Page MenuHome GnuPG
Create Task
Maniphest T7804

de-vs compliance not shown if also password encrypted
Testing, NormalPublic
Actions

Description

In de-vs compliance mode a DECRYPTION_COMPLIANCE_MODE status line should be emitted when compliant algos where used for encryption. However, if the data has also been encrypted with a password that status line is not emitted if OCB mode was used. The result is that for example kleopatra claims that the data was not compliant encrypted.

Revisions and Commits

rG GnuPG
rG9f30a5fd8cb7 gpg: Fix de-vs compliance with OCB and additional password.
rGd720c584f1f2 gpg: Make OCB mode compliant in de-vs mode.
rG6771ed4c1322 gpg: Fix de-vs compliance with OCB and additional password.
rGa73c88817ce2 gpg: Make OCB mode compliant in de-vs mode.

Related Objects

Event Timeline

werner triaged this task as Normal priority.Sep 3 2025, 3:48 PM
werner created this task.
werner created this object with edit policy "Contributor (Project)".
werner edited projects, added gnupg22; removed gnupg24.Sep 3 2025, 4:20 PM
werner moved this task from Backlog to WIP on the gnupg26 board.
werner added a comment.Sep 3 2025, 4:27 PM

In contrast to gnupg22 master did not proper show OCB compliance - not everything has yet been forward ported. But we can do so now and test master by setting GNUPG_ASSUME_COMPLIANCE=de-vs

werner added a commit: rGa73c88817ce2: gpg: Make OCB mode compliant in de-vs mode..Sep 3 2025, 4:32 PM
werner added a commit: rG6771ed4c1322: gpg: Fix de-vs compliance with OCB and additional password..
ebo added a project: vsd33.Sep 16 2025, 2:54 PM
werner added a commit: rGd720c584f1f2: gpg: Make OCB mode compliant in de-vs mode..Sep 16 2025, 3:29 PM
werner added a commit: rG9f30a5fd8cb7: gpg: Fix de-vs compliance with OCB and additional password..
werner changed the task status from Open to Testing.Sep 16 2025, 3:31 PM
werner moved this task from Backlog to WiP on the gnupg22 board.

Backported to 2.2 but not yes tested with 2.2

ebo moved this task from Backlog to WiP on the vsd33 board.Sep 17 2025, 8:45 AM
werner moved this task from WiP to QA on the gnupg22 board.Sep 23 2025, 1:47 PM

2.2 test can be done with GnuPG-VS-Desktop-3.3.90.12-Beta-Standard.msi from Sep 17

ebo added a subscriber: ebo.Sep 24 2025, 12:13 PM

Tested with VS-Desktop-3.3.90.12-Beta

The DECRYPTION_COMPLIANCE_MODE status line is now emitted for an VS-NfD compliant encryption with OCB mode, too

ebo moved this task from WiP to vsd-3.3.3 on the vsd33 board.Sep 24 2025, 12:15 PM
ebo edited projects, added vsd33 (vsd-3.3.3); removed vsd33.
werner moved this task from QA to gnupg-2.2.49 on the gnupg22 board.Sep 24 2025, 1:24 PM
werner edited projects, added gnupg22 (gnupg-2.2.49); removed gnupg22.
werner mentioned this in Unknown Object (Maniphest Task).Sep 25 2025, 1:27 PM
werner mentioned this in T7869: Release GnuPG 2.5.14.Wed, Oct 22, 2:18 PM
werner mentioned this in T7801: Release GnuPG 2.5.13.Wed, Oct 22, 2:21 PM
werner moved this task from WIP to QA on the gnupg26 board.Wed, Oct 22, 2:26 PM