In T4618#128103, @wiktor-k wrote:I'm left wondering: are there cases where OPENPGPKEY would be preferred over WKD?
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Aug 6 2019
Aug 6 2019
mejo added a comment to T4618: DANE OpenPGP certificate retrieval does not verify DNSSEC signatures.
aheinecke closed T4671: https://files.gpg4win.org/README-3.1.10.en.txt has German section `New` as Resolved.
Fixed now, both in the repo and on the file server. Thanks for noticing.
Fix english readme
aheinecke added a comment to T4671: https://files.gpg4win.org/README-3.1.10.en.txt has German section `New`.
I really need to automate things more for a release there is just too much copy and pasting involved where mistakes can happen.
Fix 3.1.10 announcement switch to EN
• gniibe committed rMb97434fbf087: json: Fix t-decrypt-verify.out for GnuPG >= 2.3. (authored by • gniibe).
json: Fix t-decrypt-verify.out for GnuPG >= 2.3.
• gniibe committed rGf588dd8d1766: common: Fix line break handling, finding a space. (authored by • gniibe).
common: Fix line break handling, finding a space.
• gniibe committed rGd8a49bbcd1b1: gpg: Don't report NO_SECKEY for valid key. (authored by • gniibe).
gpg: Don't report NO_SECKEY for valid key.
Aug 5 2019
Aug 5 2019
• werner triaged T4666: gpg --delete-secret-keys: excessive and unclear prompting, surprising outcomes as Low priority.
• werner triaged T4665: gpg --delete-key of subkey leaves dangling subkey binding signature as Normal priority.
• werner triaged T4667: "gpg: deleting secret key failed: No pinentry" when in --batch mode with --pinentry=loopback as Normal priority.
• werner triaged T4669: Key expiration time sometimes improperly interpreted as a signed 32-bit value as Normal priority.
skeeto added a comment to T4669: Key expiration time sometimes improperly interpreted as a signed 32-bit value.
Re-examining this now, I'm noticing the problem is not at all that it's being treated as signed, but that GnuPG is internally using a 32-bit unsigned integer for the time even though the key expiration scheme allows for expiration dates beyond 2106. Seeing dates in the past threw me off, and when I had originally tried using a zero creation time to test a broader range I ran into T4670.
skeeto added a comment to T4669: Key expiration time sometimes improperly interpreted as a signed 32-bit value.
I'm using Debian 10 "Buster" on x86-64, but for this ticket I used my own build of GnuPG so that I could demonstrate with the latest version. The system's GnuPG 2.2.12 has the same behaviors I showed here.
• werner added a comment to T4669: Key expiration time sometimes improperly interpreted as a signed 32-bit value.
What OS are you using?
• werner committed rEc6d9598a8572: New error codes NO_KEYBOXD, KEYBOXD, NO_SERVICE, and SERVICE. (authored by • werner).
New error codes NO_KEYBOXD, KEYBOXD, NO_SERVICE, and SERVICE.
l10n daemon script <scripty@kde.org> committed rLIBKLEOc4c2d1c46f98: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
l10n daemon script <scripty@kde.org> committed rKLEOPATRAd2d11376a853: GIT_SILENT made messages (after extraction) (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT made messages (after extraction)
l10n daemon script <scripty@kde.org> committed rLIBKLEO82e8100a3ce7: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
sm: Support AES-256 key.
l10n daemon script <scripty@kde.org> committed rKLEOPATRA60a00a70b91e: GIT_SILENT made messages (after extraction) (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT made messages (after extraction)
Aug 4 2019
Aug 4 2019
Laurent Montel <montel@kde.org> committed rLIBKLEO1d7c385904ca: GIT_SILENT: Update dependancy (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Update dependancy
Laurent Montel <montel@kde.org> committed rKLEOPATRA8fd6591db268: GIT_SILENT: Update dependancy (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Update dependancy
Laurent Montel <montel@kde.org> committed rKLEOPATRA278f1dbe7f78: GIT_SILENT: Prepare 5.12.0 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 5.12.0
Laurent Montel <montel@kde.org> committed rLIBKLEO059cbd300ad6: GIT_SILENT: Prepare 5.12.0 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 5.12.0
Aug 3 2019
Aug 3 2019
dkg added a comment to T4666: gpg --delete-secret-keys: excessive and unclear prompting, surprising outcomes.
I also observe that the text in the GUI prompts is remarkably unclear on its own. setting aside the grammar, punctuation, and wording, the prompts don't expose the usage flags set for the secret keys, which is possibly the only detail that a user with a single OpenPGP certificate would care about: "am i deleting my signing-capable subkey or my decryption-capable subkey?"
I was able to avoid reported behaviour; then n not a bug.
Laurent Montel <montel@kde.org> committed rLIBKLEOfddf5e8de1ff: GIT_SILENT: Prepare 5.12.0 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 5.12.0
Aug 2 2019
Aug 2 2019
• werner triaged T4663: libgcrypt: fix build without threads by adding an option to disable tests as Normal priority.
ffontaine updated the task description for T4663: libgcrypt: fix build without threads by adding an option to disable tests.
Jul 31 2019
Jul 31 2019
• werner triaged T4662: --locate-external-keys does not interact well with --no-auto-key-locate as Normal priority.
Laurent Montel <montel@kde.org> committed rLIBKLEO2575e4028dcf: GIT_SILENT: Prepare 5.12.0 rc (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 5.12.0 rc
Laurent Montel <montel@kde.org> committed rKLEOPATRA2a7b974503f8: GIT_SILENT: Prepare 5.12.0 rc (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 5.12.0 rc
Please update the documentation for the function in that case.
Please see my explanation on gnupg-devel about why the trailing NUL is a source of pain and difficulty for would-be adopters.
• werner triaged T4655: Windows 64-bit: gnupg_fd_t, assuan_fd_t and int for fd in the API, and casts as Wishlist priority.
Lacking another category for such things, I dropped the priority.
Well, gpa needs to use gpgme's interface for receiving and sending keys. The use of the helper programs an old hack.
• werner added a comment to T4620: no support for multiple (yubikey) smartcards plugged in at the same time.
Right, master will be 2.3.
• werner added a comment to T4655: Windows 64-bit: gnupg_fd_t, assuan_fd_t and int for fd in the API, and casts.
Actually all this code shall be replaced by new code from gpgrt. Most likely using estream_t for all of them.
No, it was not in mind. I introduced this only for backward compatibility. It will be extended iff we have a need for it.
Appending a nul byte is fail-safe programming and helps in debugging. It is on purpose and shall not be removed.
Jul 30 2019
Jul 30 2019
Actually my not-written-down plan is to use a Windows like style for tracking a process. This will also resolve the pid rollover problem. It shall all go into gpgrt of course.
My understanding is: it was introduced by rG370f841a0135: Enhanced last patch. in 2009 to give information to client (for a specific command at that time), possibly in a hope that server side would support the feature for all commands (and client could benefits).
Jul 29 2019
Jul 29 2019
aheinecke added a comment to T4123: Pinentry-qt does not always become active foreground window (especially when requesting pin for authentication).
I think the problem is the following:
Jul 28 2019
Jul 28 2019
bb added a comment to T4123: Pinentry-qt does not always become active foreground window (especially when requesting pin for authentication).
False alarm. Turns out pinentry-gtk-2.exe is also not working all the time.
a_p3rson added a comment to T4123: Pinentry-qt does not always become active foreground window (especially when requesting pin for authentication).
@bb - I've tried this, this doesn't appear to work. It looks like the Gtk2 pinentry doesn't grab focus when doing authentication, either. Interestingly enough, it also doesn't show in the taskbar.
Jul 27 2019
Jul 27 2019
bb added a comment to T4123: Pinentry-qt does not always become active foreground window (especially when requesting pin for authentication).
Note:
I added:
pinentry-program "C:\Program Files (x86)\Gpg4win\bin\pinentry-gtk-2.exe"
as a workaround to my gpg-agent.conf. This pinentry is able to grab the focus.
The card was replaced by the vendor. It seems to be a problem with the specific card. All other cards so far worked well. The issue can be closed.
bb added a comment to T4123: Pinentry-qt does not always become active foreground window (especially when requesting pin for authentication).
Does anyone has an update on this issue?
I've just uploaded pinentry 1.1.0-3 to debian unstable with this fix in it.
@aheinecke thanks for the heads-up. i'll pull this in.
Jul 26 2019
Jul 26 2019
• gniibe triaged T4654: Gemalto Ezio Shield (CT710): CCID command failed: Parameter error at offset 7 as Normal priority.
• gniibe added a comment to T4654: Gemalto Ezio Shield (CT710): CCID command failed: Parameter error at offset 7.
Thanks. So, this is a positive report for 8E60:34C2. I'm going to add this VID:PID to support pinpad input by the internal CCID driver.
martin.von.wittich added a comment to T4654: Gemalto Ezio Shield (CT710): CCID command failed: Parameter error at offset 7.
Pinpad input is not supported for Gemalto Ezio Shield, currently. OpenPGP card expects variable length pinpad input, and we don't have any positive report with the card reader.
asv added a comment to T4620: no support for multiple (yubikey) smartcards plugged in at the same time.
we won't backport it to 2.2
Can you help me please to understand why you think that this is a regular use case?
Fairly typical situation: user needs to encrypt binary and text regularly
• gniibe added a comment to T4654: Gemalto Ezio Shield (CT710): CCID command failed: Parameter error at offset 7.
Pinpad input is not supported for Gemalto Ezio Shield, currently. OpenPGP card expects variable length pinpad input, and we don't have any positive report with the card reader.
@aheinecke , Would you consider re-opening this ticket?
• gniibe committed rG3ba091ab8c93: gpg,gpgsm: Handle pkdecrypt responses with/without NUL terminators. (authored by dkg).
gpg,gpgsm: Handle pkdecrypt responses with/without NUL terminators.
• gniibe committed rG15fe78184cc6: sm: Fix error checking of decryption result. (authored by • gniibe).
sm: Fix error checking of decryption result.
• gniibe added a comment to rGfdd1567743cc: gpg,gpgsm: Handle pkdecrypt responses with or without NUL terminators.
I'm going to push this change to master.
Jul 25 2019
Jul 25 2019
martin.von.wittich added a comment to T4654: Gemalto Ezio Shield (CT710): CCID command failed: Parameter error at offset 7.
Wow, thanks for the quick response! I've applied your patch to the Ubuntu package (2.2.4-1ubuntu1.2), and gpg --card-status now works fine:
I'm not really sure if "No Key" is a better string for "Ignore Recipient". But most other things are either unclear (ignore recipient) or can be misunderstood like (Do not encrypt to this recipient) as this could also mean that the recipient gets an unencrypted mail.
It now looks like this:
Thanks!
aheinecke added a subtask for T4658: Fix a dangling pointer in pinentry's qt/main.cpp: T4659: Release Pinentry-1.1.1.
aheinecke added a parent task for T4659: Release Pinentry-1.1.1: T4658: Fix a dangling pointer in pinentry's qt/main.cpp.
I can confirm that the patch from the referenced commit fixes the issue. Thanks for the quick action!
aheinecke committed rP0e2e53c8987d: qt: Fix use of dangling pointer in QApplication (authored by aheinecke).
qt: Fix use of dangling pointer in QApplication
dkg added a comment to rGfdd1567743cc: gpg,gpgsm: Handle pkdecrypt responses with or without NUL terminators.
Due to socket forwarding we can have different versions of gpg-agent and gpg / gpgsm because they are on different machines and afaik we try to support it.
aheinecke added a comment to rGfdd1567743cc: gpg,gpgsm: Handle pkdecrypt responses with or without NUL terminators.
As far as I know, usually, gpg/gpgsm can assume same version of gpg-agent.
dkg added a comment to rGfdd1567743cc: gpg,gpgsm: Handle pkdecrypt responses with or without NUL terminators.
fwiw, if the old gcrypt actually returned a radically different API, it should have a larger SONAME across that change, and NEED_LIBGCRYPT_VERSION should reflect a source version that forces it past that SONAME. I don't know what version of libgcrypt behaved differently -- is there a reference for that?
dkg added a comment to rGfdd1567743cc: gpg,gpgsm: Handle pkdecrypt responses with or without NUL terminators.
I don't think there's a problem to have a long explanatory message in the main repository, as i think it makes it easier to understand, and space is not an issue.
aheinecke changed the status of T4658: Fix a dangling pointer in pinentry's qt/main.cpp from Open to Testing.
thanks for the report. I've commited a different fix 0e2e53c8987d6f236aaef515eb005e8e86397fbc which also should solve the problem.