Page MenuHome GnuPG
Feed All Stories

May 14 2021

werner committed rG02029f9eab87: sm: Support decryption of password based encryption (pwri) (authored by werner).
sm: Support decryption of password based encryption (pwri)
May 14 2021, 6:57 PM
lbogdan added a comment to T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations.

So I did a bit more reading on smartcard PIN caching, and took a better look at the debug logging of gnupg 2.2, and learned that, indeed, the PIN is cached by the card and not by any one gnupg component.

May 14 2021, 6:44 PM · gnupg24, yubikey, Bug Report
ikloecker committed rLIBKLEO5de2f7ac770c: Always include the default key in the list of keys to chose from (authored by ikloecker).
Always include the default key in the list of keys to chose from
May 14 2021, 5:19 PM
gniibe committed rG58b330e935b9: scd: Remove wrong assertion and add protection to PCSC.COUNT. (authored by gniibe).
scd: Remove wrong assertion and add protection to PCSC.COUNT.
May 14 2021, 6:07 AM
gniibe committed rPTH6629a4b8015c: build: Fix detecting pthread library. (authored by gniibe).
build: Fix detecting pthread library.
May 14 2021, 3:58 AM

May 13 2021

Laurent Montel <montel@kde.org> committed rLIBKLEO5a4930065beb: GIT_SILENT: prepare 5.17.2 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.17.2
May 13 2021, 9:58 PM
Laurent Montel <montel@kde.org> committed rKLEOPATRA17d9a4b767f3: GIT_SILENT: prepare 5.17.2 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.17.2
May 13 2021, 9:55 PM
gniibe added a comment to T5437: PC/SC change: monitoring card status changes (possibly also for new reader).

I am testing with rGccfb5e0a7dc6: scd: Use SCardStatus for pcsc_get_status. on GNU/Linux.

May 13 2021, 6:19 AM · scd
gniibe renamed T5437: PC/SC change: monitoring card status changes (possibly also for new reader) from PC/SC change monitoring card status changes (possibly also for new reader) to PC/SC change: monitoring card status changes (possibly also for new reader).
May 13 2021, 6:15 AM · scd
gniibe triaged T5437: PC/SC change: monitoring card status changes (possibly also for new reader) as Wishlist priority.
May 13 2021, 6:15 AM · scd

May 12 2021

lbogdan added a comment to T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations.

Yes, I already linked to T5415, but that breaks YubiKey completely, and I fixed it with disable-ccid.

May 12 2021, 6:08 PM · gnupg24, yubikey, Bug Report
werner edited projects for T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations, added: gnupg (gpg23), MacOS; removed gpgagent.

The pincache is actually not what you think it is. It is only used to allow switching between different application on a Yubikey which reqieres a new VERIFY command after switching back to the first application the card. What you feel as caching is the state of the card, which usually keeps its verification state until the card is powered down.

May 12 2021, 5:52 PM · gnupg24, yubikey, Bug Report
ikloecker moved T5245: Kleopatra: Add support for trust signatures / trusted introducer from Restricted Project Column to Restricted Project Column on the Restricted Project board.
May 12 2021, 5:26 PM · kleopatra, Restricted Project
ikloecker changed the status of T5245: Kleopatra: Add support for trust signatures / trusted introducer from Open to Testing.
May 12 2021, 5:26 PM · kleopatra, Restricted Project
ikloecker closed T5429: Kleopatra: Display information about trust signatures as Resolved.
May 12 2021, 5:25 PM · kleopatra, Restricted Project
ikloecker closed T5429: Kleopatra: Display information about trust signatures, a subtask of T5245: Kleopatra: Add support for trust signatures / trusted introducer, as Resolved.
May 12 2021, 5:25 PM · kleopatra, Restricted Project
ikloecker moved T5429: Kleopatra: Display information about trust signatures from Restricted Project Column to Restricted Project Column on the Restricted Project board.
May 12 2021, 5:25 PM · kleopatra, Restricted Project
ikloecker committed rKLEOPATRA01f8c6af6a30: Fix warning: & has lower precedence than ==; == will be evaluated first (authored by ikloecker).
Fix warning: & has lower precedence than ==; == will be evaluated first
May 12 2021, 5:23 PM
ikloecker committed rKLEOPATRA7d49a67a3f4a: Show information about trusted introducers in certificate details (authored by ikloecker).
Show information about trusted introducers in certificate details
May 12 2021, 5:16 PM
ikloecker committed rKLEOPATRA99ec41cb1656: GIT_SILENT: Fix indentation (authored by ikloecker).
GIT_SILENT: Fix indentation
May 12 2021, 5:16 PM
ikloecker committed rKLEOPATRA4cdcf5def6eb: Remove separate certificatedetailswidget.ui (authored by ikloecker).
Remove separate certificatedetailswidget.ui
May 12 2021, 5:16 PM
ikloecker committed rKLEOPATRA80a9c0d039ee: Use std::unique_ptr for pimpl (authored by ikloecker).
Use std::unique_ptr for pimpl
May 12 2021, 5:16 PM
ikloecker committed rKLEOPATRAef6c06f010fa: GIT_SILENT: Fix debug message (authored by ikloecker).
GIT_SILENT: Fix debug message
May 12 2021, 5:16 PM
ikloecker committed rKLEOPATRA40013fb8477d: Hide Tags column if tag support is not enabled (authored by ikloecker).
Hide Tags column if tag support is not enabled
May 12 2021, 5:16 PM
ikloecker committed rKLEOPATRA00c7c920c5bd: Move CertificateDetailsDialog to *.h/*.cpp of its own (authored by ikloecker).
Move CertificateDetailsDialog to *.h/*.cpp of its own
May 12 2021, 5:16 PM
ikloecker committed rKLEOPATRAd47a5a266cf1: Modernize code and sort includes (authored by ikloecker).
Modernize code and sort includes
May 12 2021, 5:16 PM
ikloecker committed rLIBKLEO28d8291f6ba9: Add information about trust signatures to UserIDListModel (authored by ikloecker).
Add information about trust signatures to UserIDListModel
May 12 2021, 5:12 PM
ikloecker committed rLIBKLEO703a38739b41: Bump library version (authored by ikloecker).
Bump library version
May 12 2021, 5:12 PM
ikloecker committed rLIBKLEO4c8b79fc6894: GIT_SILENT: Reorder includes (authored by ikloecker).
GIT_SILENT: Reorder includes
May 12 2021, 5:12 PM
ikloecker committed rLIBKLEO32a3eb6aaaac: Modernize code (authored by ikloecker).
Modernize code
May 12 2021, 5:12 PM
ikloecker committed rLIBKLEO628ea4b79991: Always add the Tags column to the model (authored by ikloecker).
Always add the Tags column to the model
May 12 2021, 5:12 PM
ikloecker committed rLIBKLEO941f82fbbe48: Add enum for model columns (authored by ikloecker).
Add enum for model columns
May 12 2021, 5:12 PM
ikloecker committed rLIBKLEO27cd0e8e450a: Use std::unique_ptr for mRootItem (authored by ikloecker).
Use std::unique_ptr for mRootItem
May 12 2021, 5:12 PM
ikloecker committed rLIBKLEOf25dcd53ddc2: Enforce QT_NO_CAST_FROM_ASCII (authored by ikloecker).
Enforce QT_NO_CAST_FROM_ASCII
May 12 2021, 5:12 PM
lbogdan updated the task description for T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations.
May 12 2021, 12:53 PM · gnupg24, yubikey, Bug Report
lbogdan created T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations.
May 12 2021, 12:51 PM · gnupg24, yubikey, Bug Report
werner committed rM88db69e1a964: core: Make sure to stay ABI compatible. (authored by werner).
core: Make sure to stay ABI compatible.
May 12 2021, 9:17 AM
werner committed rMaa98081356b5: core: Allow for older compilers. (authored by werner).
core: Allow for older compilers.
May 12 2021, 9:17 AM
werner closed T5434: gpg-agent should not use MD5 fingerprint for ssh keys as Resolved.
May 12 2021, 9:05 AM · gnupg, Bug Report
werner committed rG310b064f5271: agent: Use SHA-256 for SSH fingerprint by default (authored by werner).
agent: Use SHA-256 for SSH fingerprint by default
May 12 2021, 8:59 AM
werner added a comment to T5434: gpg-agent should not use MD5 fingerprint for ssh keys.

Frankly, I am pretty sure that the new base64 encoding of the fingerprint leads to less diligent comparison of the fingerprint by the user. I don't understand why they did not used a truncated hex output or zBase32 .

May 12 2021, 8:51 AM · gnupg, Bug Report
Laurent Montel <montel@kde.org> committed rLIBKLEO234be2025ff1: Fix clazy warning (authored by Laurent Montel <montel@kde.org>).
Fix clazy warning
May 12 2021, 8:17 AM

May 11 2021

lrod33 created T5435: GpgOL shows Insecure and won't decrypt instead there is an attachment.
May 11 2021, 4:10 PM · Info Needed, Bug Report, gpg4win
Jakuje created T5434: gpg-agent should not use MD5 fingerprint for ssh keys.
May 11 2021, 2:30 PM · gnupg, Bug Report
Jakuje created T5433: libgcrypt: Do not use SHA1 by default.
May 11 2021, 1:58 PM · FIPS, libgcrypt, Bug Report
werner triaged T5432: GPA - Crypto Backend Configurator ignores screen zoom factor and partially falls off screen as Low priority.

Thanks for using GPA. Unfortunately, I have to tell you that GPA development has been stopped and I can't say whether we will fix that bug any time soon. Please consider to switch to Kleopatra which is the standard key manager included in gpg4win.

May 11 2021, 1:49 PM · gpa, Bug Report
dutchgemini created T5432: GPA - Crypto Backend Configurator ignores screen zoom factor and partially falls off screen.
May 11 2021, 9:51 AM · gpa, Bug Report
ikloecker committed rKLEOPATRAddf99af924cd: Exclude key to certify from possible certification keys (authored by ikloecker).
Exclude key to certify from possible certification keys
May 11 2021, 9:45 AM
werner committed rG965bb0693c0d: A few minor code cleanups and typo fixes. (authored by werner).
A few minor code cleanups and typo fixes.
May 11 2021, 9:25 AM
werner added a comment to T5430: "free(): invalid pointer" from --clearsign.

FWIW, we can and should run our test suite under valgrind from time to time

May 11 2021, 9:00 AM · gnupg (gpg23)
gniibe changed the status of T5430: "free(): invalid pointer" from --clearsign from Open to Testing.
May 11 2021, 8:43 AM · gnupg (gpg23)
werner triaged T5431: Use AC_PROG_CC_C99 as Normal priority.
May 11 2021, 8:23 AM · gnupg24, toolchain, gnupg (gpg23)
gniibe added a comment to T5430: "free(): invalid pointer" from --clearsign.

Sorry, it's my fault.
Fixed in rGac731dbbbd21: gpg: Fix allocation for EXTRAHASH..

May 11 2021, 7:50 AM · gnupg (gpg23)
gniibe committed rGac731dbbbd21: gpg: Fix allocation for EXTRAHASH. (authored by gniibe).
gpg: Fix allocation for EXTRAHASH.
May 11 2021, 7:50 AM
Laurent Montel <montel@kde.org> committed rKLEOPATRA1becdd7d7819: We can buid against 5.14 without deprecated method (authored by Laurent Montel <montel@kde.org>).
We can buid against 5.14 without deprecated method
May 11 2021, 7:12 AM
gniibe added a comment to T5428: PC/SC detecting removal of card.

On Windows, smartcard is also used by logon/logout and certificates handling. Those may be related.

May 11 2021, 3:47 AM · Info Needed, Windows, scd, Bug Report
gniibe added a comment to D531: Keep holding READER_LOCK_TABLE and make clear distinction among close/releasing_PCSC_context/nullify_rdrname.

Applied in rG32baa9acfb15: scd: Serialize READER_TABLE access for PC/SC..

May 11 2021, 3:42 AM · gnupg (gpg23), scd
gniibe added a comment to D531: Keep holding READER_LOCK_TABLE and make clear distinction among close/releasing_PCSC_context/nullify_rdrname.

Please note that we don't use lock in apdu_dev_list_start/finish any more.
Use of lock is narrowed, only within apdu_open_reader function.

May 11 2021, 3:41 AM · gnupg (gpg23), scd
gniibe committed rG32baa9acfb15: scd: Serialize READER_TABLE access for PC/SC. (authored by gniibe).
scd: Serialize READER_TABLE access for PC/SC.
May 11 2021, 3:39 AM

May 10 2021

cbiedl created T5430: "free(): invalid pointer" from --clearsign.
May 10 2021, 9:27 PM · gnupg (gpg23)
werner assigned T5428: PC/SC detecting removal of card to gniibe.

(I disabled the account of this boor)

May 10 2021, 6:43 PM · Info Needed, Windows, scd, Bug Report
werner reopened T5415: YubiKey no longer recognized in GnuPG 2.3.1 on macOS 10.15.7 as "Open".

(I disabled this boor and restored the state)

May 10 2021, 6:41 PM · MacOS, yubikey, Bug Report
ikloecker committed rKLEOPATRA3fcfe9ead9d6: Prefill the trust signature domain (authored by ikloecker).
Prefill the trust signature domain
May 10 2021, 4:31 PM
ikloecker committed rKLEOPATRAdb59674bda1b: Allow certifying a key as trusted introducer for a domain (authored by ikloecker).
Allow certifying a key as trusted introducer for a domain
May 10 2021, 4:31 PM
ikloecker committed rKLEOPATRA3af53c4fc238: Modernize and clean up a bit (authored by ikloecker).
Modernize and clean up a bit
May 10 2021, 4:31 PM
ikloecker committed rKLEOPATRA2cb7c1e23304: Add info button explaining the "Certify as trusted introducer" option (authored by ikloecker).
Add info button explaining the "Certify as trusted introducer" option
May 10 2021, 4:31 PM
ikloecker committed rKLEOPATRA5bee1e13eaed: Remove typedefs obsoleted by auto (authored by ikloecker).
Remove typedefs obsoleted by auto
May 10 2021, 4:31 PM
ikloecker committed rKLEOPATRAf2e5d1fe98c1: Refactor CertifyWidget and CertifyCertificateDialog (authored by ikloecker).
Refactor CertifyWidget and CertifyCertificateDialog
May 10 2021, 4:31 PM
ikloecker committed rKLEOPATRAf2062056b35d: Remove not implemented member function (authored by ikloecker).
Remove not implemented member function
May 10 2021, 4:31 PM
ikloecker committed rKLEOPATRA4aca43dc2ac0: Use std::unique_ptr for d-pointer and initialize members in-class (authored by ikloecker).
Use std::unique_ptr for d-pointer and initialize members in-class
May 10 2021, 4:31 PM
ikloecker committed rKLEOPATRA4c3d353bcd98: Remove unused setters (authored by ikloecker).
Remove unused setters
May 10 2021, 4:31 PM
Laurent Montel <montel@kde.org> committed rLIBKLEOab707f2a95ad: GIT_SILENT: add more clazy check (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: add more clazy check
May 10 2021, 1:57 PM
Laurent Montel <montel@kde.org> committed rKLEOPATRA06f289cc7d00: GIT_SILENT: add more clazy check (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: add more clazy check
May 10 2021, 1:56 PM
gillcovid19 placed T5428: PC/SC detecting removal of card up for grabs.
May 10 2021, 12:42 PM · Info Needed, Windows, scd, Bug Report
gillcovid19 closed T5415: YubiKey no longer recognized in GnuPG 2.3.1 on macOS 10.15.7 as Resolved.
May 10 2021, 12:41 PM · MacOS, yubikey, Bug Report
ikloecker added a project to T4876: Generic smartcard widget for PKCS# 15 and other apps: Restricted Project.
May 10 2021, 10:30 AM · Restricted Project, kleopatra
ikloecker claimed T4876: Generic smartcard widget for PKCS# 15 and other apps.
May 10 2021, 10:30 AM · Restricted Project, kleopatra
ikloecker triaged T5429: Kleopatra: Display information about trust signatures as Normal priority.
May 10 2021, 9:36 AM · kleopatra, Restricted Project
ikloecker moved T5175: Kleopatra: Add support for custom groups from Restricted Project Column to Restricted Project Column on the Restricted Project board.
May 10 2021, 9:30 AM · Restricted Project, kleopatra
ikloecker changed the status of T5175: Kleopatra: Add support for custom groups from Open to Testing.
May 10 2021, 9:30 AM · Restricted Project, kleopatra
ikloecker moved T5283: GpgOL: Add mixed mode for S/MIME and OpenPGP to libkleo newkeyresolver from Restricted Project Column to Restricted Project Column on the Restricted Project board.
May 10 2021, 9:28 AM · kleopatra, Restricted Project, gpgol
ikloecker changed the status of T5283: GpgOL: Add mixed mode for S/MIME and OpenPGP to libkleo newkeyresolver from Open to Testing.
May 10 2021, 9:28 AM · kleopatra, Restricted Project, gpgol
ikloecker closed T5421: gpgme++, qgpgme: Add support for creating trust signatures as Resolved.
May 10 2021, 9:27 AM · kleopatra, Restricted Project
ikloecker closed T5421: gpgme++, qgpgme: Add support for creating trust signatures, a subtask of T5245: Kleopatra: Add support for trust signatures / trusted introducer, as Resolved.
May 10 2021, 9:27 AM · kleopatra, Restricted Project
ikloecker moved T5421: gpgme++, qgpgme: Add support for creating trust signatures from Restricted Project Column to Restricted Project Column on the Restricted Project board.
May 10 2021, 9:27 AM · kleopatra, Restricted Project
ikloecker closed T5426: [Pinentry]: add remeber password checkbox in pinentry-qt. as Wontfix.

GnuPG (more precisely gpg-agent) does cache the password for some time in memory. The default is 10 minutes. Add

default-cache-ttl n

where n is the number of seconds to cache the password, to ~/.gnupg/gpg-agent.conf.

May 10 2021, 9:23 AM · Feature Request
werner triaged T5428: PC/SC detecting removal of card as High priority.
May 10 2021, 8:51 AM · Info Needed, Windows, scd, Bug Report
werner added a comment to T5428: PC/SC detecting removal of card.

I don't think that it is --pcsc-shared related; Andre reported that he noticed such a behaviour before we introduced this.

May 10 2021, 8:49 AM · Info Needed, Windows, scd, Bug Report
werner added a comment to D531: Keep holding READER_LOCK_TABLE and make clear distinction among close/releasing_PCSC_context/nullify_rdrname.

We should add a comment at the caller side, that this takes a lock in apdu.c.

May 10 2021, 8:45 AM · gnupg (gpg23), scd
gniibe updated the diff for D531: Keep holding READER_LOCK_TABLE and make clear distinction among close/releasing_PCSC_context/nullify_rdrname.

Make the lock holding narrower, and it allows no exposing reader_table_lock.

May 10 2021, 7:52 AM · gnupg (gpg23), scd
gniibe added inline comments to D531: Keep holding READER_LOCK_TABLE and make clear distinction among close/releasing_PCSC_context/nullify_rdrname.
May 10 2021, 7:51 AM · gnupg (gpg23), scd
gniibe updated the diff for D531: Keep holding READER_LOCK_TABLE and make clear distinction among close/releasing_PCSC_context/nullify_rdrname.

Exposing reader_table_lock would be better.
I found a dead-lock condition when apdu_close_reader is called during apdu_dev_list_start/finish.

May 10 2021, 7:06 AM · gnupg (gpg23), scd
gniibe claimed T5428: PC/SC detecting removal of card.

I wonder if PCSC_SHARE_SHARED is related or not.

May 10 2021, 6:32 AM · Info Needed, Windows, scd, Bug Report
gniibe created T5428: PC/SC detecting removal of card.
May 10 2021, 5:40 AM · Info Needed, Windows, scd, Bug Report
gniibe updated the diff for D531: Keep holding READER_LOCK_TABLE and make clear distinction among close/releasing_PCSC_context/nullify_rdrname.

And if the coding style of hiding mutex_lock/mutex_unlock inside different functions matters, we can expose the mutex to its user.

May 10 2021, 4:32 AM · gnupg (gpg23), scd
gniibe added a comment to D531: Keep holding READER_LOCK_TABLE and make clear distinction among close/releasing_PCSC_context/nullify_rdrname.

Last commit will be:

May 10 2021, 4:29 AM · gnupg (gpg23), scd
gniibe committed rGec5591dc4e1f: scd: Fix close_pcsc_reader. (authored by gniibe).
scd: Fix close_pcsc_reader.
May 10 2021, 3:56 AM
gniibe committed rGcccc9bd5db1f: scd: Make sure releasing PC/SC context. (authored by gniibe).
scd: Make sure releasing PC/SC context.
May 10 2021, 3:56 AM
gniibe added a comment to D531: Keep holding READER_LOCK_TABLE and make clear distinction among close/releasing_PCSC_context/nullify_rdrname.

The second commit is replacing a use case of close_pcsc_reader by clearing pcsc.rdrname and calling release_pcsc_context.
This makes the use of close_pcsc_reader to its original purpose only (== closing PC/SC reader as a method of close_reader).

May 10 2021, 3:48 AM · gnupg (gpg23), scd
gniibe added a comment to D531: Keep holding READER_LOCK_TABLE and make clear distinction among close/releasing_PCSC_context/nullify_rdrname.

OK. As I pointed out a commit having multiple things may make analysis difficult, I should have been careful.
So, let me fix the problem by multiple commits.

May 10 2021, 3:28 AM · gnupg (gpg23), scd