Page MenuHome GnuPG
Feed Advanced Search

Feb 11 2021

werner removed subtasks for T4417: Work needed for gnupg 2.3: T4344: Periodic check of own keys with the WKD, T4362: Replace the exec funtions for photoids in gpg by our standard exec functions., T4406: Allow the use of the default-new-key-algo format for --quick-gen-key..
Feb 11 2021, 11:05 AM · gnupg (gpg23)
werner removed a parent task for T4344: Periodic check of own keys with the WKD: T4417: Work needed for gnupg 2.3.
Feb 11 2021, 11:05 AM · wkd, gnupg, Feature Request
werner removed a parent task for T4406: Allow the use of the default-new-key-algo format for --quick-gen-key.: T4417: Work needed for gnupg 2.3.
Feb 11 2021, 11:05 AM · gnupg24, Feature Request
werner removed a subtask for T4417: Work needed for gnupg 2.3: T3495: The --list-keys should account for groups that are defined.
Feb 11 2021, 11:00 AM · gnupg (gpg23)
werner removed a parent task for T3495: The --list-keys should account for groups that are defined: T4417: Work needed for gnupg 2.3.
Feb 11 2021, 11:00 AM · gnupg, Feature Request
werner added a project to T3495: The --list-keys should account for groups that are defined: gnupg.
Feb 11 2021, 11:00 AM · gnupg, Feature Request
werner added a project to T5294: Displaying the date and time at which you've replied to an email when using GPgOL: gpgol.
Feb 11 2021, 10:13 AM · gpgol, Feature Request

Feb 10 2021

werner closed T4713: Bug in get_best_pubkey_byname as Resolved.

Works for me.

Feb 10 2021, 8:03 PM · Restricted Project, gnupg (gpg23)
werner lowered the priority of T4601: gpg --quiet --quick-sign-key is not quiet from Normal to Low.
Feb 10 2021, 3:05 PM · gnupg24, gnupg (gpg23), Bug Report
werner closed T4599: remap `--search` to `--locate-keys` (with warning) as Wontfix.
Feb 10 2021, 3:03 PM · gnupg (gpg23), dirmngr
werner closed T4488: dirmngr: allow changing `use-tor` in a reload as Wontfix.

dirmngr needs to be killed for this. gpgconf --kill dirmngr.

Feb 10 2021, 3:02 PM · gnupg (gpg23), dirmngr
werner added a subtask for T4398: Rework Console and command line handling on Windows: T4365: Encoding problem: gpg truncates multibyte characters in interactive prompts on Windows.
Feb 10 2021, 2:59 PM · Feature Request, gnupg (gpg23)
werner added a parent task for T4365: Encoding problem: gpg truncates multibyte characters in interactive prompts on Windows: T4398: Rework Console and command line handling on Windows.
Feb 10 2021, 2:59 PM · Windows, gnupg (gpg23), Bug Report
werner merged T3466: Add tool to convert a card backup key to a regular secret key into T4359: Convert backup keyfiles to regular key's.
Feb 10 2021, 2:58 PM · gnupg24, gnupg (gpg23), Feature Request
werner merged task T3466: Add tool to convert a card backup key to a regular secret key into T4359: Convert backup keyfiles to regular key's.
Feb 10 2021, 2:58 PM · gnupg (gpg23), Feature Request
werner closed T4154: allow setting passphrase from an environment variable as Wontfix.
Feb 10 2021, 2:55 PM · Feature Request, gnupg (gpg23)
werner closed T3573: Research performance problems with some large keyring. as Resolved.

Meanwhile we introduced the keyboxd which should solve such problems. It will be marked experimental in 2.3 but I expect that it will soon be used as the default way to store keys - at least under Windows.

Feb 10 2021, 2:52 PM · gnupg (gpg23)
werner closed T3415: GnuPG should refuse to encrypt using 64-bit block ciphers by default as Resolved.
Feb 10 2021, 2:49 PM · gnupg (gpg23), Bug Report
werner committed rG825dd7220ff6: gpg: Do not allow old cipher algorithms for encryption. (authored by werner).
gpg: Do not allow old cipher algorithms for encryption.
Feb 10 2021, 2:49 PM
werner lowered the priority of T3389: canonical OpenPGP certificate export from Normal to Wishlist.
Feb 10 2021, 11:53 AM · gnupg, Feature Request
werner edited projects for T3287: Improve http proxy support by honoring SRV RRs., added: gnupg; removed gnupg (gpg23).
Feb 10 2021, 11:51 AM · gnupg, dirmngr
werner closed T3284: ssh-add -D does not return an error as it should. as Wontfix.

Won't be done because the expectations of users are different on whether they use ssh-agent or gpg-agent. And it breaks scripts

Feb 10 2021, 11:42 AM · gnupg (gpg23), Documentation
werner closed T3108: gpgconf lists the wrong extra socket path when a path is explicitly configured in gpg-agent.conf as Wontfix.
Feb 10 2021, 11:39 AM · gnupg (gpg23), gpgagent
werner closed T3237: gnupg complies to CO_DE_VS when generating keys non-interactively only by accident as Invalid.

I would not all this an accident.

Feb 10 2021, 11:37 AM · gnupg (gpg23)
werner closed T3101: GnuPG 2.2 cannot import secret keys from 1.4/2.0's secring.gpg directly (if it is expired by original expiration date) as Resolved.
Feb 10 2021, 11:35 AM · workaround, gnupg, Bug Report
werner set the color for workaround to Grey.
Feb 10 2021, 11:35 AM
werner lowered the priority of T4338: gpg-agent fails to start on Windows if GNUPGHOME is longer than 80 characters from Normal to Low.
Feb 10 2021, 11:32 AM · Windows, gpgagent, Bug Report
werner closed T2964: dirmngr and gpg-agent should work automatically even when GNUPGHOME is larger than sun_path as Resolved.

The now used /var/run thingy solves all these problems nicely. In fact we may eventually remove the use fallback of using sockets in the GNUPGHOMEDIR.

Feb 10 2021, 11:29 AM · Stalled, scd, gpgagent, Bug Report, gnupg, dirmngr
werner renamed T2958: Extend --unwrap to also remove a compression layer. from extract signature from encrypted+signed message to Extend --unwrap to also remove a compression layer..
Feb 10 2021, 11:24 AM · gnupg24, gnupg (gpg23), Feature Request
werner added a comment to T2958: Extend --unwrap to also remove a compression layer..

We have the --unwrap option which already does this. The problem here is that an addition compression layer is not removed. Therefore I will rename this report to add a feature strip things down to a signature or literal data packet..

Feb 10 2021, 11:23 AM · gnupg24, gnupg (gpg23), Feature Request
werner closed T2925: Permissions of pubkey.kbx not retained through changes as Wontfix.

Eventually we will move to keyboxd which is already an experimental option in 2.3. Thus we won't do anything here.

Feb 10 2021, 11:13 AM · gnupg (gpg23), Bug Report
werner closed T2912: command line keytocard as Wontfix.

The gpg-card is more flexible than the old gpg stuff. If there is something missing we will add it over time but it does not make sense to keep this request open.

Feb 10 2021, 11:12 AM · gnupg (gpg23), Feature Request
werner lowered the priority of T2862: support session key extraction and overriding for gpgsm from Normal to Wishlist.
Feb 10 2021, 11:10 AM · gnupg24, Feature Request, gnupg (gpg23)
werner closed T2850: auto-key-locate is annoying as Resolved.

Due to better working timeouts we have mostly soolved these problems,. Further keyservers are not anymore of great use these days.

Feb 10 2021, 11:09 AM · gnupg (gpg23), gnupg, Feature Request
werner closed T2836: dirmngr: wakes up periodically as Resolved.

The other patches don't make sense because of future plans for dirmngr.

Feb 10 2021, 11:07 AM · gnupg, gnupg (gpg23), Bug Report, dirmngr
werner lowered the priority of T2760: Populate comment field when exporting authentication key for SSH from Normal to Wishlist.
Feb 10 2021, 11:05 AM · gnupg24, ssh, Feature Request
werner lowered the priority of T2290: Allow gpgv2 to use armored GPG keys as keyring file with trusted keys from Normal to Wishlist.
Feb 10 2021, 11:02 AM · gnupg24, Feature Request
werner lowered the priority of T2186: --encrypt-to ambiguous with a expired and revoked key from Normal to Low.
Feb 10 2021, 11:01 AM · gnupg24, Feature Request
werner closed T1089: Please store requests in a cache to avoid sending out duplicate requests (mailto: interface) as Wontfix.
Feb 10 2021, 10:59 AM · gnupg (gpg23), gnupg, Debian, Feature Request
werner committed rG6e730c18816f: Remove obsolete M4 macros. (authored by werner).
Remove obsolete M4 macros.
Feb 10 2021, 8:57 AM
werner committed rG2b75b2560544: Require GpgRT version 1.41. (authored by werner).
Require GpgRT version 1.41.
Feb 10 2021, 8:57 AM
werner committed rEe95b0c67cd6c: doc: Document another interface change in 1.37 (authored by werner).
doc: Document another interface change in 1.37
Feb 10 2021, 8:27 AM
werner committed rGf9e4dae08d7c: build: Make make distcheck work again. (authored by werner).
build: Make make distcheck work again.
Feb 10 2021, 8:15 AM
werner committed rG209b7113f349: tools: Remove the symcryptrun tool. (authored by werner).
tools: Remove the symcryptrun tool.
Feb 10 2021, 8:15 AM

Feb 9 2021

werner added a comment to T5291: gpg fails to recognize signatures if signer's user ID subpacket is present with the critical bit set .

Critical attributes are well known from CMS and X.509 and some have a history which can only be described as cargo cult. We should not allow them in the OpenPGP ecosystem without giving them a specific semantic aside from "we do something with it".

Feb 9 2021, 6:35 PM · gnupg (gpg22), Bug Report
werner closed T5290: the stable 2.2 branch no longer builds symcryptrun, but it ships the symcryptrun.1 manpage as Resolved.

Done. FWIW. in 2.3 symcryptrun will be removed entirely.

Feb 9 2021, 6:32 PM · Documentation, gnupg (gpg22), Bug Report
werner committed rGdb687d15e653: doc: Remove man page for symcryptrun. (authored by werner).
doc: Remove man page for symcryptrun.
Feb 9 2021, 6:29 PM
werner triaged T5286: Calculate Z hash for sm2 as Low priority.

We need more information on the why and when of this change. We don't want to maintain different versions of the same algorithm. The I-D expired more than 6 years ago and thus it should not be used as a reference.

Feb 9 2021, 7:58 AM · Not A Bug, Info Needed, libgcrypt, Feature Request
werner triaged T5290: the stable 2.2 branch no longer builds symcryptrun, but it ships the symcryptrun.1 manpage as Normal priority.
Feb 9 2021, 7:56 AM · Documentation, gnupg (gpg22), Bug Report
werner closed T5291: gpg fails to recognize signatures if signer's user ID subpacket is present with the critical bit set as Wontfix.

Without any defined semantic it is not proper to ignore a critical bit. The software which created this keyblock seems to aim for incompatibility.

Feb 9 2021, 7:55 AM · gnupg (gpg22), Bug Report
werner added a comment to T5289: gen-lock-obj.sh uses echo -n from /bin/sh, which echos "-n".

iirc the advise from the GNU coding standards is to use printf(1) instead of trying to figure out how echo(1) works.

Feb 9 2021, 7:53 AM · MacOS, gpgrt, Bug Report

Feb 8 2021

werner placed T4713: Bug in get_best_pubkey_byname up for grabs.

Thanks for the fix.

Feb 8 2021, 8:56 PM · Restricted Project, gnupg (gpg23)
werner committed rCb142da4c88de: New test driver to allow for standalone regression tests. (authored by werner).
New test driver to allow for standalone regression tests.
Feb 8 2021, 6:48 PM
werner committed rCebc4d5670a1a: New test Makefile target xtestsuite (authored by werner).
New test Makefile target xtestsuite
Feb 8 2021, 6:48 PM
werner committed rC82395f11b444: tests: Fix minor glitches. (authored by werner).
tests: Fix minor glitches.
Feb 8 2021, 6:48 PM

Feb 5 2021

werner triaged T5287: mkportable doesn't work (due to missing files in share/locale/eu/ ?) as Low priority.

Actually I would be in favor of removing this portable thingy. It is and will always be the worst and most insecure way of using crypto.

Feb 5 2021, 2:16 PM · Bug Report, gpg4win

Feb 4 2021

werner added a comment to rC8716e4b2ada2: global: make sure that bulk config string is null-terminated.

Oh well, a bit surprising but I agree that it works :-)

Feb 4 2021, 7:16 PM
werner committed rD064d5b02fa09: web: Set end-of-life for Libgcrypt 1.8 (authored by werner).
web: Set end-of-life for Libgcrypt 1.8
Feb 4 2021, 2:27 PM
werner added a comment to rC8716e4b2ada2: global: make sure that bulk config string is null-terminated.

Actually I can't see why this is only a problem in the NULL case. if you select a specific config item the string might also not be 0 terminated - it depends a bit on the size of the used buffers. In 1.8 I applied this with the the if (!what) condidion.

Feb 4 2021, 1:06 PM

Feb 3 2021

werner reopened T4713: Bug in get_best_pubkey_byname as "Open".

The problem persists when using keyboxd which returns keys in a different order.

Feb 3 2021, 3:29 PM · Restricted Project, gnupg (gpg23)
werner closed T5285: GnuPG: 8Bit filenames can no longer be provided on the command line as Wontfix.

I mentioned it several times: It is not sufficient to use some wmain as long as we don't rework the entire spawn machinery in gnupg. libassuan and gpgme. Reading Unicode from the command line would be easy the other things are the real work.

Feb 3 2021, 3:26 PM · gnupg
werner added a comment to T5285: GnuPG: 8Bit filenames can no longer be provided on the command line.

And in fact it was never possible to use 8bit filenames on the command line. The result was not stable and led to non-compatible messages due to the use of native character set instead of proper utf-8. It depended on just too much things.
gpgme-tool or gpgme-json might be useful workaround.

Feb 3 2021, 3:24 PM · gnupg
werner added a comment to T5285: GnuPG: 8Bit filenames can no longer be provided on the command line.

You can use --multifile for this. This reads the filenames from a descriptor or a file. One on the reasons to implement Unicode handling at most places was a request to allow using --multifile as a workaound for the command line limitation..

Feb 3 2021, 3:20 PM · gnupg
werner closed T5275: Exploitable overflow in Libgcrypt 1.9.0 as Resolved.
Feb 3 2021, 8:07 AM · CVE, libgcrypt

Feb 2 2021

werner committed rG7f3ce66ec56a: gpg: Remove support for PKA. (authored by werner).
gpg: Remove support for PKA.
Feb 2 2021, 8:03 PM
werner closed T5105: can't find users with Kleopatra when press "Look up on server" as Resolved.

Please do not repeat you question, this won't give you anymore attention. Read my comment above and please ask on a mailing list etc.

Feb 2 2021, 4:00 PM · Support, kleopatra, Keyserver
werner committed rGfde7d833573d: gpg: Remove more or less useless tool gpgcompose. (authored by werner).
gpg: Remove more or less useless tool gpgcompose.
Feb 2 2021, 1:16 PM
werner committed rG3491faa3bb62: gpg: Remove experimental feature to export w/o user-ids. (authored by werner).
gpg: Remove experimental feature to export w/o user-ids.
Feb 2 2021, 1:16 PM
werner committed rGa06c79b6143f: card: List keys of pkcs#15 cards. (authored by werner).
card: List keys of pkcs#15 cards.
Feb 2 2021, 12:56 PM
werner committed rG0c080ed5791e: scd:p15: Read PuKDF and minor refactoring. (authored by werner).
scd:p15: Read PuKDF and minor refactoring.
Feb 2 2021, 12:56 PM
werner committed rG0737dc8187a0: sm: Add a few OIDs and merge OID tables. (authored by werner).
sm: Add a few OIDs and merge OID tables.
Feb 2 2021, 12:56 PM
werner triaged T5280: gnupg.org webpage advertises the use of insecure git:// protocol at various places as Low priority.
Feb 2 2021, 10:17 AM · gpgweb

Feb 1 2021

werner committed rMc8fd8870b3bf: core: Remove experimental feature GPGME_EXPORT_MODE_NOUID. (authored by werner).
core: Remove experimental feature GPGME_EXPORT_MODE_NOUID.
Feb 1 2021, 7:13 PM
werner added a comment to T5280: gnupg.org webpage advertises the use of insecure git:// protocol at various places.

Git repos are development only and developers need to find a way to establish some trust in the source before building it. All kind of mischief can happen with arbitrary sources. https does not help at all. You need to find a way to establish trust - how you do that is up to you. For example looking at signed commits and try to figure out whether you can trust this key.

Feb 1 2021, 6:37 PM · gpgweb
werner added a comment to T5284: Allow gpgme to export w/o attributes.

A public keyblock without a user id packet is non-compliant. I see no reason to provide a feature to created crippled data. We had all this discussions back in the early 90s regarding to self-signatures. OpenPGP spoke a final word on this in 1998 by making user ids and corresponding self-signatures mandatory.

Feb 1 2021, 5:51 PM · Feature Request, gpgme
werner committed rKe51873b567d9: Support Brainpoolp512r1 certs specified with ECDomainParameters. (authored by werner).
Support Brainpoolp512r1 certs specified with ECDomainParameters.
Feb 1 2021, 5:01 PM
werner triaged T5284: Allow gpgme to export w/o attributes as Normal priority.

Oops, that was an experimental feature never intended for a released version. Will be removed in a way that it does not leas to compile problems - just to be extra cautiousness.

Feb 1 2021, 4:50 PM · Feature Request, gpgme
werner added a project to T5282: ecc: No check for broken public key when verify signature (ECDSA, ECDSA for SM and GOST): backport.

I think that a backport to 1.8. also makes sense

Feb 1 2021, 11:17 AM · libgcrypt

Jan 30 2021

werner triaged T5281: gpg-agent / pinentry: allow to pause/mute passphrase requests for a while as Normal priority.
Jan 30 2021, 12:10 PM · gpgagent, pinentry, Feature Request

Jan 29 2021

werner triaged T5277: libgcrypt 1.9.1 fails to build with --disable-asm as Normal priority.
Jan 29 2021, 4:43 PM · MacOS, libgcrypt, Bug Report
werner updated the task description for T4702: Deadline for the GnuPG 2.3.0 release.
Jan 29 2021, 4:42 PM · Restricted Project, gpg4win, gnupg
werner changed Due Date from Sep 30 2020, 12:00 AM to Mar 31 2021, 12:00 AM on T4702: Deadline for the GnuPG 2.3.0 release.
Jan 29 2021, 4:41 PM · Restricted Project, gpg4win, gnupg
werner closed T5280: gnupg.org webpage advertises the use of insecure git:// protocol at various places as Invalid.

Stick to your channels and get back after you have learned basic some basic developer workflows.

Jan 29 2021, 2:40 PM · gpgweb
werner closed T5279: Buffer Overread in selftest_pbkdf2() in kdf.c/libgcrypt as Invalid.

@hanno, this is a bug tracker and not yet another media for your rants.

Jan 29 2021, 2:38 PM · Duplicate, Bug Report
werner changed External Link from https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html to https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html on T5275: Exploitable overflow in Libgcrypt 1.9.0.
Jan 29 2021, 12:34 PM · CVE, libgcrypt
werner removed Due Date on T5259: Release Libgcrypt 1.9.1.
Jan 29 2021, 12:27 PM · Release Info, libgcrypt
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html on T5259: Release Libgcrypt 1.9.1.
Jan 29 2021, 12:27 PM · Release Info, libgcrypt
werner committed rD026b36f22f75: web: Fix a typo on the libgcrypt page. (authored by werner).
web: Fix a typo on the libgcrypt page.
Jan 29 2021, 11:32 AM
werner triaged T5263: cipher/sha512.c: build failure without arm neon asm as Normal priority.
Jan 29 2021, 11:30 AM · libgcrypt, Bug Report
werner closed T5271: libgcrypt 1.9.0 compilation fails on Ubuntu xenial as Resolved.
Jan 29 2021, 11:27 AM · Ubuntu, Bug Report, libgcrypt
werner changed the status of T5275: Exploitable overflow in Libgcrypt 1.9.0 from Open to Testing.

Fix has been released. Keeping this in testing state for easier visibility of this task.

Jan 29 2021, 11:27 AM · CVE, libgcrypt
werner committed rDaa7d43725fa6: swdb: Libgcrypt 1.9.1 (authored by werner).
swdb: Libgcrypt 1.9.1
Jan 29 2021, 11:26 AM
werner changed the status of T5259: Release Libgcrypt 1.9.1, a subtask of T5157: libgcrypt: ARM64 Builds on macOS fail, from Open to Testing.
Jan 29 2021, 11:25 AM · toolchain, MacOS, libgcrypt, Bug Report
werner changed the status of T5259: Release Libgcrypt 1.9.1, a subtask of T5243: libgcrypt "check if fips_is_operational and error return if not" patch for FIPS 140, from Open to Testing.
Jan 29 2021, 11:25 AM · libgcrypt
werner changed the status of T5259: Release Libgcrypt 1.9.1, a subtask of T5251: Compile error on ARMv7 for libgcrypt , from Open to Testing.
Jan 29 2021, 11:25 AM · asm, libgcrypt, Bug Report
werner changed the status of T5259: Release Libgcrypt 1.9.1, a subtask of T5254: libgcrypt 1.9.0 fails make check (selftest), from Open to Testing.
Jan 29 2021, 11:25 AM · patch, libgcrypt, Bug Report
werner changed the status of T5259: Release Libgcrypt 1.9.1 from Open to Testing.

Release done.

Jan 29 2021, 11:25 AM · Release Info, libgcrypt
werner changed the status of T5259: Release Libgcrypt 1.9.1, a subtask of T5159: make check fails for libgcrypt on Apple Silicon / ARM Mac, from Open to Testing.
Jan 29 2021, 11:25 AM · Restricted Project, MacOS, libgcrypt, Bug Report
werner changed the status of T5259: Release Libgcrypt 1.9.1, a subtask of T5264: libgcrypt 1.9.0 does not compile on old Mac OS X, versions 10.5.8 (Leopard) and 10.4.11 (Tiger), both on PPC hardware, from Open to Testing.
Jan 29 2021, 11:25 AM · libgcrypt, Bug Report
werner changed the status of T5259: Release Libgcrypt 1.9.1, a subtask of T5267: Ed25519 backward compatible private key support for preceding ZERO(s), from Open to Testing.
Jan 29 2021, 11:25 AM · libgcrypt