info
werner added a comment to T6944: The default card key generation keeps an unprotected backup of the encryption key on disk.

Also fixed in the fortgcoming 2.2.43

Jan 25 2024, 2:05 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner closed T6943: Add tool to detect and clean unsolicited copies of smartcard keys as Resolved.
Jan 25 2024, 11:57 AM · gnupg24 (gnupg-2.4.4), Feature Request
werner moved T6943: Add tool to detect and clean unsolicited copies of smartcard keys from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 25 2024, 11:57 AM · gnupg24 (gnupg-2.4.4), Feature Request
werner shifted T6944: The default card key generation keeps an unprotected backup of the encryption key on disk from the Restricted Space space to the S1 Public space.
Jan 25 2024, 11:56 AM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner closed T6578: Release GnuPG 2.4.4 as Resolved.
Jan 25 2024, 11:38 AM · gnupg24 (gnupg-2.4.4), Release Info
werner moved T6578: Release GnuPG 2.4.4 from WiP to gnupg-2.4.4 on the gnupg24 board.
Jan 25 2024, 11:38 AM · gnupg24 (gnupg-2.4.4), Release Info

Jan 24 2024

ebo moved T6654: gpgsm: p12 passphrase visible in debug output from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 5:08 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), vsd32 (vsd-3.2.0), S/MIME, Restricted Project
werner moved T6379: Kleopatra: Brainpool key can not be moved to smart card from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 4:26 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, kleopatra
werner moved T6052: gnupg2 tpm2d tests do not work from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 2:46 PM · gnupg24 (gnupg-2.4.4), Tests, TPM, Bug Report
werner moved T6831: May chose a signing key from a not inserted card over an inserted one from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 2:45 PM · gnupg24 (gnupg-2.4.4), OpenPGP, patch, Bug Report
werner moved T6741: gpg 2.3+ may display garbled characters for date and time in non-English Windows from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 2:42 PM · gnupg24 (gnupg-2.4.4), i18n, Windows, Bug Report
werner moved T3380: Use exponential backoff when spawning agent and dirmngr from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 2:40 PM · gnupg24 (gnupg-2.4.4), Feature Request
werner moved T6796: gpg does create socketdir after every operation from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 2:37 PM · gnupg24 (gnupg-2.4.4), Feature Request
werner moved T6902: gpgconf: the questionable value 256 for flags in gpgrt_opt_t from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 2:36 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4)
werner moved T6710: Improve Speedo for Linux to set DT_RUNPATH. from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 2:34 PM · gnupg24 (gnupg-2.4.4), Feature Request
werner closed T6944: The default card key generation keeps an unprotected backup of the encryption key on disk as Resolved.
Jan 24 2024, 2:31 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner moved T6944: The default card key generation keeps an unprotected backup of the encryption key on disk from WiP to gnupg-2.2.43 on the gnupg22 board.
Jan 24 2024, 2:31 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner moved T6944: The default card key generation keeps an unprotected backup of the encryption key on disk from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 2:31 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner closed T6919: Add support for smartcafe cards as Resolved.
Jan 24 2024, 2:25 PM · gnupg24 (gnupg-2.4.4), Restricted Project, Feature Request, scd
werner moved T6919: Add support for smartcafe cards from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 2:25 PM · gnupg24 (gnupg-2.4.4), Restricted Project, Feature Request, scd
werner added a comment to T6708: Allow to inhibit the use of a default PGP keyserver.

Fixes are already in GnuPG 2.4.4 and can't be easily tested. Thus closing also for gnupg24

Jan 24 2024, 2:22 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request
werner moved T6708: Allow to inhibit the use of a default PGP keyserver from WiP to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 2:20 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request
werner closed T6536: Extend P12 parser for ShroudedKeyBag inside a CertBag as Resolved.

Closing because we believe things are fixed and our test suite confirms that. Feel free to -reopen in case your own file does not import with 2.4.4.

Jan 24 2024, 11:42 AM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Bug Report, S/MIME, Restricted Project
werner moved T6536: Extend P12 parser for ShroudedKeyBag inside a CertBag from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 11:41 AM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Bug Report, S/MIME, Restricted Project
werner moved T6752: New minip12 does not import from Firefox anymore from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 11:40 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report