Page MenuHome GnuPG
Feed Advanced Search

Feb 24 2022

jukivili closed T4486: Add AEAD mode AES-SIV to libgcrypt (RFC 5297) as Resolved.
Feb 24 2022, 6:06 PM · Feature Request, libgcrypt

Feb 23 2022

aheinecke triaged T5854: Windows registry option to prevent modifications to signed/encrypted messages after validation by GpgOL as Wishlist priority.
Feb 23 2022, 6:09 PM · gpgol, Feature Request
aheinecke added a comment to T5854: Windows registry option to prevent modifications to signed/encrypted messages after validation by GpgOL.

The problem is that we replace the encrypted text and attachments with the decrypted / verified parts. This would already be a modification even without such changes like the category.

Feb 23 2022, 6:09 PM · gpgol, Feature Request
werner assigned T5854: Windows registry option to prevent modifications to signed/encrypted messages after validation by GpgOL to aheinecke.
Feb 23 2022, 4:06 PM · gpgol, Feature Request
werner added a project to T5598: AppImage of gpg: AppImage.
Feb 23 2022, 3:01 PM · AppImage, gnupg, Restricted Project, Feature Request

Feb 22 2022

tcataldo created T5854: Windows registry option to prevent modifications to signed/encrypted messages after validation by GpgOL.
Feb 22 2022, 2:39 PM · gpgol, Feature Request

Feb 17 2022

irl added a comment to T5837: gpg-card: Authenticate to PIV applet with non-3DES card management key.

Setting the management key has been implemented only for Yubikeys. So for Gemalto this won't work.

Feb 17 2022, 11:20 AM · gnupg24, scd, Feature Request
werner claimed T5837: gpg-card: Authenticate to PIV applet with non-3DES card management key.
Feb 17 2022, 10:49 AM · gnupg24, scd, Feature Request
werner added a comment to T5837: gpg-card: Authenticate to PIV applet with non-3DES card management key.

Setting the management key has been implemented only for Yubikeys. So for Gemalto this won't work.

Feb 17 2022, 10:48 AM · gnupg24, scd, Feature Request
irl created T5837: gpg-card: Authenticate to PIV applet with non-3DES card management key.
Feb 17 2022, 10:10 AM · gnupg24, scd, Feature Request
gniibe closed T2385: support more than 1024 fds. as Resolved.
Feb 17 2022, 5:47 AM · gpgrt, Feature Request, gpgme

Feb 14 2022

ikloecker closed T5781: Add tooltip to Kleo's advanced key generation dialog as Resolved.

I have added tooltips to the + ECDH and the + Elgamal checkboxes. Hope this helps.

Feb 14 2022, 10:36 AM · Restricted Project, Feature Request, kleopatra
ikloecker claimed T5781: Add tooltip to Kleo's advanced key generation dialog .
Feb 14 2022, 10:34 AM · Restricted Project, Feature Request, kleopatra
ikloecker added a comment to T5781: Add tooltip to Kleo's advanced key generation dialog .

If the user unselects + ECDH, then the checkmark before Encryption under Certificate Usage is removed. I'm not sure whether adding a tooltip would help if they don't notice this.

Feb 14 2022, 10:19 AM · Restricted Project, Feature Request, kleopatra

Feb 9 2022

gniibe added a project to T5817: libgcrypt: Add Balloon KDF: Restricted Project.
Feb 9 2022, 2:58 AM · libgcrypt, Feature Request

Feb 8 2022

motp added a comment to T5494: gpg-agent doesn't support security-key (sk) key types.

It would be awesome if you could implement this \o/

Feb 8 2022, 4:40 PM · gnupg24, gnupg (gpg23), Feature Request, ssh
gniibe added a comment to T5817: libgcrypt: Add Balloon KDF.

Tested on a big endian machine.

$ uname -a
Linux perotto 5.15.0-2-powerpc64 #1 SMP Debian 5.15.5-2 (2021-12-18) ppc64 GNU/Linux
Feb 8 2022, 4:00 AM · libgcrypt, Feature Request

Feb 7 2022

gniibe triaged T5817: libgcrypt: Add Balloon KDF as Normal priority.
Feb 7 2022, 6:15 AM · libgcrypt, Feature Request

Feb 2 2022

gniibe closed T5797: New API for modern password hash function as Resolved.
Feb 2 2022, 3:32 AM · Feature Request, libgcrypt
gniibe closed T5637: Use poll for libgcrypt (support more than 1024 fds), a subtask of T2385: support more than 1024 fds., as Resolved.
Feb 2 2022, 3:31 AM · gpgrt, Feature Request, gpgme
gniibe closed T5637: Use poll for libgcrypt (support more than 1024 fds) as Resolved.
Feb 2 2022, 3:31 AM · libgcrypt, Feature Request
gniibe closed T5752: libgcrypt: Adding aes-wrap-pad (RFC5649) support as Resolved.
Feb 2 2022, 3:30 AM · Feature Request, libgcrypt
gniibe closed T5512: Implement service indicators as Resolved.
Feb 2 2022, 1:24 AM · Feature Request, FIPS, libgcrypt
gniibe closed T5747: Provide a way to request non-FIPS service in FIPS mode as Resolved.
Feb 2 2022, 1:23 AM · Feature Request, FIPS, libgcrypt
gniibe closed T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation as Resolved.
Feb 2 2022, 1:21 AM · FIPS, libgcrypt, Feature Request
gniibe closed T5541: Envvar LIBGCRYPT_FORCE_FIPS_MODE as Resolved.
Feb 2 2022, 1:20 AM · Feature Request, FIPS, libgcrypt
gniibe moved T5512: Implement service indicators from Next to Ready for release on the FIPS board.
Feb 2 2022, 1:15 AM · Feature Request, FIPS, libgcrypt

Jan 31 2022

werner triaged T5807: Extend Authenticode signatures to more (all) Gpg4win binaries and libraries as Normal priority.
Jan 31 2022, 12:42 PM · Feature Request, gpg4win
gniibe added projects to T5797: New API for modern password hash function: Feature Request, Restricted Project.
Jan 31 2022, 1:22 AM · Feature Request, libgcrypt

Jan 27 2022

ikloecker changed the status of T5755: Kleopatra: Export secret subkeys from Open to Testing.
Jan 27 2022, 10:44 AM · Restricted Project, Feature Request, kleopatra

Jan 25 2022

gniibe added a comment to T5512: Implement service indicators.

Thank you, applied both of two patches.

Jan 25 2022, 1:20 AM · Feature Request, FIPS, libgcrypt

Jan 24 2022

Jakuje added a comment to T5512: Implement service indicators.

Thanks. Looks good to me.

Jan 24 2022, 1:38 PM · Feature Request, FIPS, libgcrypt

Jan 22 2022

werner closed T5586: Please add dane lookup to --auto-key-retrieve as Wontfix.

DANE has been an experimental thing and is imho dead.

Jan 22 2022, 6:21 PM · gnupg (gpg14), Feature Request

Jan 20 2022

werner triaged T5718: Provide list of supported/compliant key algorithms as Normal priority.
Jan 20 2022, 8:37 PM · gnupg24, gnupg (gpg23), Feature Request
gniibe added a comment to T5512: Implement service indicators.

Test cases are recovered in rC535a4d345872: fips: Recover test cases for selftest, add skipping in FIPS mode..

Jan 20 2022, 3:07 AM · Feature Request, FIPS, libgcrypt

Jan 19 2022

gniibe added a comment to T5512: Implement service indicators.

Sorry, it's my misunderstanding.
_gcry_fips_run_selftest can be run by GCRYCTL_SELFTEST.
I was confused by the function name. Perhaps, it is good to change the name of function to _gcry_run_selftest.

Jan 19 2022, 12:47 PM · Feature Request, FIPS, libgcrypt
gniibe added a comment to T5512: Implement service indicators.

@werner Those removed tests are selftests which are only invoked by FIPS mode for its requirement of selftests.

Jan 19 2022, 12:43 PM · Feature Request, FIPS, libgcrypt
werner added a comment to T5512: Implement service indicators.

AFAICS, the last commit removes some tests. We should never remove a test just because FIPS does not allow it. The old tests need to be run in non-fips mode.

Jan 19 2022, 9:43 AM · Feature Request, FIPS, libgcrypt
pmgdeb added a comment to T5512: Implement service indicators.

Hi, @gniibe and @Jakuje. That fulfills the requirement and all the regression tests pass in FIPS mode. Thanks!

Jan 19 2022, 8:41 AM · Feature Request, FIPS, libgcrypt
gniibe added a comment to T5512: Implement service indicators.

Pushed the change in rC76aad97dd312: fips: Reject shorter key for HMAC in FIPS mode..

Jan 19 2022, 3:53 AM · Feature Request, FIPS, libgcrypt

Jan 18 2022

werner triaged T5702: Display prompt to user when YubiKey is waiting for touch confirmation as Low priority.
Jan 18 2022, 7:18 PM · patch, Feature Request
werner triaged T5790: Cannot use "Retired Cert Key Mgm [1-20]” Slots on YubiKey as Normal priority.
Jan 18 2022, 7:20 AM · gnupg24, gnupg (gpg23), scd, Feature Request
gniibe added a comment to T5512: Implement service indicators.

And we need to fix selftest for shorter keys.

Jan 18 2022, 4:12 AM · Feature Request, FIPS, libgcrypt
gniibe added a comment to T5512: Implement service indicators.

@pmgdeb : IIUC, what we need is:

diff --git a/cipher/md.c b/cipher/md.c
index 34336b5c..4f4fc9bf 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -903,6 +903,9 @@ prepare_macpads (gcry_md_hd_t a, const unsigned char *key, size_t keylen)
 {
   GcryDigestEntry *r;
Jan 18 2022, 4:05 AM · Feature Request, FIPS, libgcrypt

Jan 17 2022

Jakuje added a comment to T5512: Implement service indicators.

This is my draft for the FIPS indicator KDF. I think we do not need to keep the original GCRYCTL_FIPS_SERVICE_INDICATOR if we replace it also in the tests. This will also need some tests and documentation update.

Jan 17 2022, 7:01 PM · Feature Request, FIPS, libgcrypt
pmgdeb added a comment to T5512: Implement service indicators.

I'm not completely sure but it might be convenient to mark HMAC keys with lengths less that 112 as non-approved in FIPS mode for both generation and verification. It could be easily implemented by adding a check using cipher/mac-hmac.c:hmac_get_keylen() or at the algo level. What do you think?

Jan 17 2022, 10:56 AM · Feature Request, FIPS, libgcrypt
gniibe added a comment to T5512: Implement service indicators.

Thank you, applied.
Also, add another change.

Jan 17 2022, 6:51 AM · Feature Request, FIPS, libgcrypt

Jan 14 2022

werner triaged T5781: Add tooltip to Kleo's advanced key generation dialog as Normal priority.
Jan 14 2022, 12:07 PM · Restricted Project, Feature Request, kleopatra

Jan 12 2022

werner claimed T5718: Provide list of supported/compliant key algorithms.
Jan 12 2022, 8:40 PM · gnupg24, gnupg (gpg23), Feature Request
werner added a comment to T5718: Provide list of supported/compliant key algorithms.

No, these are simply the technically available algorithms. I'll see what I can do.

Jan 12 2022, 8:40 PM · gnupg24, gnupg (gpg23), Feature Request
gniibe added a project to T5747: Provide a way to request non-FIPS service in FIPS mode: Restricted Project.
Jan 12 2022, 1:45 AM · Feature Request, FIPS, libgcrypt

Jan 11 2022

Saturneric claimed T5598: AppImage of gpg.

I found this post when I was searching everywhere for a solution, and I was delighted. I've recently been trying to upload GpgFrontned in the Apple Store vs Microsoft and I'm having some trouble.

Jan 11 2022, 9:13 PM · AppImage, gnupg, Restricted Project, Feature Request
Jakuje added a comment to T5512: Implement service indicators.

I went through the documentation related to FIPS and updated some wording to match reality. It will probably require still some more work.

Jan 11 2022, 7:10 PM · Feature Request, FIPS, libgcrypt
Jakuje added a comment to T5512: Implement service indicators.

This is my draft for the FIPS indicator KDF. I think we do not need to keep the original GCRYCTL_FIPS_SERVICE_INDICATOR if we replace it also in the tests. This will also need some tests and documentation update.

Jan 11 2022, 3:46 PM · Feature Request, FIPS, libgcrypt
werner moved T5747: Provide a way to request non-FIPS service in FIPS mode from Next to Ready for release on the FIPS board.
Jan 11 2022, 11:06 AM · Feature Request, FIPS, libgcrypt
werner added a comment to T5512: Implement service indicators.

Yes, we should introduce an INDICATOR_KDF thing.

Jan 11 2022, 10:57 AM · Feature Request, FIPS, libgcrypt
gniibe moved T5512: Implement service indicators from Ready for release to Next on the FIPS board.
Jan 11 2022, 6:37 AM · Feature Request, FIPS, libgcrypt
gniibe added a comment to T5747: Provide a way to request non-FIPS service in FIPS mode.

Patch applied, doc updated.
No change of FSM diagram.

Jan 11 2022, 6:34 AM · Feature Request, FIPS, libgcrypt

Jan 10 2022

Jakuje added a comment to T5512: Implement service indicators.

The previous comment should have come to the T5600. Sorry for the noise.

Jan 10 2022, 4:30 PM · Feature Request, FIPS, libgcrypt
ikloecker closed Unknown Object (Maniphest Task), a subtask of T5755: Kleopatra: Export secret subkeys, as Resolved.
Jan 10 2022, 1:58 PM · Restricted Project, Feature Request, kleopatra
ikloecker closed Unknown Object (Maniphest Task), a subtask of T5755: Kleopatra: Export secret subkeys, as Resolved.
Jan 10 2022, 1:57 PM · Restricted Project, Feature Request, kleopatra
Jakuje added a comment to T5512: Implement service indicators.

Sorry for resurrecting the done task, but I got a message from @pmgdeb who noticed there is mismatch between parenthesis in the --with-fips-module-version help string. The attached patch fixes the issue and add proper help text.

Jan 10 2022, 9:34 AM · Feature Request, FIPS, libgcrypt

Jan 5 2022

werner triaged T5747: Provide a way to request non-FIPS service in FIPS mode as Normal priority.
Jan 5 2022, 11:50 AM · Feature Request, FIPS, libgcrypt

Jan 4 2022

gniibe added a project to T5748: Adding poll/ppoll to NPTH: Restricted Project.
Jan 4 2022, 12:58 PM · npth, Feature Request
Jakuje added a comment to T5747: Provide a way to request non-FIPS service in FIPS mode.

Thanks. Looks good to me (both merged changes and the above proposal). In addition to the changes proposed above, we certainly need to update the documentation about this, probably also the FSM diagram.

Jan 4 2022, 12:47 PM · Feature Request, FIPS, libgcrypt
gniibe claimed T5541: Envvar LIBGCRYPT_FORCE_FIPS_MODE.
Jan 4 2022, 11:17 AM · Feature Request, FIPS, libgcrypt
gniibe edited projects for T5747: Provide a way to request non-FIPS service in FIPS mode, added: Feature Request; removed Bug Report.
Jan 4 2022, 11:17 AM · Feature Request, FIPS, libgcrypt
gniibe moved T5512: Implement service indicators from Next to Ready for release on the FIPS board.
Jan 4 2022, 11:16 AM · Feature Request, FIPS, libgcrypt

Jan 3 2022

ikloecker moved T5755: Kleopatra: Export secret subkeys from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Jan 3 2022, 12:00 PM · Restricted Project, Feature Request, kleopatra
ikloecker added a project to T5755: Kleopatra: Export secret subkeys: Restricted Project.
Jan 3 2022, 11:59 AM · Restricted Project, Feature Request, kleopatra
aheinecke triaged T5755: Kleopatra: Export secret subkeys as Normal priority.
Jan 3 2022, 10:26 AM · Restricted Project, Feature Request, kleopatra

Dec 23 2021

gniibe lowered the priority of T5748: Adding poll/ppoll to NPTH from High to Normal.
Dec 23 2021, 1:22 AM · npth, Feature Request

Dec 22 2021

werner added a project to T5750: GpgOL links to an FSF page for "Unsicher GpgOL": Restricted Project.
Dec 22 2021, 1:42 PM · Restricted Project, Feature Request, gpgol
werner triaged T5750: GpgOL links to an FSF page for "Unsicher GpgOL" as High priority.
Dec 22 2021, 1:42 PM · Restricted Project, Feature Request, gpgol
gniibe triaged T5748: Adding poll/ppoll to NPTH as High priority.
Dec 22 2021, 1:51 AM · npth, Feature Request

Dec 21 2021

jukivili added a comment to T5700: libgcrypt: bulk AES-GCM acceleration for ppc64le.

Ok, I'll add.

Dec 21 2021, 4:03 PM · patch, ppc, libgcrypt, Feature Request
werner added a comment to T5700: libgcrypt: bulk AES-GCM acceleration for ppc64le.

Seen. @jukivili can you please add it to the AUTHORS file?

Dec 21 2021, 10:13 AM · patch, ppc, libgcrypt, Feature Request

Dec 16 2021

gniibe added a project to T5512: Implement service indicators: Restricted Project.
Dec 16 2021, 1:18 AM · Feature Request, FIPS, libgcrypt

Dec 14 2021

dannytsen added a comment to T5700: libgcrypt: bulk AES-GCM acceleration for ppc64le.

Ok, I have subscribed to the mailing list. I have resent the DCO.

Dec 14 2021, 9:09 PM · patch, ppc, libgcrypt, Feature Request
jukivili added a comment to T5700: libgcrypt: bulk AES-GCM acceleration for ppc64le.

DCO has not appeared on mailing-list. You can this from check list archives, https://lists.gnupg.org/pipermail/gcrypt-devel/2021-December/thread.html

Dec 14 2021, 8:58 PM · patch, ppc, libgcrypt, Feature Request
dannytsen added a comment to T5700: libgcrypt: bulk AES-GCM acceleration for ppc64le.

Thanks Jussi, I did not receive the list moderator's email so I am not sure if the it has been posted on gcrypt-devel@gnupg.org. If not, I can resend the DCO. Thanks.

Dec 14 2021, 7:58 PM · patch, ppc, libgcrypt, Feature Request
jukivili added a comment to T5700: libgcrypt: bulk AES-GCM acceleration for ppc64le.

I did some finishing touches on coding style:

Dec 14 2021, 7:39 PM · patch, ppc, libgcrypt, Feature Request
gniibe moved T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation from Next to Ready for release on the FIPS board.
Dec 14 2021, 11:20 AM · FIPS, libgcrypt, Feature Request
gniibe removed a project from T5576: New set of API for public key cryptography: FIPS.
Dec 14 2021, 11:18 AM · libgcrypt, Feature Request

Dec 13 2021

dannytsen added a comment to T5700: libgcrypt: bulk AES-GCM acceleration for ppc64le.

Hi Jussi,

Dec 13 2021, 7:54 PM · patch, ppc, libgcrypt, Feature Request

Dec 12 2021

jukivili added a comment to T5700: libgcrypt: bulk AES-GCM acceleration for ppc64le.

Few comments on new patch:

Dec 12 2021, 7:18 PM · patch, ppc, libgcrypt, Feature Request

Dec 10 2021

dannytsen added a comment to T5700: libgcrypt: bulk AES-GCM acceleration for ppc64le.

Hi jukivili,

Dec 10 2021, 3:21 PM · patch, ppc, libgcrypt, Feature Request
mrybczyn created T5729: Crypto tokens for GnuPG maintainers - an offer.
Dec 10 2021, 2:00 PM · dev.gnupg.org
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Thank you, applied.

Dec 10 2021, 6:55 AM · FIPS, libgcrypt, Feature Request

Dec 9 2021

Jakuje added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

It turned out that the new *.inp files are not part of the release tarball, which makes the tests from generated tarball fail. The attached patch should fix this issue.

Dec 9 2021, 5:06 PM · FIPS, libgcrypt, Feature Request

Dec 8 2021

gniibe closed T4951: Support point compression in Libgcrypt as Resolved.

Reading compressed point format has been done.
If writing support is needed, please open another task.

Dec 8 2021, 9:12 AM · Feature Request, libgcrypt
gniibe added a project to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation: Restricted Project.
Dec 8 2021, 9:00 AM · FIPS, libgcrypt, Feature Request
gniibe lowered the priority of T5576: New set of API for public key cryptography from High to Wishlist.
Dec 8 2021, 2:51 AM · libgcrypt, Feature Request
gniibe added a comment to T5576: New set of API for public key cryptography.

This new API is not for FIPS directly (any more), as we introduced pk_hash_sign/verify for FIPS.

Dec 8 2021, 2:51 AM · libgcrypt, Feature Request
gniibe removed a subtask for T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation: T5576: New set of API for public key cryptography.
Dec 8 2021, 2:49 AM · FIPS, libgcrypt, Feature Request
gniibe removed a parent task for T5576: New set of API for public key cryptography: T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.
Dec 8 2021, 2:49 AM · libgcrypt, Feature Request
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Pushed the backport.

Dec 8 2021, 2:48 AM · FIPS, libgcrypt, Feature Request

Dec 7 2021

dannytsen added a comment to T5700: libgcrypt: bulk AES-GCM acceleration for ppc64le.

Hi jukivili,
I ran some basic tests and it did show the errors. I am in the process investigating what went wrong. In the meantime, i also included test result that I have used in my testing from bench-slope. In this test, I captured the message with 272 bytes buffer from the original libgcrypt repo and my optimized repo. Note that the bulk version of my code do 8x unrolling and the rest will do 16 bytes. So the first 2 128 bytes ran thru gcry_ppc_aes_gcm_encrypt and the rest of the 16 bytes thru gcm_ctr_encrypt (cipher-gcm.c).

Dec 7 2021, 5:36 PM · patch, ppc, libgcrypt, Feature Request
ikloecker added a comment to T5718: Provide list of supported/compliant key algorithms.

Hmm,

$ gpg --with-colons --list-config curve
cfg:curve:cv25519;ed25519;cv448;ed448;nistp256;nistp384;nistp521;brainpoolP256r1;brainpoolP384r1;brainpoolP512r1;secp256k1

How would Kleopatra know that cv* is for encryption, ed* is for signing, and all other curves are for both uses? Or are the cv/ed prefixes a (de facto) standard?

Dec 7 2021, 9:37 AM · gnupg24, gnupg (gpg23), Feature Request
werner added a comment to T5718: Provide list of supported/compliant key algorithms.

You may run

Dec 7 2021, 7:40 AM · gnupg24, gnupg (gpg23), Feature Request