Page MenuHome GnuPG
Feed All Stories

Jul 21 2021

ikloecker committed rP64695a5e6f7b: qt: Enable formatted passphrase after generating passphrase (authored by ikloecker).
qt: Enable formatted passphrase after generating passphrase
Jul 21 2021, 5:24 PM
ikloecker committed rP621500c87258: Fix Assuan commands mentioned in comments (authored by ikloecker).
Fix Assuan commands mentioned in comments
Jul 21 2021, 5:24 PM
ikloecker committed rP456d81a82da1: doc: Document the passphrase generation (authored by ikloecker).
doc: Document the passphrase generation
Jul 21 2021, 5:24 PM
ikloecker committed rP78e4284e8d93: qt: Show hint if Caps Lock is on (authored by ikloecker).
qt: Show hint if Caps Lock is on
Jul 21 2021, 5:24 PM
ikloecker committed rP672260f15bf8: Add support for Caps Lock hint (authored by ikloecker).
Add support for Caps Lock hint
Jul 21 2021, 5:24 PM
klaus23344 added a comment to T5525: Evolution cant work with gnupg .

ok i found it just add "trust-model always" in gpg.conf

Jul 21 2021, 4:32 PM · Bug Report
klaus23344 added a comment to T5525: Evolution cant work with gnupg .

now its importing keys but it dosent trust them do you know how to fix this?
gpg2 --verbose --no-secmem-warning --no-greeting --auto-key-retrieve --no-tty --batch --yes --status-fd=2 --encrypt --armor -u <key-id> -r <email> -r <key-id> --output -
gpg: using subkey <sub-key> instead of primary key <primary-key>
[GNUPG:] KEY_CONSIDERED <key-id> 0
gpg: using pgp trust model
gpg: This key belongs to us
gpg: data source: <keyserver>
gpg: armor header: Comment: <key-id>
gpg: armor header: Comment: Name <email>
gpg: pub rsa4096/<key-id> <date> <name> <email>
gpg: key <key-id>: public key "<name> <email>"
imported
[GNUPG:] IMPORTED <key-id> <name> <email>
[GNUPG:] IMPORT_OK 1 <key-id>
gpg: Total number processed: 1
gpg: imported: 1
[GNUPG:] IMPORT_RES 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0
gpg: auto-key-locate found fingerprint <fingerprint>
gpg: using subkey <sub-key> instead of primary key <primary-key>
[GNUPG:] KEY_CONSIDERED <fingerprint> 0
gpg: automatically retrieved '<email>' via keyserver
gpg: <sub-key>: There is no assurance this key belongs to the named user
[GNUPG:] INV_RECP 10 <email>
[GNUPG:] FAILURE encrypt 53
gpg: [stdin]: encryption failed: Unusable public key

Jul 21 2021, 2:32 PM · Bug Report
ikloecker committed rGb2a6e5b51696: agent: Add translatable text for Caps Lock hint (authored by ikloecker).
agent: Add translatable text for Caps Lock hint
Jul 21 2021, 12:59 PM
bernhard added a comment to T5525: Evolution cant work with gnupg .

Hmm your log does not seem to indicate that the key is requested by GnuPG,
e.g. something like

rmngr[6077.5]: DBG: chan_5 <- KS_GET -- =bernhard@intevation.de

is missing.

Jul 21 2021, 12:38 PM · Bug Report
vinc17 added a comment to T5527: keys.gnupg.net is obsolete.

OK, thanks for the explanation. But I think that the documentation should be slightly changed to say that the mapping is hardcoded. Otherwise, this may surprise users of different machines with different GnuPG versions (or in discussions between different users), who would see different behaviors when the mapping changes.

Jul 21 2021, 12:11 PM · Keyserver, FAQ, Documentation
gniibe committed rGb436fb6766b4: scd: Fix access to list of cards (2/3). (authored by gniibe).
scd: Fix access to list of cards (2/3).
Jul 21 2021, 10:32 AM
gniibe committed rG0d6b4210cf31: scd: Fix access to list of cards (3/3). (authored by gniibe).
scd: Fix access to list of cards (3/3).
Jul 21 2021, 10:32 AM
gniibe committed rG216945a80e7b: scd: Fix access to list of cards (1/3). (authored by gniibe).
scd: Fix access to list of cards (1/3).
Jul 21 2021, 10:32 AM
ikloecker added a comment to T5527: keys.gnupg.net is obsolete.

GnuPG 2.2.29 does not use keys.gnupg.net anymore. What it does is mapping keys.gnupg.net that is read from an (old) keyserver setting in the configuration files to a (hopefully) working keyserver. The documentation of gpg and dirmngr does indeed still mention keys.gnupg.net. The main problem with updating the documentation is that there isn't a good replacement for keys.gnupg.net and since keys.gnupg.net still works (via the aforementioned internal mapping) it is probably the best option for now.

Jul 21 2021, 9:59 AM · Keyserver, FAQ, Documentation
klaus23344 added a comment to T5525: Evolution cant work with gnupg .

For the evolution command i get:
2021-07-21 03:04:06 dirmngr[2421] listening on socket '/run/user/1000/gnupg/S.dirmngr'
2021-07-21 03:04:06 dirmngr[2422.0] permanently loaded certificates: 129
2021-07-21 03:04:06 dirmngr[2422.0] runtime cached certificates: 0
2021-07-21 03:04:06 dirmngr[2422.0] trusted certificates: 129 (128,0,0,1)
2021-07-21 03:04:06 dirmngr[2422.6] handler for fd 6 started
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 -> # Home: /home/<user>/.gnupg
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 -> # Config: /home/<user>/.gnupg/dirmngr.conf
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 -> OK Dirmngr 2.2.27 at your service
2021-07-21 03:04:06 dirmngr[2422.6] connection from process 2419 (1000:1000)
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 <- GETINFO version
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 -> D 2.2.27
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 -> OK
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 <- KEYSERVER --clear hkp://<keyserver>:8080
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 -> OK
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 <- WKD_GET -- <email>
2021-07-21 03:04:37 dirmngr[2422.6] DBG: chan_6 -> S SOURCE https://<domain> #the domain dosnt has a WKD service
2021-07-21 03:04:37 dirmngr[2422.6] number of system provided CAs: 143
2021-07-21 03:04:47 dirmngr[2422.6] DBG: http.c:request:
2021-07-21 03:04:47 dirmngr[2422.6] DBG: >> GET /.well- known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-part>
HTTP/1.0\r\n
2021-07-21 03:04:47 dirmngr[2422.6] DBG: >> Host: <domain>\r\n
2021-07-21 03:04:47 dirmngr[2422.6] DBG: http.c:request-header:
2021-07-21 03:04:47 dirmngr[2422.6] DBG: >> \r\n
2021-07-21 03:04:47 dirmngr[2422.6] DBG: http.c:response:
2021-07-21 03:04:47 dirmngr[2422.6] DBG: >> HTTP/1.1 302 Found\r\n
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: 'date: Wed, 21 Jul
2021 07:04:45 GMT'
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: 'server: Apache/2.4.41 (Ubuntu)'
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: 'location: https://www.<domain>/.well-known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-part>'
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: 'content-length: 347'
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: 'content-type: text/html; charset=iso-8859-1'
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: 'strict-transport- security: max-age=15768000'
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: 'connection: close'
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: ''
2021-07-21 03:04:47 dirmngr[2422.6] URL 'https://www.<domain>/.well-known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-part>' redirected to 'https://www.<domain>/.well-known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-part>' (302)
2021-07-21 03:04:47 dirmngr[2422.6] redirection changed to 'https://www.<domain>/.well-known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-part>'
2021-07-21 03:04:47 dirmngr[2422.6] DBG: chan_6 -> S WARNING http_redirect_cleanup 0 changed from 'https://<domain>/.well-known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-host>' to 'https://www.<domain>/.well-known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-part>'
2021-07-21 03:04:57 dirmngr[2422.6] DBG: http.c:request:
2021-07-21 03:04:57 dirmngr[2422.6] DBG: >> GET /.well- known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-part>
HTTP/1.0\r\n
2021-07-21 03:04:57 dirmngr[2422.6] DBG: >> Host: [http://www.<domain>\r\n]www.<domain>\r\n
2021-07-21 03:04:57 dirmngr[2422.6] DBG: http.c:request-header:
2021-07-21 03:04:57 dirmngr[2422.6] DBG: >> \r\n
2021-07-21 03:04:57 dirmngr[2422.6] DBG: chan_6 -> S PROGRESS tick ? 0 0
2021-07-21 03:04:57 dirmngr[2422.6] DBG: http.c:response:
2021-07-21 03:04:57 dirmngr[2422.6] DBG: >> HTTP/1.1 404 Not Found\r\n
2021-07-21 03:04:57 dirmngr[2422.6] http.c:RESP: 'date: Wed, 21 Jul
2021 07:04:55 GMT'
2021-07-21 03:04:57 dirmngr[2422.6] http.c:RESP: 'server: Apache/2.4.41

Jul 21 2021, 9:22 AM · Bug Report

Jul 20 2021

bernhard added a comment to T5525: Evolution cant work with gnupg .

i dont have one what shoud i put in it

Jul 20 2021, 5:33 PM · Bug Report
klaus23344 added a comment to T5525: Evolution cant work with gnupg .

i dont have one what shoud i put in it

Jul 20 2021, 4:40 PM · Bug Report
vinc17 created T5527: keys.gnupg.net is obsolete.
Jul 20 2021, 1:49 PM · Keyserver, FAQ, Documentation
bernhard added a comment to T5525: Evolution cant work with gnupg .

Tried it myself, getting the pubkey seems to work here.
Debian gnupg Version: 2.2.27-2~bpo10+1

Jul 20 2021, 11:37 AM · Bug Report
klaus23344 added a comment to T5525: Evolution cant work with gnupg .

Yes same result

Jul 20 2021, 8:17 AM · Bug Report

Jul 19 2021

bernhard added a comment to T5525: Evolution cant work with gnupg .

Did you try "--auto-key-retrieve"?

Jul 19 2021, 4:50 PM · Bug Report
klaus23344 added a comment to T5525: Evolution cant work with gnupg .

The comand that works says:

Jul 19 2021, 4:14 PM · Bug Report
ikloecker added a comment to T5517: Improvements for symmetric encryption.

For formatting there are four modes: Formatting forced off (the default)/force on/on/off. The latter two modes allow the user to change the option.

Jul 19 2021, 10:36 AM · pinentry, Restricted Project
ikloecker merged T5526: GPGME: Qt test t-various fails on i386 into T5522: gpgme: qt: t-various.cpp TestVarious::testSignKeyWithExpiration fails on 32 bit.
Jul 19 2021, 10:25 AM · gpgme, Bug Report
ikloecker merged task T5526: GPGME: Qt test t-various fails on i386 into T5522: gpgme: qt: t-various.cpp TestVarious::testSignKeyWithExpiration fails on 32 bit.
Jul 19 2021, 10:25 AM · gpgme, Bug Report
ikloecker closed T5526: GPGME: Qt test t-various fails on i386 as Resolved.

This is a duplicate of T5522: gpgme: qt: t-various.cpp TestVarious::testSignKeyWithExpiration fails on 32 bit.

Jul 19 2021, 10:22 AM · gpgme, Bug Report
gniibe is attending E878: Weekly Standup.
Jul 19 2021, 10:15 AM

Jul 18 2021

asv updated asv.
Jul 18 2021, 1:29 PM

Jul 17 2021

savoury1 created T5526: GPGME: Qt test t-various fails on i386.
Jul 17 2021, 10:09 PM · gpgme, Bug Report

Jul 16 2021

Laurent Montel <montel@kde.org> committed rLIBKLEO50a8271fe573: GIT_SILENT: Prepare 21.08rc (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 21.08rc
Jul 16 2021, 6:40 PM
bernhard added a comment to T5525: Evolution cant work with gnupg .

Can you show the output of the command that works and the command that does not (and gets called by evolution),
please also add a "-v" to the options.

Jul 16 2021, 5:17 PM · Bug Report
klaus23344 added a comment to T5525: Evolution cant work with gnupg .

This key server also dosnt work

Jul 16 2021, 4:13 PM · Bug Report
bernhard added a comment to T5525: Evolution cant work with gnupg .

It could also be a problem of the keyserver (some hagrid instances are known to deliberately break RFC4880), can you try with a different keyserver, e.g. http://keys2.andreas-puls.de/.

Jul 16 2021, 3:28 PM · Bug Report
klaus23344 created T5525: Evolution cant work with gnupg .
Jul 16 2021, 10:17 AM · Bug Report
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

And... as long as I read the PCT patches, it is not needed to export those API to users.
It is only needed internally for PCT tests (at most).

Jul 16 2021, 10:12 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

I am considering API enhancement, for this task.

Jul 16 2021, 10:01 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T5524: scd: serialize access of ctrl->card_ctx.

This rwlock guarantees access with ctrl->card_ctx is always valid.

Jul 16 2021, 8:42 AM · gnupg (gpg23), Testing, scd
gniibe created T5524: scd: serialize access of ctrl->card_ctx.
Jul 16 2021, 8:40 AM · gnupg (gpg23), Testing, scd

Jul 15 2021

ikloecker committed rPff5c3093639f: doc: Add Qt 5 to the list of available variants of pinentry. (authored by ikloecker).
doc: Add Qt 5 to the list of available variants of pinentry.
Jul 15 2021, 7:38 PM
ikloecker committed rP51a7a9f63ea7: doc: Fix two typos in HACKING file (authored by ikloecker).
doc: Fix two typos in HACKING file
Jul 15 2021, 7:38 PM
brent0919 added a comment to U11 Jacob Smith.

[[ URL | foreach ($list as $item) {

work_miracles($item);

} ]]

Jul 15 2021, 6:55 PM · Keyserver
fmanchon added a comment to T5364: Kleopatra won't start.

Forgot to mention one thing: after changing my user folder directory I lost all my Outlook contacts. I was able to recover them... make sure you have a backup before attempting this!

Jul 15 2021, 6:41 PM · workaround, gnupg, Windows, kleopatra, Bug Report, gpg4win
ikloecker moved T4950: pinentry: Add warning when capslock is on from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Jul 15 2021, 4:26 PM · Restricted Project, pinentry
gniibe committed rCdb9f7abb7af7: hmac: Use xfree. (authored by gniibe).
hmac: Use xfree.
Jul 15 2021, 8:16 AM

Jul 14 2021

Christophe Giboudeaux <christophe@krop.fr> committed rLIBKLEO9f79f522c77f: Fix typos found by codespell (authored by Christophe Giboudeaux <christophe@krop.fr>).
Fix typos found by codespell
Jul 14 2021, 12:43 PM
Predrag updated Predrag.
Jul 14 2021, 12:00 PM
Predrag updated Predrag.
Jul 14 2021, 11:50 AM

Jul 13 2021

Jakuje added a comment to T5520: Fix tests in FIPS mode.

I went through the patches above + what I suggested in previous comments, tested everything against both upstream and libgcrypt in Fedora in FIPS mode. There were slight differences, some cases were already fixed in master, some needed to upstream some of our changes, but the result is 10 patches working in both FIPS and non-fips mode, hopefully enough annotated. If not, please, ask for clarifications.

Jul 13 2021, 11:25 PM · Testing, FIPS, libgcrypt, Bug Report
Predrag updated Predrag.
Jul 13 2021, 11:20 AM

Jul 12 2021

werner set External Link to https://eprint.iacr.org/2021/923.pdf on T5328: On the (in)security of Elgamal in OpenPGP.
Jul 12 2021, 6:11 PM · side-channel, CVE, libgcrypt
fmanchon added a comment to T5364: Kleopatra won't start.

I just had the same issue as hurui200320. My user name contains a "ç" and Kleopatra did not start. The Windows event logger reported a crash in libstdc++-6.dll. This was with gpg4win-3.1.16. Installing gnupg 2.3.1 did not change anything.

Jul 12 2021, 4:21 PM · workaround, gnupg, Windows, kleopatra, Bug Report, gpg4win
Jakuje added a comment to T5512: Implement service indicators.

I went through the OpenSSL drafts. The module boundary in OpenSSL will be separate fips.so object and only non-deprecated functions of OpenSSL 3.0 will be FIPS compliant. There is a global state, that will allow only approved algorithms and modes and there will be API to query the FIPS mode status using OSSL_PARAM_get* functions, but we still have some unknowns so I hope we will know more on the next meeting.

Jul 12 2021, 3:42 PM · FIPS, libgcrypt, Bug Report
gniibe created T5523: jitter entropy RNG update.
Jul 12 2021, 11:36 AM · FIPS, libgcrypt
werner assigned T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation to gniibe.
Jul 12 2021, 11:20 AM · FIPS, libgcrypt, Feature Request
werner raised the priority of T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation from Normal to High.
Jul 12 2021, 11:20 AM · FIPS, libgcrypt, Feature Request
aheinecke reassigned T4950: pinentry: Add warning when capslock is on from aheinecke to ikloecker.
Jul 12 2021, 10:31 AM · Restricted Project, pinentry
ikloecker committed rG5a93acbc7a51: po: Fix typo in German translation. (authored by ikloecker).
po: Fix typo in German translation.
Jul 12 2021, 9:54 AM
ikloecker is attending E877: Weekly Standup.
Jul 12 2021, 9:21 AM
gniibe is attending E877: Weekly Standup.
Jul 12 2021, 7:05 AM
gniibe added a comment to E877: Weekly Standup.

Topic:

  • Use of environment variable to enable FIPS mode is useful for developers:

https://build.opensuse.org/package/view_file/devel:libraries:c_c++/libgcrypt/libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff?expand=1

Jul 12 2021, 7:00 AM
gniibe added a comment to T4873: Enable AES GCM in FIPS mode.

(OpenSSL for FIPS support is a bit tricky, which is described in README-FIPS.md in their distribution. It offers OpenSSL FIPS provider as shared library fips.so.)

Jul 12 2021, 3:38 AM · libgcrypt, Feature Request

Jul 11 2021

Laurent Montel <montel@kde.org> committed rLIBKLEO1ff85837a7e6: GIT_SILENT: Time to increase version (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Time to increase version
Jul 11 2021, 8:10 AM
Laurent Montel <montel@kde.org> committed rKLEOPATRAbb92dfd266e0: GIT_SILENT: Time to increase version (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Time to increase version
Jul 11 2021, 8:08 AM
l10n daemon script <scripty@kde.org> committed rLIBKLEO336fac0f4d5d: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
Jul 11 2021, 4:12 AM

Jul 10 2021

Laurent Montel <montel@kde.org> committed rLIBKLEO959202fa857d: GIT_SILENT: master is open (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: master is open
Jul 10 2021, 9:12 PM
Albert Astals Cid <aacid@kde.org> committed rKLEOPATRA6fcb52f2866f: GIT_SILENT Upgrade release service version to 21.11.70. (authored by Albert Astals Cid <aacid@kde.org>).
GIT_SILENT Upgrade release service version to 21.11.70.
Jul 10 2021, 8:25 PM
Laurent Montel <montel@kde.org> committed rLIBKLEO1568a3fac3e0: GIT_SILENT: prepare 5.17.80beta (I didn't know that release 21.08 was created... (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.17.80beta (I didn't know that release 21.08 was created...
Jul 10 2021, 7:12 PM
Laurent Montel <montel@kde.org> committed rKLEOPATRA2a750747ae57: GIT_SILENT: prepare 5.17.80beta (I didn't know that release 21.08 was created... (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.17.80beta (I didn't know that release 21.08 was created...
Jul 10 2021, 7:10 PM
Laurent Montel <montel@kde.org> committed rLIBKLEO15f8c5f3762d: GIT_SILENT: prepare 5.17.80beta (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.17.80beta
Jul 10 2021, 2:16 PM
Laurent Montel <montel@kde.org> committed rKLEOPATRAffdaa344bfc0: GIT_SILENT: prepare 5.17.80beta (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.17.80beta
Jul 10 2021, 2:14 PM

Jul 9 2021

gniibe added a comment to T5512: Implement service indicators.

Just FYI, NSS offers following API:

Jul 9 2021, 8:11 AM · FIPS, libgcrypt, Bug Report

Jul 8 2021

Jakuje added a comment to T4873: Enable AES GCM in FIPS mode.

I have couple of references from libssh:

Jul 8 2021, 2:57 PM · libgcrypt, Feature Request
werner added a comment to T4873: Enable AES GCM in FIPS mode.

gniibe: Can you please check what openssl does exactly. The problem is that we currently have no permanent state for Libgcrypt (i.e. something stored on disk per user or even better global)

Jul 8 2021, 2:29 PM · libgcrypt, Feature Request
ikloecker closed T5522: gpgme: qt: t-various.cpp TestVarious::testSignKeyWithExpiration fails on 32 bit as Resolved.
Jul 8 2021, 2:21 PM · gpgme, Bug Report
werner added a comment to T4873: Enable AES GCM in FIPS mode.

FWIW: Unfortunately everyone is moving to GCM, even Outlook. While GnuPG was evaluated by the German BSI we had discussions about this and their evaluators were wary about GCM due to its brittleness thus our use of OCB was very welcomed. OTOH, another approved product meanwhile comes with GCM for S/MIME and thus it seems thatGCM is accepted.

Jul 8 2021, 2:20 PM · libgcrypt, Feature Request
werner committed rG101ba4f18ace: kbx: Fix keyboxd searching with multiple patterns. (authored by werner).
kbx: Fix keyboxd searching with multiple patterns.
Jul 8 2021, 2:16 PM
werner committed rGb871824fefa1: kbx: Improve debugging of the search descriptions in keyboxd. (authored by werner).
kbx: Improve debugging of the search descriptions in keyboxd.
Jul 8 2021, 2:16 PM
werner committed rG924c8221fbe5: scd: Silence compiler waring about unused args. (authored by werner).
scd: Silence compiler waring about unused args.
Jul 8 2021, 2:16 PM
werner closed T4505: SM, W32: GPGSM hangs up the GnuPG System as Resolved.
Jul 8 2021, 2:13 PM · Restricted Project, kleopatra, gpgol, S/MIME, gpg4win, Windows
andreasstieger added a comment to T5522: gpgme: qt: t-various.cpp TestVarious::testSignKeyWithExpiration fails on 32 bit.

rM6a79e90dedc19877ae1c520fed875b57089a5425 looks good

Jul 8 2021, 1:44 PM · gpgme, Bug Report
ikloecker committed rMa5662a801fc1: core: Ensure gpg.conf for tests is recreated if necessary (authored by ikloecker).
core: Ensure gpg.conf for tests is recreated if necessary
Jul 8 2021, 12:42 PM
ikloecker committed rM6a79e90dedc1: Make sure expiration time is interpreted as unsigned number (authored by ikloecker).
Make sure expiration time is interpreted as unsigned number
Jul 8 2021, 12:42 PM
ikloecker claimed T5522: gpgme: qt: t-various.cpp TestVarious::testSignKeyWithExpiration fails on 32 bit.
Jul 8 2021, 11:42 AM · gpgme, Bug Report
Jakuje added a comment to T5521: Use of conscious language.

There is no point in questioning whether a couple of words change racism or any other human problems of these days. It will not.

Jul 8 2021, 10:38 AM · Won't Fix, Feature Request, gnupg (gpg23), libgcrypt
Jakuje added a comment to T5520: Fix tests in FIPS mode.

I was so far testing with changes on top of our patches.

Jul 8 2021, 10:26 AM · Testing, FIPS, libgcrypt, Bug Report
Jakuje added a comment to T4873: Enable AES GCM in FIPS mode.

Right. The AES-GCM was not allowed in FIPS mode until recently and I think now it is acceptable only for certain protocols (TLS, SSH), which guarantee that the IV is handled "correctly". As mentioned by gniibe, the requirements is that one should not be able to set IV to any specific value. The IV should be incremented automatically inside of the library (with some mask length + some generator configuration), somehow similarly as it is done with openssl, which would probably requite a new API in libgcrypt.

Jul 8 2021, 10:09 AM · libgcrypt, Feature Request
Laurent Montel <montel@kde.org> committed rLIBKLEO2e86bc416365: GIT_SILENT: Prepare 21.08 beta (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 21.08 beta
Jul 8 2021, 7:20 AM
gniibe added a comment to T5520: Fix tests in FIPS mode.

With `/etc/gcrypt/fips_enabled/', make check fails by:

Jul 8 2021, 6:50 AM · Testing, FIPS, libgcrypt, Bug Report
gniibe added a comment to T4873: Enable AES GCM in FIPS mode.

If I understand correctly, to conform FIPS, we need to ensure Key/IV pair uniqueness (See "Implementation Guidance for FIPS 140-3", Annex C. "C.H Key/IV Pair Uniqueness Requirements from SP 800-38D").
Use of the API to set IV by any value may be considered bad.

Jul 8 2021, 3:55 AM · libgcrypt, Feature Request
gniibe added a comment to T5520: Fix tests in FIPS mode.

Update: still ./basic --fips fails (for me), because of GCM (18 errors).
Need to fix T4873: Enable AES GCM in FIPS mode.

Jul 8 2021, 2:58 AM · Testing, FIPS, libgcrypt, Bug Report

Jul 7 2021

andreasstieger created T5522: gpgme: qt: t-various.cpp TestVarious::testSignKeyWithExpiration fails on 32 bit.
Jul 7 2021, 8:56 PM · gpgme, Bug Report
Saturneric added a comment to T5468: About the API of GpgME to revoke key pairs and subkeys..

Thanks for the reply, this source code file and suggestions are very useful. Let gpg execute commands is a solution, but it is not optimal compared to providing a functional interface.
In addition, it is reversible to revoke the subkey by expiring it. But I will use the solutions you provide at this stage, knowing that you have time to provide better solutions. thank you!

Jul 7 2021, 6:26 PM · gpgme, Feature Request
werner triaged T5521: Use of conscious language as Wishlist priority.

Sorry, this is not acceptable to me. <rant>You don't change racism by avoid words which are may be connected to racism. Master is a term used for example to indicate that a person is proficient in her profession. Slave is (in theory) a historic term to describe, well slaves. That is humans who are non-free and are not allowed to control their lives - like the majority of humans these days - they are just called different and the methods of suppression are different than in the past. In fact a Roman slave (but not a medieval bondsman) had well defined and esteemed rights not something the majority of US citizen with a dark skin has in practice. Term abolished, racism abolished, works as good as freeing the US slaves in the 1856, the 1960, or still today. It did not work. Mr. Kings hope has not yet realized itself and is now maybe farther away than we all had hoped in the second half of the last century. Don't cover facts by changing words used in a very different context.</rant>

Jul 7 2021, 5:48 PM · Won't Fix, Feature Request, gnupg (gpg23), libgcrypt
jukivili committed rCb98ca3f798ab: tests/basic: use SHA256 instead of RMD160 for SHAKE extract testing (authored by jukivili).
tests/basic: use SHA256 instead of RMD160 for SHAKE extract testing
Jul 7 2021, 5:29 PM
jukivili added a comment to T5520: Fix tests in FIPS mode.

That crcalgo can be any digest algorithm and SHA256 seems best option to me.

Jul 7 2021, 5:29 PM · Testing, FIPS, libgcrypt, Bug Report
Jakuje created T5521: Use of conscious language.
Jul 7 2021, 5:00 PM · Won't Fix, Feature Request, gnupg (gpg23), libgcrypt
Jakuje added a comment to T5520: Fix tests in FIPS mode.

Thank you for checking and for revised patch. I tested your patch and it works fine for the basic test up until this failure with the crcalgo:

basic: algo 316, crcalgo: 3, gcry_md_open failed: Invalid digest algorithm
basic: algo 317, crcalgo: 3, gcry_md_open failed: Invalid digest algorithm

These are GCRY_MD_SHAKE128 and GCRY_MD_SHAKE256, but the md used here is actually GCRY_MD_RMD160 which is hardcoded and not allowed in FIPS.

Jul 7 2021, 3:15 PM · Testing, FIPS, libgcrypt, Bug Report
werner triaged T5480: Export keys + manual as Low priority.
Jul 7 2021, 2:28 PM · Info Needed, gpg4win, Feature Request
ikloecker added a comment to T5468: About the API of GpgME to revoke key pairs and subkeys..

What do you mean by "exporting revocation certificates"? Once such a certificate is imported you simply export the public key including the revocation signature. Otherwise, simply takes the revocation certificates from ${GNUPGHOME}/openpgp-revocs.d where they are written to, if you generate a key. Kleopatra uses gpg directly to generate a revocation certificate mimicking what gpgme would do: See https://dev.gnupg.org/source/kleo/browse/master/src/commands/genrevokecommand.cpp.

Jul 7 2021, 10:24 AM · gpgme, Feature Request
gniibe committed rCccb076e8aabb: tests: Fix tests/basic.c for FIPS mode. (authored by gniibe).
tests: Fix tests/basic.c for FIPS mode.
Jul 7 2021, 9:32 AM