Page MenuHome GnuPG
Create Task
Maniphest T7804

de-vs compliance not shown if also password encrypted
Testing, NormalPublic
Actions

Description

In de-vs compliance mode a DECRYPTION_COMPLIANCE_MODE status line should be emitted when compliant algos where used for encryption. However, if the data has also been encrypted with a password that status line is not emitted if OCB mode was used. The result is that for example kleopatra claims that the data was not compliant encrypted.

Revisions and Commits

rG GnuPG
rG9f30a5fd8cb7 gpg: Fix de-vs compliance with OCB and additional password.
rGd720c584f1f2 gpg: Make OCB mode compliant in de-vs mode.
rG6771ed4c1322 gpg: Fix de-vs compliance with OCB and additional password.
rGa73c88817ce2 gpg: Make OCB mode compliant in de-vs mode.

Event Timeline

werner triaged this task as Normal priority.Sep 3 2025, 3:48 PM
werner created this task.
werner created this object with edit policy "Contributor (Project)".
werner edited projects, added gnupg22; removed gnupg24.Sep 3 2025, 4:20 PM
werner moved this task from Backlog to WIP on the gnupg26 board.
werner added a comment.Sep 3 2025, 4:27 PM

In contrast to gnupg22 master did not proper show OCB compliance - not everything has yet been forward ported. But we can do so now and test master by setting GNUPG_ASSUME_COMPLIANCE=de-vs

werner added a commit: rGa73c88817ce2: gpg: Make OCB mode compliant in de-vs mode..Sep 3 2025, 4:32 PM
werner added a commit: rG6771ed4c1322: gpg: Fix de-vs compliance with OCB and additional password..
ebo added a project: vsd33.Tue, Sep 16, 2:54 PM
werner added a commit: rGd720c584f1f2: gpg: Make OCB mode compliant in de-vs mode..Tue, Sep 16, 3:29 PM
werner added a commit: rG9f30a5fd8cb7: gpg: Fix de-vs compliance with OCB and additional password..
werner changed the task status from Open to Testing.Tue, Sep 16, 3:31 PM
werner moved this task from Backlog to WiP on the gnupg22 board.

Backported to 2.2 but not yes tested with 2.2

ebo moved this task from Backlog to WiP on the vsd33 board.Wed, Sep 17, 8:45 AM
werner moved this task from WiP to QA on the gnupg22 board.Tue, Sep 23, 1:47 PM

2.2 test can be done with GnuPG-VS-Desktop-3.3.90.12-Beta-Standard.msi from Sep 17

ebo added a subscriber: ebo.Wed, Sep 24, 12:13 PM

Tested with VS-Desktop-3.3.90.12-Beta

The DECRYPTION_COMPLIANCE_MODE status line is now emitted for an VS-NfD compliant encryption with OCB mode, too

ebo moved this task from WiP to vsd-3.3.3 on the vsd33 board.Wed, Sep 24, 12:15 PM
ebo edited projects, added vsd33 (vsd-3.3.3); removed vsd33.
werner moved this task from QA to gnupg-2.2.49 on the gnupg22 board.Wed, Sep 24, 1:24 PM
werner edited projects, added gnupg22 (gnupg-2.2.49); removed gnupg22.
werner mentioned this in Unknown Object (Maniphest Task).Thu, Sep 25, 1:27 PM