Page MenuHome GnuPG
Create Task
Maniphest T6750

Kleopatra: Offer only compliant algorithms for key generation on smart cards in VSD
Closed, ResolvedPublic
Actions

Description

In VSD we do not want to offer key generation with non compliant algorithms.
At the moment the following are offered for Yubikeys (as an example):

As RSA 2048 will no longer be allowed from 2023-01-01 on, we should no longer show that. And not Curve 25519 either, which is currently not approved.

Details

Version
VS-Desktop-3.2.0.0-beta229/231

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEO3f240a0bab07 Add helpers for some lists of algorithms
rLIBKLEO0c14502add16 Add helpers for some lists of algorithms
rKLEOPATRA Kleopatra
rKLEOPATRA6492b380fde9 Offer only compliant algorithms when generating card keys

Related Objects

Event Timeline

ebo created this task.Oct 6 2023, 2:51 PM
ebo added a comment.Oct 6 2023, 3:40 PM

Choosing Curve 25519 results in a general error btw.

ebo added a comment.Oct 9 2023, 4:12 PM

This is probably a duplicate of T6325

ikloecker added a subscriber: ikloecker.Oct 9 2023, 5:26 PM

It isn't a duplicate. See T6325#176719.

aheinecke triaged this task as High priority.Oct 18 2023, 8:52 AM
aheinecke added a subscriber: aheinecke.

I tend to give this high priority since our SecOps state that the creation of non vs-nfd compliant keys is inhibited by our software by default (at least in the UI) I mean no one complained and it is not a regression but this should be fixed soonish. But this does not neccessarily mean before the next release.

ikloecker claimed this task.Oct 23 2023, 10:49 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker renamed this task from Kleopatra: do not offer all possible algorithms for key generation on smart cards in VSD to Kleopatra: Offer only compliant algorithms for key generation on smart cards in VSD.Oct 23 2023, 12:27 PM
ikloecker added a commit: rLIBKLEO0c14502add16: Add helpers for some lists of algorithms.Oct 25 2023, 10:12 AM
ikloecker added a commit: rKLEOPATRA6492b380fde9: Offer only compliant algorithms when generating card keys.
ikloecker changed the task status from Open to Testing.Oct 25 2023, 11:48 AM
ikloecker removed ikloecker as the assignee of this task.

Only compliant algorithms are offered when (re)generating single keys or all keys. In de-vs mode, Brainpool 256 is preselected if the smart card supports it. Otherwise, RSA 3072 is preselected.

mlaurent added a commit: rLIBKLEO3f240a0bab07: Add helpers for some lists of algorithms.Oct 25 2023, 1:30 PM
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Oct 30 2023, 4:06 PM
ikloecker added a project: vsd32.Oct 30 2023, 4:59 PM
ikloecker moved this task from Backlog to WiP on the vsd32 board.
ebo closed this task as Resolved.Oct 31 2023, 2:02 PM
ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

works

ebo moved this task from WiP to vsd-3.2.0 on the vsd32 board.Oct 31 2023, 2:02 PM
ebo edited projects, added vsd32 (vsd-3.2.0); removed vsd32.