Last week:

• libgcrypt rh-fips light review:
  • constructor is considered too much: only use it when it is really needed, because it is too strong and applications have no way to control it
  • adding error condition for access in fips mode is OK
  • adding tests is OK
• Defer adding new feature for --quick-gen-keys for card key generation
• T5167: Yubikey NEO
  • No clear_halt makes sense
    • backport to 2.2
  • rG946555ea3ceb: scd:yubikey: Fix support of Yubikey NEO. in master
• T5170: card: Allow use cases with no corresponding *.key file under private-keys-v1.d
• NetKey card support
  • Now IDLM keyref also works

This week:

• Lower priority of T4563: gpg-agent fails to sign request of PKISSH
  • because it is the bug of PKISSH, basically,
    • it is occurred when remote machine is OpenSSH and PKISSH client wrongly considers handling of SSH_AGENT_RFC6187_OPAQUE_ECDSA_SIGNATURE is needed for different signature format (not OpenSSH, but DER).
    • it is wrong because OpenSSH (or ssh-agent emulation of gpg-agent) never supports SSH_AGENT_RFC6187_OPAQUE_ECDSA_SIGNATURE flag and signature in DER format.
    • it is also wrong that it is PKISSH which supports SSH_AGENT_RFC6187_OPAQUE_ECDSA_SIGNATURE flag and signature in DER format, but actually not used by its server implementation.
• libgcrypt
• Gnuk in 2022
  • Curve448 support

Last week:

• Active Directory work

This week:

• Fix LDAP bugs lingering for 20 years or so.
• Finish global options for 2.2

Last week:

• Refactored GpgOL's attachment and e-mail encryption handling
  • Works well, but draft encryption is very broken and I don't know yet how to fix it.

This week:

• Some documentation work.
• Looking at the onboarding experience for new users. / Newcertificatewizard.
• More GpgOL. Fix draft encryption and make the encryption code more explicit.
  • It's currently too event driven, and the states are inconsistent.