Page MenuHome GnuPG

de-vs compliance not shown if also password encrypted
Testing, NormalPublic

Description

In de-vs compliance mode a DECRYPTION_COMPLIANCE_MODE status line should be emitted when compliant algos where used for encryption. However, if the data has also been encrypted with a password that status line is not emitted if OCB mode was used. The result is that for example kleopatra claims that the data was not compliant encrypted.

Event Timeline

werner triaged this task as Normal priority.Sep 3 2025, 3:48 PM
werner created this task.
werner created this object with edit policy "Contributor (Project)".
werner moved this task from Backlog to WIP on the gnupg26 board.

In contrast to gnupg22 master did not proper show OCB compliance - not everything has yet been forward ported. But we can do so now and test master by setting GNUPG_ASSUME_COMPLIANCE=de-vs

werner changed the task status from Open to Testing.Tue, Sep 16, 3:31 PM
werner moved this task from Backlog to WiP on the gnupg22 board.

Backported to 2.2 but not yes tested with 2.2

2.2 test can be done with GnuPG-VS-Desktop-3.3.90.12-Beta-Standard.msi from Sep 17

Tested with VS-Desktop-3.3.90.12-Beta

The DECRYPTION_COMPLIANCE_MODE status line is now emitted for an VS-NfD compliant encryption with OCB mode, too

ebo edited projects, added vsd33 (vsd-3.3.3); removed vsd33.
werner mentioned this in Unknown Object (Maniphest Task).Thu, Sep 25, 1:27 PM