Page MenuHome GnuPG
Feed All Stories

Today

bernhard added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

bug has been closed as Wontfix [..] I see no reason to continue the discussion in the bugtracker.

Fri, Jul 30, 5:23 PM · gnupg (gpg23), Feature Request
Laurent Montel <montel@kde.org> committed rLIBKLEO0608fbe45bc2: GIT_SILENT: allow to use specific installdir in cmakepreset (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: allow to use specific installdir in cmakepreset
Fri, Jul 30, 3:32 PM
Laurent Montel <montel@kde.org> committed rKLEOPATRA9de140ce41fc: GIT_SILENT: allow to use specific installdir in cmakepreset (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: allow to use specific installdir in cmakepreset
Fri, Jul 30, 3:31 PM
Laurent Montel <montel@kde.org> committed rLIBKLEO07693946bff1: GIT_SILENT: prepare 5.18.0 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.18.0
Fri, Jul 30, 2:45 PM
werner triaged T5538: gpg-agent's keytocard cmd should use a better default creation time. as Normal priority.
Fri, Jul 30, 1:24 PM · scd, gpgagent, gnupg (gpg23)
trooper added a comment to T4197: Can't change language of Kleopatra.

Can confirm this problem still exists in version 3.1.16. The context menu in Windows Explorer and some menu entries in Kleopatra are in the wrong language, while most of the application is in the correct language. This looks very messy.
Gpg4win and Kleopatra should not look at the date/format locale settings for the language, but at the actual Windows display language.

Fri, Jul 30, 1:08 PM · Bug Report, gpg4win
werner triaged T5537: Use CSIDL_LOCAL_APPDATA for the socketdir as High priority.
Fri, Jul 30, 12:50 PM · Windows, Restricted Project, gnupg (gpg22)
werner added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

This bug has been closed as Wontfix more than a year ago. I see no reason to continue the discussion in the bugtracker.

Fri, Jul 30, 9:20 AM · gnupg (gpg23), Feature Request
werner closed T5534: Public key block with Signature Key generates expired NIIBE Yutaka (GnuPG Release Key) as Resolved.

Well, the keys are not generated but public keys are imported. @gniibe's key has meanwhile expired but we keep it because it will allow users to verify some older source packages. An expired signature key is not an error but merely means that one should evaluate the meaning of the signature with more diligence.

Fri, Jul 30, 9:17 AM · www.gnupg.org, Support
werner created www.gnupg.org.
Fri, Jul 30, 9:16 AM
l10n daemon script <scripty@kde.org> committed rLIBKLEO39c10dd81d7f: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
Fri, Jul 30, 3:11 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRAace1bb63403c: GIT_SILENT made messages (after extraction) (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT made messages (after extraction)
Fri, Jul 30, 2:17 AM

Yesterday

dkg added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

I share your concerns about centralization of keyserver infrastructure. Rejecting this security fix doesn't help keep keyservers decentralized, though.

Thu, Jul 29, 9:27 PM · gnupg (gpg23), Feature Request
werner triaged T5536: Backport the extended gpg-check-pattern to 2.2 as Normal priority.
Thu, Jul 29, 12:37 PM · gnupg (gpg22)
werner committed rG7cdd06af4792: sm,w32: Fix Unicode problem on key box creation. (authored by werner).
sm,w32: Fix Unicode problem on key box creation.
Thu, Jul 29, 11:51 AM
werner committed rG73c03e023228: tools: Extend gpg-check-pattern. (authored by werner).
tools: Extend gpg-check-pattern.
Thu, Jul 29, 11:36 AM
aheinecke triaged T5535: Kleopatra: Check that accessibility is also supported for VS-NfD as High priority.
Thu, Jul 29, 11:09 AM · Restricted Project, kleopatra
Laurent Montel <montel@kde.org> committed rKLEOPATRAbcf717ebc8c8: GIT_SILENT: Prepare 21.08 rc (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 21.08 rc
Thu, Jul 29, 10:34 AM
Laurent Montel <montel@kde.org> committed rLIBKLEO195ecc4c51e5: GIT_SILENT: Prepare 21.08 rc (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 21.08 rc
Thu, Jul 29, 10:28 AM
DC0 updated the task description for T5534: Public key block with Signature Key generates expired NIIBE Yutaka (GnuPG Release Key).
Thu, Jul 29, 8:50 AM · www.gnupg.org, Support
DC0 created T5534: Public key block with Signature Key generates expired NIIBE Yutaka (GnuPG Release Key).
Thu, Jul 29, 8:48 AM · www.gnupg.org, Support
gniibe added a comment to T5520: Fix tests in FIPS mode.

As a start, I applied your patches.

Thu, Jul 29, 7:38 AM · FIPS, libgcrypt, Bug Report
gniibe committed rC0ab4e8063729: tests: Verify unsupported KDF tests fail in FIPS mode (authored by Jakuje).
tests: Verify unsupported KDF tests fail in FIPS mode
Thu, Jul 29, 7:38 AM
gniibe committed rC0f118c2dfb8e: cipher: Do not use of non-approved digests in FIPS mode (authored by Jakuje).
cipher: Do not use of non-approved digests in FIPS mode
Thu, Jul 29, 7:38 AM
gniibe committed rCd2a26b30b5db: tests: Expect the 192b ECDSA tests to fail in fips mode (authored by Jakuje).
tests: Expect the 192b ECDSA tests to fail in fips mode
Thu, Jul 29, 7:38 AM
gniibe committed rC6df523bfb095: tests: Skip secmem overflow test in FIPS mode (authored by Jakuje).
tests: Skip secmem overflow test in FIPS mode
Thu, Jul 29, 7:38 AM
gniibe committed rC83893f3f77da: tests: Transient DSA keys work in FIPS mode (authored by Jakuje).
tests: Transient DSA keys work in FIPS mode
Thu, Jul 29, 7:38 AM
gniibe committed rCa93d678fa5a3: tests: Generating DSA from domain should fail in FIPS mode (authored by Jakuje).
tests: Generating DSA from domain should fail in FIPS mode
Thu, Jul 29, 7:38 AM
gniibe committed rC302614833152: tests: Expect curves 25519/448 to fail in FIPS mode (authored by Jakuje).
tests: Expect curves 25519/448 to fail in FIPS mode
Thu, Jul 29, 7:38 AM
gniibe committed rCf56a33df60dc: tests: Do not expect GCM work in FIPS (authored by Jakuje).
tests: Do not expect GCM work in FIPS
Thu, Jul 29, 7:38 AM
gniibe committed rCaa1e9ebf8bdb: mac: Disable AES GMAC in FIPS mode (authored by Jakuje).
mac: Disable AES GMAC in FIPS mode
Thu, Jul 29, 7:38 AM
gniibe committed rC55dbac435c5b: tests: Skip unsupported mechanisms in FIPS mode (authored by Jakuje).
tests: Skip unsupported mechanisms in FIPS mode
Thu, Jul 29, 7:38 AM
gniibe claimed T5508: Allow hardware optimizations in FIPS.
Thu, Jul 29, 7:25 AM · Testing, FIPS, libgcrypt, Bug Report
gniibe changed the status of T5508: Allow hardware optimizations in FIPS from Open to Testing.
Thu, Jul 29, 7:25 AM · Testing, FIPS, libgcrypt, Bug Report
gniibe committed rC70e6cec07d86: hwfeatures: Enable hardware support also in FIPS mode. (authored by gniibe).
hwfeatures: Enable hardware support also in FIPS mode.
Thu, Jul 29, 7:25 AM
gniibe committed rC4a3e71403225: cipher: Support internal hashing for DSA and ECDSA signing. (authored by gniibe).
cipher: Support internal hashing for DSA and ECDSA signing.
Thu, Jul 29, 5:24 AM
gniibe changed the status of T5530: Add "prehash" support to DSA and ECDSA signing from Open to Testing.
Thu, Jul 29, 5:00 AM · Testing, FIPS, libgcrypt, Feature Request
gniibe changed the status of T5530: Add "prehash" support to DSA and ECDSA signing, a subtask of T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation, from Open to Testing.
Thu, Jul 29, 5:00 AM · FIPS, libgcrypt, Feature Request

Wed, Jul 28

aheinecke triaged T5533: Kleopatra: Raise window more agressively on Windows as High priority.
Wed, Jul 28, 6:43 PM · kleopatra, Restricted Project
ikloecker committed rPb0969ef692ac: qt: Check passphrase constraints before accepting passphrase (authored by ikloecker).
qt: Check passphrase constraints before accepting passphrase
Wed, Jul 28, 4:00 PM
ikloecker committed rP8f5d4532fbd6: Add support for passphrase constraints options and checkpin inquiry (authored by ikloecker).
Add support for passphrase constraints options and checkpin inquiry
Wed, Jul 28, 4:00 PM
bernhard added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

It is now over 10 months that the proponents of these additions have not followed up on the discussion.

Wed, Jul 28, 3:42 PM · gnupg (gpg23), Feature Request
werner closed T4791: Switch between PIV and OpenPGP app w/o reentering the PIN as Resolved.

Works for a long time now (unless we broke it again;-)

Wed, Jul 28, 3:21 PM · scd, yubikey
werner removed a parent task for T4694: manage first-party attestations: Unknown Object (Maniphest Task).
Wed, Jul 28, 3:20 PM · Keyserver, Feature Request
bernhard added a comment to T5250: macOS: gpgconf SIGSEGV when run via gpgme from the GUI application.

dlopen'ing of gpgme is NOT SUPPORTED. It is in general not a good idea to do this on standard Unix systems.

Wed, Jul 28, 11:08 AM · gpgme, MacOS, Bug Report
ikloecker triaged T5532: pinentry: Add support for checking passphrase constraints to pinentry-qt as Normal priority.
Wed, Jul 28, 10:10 AM · pinentry, Restricted Project
werner added a comment to T5250: macOS: gpgconf SIGSEGV when run via gpgme from the GUI application.

To extend on this: dlopen'ing of gpgme is NOT SUPPORTED. It is in general not a good idea to do this on standard Unix systems. On Windows we could make it work because DLLs on that platform are well designed and not a hack like the Unix shared objects.

Wed, Jul 28, 9:49 AM · gpgme, MacOS, Bug Report

Tue, Jul 27

aheinecke claimed T5250: macOS: gpgconf SIGSEGV when run via gpgme from the GUI application.

We really want thunderbird users that interact with GPGME to have a great and stable user experience, but the problem with dynamic loading and self compiled versions is that we cannot really know the build settings and enviornment and it is very time consuming to reproduce that. GPGME does some very low level things for optimized IPC that can depend on build options etc. This is why I am mostly in favor that thunderbird ships a defined version that we can debug and see the settings.

Tue, Jul 27, 4:47 PM · gpgme, MacOS, Bug Report
werner committed rM4b64774b6d13: core: Support closefrom also for glibc. (authored by Jiri Kucera <sanczes@gmail.com>).
core: Support closefrom also for glibc.
Tue, Jul 27, 12:27 PM
bernhard added a comment to T5250: macOS: gpgconf SIGSEGV when run via gpgme from the GUI application.

Reading the mozilla entry more carefully, there still seems to be an issue.

Tue, Jul 27, 10:58 AM · gpgme, MacOS, Bug Report
bernhard added a comment to T5250: macOS: gpgconf SIGSEGV when run via gpgme from the GUI application.

https://blog.gerv.net/2012/01/mozilla-projects-and-gpled-code/

@kaie, thanks for the pointer!

Tue, Jul 27, 10:27 AM · gpgme, MacOS, Bug Report
werner triaged T5531: dirmngr --validate broken for DER encoded files as Normal priority.
Tue, Jul 27, 7:59 AM · gnupg (gpg23), dirmngr, Bug Report

Mon, Jul 26

kaie added a comment to T5250: macOS: gpgconf SIGSEGV when run via gpgme from the GUI application.

BTW @kaie

Thunderbird cannot use anything requiring GPL in its default configuration, because Thunderbird wants to distribute a single MPL licensed package that includes all components that are required for OpenPGP.

Any pointer why, they have made that choice, though? A bundle of MPL and GNU GPL components is fully allowed by the licenses as far as I know.

Mon, Jul 26, 11:59 PM · gpgme, MacOS, Bug Report
tari3x added a comment to T2749: gpg --secret-keyring is silently ignored.

Sorry, I don't understand what you are trying to say, so let me give you some more detail.

Mon, Jul 26, 4:50 PM · Support, gnupg
ikloecker changed the status of T4950: pinentry: Add warning when capslock is on from Open to Testing.

@aheinecke Please test this on Windows

Mon, Jul 26, 3:44 PM · Restricted Project, pinentry
ikloecker moved T4950: pinentry: Add warning when capslock is on from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Mon, Jul 26, 3:43 PM · Restricted Project, pinentry
ikloecker added a project to T5528: pinentry-qt: Pinentry window not shown on Wayland: Wayland.
Mon, Jul 26, 3:42 PM · Wayland, Restricted Project, pinentry, Bug Report
ikloecker committed rP134f75516d95: Mention Caps Lock warning in NEWS file (authored by ikloecker).
Mention Caps Lock warning in NEWS file
Mon, Jul 26, 3:38 PM
ikloecker committed rP3e803ebf640e: qt: Add support for Caps Lock hint on Wayland (authored by ikloecker).
qt: Add support for Caps Lock hint on Wayland
Mon, Jul 26, 3:38 PM
ikloecker committed rPa074c90c78a6: qt: Differentiate unknown Caps Lock state from off state (authored by ikloecker).
qt: Differentiate unknown Caps Lock state from off state
Mon, Jul 26, 3:38 PM
fvogt added a comment to T3659: pinentry falls back to curses on wayland.

Huh, can't believe I somehow missed that this actually got a reply three years ago...

Mon, Jul 26, 2:50 PM · Wayland, Feature Request, pinentry
fvogt created T5531: dirmngr --validate broken for DER encoded files.
Mon, Jul 26, 2:43 PM · gnupg (gpg23), dirmngr, Bug Report
werner is attending E879: Weekly Standup.
Mon, Jul 26, 8:44 AM
werner closed T2749: gpg --secret-keyring is silently ignored as Resolved.

Everything in ~/.gnupg is and has always been private to gnupg unless explicitly stated otherwise.

Mon, Jul 26, 8:24 AM · Support, gnupg
gniibe added a comment to E879: Weekly Standup.

Last week:

Mon, Jul 26, 8:13 AM
gniibe is attending E879: Weekly Standup.
Mon, Jul 26, 8:05 AM

Sun, Jul 25

tari3x added a comment to T2749: gpg --secret-keyring is silently ignored.

For many years I was convinced that my secret keys are stored in an encrypted folder. The .keyring file was there, everything looked correct...

Sun, Jul 25, 8:11 PM · Support, gnupg

Sat, Jul 24

bernhard added a comment to T5250: macOS: gpgconf SIGSEGV when run via gpgme from the GUI application.

Using GPGME is probably the best way, even if gpgme-json might also work for some operations.

Sat, Jul 24, 4:52 PM · gpgme, MacOS, Bug Report

Fri, Jul 23

gniibe triaged T5530: Add "prehash" support to DSA and ECDSA signing as Normal priority.
Fri, Jul 23, 8:18 AM · Testing, FIPS, libgcrypt, Feature Request
gniibe committed rC877be1bf9df0: cipher: Support internal hashing for RSA-PSS. (authored by gniibe).
cipher: Support internal hashing for RSA-PSS.
Fri, Jul 23, 8:10 AM
gniibe committed rC285b4cb70df1: cipher: Extend RSA-PSS internal function for verify, too. (authored by gniibe).
cipher: Extend RSA-PSS internal function for verify, too.
Fri, Jul 23, 8:10 AM
gniibe committed rC652e115e10f2: cipher: Check by caller instead, not by callee for RSA-PSS. (authored by gniibe).
cipher: Check by caller instead, not by callee for RSA-PSS.
Fri, Jul 23, 8:10 AM
gniibe committed rC51307b1ceaa7: cipher: Extend RSA-PSS internal function. (authored by gniibe).
cipher: Extend RSA-PSS internal function.
Fri, Jul 23, 8:10 AM
gniibe updated the task description for T5529: Support internal hashing for RSA-PSS.
Fri, Jul 23, 7:36 AM · libgcrypt, Feature Request
gniibe updated the task description for T5529: Support internal hashing for RSA-PSS.
Fri, Jul 23, 7:22 AM · libgcrypt, Feature Request
gniibe triaged T5529: Support internal hashing for RSA-PSS as Normal priority.
Fri, Jul 23, 4:26 AM · libgcrypt, Feature Request
l10n daemon script <scripty@kde.org> committed rLIBKLEO30afaf452071: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
Fri, Jul 23, 3:38 AM

Thu, Jul 22

LRitzdorf added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password on small terminals.

It's worth noting that this issue is particularly impactful for devices with small screens whose sizes cannot be changed. A Raspberry Pi with an Adafruit touchscreen would almost certainly have issues, for example.
This also applies to mobile devices. For context, I use Termux on my Android phone, and this issue manifests there. I can enter the passphrase for an existing key and decrypt/sign with it, but any attempt to create a new key throws me into the same loop that the OP describes. (Interestingly, this happens whether or not I actually supply a new passphrase.)
Since I am on a mobile device in this scenario, my terminal dimensions are 56x115. I'm not familiar with the implementation details of GPG, but is there any chance we could fall back to a single-line, sudo-style password prompt if pinentry fails (or have pinentry fall back to that internally if the normal mode fails)? That should work on terminals of just about any size.
(As an additional note, I've also tried flipping into landscape orientation, hoping that would increase my screen width sufficiently. However, my keyboard then occupies most of the screen, and I receive the expected error message, gpg: agent_genkey failed: Screen or window too small.)

Thu, Jul 22, 4:24 PM · pinentry, Bug Report
ikloecker closed T5528: pinentry-qt: Pinentry window not shown on Wayland as Resolved.
Thu, Jul 22, 2:52 PM · Wayland, Restricted Project, pinentry, Bug Report
ikloecker moved T5528: pinentry-qt: Pinentry window not shown on Wayland from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Thu, Jul 22, 2:51 PM · Wayland, Restricted Project, pinentry, Bug Report
hajekj updated hajekj.
Thu, Jul 22, 1:18 PM
ikloecker committed rP9dd46926f8d5: qt: Fix showing of pinentry window on Wayland (authored by ikloecker).
qt: Fix showing of pinentry window on Wayland
Thu, Jul 22, 11:38 AM
ikloecker moved T5528: pinentry-qt: Pinentry window not shown on Wayland from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Thu, Jul 22, 11:29 AM · Wayland, Restricted Project, pinentry, Bug Report
ikloecker claimed T5528: pinentry-qt: Pinentry window not shown on Wayland.
Thu, Jul 22, 11:28 AM · Wayland, Restricted Project, pinentry, Bug Report
ikloecker created T5528: pinentry-qt: Pinentry window not shown on Wayland.
Thu, Jul 22, 11:28 AM · Wayland, Restricted Project, pinentry, Bug Report
ikloecker added a comment to T4950: pinentry: Add warning when capslock is on.

Implemented for X11 and Windows.

Thu, Jul 22, 10:01 AM · Restricted Project, pinentry
gniibe committed rC7f401b9748c4: doc: Fix a typo. (authored by gniibe).
doc: Fix a typo.
Thu, Jul 22, 9:57 AM
gniibe added projects to T5524: scd: serialize access of ctrl->card_ctx: Testing, gnupg (gpg23).
Thu, Jul 22, 4:38 AM · gnupg (gpg23), Testing, scd
gniibe changed the status of T5524: scd: serialize access of ctrl->card_ctx from Open to Testing.
Thu, Jul 22, 4:38 AM · gnupg (gpg23), Testing, scd
gniibe committed rG5c8124b8b955: scd: Small clean up for card access. (authored by gniibe).
scd: Small clean up for card access.
Thu, Jul 22, 4:23 AM
gniibe committed rG50ad29f9a72f: scd: Fix direct use of card with no ctrl->card_ctx. (authored by gniibe).
scd: Fix direct use of card with no ctrl->card_ctx.
Thu, Jul 22, 2:46 AM

Wed, Jul 21

bernhard closed T5525: Evolution cant work with gnupg as Resolved.
Wed, Jul 21, 6:21 PM · Bug Report
bernhard added a comment to T5525: Evolution cant work with gnupg .

ok i found it just add "trust-model always" in gpg.conf

Wed, Jul 21, 6:21 PM · Bug Report
ikloecker committed rPdeb97f3eb65f: Add support for formatted passphrase options (authored by ikloecker).
Add support for formatted passphrase options
Wed, Jul 21, 5:24 PM
ikloecker committed rPde7024156777: qt: Support passphrase formatting (authored by ikloecker).
qt: Support passphrase formatting
Wed, Jul 21, 5:24 PM
ikloecker committed rP8ad23d6f18ce: qt: Copy passphrase without separators to clipboard (authored by ikloecker).
qt: Copy passphrase without separators to clipboard
Wed, Jul 21, 5:24 PM
ikloecker committed rP85b180f1b014: qt: Show hint if passphrase is shown and formatting is enabled (authored by ikloecker).
qt: Show hint if passphrase is shown and formatting is enabled
Wed, Jul 21, 5:24 PM
ikloecker committed rP5a5a4de1a32e: qt: Select passphrase after generation (authored by ikloecker).
qt: Select passphrase after generation
Wed, Jul 21, 5:24 PM
ikloecker committed rP742462d8a4d1: qt: Enable passphrase generation (authored by ikloecker).
qt: Enable passphrase generation
Wed, Jul 21, 5:24 PM
ikloecker committed rPd875dba1cf87: qt: Keep selection when enabling/disabling passphrase formatting (authored by ikloecker).
qt: Keep selection when enabling/disabling passphrase formatting
Wed, Jul 21, 5:24 PM