Page MenuHome GnuPG
Feed All Stories

All Stories
Use Results
Edit Query

Mar 25 2020

Laurent Montel <montel@kde.org> committed rKLEOPATRA8642333662df: GIT_SILENT: Prepare 5.14.0 rc (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 5.14.0 rc
Mar 25 2020, 7:30 AM
Laurent Montel <montel@kde.org> committed rLIBKLEO98794a878ca7: GIT_SILENT: Master is open (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Master is open
Mar 25 2020, 7:30 AM
Laurent Montel <montel@kde.org> committed rLIBKLEO6a260ba63420: GIT_SILENT: Prepare 5.14.0 rc (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 5.14.0 rc
Mar 25 2020, 7:30 AM

Mar 24 2020

werner closed T4885: gpg4win-3.1.11.exe installs malwares as Invalid.

No info received; either really malware downloaded from a fraudster site without proper checking on bare coincidence with other updates.

Mar 24 2020, 10:51 AM · gpg4win
werner closed T4887: GPG is throwing error while doing (encryption+sign) or Decryption as Invalid.

@sarman: Your question is actually a support question and not a bug report. Please read the documentation, use the public help channels (so that other can also learn from the issue), or get in touch with a commercial support provider.

Mar 24 2020, 10:48 AM · Not A Bug, Solaris, gnupg, Documentation
gniibe added a comment to T4098: GpgSM: Add ECC support.

There are two code paths to generate key: gpgsm_genkey and gpgsm_gencertreq_tty. Latter is partially supported with card key.
Firstly, I'm going to work for T4888.

Mar 24 2020, 6:32 AM · gnupg (gpg23), Feature Request, S/MIME
gniibe created T4888: GpgSM: Support ECC key generation by gpgsm_genkey.
Mar 24 2020, 6:30 AM · Restricted Project, Feature Request, S/MIME
gniibe added a comment to T4887: GPG is throwing error while doing (encryption+sign) or Decryption.

I think that what you want is adding --batch option. In the gpg manual, we have:

--passphrase-file file
       Read  the passphrase from file file. Only the first line will be
       read from  file  file.  This  can  only  be  used  if  only  one
       passphrase is supplied. Obviously, a passphrase stored in a file
       is of questionable security if other users can read  this  file.
       Don't use this option if you can avoid it.
Mar 24 2020, 4:58 AM · Not A Bug, Solaris, gnupg, Documentation
sarman added a comment to T4887: GPG is throwing error while doing (encryption+sign) or Decryption.

Hello Team,

Mar 24 2020, 3:52 AM · Not A Bug, Solaris, gnupg, Documentation
gniibe changed the status of T4013: Certificate requests generated from Ed25519 keys are not compliant with draft-ietf-curdle-pkix from Open to Testing.

This should work well with libksba master and gnupg/sm master.

Mar 24 2020, 3:35 AM · S/MIME, Feature Request, libksba
gniibe changed the status of T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed from Open to Testing.

The commits in 2019 (for libksba and gnupg/sm) handles the problem (of key generation using card).

Mar 24 2020, 3:32 AM · Restricted Project, Feature Request, S/MIME
gniibe added projects to T4887: GPG is throwing error while doing (encryption+sign) or Decryption: Documentation, gnupg, Solaris.

For operations which require private key, it is needed to unlock private key.

Mar 24 2020, 2:44 AM · Not A Bug, Solaris, gnupg, Documentation

Mar 23 2020

sarman triaged T4887: GPG is throwing error while doing (encryption+sign) or Decryption as Unbreak Now! priority.
Mar 23 2020, 11:55 PM · Not A Bug, Solaris, gnupg, Documentation
sarman updated the task description for T4887: GPG is throwing error while doing (encryption+sign) or Decryption.
Mar 23 2020, 11:53 PM · Not A Bug, Solaris, gnupg, Documentation
sarman created T4887: GPG is throwing error while doing (encryption+sign) or Decryption.
Mar 23 2020, 11:39 PM · Not A Bug, Solaris, gnupg, Documentation
dkg created T4886: gpg-wks-server fails on openbsd, because sendmail is in /usr/sbin, not /usr/lib.
Mar 23 2020, 4:13 PM · wkd, gnupg (gpg22), Bug Report

Mar 21 2020

Laurent Montel <montel@kde.org> committed rLIBKLEO6bdfb83f250e: GIT_SILENT: Prepare 5.14.0 rc (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 5.14.0 rc
Mar 21 2020, 12:48 PM
Laurent Montel <montel@kde.org> committed rKLEOPATRA86761c0519a1: GIT_SILENT: Prepare 5.14.0 rc (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 5.14.0 rc
Mar 21 2020, 12:12 PM
Laurent Montel <montel@kde.org> committed rKLEOPATRAd1cc0cecf3b2: Remove flag for the moment (authored by Laurent Montel <montel@kde.org>).
Remove flag for the moment
Mar 21 2020, 10:10 AM
Laurent Montel <montel@kde.org> committed rKLEOPATRAcf4c9fdbd479: Make it compiles against qt5.15 (authored by Laurent Montel <montel@kde.org>).
Make it compiles against qt5.15
Mar 21 2020, 10:10 AM

Mar 20 2020

werner committed rDceaa09f5e3d3: swdb: GnuPG 2.2.20 (authored by werner).
swdb: GnuPG 2.2.20
Mar 20 2020, 6:27 PM
werner added a comment to T4885: gpg4win-3.1.11.exe installs malwares.

From where did you downloaded it? Did it show a valid issuer for the software (Intevation GmbH)?

Mar 20 2020, 6:02 PM · gpg4win
werner closed T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID as Resolved.
Mar 20 2020, 5:59 PM · S/MIME, gnupg (gpg22), Bug Report
werner closed T4810: A key with only "C" capability cannot be selected as default key. as Resolved.
Mar 20 2020, 5:59 PM · Restricted Project, gnupg (gpg22)
werner closed T4832: card: when KDF is enabled, use of pinpad input should be disabled as Resolved.
Mar 20 2020, 5:59 PM · Restricted Project, gnupg (gpg22), scd, Bug Report
werner closed T4847: "gpgsm: invalid radix64 character 2d skipped" when trying to import a PEM file with DOS line endings (CR+LF) as Resolved.
Mar 20 2020, 5:59 PM · gnupg (gpg22), S/MIME, Bug Report
werner closed T4831: gnupg-2.2.19 fails to build on latest Fedora Rawhide as Resolved.
Mar 20 2020, 5:59 PM · gnupg (gpg22), toolchain, Bug Report
werner closed T4860: Release GnuPG 2.2.20 as Resolved.
Mar 20 2020, 5:59 PM · gnupg (gpg22), Release Info
werner closed T4850: GnuPG fails to find default key to sign when using a smart card, but recovers once card is removed as Resolved.
Mar 20 2020, 5:59 PM · Restricted Project, gnupg (gpg22)
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2020q1/000444.html on T4860: Release GnuPG 2.2.20 .
Mar 20 2020, 5:57 PM · gnupg (gpg22), Release Info
werner committed rGbc7e56d9dcf5: Post release updates (authored by werner).
Post release updates
Mar 20 2020, 5:35 PM
werner committed rGdae1e384c4ec: po: Auto-update (authored by werner).
po: Auto-update
Mar 20 2020, 5:35 PM
werner committed rG5094bb08edd4: Release 2.2.20 (authored by werner).
Release 2.2.20
Mar 20 2020, 5:35 PM
werner committed rGb27d30df62ac: Copyright notice updates et al. (authored by werner).
Copyright notice updates et al.
Mar 20 2020, 5:35 PM
stokastika created T4885: gpg4win-3.1.11.exe installs malwares.
Mar 20 2020, 5:14 PM · gpg4win
dkg added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.
In T4883#133467, @werner wrote:

That option does the same as --disable-dirmngr which in trun has the same effect as disable-crl-checks

Mar 20 2020, 4:49 PM · Not A Bug, S/MIME, gpgme
dkg added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

@werner wrote:

Mar 20 2020, 4:45 PM · Not A Bug, S/MIME, gpgme
aheinecke added a comment to T4884: PKCS #15 support in gpgsm.

The return value that was mapped to invalid value was "SW_WRONG_LENGTH" so I tested using the codepath for the SW_EXACT_LENGTH sw return value, too and it worked for readcert.

Mar 20 2020, 3:52 PM · Feature Request, gnupg, scd, S/MIME
werner committed rC3441f4c94c49: tests/basic: add GOST 28147 keymeshing testcase from LibreSSL testsuite (authored by lumag).
tests/basic: add GOST 28147 keymeshing testcase from LibreSSL testsuite
Mar 20 2020, 1:59 PM
werner committed rC18cd3f0c473a: gost: add keymeshing support per RFC 4357 (authored by lumag).
gost: add keymeshing support per RFC 4357
Mar 20 2020, 1:59 PM
werner committed rCdcee00adbd1c: gost28147: add support for CryptoPro key meshing per RFC 4357 (authored by lumag).
gost28147: add support for CryptoPro key meshing per RFC 4357
Mar 20 2020, 1:59 PM
aheinecke committed rO3d0810c4473e: Skip OpenPGP keys when looking for S/MIME (authored by aheinecke).
Skip OpenPGP keys when looking for S/MIME
Mar 20 2020, 12:29 PM
aheinecke committed rObec2188c30ac: Add string starts_with helpers (authored by aheinecke).
Add string starts_with helpers
Mar 20 2020, 12:29 PM
aheinecke created T4884: PKCS #15 support in gpgsm.
Mar 20 2020, 12:27 PM · Feature Request, gnupg, scd, S/MIME
aheinecke committed rOd0faa1986d3c: Automatically learn keys from smartcards (authored by aheinecke).
Automatically learn keys from smartcards
Mar 20 2020, 11:46 AM
aheinecke added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

Sample how GpgOL handles this: https://dev.gnupg.org/source/gpgol/browse/master/src/keycache.cpp;6f5f48c3d60e0af52f1a9f0e51f60ee653eeeb31$269

Mar 20 2020, 11:03 AM · Not A Bug, S/MIME, gpgme
aheinecke added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

I think what you're saying that there is *no way* to use GPGME in offline mode to validate x.509 certificates, and this is by design. Am I understanding that right?

Mar 20 2020, 11:00 AM · Not A Bug, S/MIME, gpgme
aheinecke added a parent task for T4877: GpgOL: Look for S/MIME sec keys on inserted smartcards if no key is available: T4789: Gpg4win-3.1.12.
Mar 20 2020, 10:55 AM · gpgol
aheinecke added a subtask for T4789: Gpg4win-3.1.12: T4877: GpgOL: Look for S/MIME sec keys on inserted smartcards if no key is available.
Mar 20 2020, 10:55 AM · gpg4win, Release Info
aheinecke changed the status of T4877: GpgOL: Look for S/MIME sec keys on inserted smartcards if no key is available from Open to Testing.

Done in master

Mar 20 2020, 10:55 AM · gpgol
werner committed rC15cba1515c56: doc: Map contributions to new surname (authored by lumag).
doc: Map contributions to new surname
Mar 20 2020, 9:09 AM
werner added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

After disabling the CRL check again in gpgsm.conf

Mar 20 2020, 8:56 AM · Not A Bug, S/MIME, gpgme

Mar 19 2020

dkg added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

I see no difference between the last two example stanzas that show you running ../run-verify. Are they supposed to have different output?

Mar 19 2020, 10:58 PM · Not A Bug, S/MIME, gpgme
dkg added a comment to T4881: "User ID" (Subject, subjectAltName) validity is inaccurate in gpgsm with sample certs..

I'm aware of the metadata leakage risks of OCSP, and i share your concerns about them.

Mar 19 2020, 10:14 PM · Not A Bug, gnupg (gpg22), S/MIME
werner added a comment to T4881: "User ID" (Subject, subjectAltName) validity is inaccurate in gpgsm with sample certs..

OCSP can't be the default because it enables a web bug. The responder immediately sees when a signature is verified or a data is encrypted to a certificate.

Mar 19 2020, 7:00 PM · Not A Bug, gnupg (gpg22), S/MIME
dkg added a comment to T4881: "User ID" (Subject, subjectAltName) validity is inaccurate in gpgsm with sample certs..

If CRLs or OCSP are a MUST in a given profile, and the cert chain has OCSP but no CRL, it seems like that profile should then try OCSP, rather than failing.

Mar 19 2020, 6:53 PM · Not A Bug, gnupg (gpg22), S/MIME
werner added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

That option does the same as --disable-dirmngr which in trun has the same effect as disable-crl-checks; see gnupg/sm/server.c#option_handler. If you want to check the validity of the cert you check the TRUST status lines. This is what gpgme does for you. An example is gpgme.tests/gpgsm/t-verify. You can run the tests also manually, I do this as follows:

Mar 19 2020, 6:25 PM · Not A Bug, S/MIME, gpgme
dkg added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

I think what you're saying that there is *no way* to use GPGME in offline mode to validate x.509 certificates, and this is by design. Am I understanding that right?

Mar 19 2020, 5:25 PM · Not A Bug, S/MIME, gpgme
dkg added a comment to T4882: gpgconf --homedir is ignored when setting options.

Thanks for the quick fix, @werner!

Mar 19 2020, 5:18 PM · gnupg (gpg22), Bug Report
werner committed rG67556218c0d4: po: Update German translation (authored by werner).
po: Update German translation
Mar 19 2020, 2:28 PM
werner edited projects for T4881: "User ID" (Subject, subjectAltName) validity is inaccurate in gpgsm with sample certs., added: Not A Bug; removed Bug Report.
Mar 19 2020, 1:07 PM · Not A Bug, gnupg (gpg22), S/MIME
werner edited projects for T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set, added: Not A Bug; removed Bug Report.

I can see no bug here. See my comment over at T4881.

Mar 19 2020, 1:06 PM · Not A Bug, S/MIME, gpgme
werner closed T4882: gpgconf --homedir is ignored when setting options as Resolved.

Fixed.

Mar 19 2020, 1:02 PM · gnupg (gpg22), Bug Report
werner committed rGb92860a8b9d2: gpgconf: Take care of --homedir when reading/updating options. (authored by werner).
gpgconf: Take care of --homedir when reading/updating options.
Mar 19 2020, 1:02 PM
werner committed rGc1844ca7520f: gpgconf: Take care of --homedir when reading/updating options. (authored by werner).
gpgconf: Take care of --homedir when reading/updating options.
Mar 19 2020, 12:54 PM
mrdave19 added a comment to T4573: Files encrypted on another platform using password based encryption (-c) intermittently fail to decrypt on Kleopatra.

Hello,
Sorry for the late reply but with your help we found a bug in our code and it has been fixed. Thanks for your assistance!

Mar 19 2020, 12:28 PM · gnupg (gpg22), Bug Report
werner claimed T4882: gpgconf --homedir is ignored when setting options.

Arggh, this code is a whole mess (e.g. it uses its own logging code). I spent the last week to rework large parts of it for master. I am going to look into this case now.

Mar 19 2020, 12:00 PM · gnupg (gpg22), Bug Report
werner added a comment to T4881: "User ID" (Subject, subjectAltName) validity is inaccurate in gpgsm with sample certs..

If you want OCSP you need to enable it. CRLs or OCSP are a MUST under the profile we developed gpgsm. This is why --disable-crl-checks by default is not possible. There are lot of interesting things you will come across if you start to use S/MIME. For example you also need to care about the algorithms used for intermediate certificates used to sign CRLs - they need to comply to the policy as well. Or the rarely used PSS padding we encounter sometimes and which is not supported and will probably not be supported

Mar 19 2020, 11:56 AM · Not A Bug, gnupg (gpg22), S/MIME
werner closed T4573: Files encrypted on another platform using password based encryption (-c) intermittently fail to decrypt on Kleopatra as Resolved.

Okay. Thanks.

Mar 19 2020, 11:51 AM · gnupg (gpg22), Bug Report
gniibe added a comment to T4573: Files encrypted on another platform using password based encryption (-c) intermittently fail to decrypt on Kleopatra.

You forwarded me an email, which said it went well.

Mar 19 2020, 9:37 AM · gnupg (gpg22), Bug Report
gniibe added a comment to T4864: New scdaemon command to watch device removal.

Created https://dev.gnupg.org/source/gnupg/history/gniibe%252Fscd-watch/

Mar 19 2020, 6:28 AM · Restricted Project, Feature Request, scd, Bug Report
gniibe committed rG6f93050c40b2: watch: show information. (authored by gniibe).
watch: show information.
Mar 19 2020, 6:27 AM
gniibe committed rG431cdb5b0274: watch: Add --scan option. (authored by gniibe).
watch: Add --scan option.
Mar 19 2020, 6:27 AM
gniibe committed rGc62795221c0c: watch: use condition variable. (authored by gniibe).
watch: use condition variable.
Mar 19 2020, 6:27 AM
gniibe committed rG753c1dcecc37: watch: call notification to app_wait from scd_update_reader_status_file. (authored by gniibe).
watch: call notification to app_wait from scd_update_reader_status_file.
Mar 19 2020, 6:27 AM
gniibe committed rG5282538c005c: npth_sigwait is not available. (authored by gniibe).
npth_sigwait is not available.
Mar 19 2020, 6:27 AM
gniibe committed rG9515cac4ae55: rough sketch. (authored by gniibe).
rough sketch.
Mar 19 2020, 6:27 AM
gniibe committed rG052ef907ffb1: Add flags in server_local_s. (authored by gniibe).
Add flags in server_local_s.
Mar 19 2020, 6:27 AM
gniibe added a subtask for T4869: constant-time mpi_invm: T4294: Release Libgcrypt 1.9.0.
Mar 19 2020, 5:22 AM · libgcrypt
gniibe added a parent task for T4294: Release Libgcrypt 1.9.0: T4869: constant-time mpi_invm.
Mar 19 2020, 5:22 AM · Release Info, libgcrypt
gniibe added a parent task for T4294: Release Libgcrypt 1.9.0: T4293: Add dedicated X25519 function to Libcgrypt .
Mar 19 2020, 5:21 AM · Release Info, libgcrypt
gniibe added a subtask for T4293: Add dedicated X25519 function to Libcgrypt : T4294: Release Libgcrypt 1.9.0.
Mar 19 2020, 5:21 AM · Restricted Project, libgcrypt
gniibe removed a subtask for T4294: Release Libgcrypt 1.9.0: T4293: Add dedicated X25519 function to Libcgrypt .
Mar 19 2020, 5:20 AM · Release Info, libgcrypt
gniibe removed a parent task for T4293: Add dedicated X25519 function to Libcgrypt : T4294: Release Libgcrypt 1.9.0.
Mar 19 2020, 5:20 AM · Restricted Project, libgcrypt
gniibe added a subtask for T4288: Add getrandom support for the BSDs: T4294: Release Libgcrypt 1.9.0.
Mar 19 2020, 5:20 AM · libgcrypt
gniibe added a parent task for T4294: Release Libgcrypt 1.9.0: T4288: Add getrandom support for the BSDs.
Mar 19 2020, 5:20 AM · Release Info, libgcrypt
gniibe removed a subtask for T4294: Release Libgcrypt 1.9.0: T4288: Add getrandom support for the BSDs.
Mar 19 2020, 5:20 AM · Release Info, libgcrypt
gniibe removed a parent task for T4288: Add getrandom support for the BSDs: T4294: Release Libgcrypt 1.9.0.
Mar 19 2020, 5:20 AM · libgcrypt
gniibe added a subtask for T4274: Fail selftests when checksum file is missing in FIPS mode only: T4294: Release Libgcrypt 1.9.0.
Mar 19 2020, 5:20 AM · Restricted Project, libgcrypt, Bug Report
gniibe added a parent task for T4294: Release Libgcrypt 1.9.0: T4274: Fail selftests when checksum file is missing in FIPS mode only.
Mar 19 2020, 5:20 AM · Release Info, libgcrypt
gniibe removed a parent task for T4274: Fail selftests when checksum file is missing in FIPS mode only: T4294: Release Libgcrypt 1.9.0.
Mar 19 2020, 5:20 AM · Restricted Project, libgcrypt, Bug Report
gniibe removed a subtask for T4294: Release Libgcrypt 1.9.0: T4274: Fail selftests when checksum file is missing in FIPS mode only.
Mar 19 2020, 5:20 AM · Release Info, libgcrypt
gniibe added a subtask for T1303: Please support GCRYSEXP_FMT_BASE64: T4294: Release Libgcrypt 1.9.0.
Mar 19 2020, 5:19 AM · Feature Request, libgcrypt
gniibe added a parent task for T4294: Release Libgcrypt 1.9.0: T1303: Please support GCRYSEXP_FMT_BASE64.
Mar 19 2020, 5:19 AM · Release Info, libgcrypt
gniibe removed a parent task for T1303: Please support GCRYSEXP_FMT_BASE64: T4294: Release Libgcrypt 1.9.0.
Mar 19 2020, 5:19 AM · Feature Request, libgcrypt
gniibe removed a subtask for T4294: Release Libgcrypt 1.9.0: T1303: Please support GCRYSEXP_FMT_BASE64.
Mar 19 2020, 5:19 AM · Release Info, libgcrypt
gniibe added a subtask for T4243: Test failure in libgcrypt-1.8.4: T4294: Release Libgcrypt 1.9.0.
Mar 19 2020, 5:19 AM · Documentation, Tests, libgcrypt, Bug Report
gniibe added a parent task for T4294: Release Libgcrypt 1.9.0: T4243: Test failure in libgcrypt-1.8.4.
Mar 19 2020, 5:19 AM · Release Info, libgcrypt
gniibe removed a subtask for T4294: Release Libgcrypt 1.9.0: T4243: Test failure in libgcrypt-1.8.4.
Mar 19 2020, 5:19 AM · Release Info, libgcrypt
gniibe removed a parent task for T4243: Test failure in libgcrypt-1.8.4: T4294: Release Libgcrypt 1.9.0.
Mar 19 2020, 5:19 AM · Documentation, Tests, libgcrypt, Bug Report
First
Prev
Next