Fri, May 29
Although this is a standard behaviour for Unix tools, you are right that it makes sense to tell the user about the problems. And well, the version info should not appear either.
The required libgpg-error 1.38 has now been released.
FYIL This is delayed because there are some dependencies to internals of gnupg.
Ok. However, I don't think that the fingerprint is really important. We can compute it anyway as long as we have the creation date. The keygrip is meanwhile more important but that is also easy to compute.
Perhaps, no change would be required.
My major concern is that: the data object for fingerprints C5 and C6 were defined as fixed-size 60-byte objects (and actually _is_ defined still in the current specification of 3.4), but it's 80-byte, which might cause problem(s).
Thu, May 28
Is there a blogpost or similar where the use of several smartcards following this improvement is explained to n00bs like me? :) For now all I find is this thread and some SE answers saying it does not work yet (https://security.stackexchange.com/questions/154702/gpg-encryption-subkey-on-multiple-smart-cards-issue) . If somebody could post a new answer on SE / write a small blog post or similar that would be great. Useful would be to have 1) from which versions and over is that available 2) how this works / how to use.
Why do you think that we need to care about the attestation key? Where possible I take in new code in account that we will have more OpenPGP keys, but right now I don't think that is makes sense to replace our data structures for that the 3 element arrays we currently use are okay for the 3 standard keys. We can latter see how to replace them. At one place I already introduced something new:
Here is a dump of my token (Yubikey 5.2.6). I used the new apdu command of gpg-card along with "undump | dumpasn1 -", which saves quite some time:
Hand parsing the data object content:
fa 82 01 e2 c1 06 010800001100 c1 06 010c00001100 c1 06 011000001100 c1 09 132a8648ce3d030107 c1 06 132b81040022 c1 06 132b81040023 c1 06 132b8104000a c1 0a 132b2403030208010107 c1 0a 132b240303020801010b c1 0a 132b240303020801010d c1 0a 162b06010401da470f01 c1 0b 162b060104019755010501 c2 06 010800001100 c2 06 010c00001100 c2 06 011000001100 c2 09 122a8648ce3d030107 c2 06 122b81040022 c2 06 122b81040023 c2 06 122b8104000a c2 0a 122b2403030208010107 c2 0a 122b240303020801010b c2 0a 122b240303020801010d c2 0a 162b06010401da470f01 c2 0b 162b060104019755010501 c3 06 010800001100 c3 06 010c00001100 c3 06 011000001100 c3 09 132a8648ce3d030107 c3 06 132b81040022 c3 06 132b81040023 c3 06 132b8104000a c3 0a 132b2403030208010107 c3 0a 132b240303020801010b c3 0a 132b240303020801010d c3 0a 162b06010401da470f01 c3 0b 162b060104019755010501 da 06 010800001100 da 06 010c00001100 da 06 011000001100 da 09 132a8648ce3d030107 da 06 132b81040022 da 06 132b81040023 da 06 132b8104000a da 0a 132b2403030208010107 da 0a 132b240303020801010b da 0a 132b240303020801010d da 0a 162b06010401da470f01 da 0b 162b060104019755010501
And here is (raw) dump of the data object FA:
Here is the dump of "Application Related Data" (6E):
6e 82 01 47 4f 10 d2760001240103040006106160490000 5f 52 08 00730000e0059000 7f 74 03 810120 73 82 01 20 c0 0a 7d000bfe080000ff0000 c1 0b 162b06010401da470f0100 c2 0c 122b06010401975501050100 c3 0b 162b06010401da470f0100 da 06 <-------------------------------------- This is algorithm attributes for Attestation key (Yubikey specific) 010800001100 c4 07 ff7f7f7f030003 c5 50 eeeed1b50b1b1d9c669033fe019e94a27992b44c d00b630fdcb5c4397d5ffbd69aa68a3ff9f8ed10 1b2a3d46f4f0c5afd0115e7eb858d476daf64cdb 0000000000000000000000000000000000000000 <--- This appears to be fingerprint of Attestation key c6 50 0000000000000000000000000000000000000000 0000000000000000000000000000000000000000 0000000000000000000000000000000000000000 0000000000000000000000000000000000000000 <--- This appears to be fingerprint of some key related to Attestation key??? cd 10 5e58b1e65e58b1c55e58b1f900000000 de 08 0102020203028102 7f 66 08 02020bfe02020bfe d6 02 0020 d7 02 0020 d8 02 0020 d9 02 0020
Wed, May 27
In the SOS branch, rG1c4291c3951d: ecc-sos: Add special leading zero octet removal. should be reverted.
Instead, the S_KEY should be fixed up in read_key_file in findkey.c,
and merge_lists in protect.c.
(Then, no need to be fixed up in extract_private_key.)
I observe the same problem since I installed gpg4win 3.1.11 (german) in Outlook, Office Professional Plus 2019, Version 2004: Occasionally "zero byte mails" are sent by replying to an s/mine certified and encrypted mail. In my case the option s/mine support is disabled in GpgOL menu.
GnuTLS seems to have some CMS support; see https://gitlab.com/gnutls/gnutls/-/issues/227 .
Exactly same problem is there in libgcrypt.
In the definitions of curves, it uses negative constant internally in some specific places, but for other parts, we have same problems.
Tue, May 26
I should concentrate the case of ECC, in particular, ECC with modern curves.
Removing leading zero from RSA/ECC/ELGamal assuming unsigned integer would result more work.
In libgcrypt, we have another problem of GCRYSEXP_FMT_ADVANCED formatting, which is used by gpg-agent of GnuPG 2.3 with name-value list.
Confusingly, in the SSH specification, it is signed MPI.
Mon, May 25
- Just two days for me; code cleanup, release of libksba 1.4
- Last week
- Got newer Intel NUC for family (all went well with Debian testing except Wi-Fi blob, newer firmware from kernel.org works fine)
- Created T4954: SOS representation and improvements in GnuPG
- still we have problems
- T4934: Returning automatic variable buffer from a function
- it is unused code for dimngr, but static analysis complains
- ECDH clean up / factoring out functions
- This week
- continue on ECDH
There are more places for clean up in GnuPG.
While "MPI" in OpenPGP specification is based on unsigned integer, the default "MPI" handling of GnuPG/Libgcrypt is signed. This difference matters internally.
Formatting by "%m" with libgcrypt, it may result prefixed by 0x00 (so that it represents unsigned value, even if scanned as signed).
And because of this, existing private keys in private-keys-v1.d may have this leading zero-byte.
But the counting bits don't count this byte.
Fri, May 22
@aheinecke what is the process of new translation adding?