Page MenuHome GnuPG
Feed Advanced Search

Jan 17 2014

dranft added projects to T1605: Wrong expire date on keyserver lookup with gpg.exe: gnupg (gpg20), gnupg, Bug Report, Keyserver.
Jan 17 2014, 10:40 AM · Keyserver, gnupg, gnupg (gpg20)
dranft added a comment to T1605: Wrong expire date on keyserver lookup with gpg.exe.

Jan 17 2014, 10:40 AM · Keyserver, gnupg, gnupg (gpg20)
dranft set Version to 2.0.21 on T1605: Wrong expire date on keyserver lookup with gpg.exe.
Jan 17 2014, 10:40 AM · Keyserver, gnupg, gnupg (gpg20)

Dec 24 2013

perske added projects to T1590: dirmngr with libgcrypt 1.6.0 forgets to initialize pth properly: gnupg (gpg20), libgcrypt, Bug Report.
Dec 24 2013, 1:58 AM · In Progress, dirmngr, Bug Report, gnupg (gpg20)

Jul 16 2013

werner added a comment to T1509: gnupg2 (gpg-agent): Disable producing of core dumps for gpg-agent via prctl(PR_SET_DUMPABLE, 0) as ssh-agent does.

What is the threat model for this? If you are able to ptrace a process you can
do all other kind of stuff, like replacing gpg with your own code. If the box
has been taken over, we are in game-over state.

Disabling core dumps is a different issue because a core dump leaves traces of
the process on the disk.

Jul 16 2013, 1:17 PM · gnupg, Debian, gnupg (gpg20), Feature Request, gpgagent

Jul 12 2013

gniibe added a comment to T1509: gnupg2 (gpg-agent): Disable producing of core dumps for gpg-agent via prctl(PR_SET_DUMPABLE, 0) as ssh-agent does.

I think that original reporter's intention is to prevent attaching by ptrace.
By PR_SET_DUMPABLE disabled, ptrace PTRACE_ATTACH won't work any more.
This would be better if we care about kernel compatibility.
In http://bugs.debian.org/714107, I found that setrlimit64 doesn't work reliably
for 2.6.34 or older. PR_SET_DUMPABLE seems to work for even 2.4.x.

Jul 12 2013, 2:15 PM · gnupg, Debian, gnupg (gpg20), Feature Request, gpgagent

Jul 1 2013

werner closed T1401: ecdsa ssh keys and gpg-agent's ssh-agent emulation as Resolved.
Jul 1 2013, 9:03 PM · ssh, gpgagent, Feature Request, gnupg (gpg20), gnupg
werner added a comment to T1401: ecdsa ssh keys and gpg-agent's ssh-agent emulation.

I just backported the new ssh-agent code from master to the 2.0 branch. Thus
2.0.21 will have this support.

Jul 1 2013, 9:03 PM · ssh, gpgagent, Feature Request, gnupg (gpg20), gnupg

Jun 20 2013

iankko added a comment to T1509: gnupg2 (gpg-agent): Disable producing of core dumps for gpg-agent via prctl(PR_SET_DUMPABLE, 0) as ssh-agent does.

Hello Werner,

Jun 20 2013, 1:03 PM · gnupg, Debian, gnupg (gpg20), Feature Request, gpgagent

Jun 19 2013

werner added a comment to T1509: gnupg2 (gpg-agent): Disable producing of core dumps for gpg-agent via prctl(PR_SET_DUMPABLE, 0) as ssh-agent does.

GnuPG uses setrlimit do disable core dumps. It has always done so. See
common/sysutils.c:disable_core_dumps. Do you have a test case which shows that
it does not work?

Jun 19 2013, 11:11 PM · gnupg, Debian, gnupg (gpg20), Feature Request, gpgagent
iankko added projects to T1509: gnupg2 (gpg-agent): Disable producing of core dumps for gpg-agent via prctl(PR_SET_DUMPABLE, 0) as ssh-agent does: gpgagent, Feature Request, gnupg (gpg20), Debian, gnupg.
Jun 19 2013, 3:00 PM · gnupg, Debian, gnupg (gpg20), Feature Request, gpgagent

May 18 2013

timfriske added a comment to T1501: Public part of a R4096(S)-Subkey lost when imported from an armored backup file..

In order to work around this potential bug I do the following at the moment:

  1. Store: (a) Export the ASCII-armored *secret* key together with its subkeys. (b) Export the ASCII-armored *public* key together with its subkeys.
  1. Restore: (a) Import the ASCII-armored *public* key together with its subkeys. (b) Import the ASCII-armored *secret* key together with its subkeys.

The actions [1.(b)] and [2.(a)] should not be necessary if there was not this
potential bug.

May 18 2013, 7:25 PM · Won't Fix, Bug Report, gnupg, gnupg (gpg20), gnupg (gpg14)
timfriske added a comment to T1501: Public part of a R4096(S)-Subkey lost when imported from an armored backup file..

I further tried to find the action that causes the potential bug with an another
test key as follows:

  1. Create a certify-only RSA4096 primary key.
  1. Store the public keyring with: (a) cp ~/.gnupg/pubring.gpg{,XXX}
  1. Export the secret key to an ASCII-armored file with: (a) gpg -v --status-fd 1 --armor --output 0xEEE9979BE8C80E95.pub.asc.txt --

export 0xEEE9979BE8C80E95

  1. Export the public key to an ASCII-armored file with: (a) gpg -v --status-fd 1 --armor --output 0xB6BF97893ACA0C17.pub.asc.txt --

export 0xB6BF97893ACA0C17

  1. Delete the public and secret key with: (a) gpg --delete-secret-and-public-keys 0xEEE9979BE8C80E95
  1. Import the secret key from an ASCII-armored file with: (a) gpg -v --status-fd 1 --armor --import 0xEEE9979BE8C80E95.sec.asc.txt
  1. Compare the previously stored public key against the new one with: (a) diff -q ~/.gnupg/pubring.gpg{,XXX}
  1. Repeat action 1. to 7. by: (a) Adding a sign-only RSA4096 subkey. (b) Adding a encrypt-only RSA4096 subkey. (c) Change the expiry date of the encrypt-only RSA4096 subkey.

ERROR: *Changing the expiry date*, exporting, purging, importing the primary key
with its 2 subkeys makes the first sign-only RSA4096 subkey disappear from the
pubring.gpg file but not from the secring.gpg file.

May 18 2013, 6:42 PM · Won't Fix, Bug Report, gnupg, gnupg (gpg20), gnupg (gpg14)
timfriske set Version to 1.4.13, 2.0.19 on T1501: Public part of a R4096(S)-Subkey lost when imported from an armored backup file..
May 18 2013, 4:46 PM · Won't Fix, Bug Report, gnupg, gnupg (gpg20), gnupg (gpg14)
timfriske added projects to T1501: Public part of a R4096(S)-Subkey lost when imported from an armored backup file.: Cross-Compiler, gnupg (gpg14), gnupg (gpg20), gnupg, Bug Report.
May 18 2013, 4:46 PM · Won't Fix, Bug Report, gnupg, gnupg (gpg20), gnupg (gpg14)

Apr 18 2012

werner added a project to T1401: ecdsa ssh keys and gpg-agent's ssh-agent emulation: gnupg.
Apr 18 2012, 12:06 PM · ssh, gpgagent, Feature Request, gnupg (gpg20), gnupg

Apr 10 2012

bluescreen303 added a comment to T1401: ecdsa ssh keys and gpg-agent's ssh-agent emulation.

Would be great to have included if 2.1 is the ecc release.

I would love to just have 1 agent for everything.

Apr 10 2012, 9:26 PM · ssh, gpgagent, Feature Request, gnupg (gpg20), gnupg
werner added a comment to T1401: ecdsa ssh keys and gpg-agent's ssh-agent emulation.

There is no ECC support for the agent, yet. The ssh protocol is different from
the OpenPGP Protocol. It should be easy to add support, though.

Apr 10 2012, 8:04 PM · ssh, gpgagent, Feature Request, gnupg (gpg20), gnupg

Apr 8 2012

bluescreen303 added projects to T1401: ecdsa ssh keys and gpg-agent's ssh-agent emulation: gnupg (gpg20), Feature Request, gpgagent, ssh.
Apr 8 2012, 9:16 AM · ssh, gpgagent, Feature Request, gnupg (gpg20), gnupg