Thank you! All set.

I would not consider this a bug. sshcontrol is used to enable certain keys for
use with ssh. Updating keys is useless if they are already available.

If you remove the keys from sshcontrol you disable them. I would suggest to put
a '!' in front of the keygrip instead of deleting the line in sshcontrol. This
allows to re-enable a key w/o problems.

Thanks for testing 2.1 and for reporting the results.
Good to know that it works now.

There are still problems with libtool; see recent Debian problems on building
gnupg for Windows. Thus we won't chnage libtool for 1.7.0.

That works.
Thanks for your kind support.

OK, thanks for the response Werner. Perhaps this bug then is to update the website
docs to reflect what I gather may be big changes to this feature as compared to earlier
gnupg releases.

It seems that everything that can be found here (the best source I have found for using
gnupg w/ DNS) is now outdated and will no longer work:
http://gushi.org/make-dns-cert/HOWTO.html

I wanted to learn more about the new changes but I was only able to find the following
references which I'll document here in case someone else comes across it.
Unfortunately, I won't be able to test out the new method as I don't run my own bind
server and like many of us rely on a DNS provider that doesn't allow me to create the
form of DNS record output by --print-pka-records.

I only found three references to the new '--print-pka-records':

2.1.3 Announce:
https://lists.gnupg.org/pipermail/gnupg-announce/2015q2/000365.html

"* gpg: New option --print-pka-records. Changed the PKA method to use

   CERT records and hashed names."

gnupg docs:
https://www.gnupg.org/documentation/manuals/gnupg/GPG-Input-and-Output.html

"--print-pka-records
Modify the output of the list commands to print PKA records suitable to put into DNS
zone files. An ORIGIN line is printed before each record to allow diverting the records
to the corresponding zone file."

And finally an announcement from you in gnupg-devel from last year where you state that
all of the old functionality for PKA has been removed and replaced with something
entirely new (which is just for key 'validation' and not for key installation?):
http://marc.info/?l=gnupg-devel&m=142488047809150&w=2

Sorry that there has been no response on this but we did not have time to work
on gpgOL.

GpgOL for Outlook 2003 is no longer maintained and support for this in gpg4win
is likely to be dropped soonish.

I'm closing this as nobug to help us clean up the bugtracker. The word editor is
not supported in Outlook 2003 and we will not add support for this. Sorry.

Uhm five years and not reply ;-) Sorry but we did not have much time to work on
GpgOL and the little time we had we spent on Outlook 2010 and later (which is a
different codebase)

The code for 2003 and 2007 is still basically unmaintained. We are looking into
the possibility to remove 2003 support and use the 2010 and later codebase for
2007, too. From your debug output it looks like you are using exchange. This is
not supported for the < 2010 addon. (It is supporeted in the current development
version that will be part of gpg4win 3.0.0)

So you can either switch to Outlook 2010 or later (and for now use the gpg4win
3.0.0 test version) ( https://wiki.gnupg.org/Gpg4win/Testversions ) or hope that
we will enable that codebase for 2007, too.

Sorry that I am marking this as nobug but we will not fix this for 2007 only and
in later versions it already works.

Oh, I was not aware of that bug and disabled S/MIME by default in the current
development version.

I'll make the default depending on the Outlook version.

If you check the do-while above you will notice that after the loop LINE is
guaranteed to always end with a LF. Thus strpbrk will always succeed.

I'm marking this issue as resolved.

Pretty old. We should re-evaluate this for the 1.7 release.

For the record Rolf Eike Beer still maintains KGpg (I was not aware of this when
i wrote T2048 (aheinecke on Aug 28 2015, 10:54 PM / Roundup))
And he is planning to port it to Qt5.
See: https://mail.kde.org/pipermail/kde-community/2015q3/001651.html

Please leave this issue closed here. This bug either belongs in the Fedora
Bugtracker or in KDE's bugtracker.

On 6 November, there was finally some movement on the 22 July Bug I filed at:

https://bugzilla.redhat.com/show_bug.cgi?id=1245732

Rex Dieter provided the underlying explanation of the KGpg autostart failure on
Fedora 22 (or newer) systems:

He stated:

"Simple reason is that plasma5 doesn't support kde4 apps' use of
X-KDE-Autostart-condition"

Note: Rex is also developing/testing a patch to address this plasma5
shortcoming for Fed 22 systems.

Importantly, and as I had suspected and alluded to, this plasma5 lack of support
explains why the KGpp failure to autostart occured *only* on my Fed 22 systems,
and did not impact any of the other KDE operating systems I use.

I have upgraded all my Fed 22 systems to Fed 23, where the KGpg autostart
currently continues to persist. I have documented the workaround in the Bug
report linked above for anyone impacted. This workaround also works in Fed 23.

Hopefully, this issue will be fully resolved in the next Fedora-approved release
of KGpg.

Fixed in 6897bbf.

$ gpg2 --multifile --sign --encrypt-files /tmp/foo /tmp/bar
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: --sign --encrypt does not yet work with --multifile

This support request appears to be resolved. Closing.

Sure. The issue of consistency across translations is just nitpicking.

The issue of parsing is solved as +notabug for gnupg, since the bug was actually in
ZSh - and is now fixed. Even in older Zsh version can be avoided by decoupling stdin
and stderr in the parsing, basically using --status-fd. I should have done that in the
first place. Apologies for emphasizing this here, as Gnupg offers all the correct
facilities to decouple the output streams.

Unrelated with the issue above, I still think that normalization of white-space usage
across different translations would be an improvement, but since doing it requires a
semantic analysis that is contextual to the language, its quite hard to realize now.
Perhaps a good idea that documentation for translators include a note about white-
space usage. But again, this is nitpicking. Feel free to close the issue.

I fully agree and I can only repea: Do not parse the output intended for humans
but use the --status-fd option. There is no excuse in not doing so.

Using PC/SC, I believe that you can revive your cards.

Please see:
https://lists.gnupg.org/pipermail/gnupg-devel/2013-March/027518.html
https://lists.gnupg.org/pipermail/gnupg-devel/2013-March/027519.html

I laughed when I first read aheinecke's comments, at least right up until the
moment the gravity of the 'unmaintained upstream' hit me!

The Bug I filed on 22 July at: https://bugzilla.redhat.com/show_bug.cgi?id=1245732

has gone exactly nowhere, in a hurry, despite being assigned to Ngo Than.

In any event, another Fedora Forum user and I tracked down the root cause ourselves.

I can confirm this KGpg failure to autostart is *NOT* in any way related to GnuPG.

I have already documented how to cause, and how to avoid, this KGpg autostart
failure in this thread: http://forums.fedoraforum.org/showthread.php?t=305604

Hint: If you are interested, read page 2 of ^that thread first, for a summary,
and a reproducible testing procedure.

aheinecke: Kleopatra was, and is, a 'thing' of beauty! ;-3

Duplicate of T2000

This was causing some other problems so it got treated as a bug in T2000 it
is fixed in the latest 2.0 and 2.1 releases.

This is on purpose. By looking at all kind of different places you would get
whatever version is installed there and run into trouble figuring out how to
update it. Thus if your gpg-error is installed at a different place you should use

  ./configure --with-gpg-error-prefix=/usr

to tell configure to use the system provide libgpg-error. In general it is
better to use the latest libgpg-error, though.

Based on aheinecke's comments I'm closing this.

c) Run gpg-agent under gdb
d) Run a modified gpg-agent (rm ~/S.gpg-agent; my-gpg-agent --daemon)
e) Hook into the tty and use pinentry-curses
f) scp ~/.gnupg/private-keys-v1.d/* mybox: and sniff the passphrase.

so far, the proposed mechanisms for getting at gpg-agent's memory from a peer
process running as the same user are:

a) ptrace (e.g. via /usr/bin/gcore or /usr/bin/strace)
b) /proc/$PID/mem, which is owned by the user and mode 0600

DarkStarSword's patch effectively closes (a) (by rejecting ptrace connections)
and appears on my GNU/Linux system to close (b) as well: /proc/$PID/mem is
root-owned when the patch is applied instead of being user-owned.

Are there other channels for per-process memory access that we should be
thinking about?

I agree with Werner and Neal that the UNIX model is probably insufficient to
close all the holes easily, but i also don't think that's a good reason to avoid
closing those holes we can close.

If there are other ways that another process by the same user can get at the
RAM, please point them out and i'll look into ways to address them too.

In the meantime, i'll also look into ways to facilitate running the process as a
separate user account entirely.

I am closing this.

BTW: I can't share DarkStarSword's fear about prioritizing ease of debugging
over security - I would never do that for a real security problem; Neal and me
both explained why this proposed fix does can't help against an attack.

D128: 666_0003-Avoid-simple-memory-dumps-via-ptrace.patch

I'm going to introduce the prctl(SET_DUMPABLE, 0) change to main in
agent/gpg-agent.c in the debian 2.1.x series as of 2.1.7-1, using the patch i'm
attaching here.

I make no representations that this solves all possible memory leakages, but it
does address one specific and relatively straightforward attack.

As to Werner's legitimate concerns about making debugging harder, there remain
at least two options: ptrace as the superuser, and launching gpg-agent itself
under gdb directly.

If this experiment proves disastrous somehow (i'm not seeing how), we can always
revert the patch.

Glad I was able to help get one bug fixed at least :)

The in-memory encryption will definitely help in this scenario (that is, a
casual attack by e.g. a colleague or another student having a laugh as their
friend left their screen unlocked... real attack - I should know, I've done it,
and had it done to me, as had several of my friends back in uni (to be fair -
that was on Firefox password manager, but it could just as easily have been
gpg-agent)... This is not about stopping a motivated attacker with physical
access to the system as they could always subvert the system in other ways e.g.
adding a shell alias to run a trojaned gpg-agent instead of the real thing,
install a key logger, etc).

I'm still not super happy that a casual attacker could walk away with a core
file containing the encrypted passphrase and the key to decrypt it. What started
as a casual attack for a laugh could later transform into a more serious attack
given that they can hold onto this information indefinitely. I'm not a motivated
attacker, but that would tempt the hell out of me if I was even slightly so
inclined. I should know, because I've been in a similar situation in the past
where I obtained an unshadowed passwd file (through a purely casual attack when
I was looking up a friend's uid and discovered the passwd file was not
shadowed... so of course I made a copy). I could have left it alone, but it
tempted the hell out of me and I ended up running john over it for two straight
weeks (never did much with the result, but that's not the point)!

I would hope that the developers of any security product learns to think like an
attacker.

I must say I am deeply troubled by the priority seeming to be on the ease of
debugging a security product which has the sole purpose of keeping a passphrase
safe. As the saying goes security is always a trade-off, but given that
gpg-agent is a security product and not a word processor, this particular trade
off does not sit right with me. I would expect the development team to have root
access on their own systems, which avoids the issue as the root user can always
attach a debugger with or without this change - is there truly a reason that
they need to attach to a running gpg-agent on a system they don't have root on?
And what about the thousands of gpg-agents running on other systems in the wild
that should never need to attach a debugger (and if they do... sudo)?

The information about FIPS mode and SELinux is good to know, at least for people
running distributions that support and enable them by default. But from what I
can gather FIPS mode is a RHEL only feature (I may be wrong - I'm not all that
familiar with it), and SELinux is still either not enabled, or in permissive
mode in many distributions by default (including Debian and Ubuntu).

As I mentioned in the original report, an alternative way to protect the memory
of gpg-agent is to install it with the setgid bit set (ssh-agent does both the
prctl() and setgid for example - now there's some developers I applaud). Unlike
SELinux and FIPS mode this works in every distribution and has been supported
for donkeys years.

This identified another bug: To be prepared for FIPS evaluation,
gpg-agent does not store the cached passphrases in the clear but
encrypts them in memory. Right this is security by obscurity but if
we ever have a way to store that key in a secured RAM (e.g. TPM, ARM
TrustZone) we can indeed limit the time a passphrase is available in
the clear to the period it is really needed. This all seems to work
but your tests shows that libassuan does not clear its internal line
buffers so that you can actually find the passphrase in the core
file. I just pushed a fix for this.

IIRC, FIPS mode in Linux inhibits all access to process memory system
wide. Changing this just a for a single user process does not make
much sense.

Further, being able to attach to a running processing is one of the
best debug methods we have. Giving up on this without for a perceived
extra protection is not going to work. There are too many ways to get
the passphrase using other ways. Linux can't protect a user to get
data belonging to him. Iff gpg-agent were a system daemon things
would be different and extra protection would make sense as a
fallback.

Without this I can do gcore pidof gpg-agent and QUITE CLEARLY see my
passphrase in the produced dump:

ian@draal~ [i]> gcore (pidof gpg-agent)
0x00007fb8f8849293 in __select_nocancel () at

../sysdeps/unix/syscall-template.S:81

81      ../sysdeps/unix/syscall-template.S: No such file or directory.
warning: target file /proc/1560/cmdline contained unexpected null characters
warning: Memory read failed for corefile section, 8192 bytes at 0x7ffce0a12000.
Saved corefile core.1560
0x00007f2dd583c293 in __select_nocancel () at

../sysdeps/unix/syscall-template.S:81

81      ../sysdeps/unix/syscall-template.S: No such file or directory.
warning: target file /proc/1540/cmdline contained unexpected null characters
warning: Memory read failed for corefile section, 8192 bytes at 0x7ffccfbe3000.
Saved corefile core.1540
ian@draal~ [i]> strings core.1560 | grep pass
passwd
This is my ultra secure passphrase - I definitely expect any program that

manages this to take reasonable steps to keep it safe even if I accidentally
leave my screen unlocked one day!

Invalid passphrase; please try again
You need a passphrase to unlock the secret key for user:%0A"test123

<test@test.com>"%0A2048-bit RSA key, ID DE3A7EAB, created 2015-08-06 (main key
ID F459B571)%0A

    SETERROR Invalid passphrase; please try again
    his is my ultra secure passphrase - IQ
    ian@draal~ [i]>

With this one line change I cannot do the above - that's the definition of
reducing the attack surface last time I checked.

You absolutely can still use gdb to debug it - you just have to start it under
gdb as opposed to attaching to an existing process, or attach the debugger as
root. You could also just disable the syscall in a debug build.