Feedback from the lab is that they'd recommend returning a specific error code that indicates that the prime search failed and then relying on the caller to decide whether to loop or bubble up the error. I'm not sure who we would consider to be the "caller" of the relevant generation function in this case, though.

Apr 20 2022, 12:06 PM · backport, FIPS, libgcrypt, Bug Report

• ikloecker added a comment to T5716: Kleopatra: Error when cross-compiling on debian buster.

Ahh, this is about cross-compiling. I keep forgetting this.

Apr 20 2022, 10:11 AM · Restricted Project, kleopatra

• ikloecker claimed T4087: Kleopatra: Revoke User-ID.

Apr 20 2022, 10:09 AM · Unknown Object (Project), Restricted Project, gpg4win, kleopatra, Feature Request

• aheinecke added a comment to T5716: Kleopatra: Error when cross-compiling on debian buster.

We use the tooling from debian buster. We do not compile any host tooling as part of the build, except for QtBase tools.

Apr 20 2022, 10:09 AM · Restricted Project, kleopatra

• ikloecker renamed T4087: Kleopatra: Revoke User-ID from Delete User-ID - Change the default User-ID to Kleopatra: Revoke User-ID.

Apr 20 2022, 10:08 AM · Unknown Object (Project), Restricted Project, gpg4win, kleopatra, Feature Request

• ikloecker triaged T5934: Kleopatra: Change the default/primary User ID as Normal priority.

Apr 20 2022, 10:08 AM · Restricted Project, gpg4win, kleopatra, Feature Request

• ikloecker added a comment to T5780: Kleopatra: Result dialog does not have focus after operation.

I'm wondering if this happens when users have made some other application window active. In this case, I'm pretty sure there is no way on Windows to bring the result dialog to the front. An alternative might be to use a notification to inform the user that the operation is completed, either always or only if we notice that the result dialog isn't active.

Apr 20 2022, 9:58 AM · kleopatra, Restricted Project

• ikloecker closed T5240: Allow selection of groups implicitly defined by tags, a subtask of T5175: Kleopatra: Add support for custom groups, as Wontfix.

Apr 20 2022, 9:50 AM · Restricted Project, kleopatra

• ikloecker closed T5240: Allow selection of groups implicitly defined by tags as Wontfix.

I'll close this. Feel free to reopen if you think this would still be useful.

Apr 20 2022, 9:50 AM · Restricted Project, kleopatra

• ikloecker added a comment to T5716: Kleopatra: Error when cross-compiling on debian buster.

In T5716#152555, @aheinecke wrote:

Ingo: Exactly we have the problem that we don't compile build tools before building for the target. So we take the build tooling like kconfig_compiler from the system we compile on. This means that we compile with the tooling from debian buster. Except for Qt which handles stuff like that directly and builds for example moc and the other tools correcly for the build system first.

Apr 20 2022, 9:47 AM · Restricted Project, kleopatra

• werner committed rG24ab4f933fe1: po: Update German translation (authored by • werner).

po: Update German translation

Apr 20 2022, 9:28 AM

• werner committed rGa5faaf8bee43: w32: Do no use Registry item DefaultLogFile for the main tools. (authored by • werner).

w32: Do no use Registry item DefaultLogFile for the main tools.

Apr 20 2022, 9:28 AM

• aheinecke committed rW59878f115bab: Update to snapshots for pre release testing (authored by • aheinecke).

Update to snapshots for pre release testing

Apr 20 2022, 9:17 AM

• werner closed T5813: Locating Keys via WKD with gpg4win fails with unknown error. as Resolved.

Apr 20 2022, 8:51 AM · wkd, gpg4win, Bug Report

• werner triaged T5881: Not all keys available in Security approval window as Normal priority.

Apr 20 2022, 8:48 AM · Bug Report, gpgol

• werner triaged T5909: Make use of the LDAP revoked attribute as Normal priority.

Apr 20 2022, 8:46 AM · Feature Request, LDAP, OpenPGP, gpgme, dirmngr

• werner triaged T5918: Disable RSA PKCS #1.5 encryption in FIPS mode as High priority.

Apr 20 2022, 8:45 AM · backport, libgcrypt, FIPS, Bug Report

• werner triaged T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance as Normal priority.

Full ack.

Apr 20 2022, 8:45 AM · backport, FIPS, libgcrypt

• aheinecke added a comment to T5836: Kleopatra: Optionally, delete private key locally after moving a key to a smartcard.

For the record, I am for the deletion as long as it is guarded by a safety check.

Apr 20 2022, 8:19 AM · Bug Report, kleopatra, Restricted Project

• gniibe committed rCcd30ed3c0d71: cipher: Change the bounds for RSA key generation round. (authored by • gniibe).

cipher: Change the bounds for RSA key generation round.

Apr 20 2022, 8:12 AM

• gniibe added a comment to T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance.

Here is my proposal patch:

diff --git a/random/random-drbg.c b/random/random-drbg.c
index 5a46fd92..f1cfe286 100644
--- a/random/random-drbg.c
+++ b/random/random-drbg.c
@@ -341,6 +341,9 @@ enum drbg_prefixes
  * Global variables
  ***************************************************************/

Apr 20 2022, 2:39 AM · backport, FIPS, libgcrypt

• gniibe created T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance.

Apr 20 2022, 2:37 AM · backport, FIPS, libgcrypt

Apr 19 2022

• werner committed rW551b3832bb6c: msi: Get Perl regex right (authored by • werner).

msi: Get Perl regex right

Apr 19 2022, 6:02 PM

jukivili closed T5913: libgcrypt: bug fix for PPC bulk AES-GCM acceleratieration, missing HWF_PPC_ARCH_3_10 in HW feature as Resolved.

Apr 19 2022, 5:59 PM · ppc, libgcrypt

• ikloecker changed the status of T5864: Kleopatra: Configure min and max values for validity in Newcertificatewizard from Open to Testing.

Done. Note that different from the comments in your example a non-negative ValidityPeriodInDaysMax value implies that an expiration date is required. This way it's possible to require a validity period of at least 10 days, but still allow unlimited validity.

Apr 19 2022, 5:30 PM · kleopatra, Restricted Project

• ikloecker committed rKLEOPATRAc13f51907cff: Return user ID instead of text of result label (authored by • ikloecker).

Return user ID instead of text of result label

Apr 19 2022, 5:22 PM

• ikloecker committed rKLEOPATRAf51009536b04: Allow configuration of minimum and maximum validity for new OpenPGP keys (authored by • ikloecker).

Allow configuration of minimum and maximum validity for new OpenPGP keys

Apr 19 2022, 5:22 PM

• ikloecker claimed T5864: Kleopatra: Configure min and max values for validity in Newcertificatewizard.

Apr 19 2022, 2:01 PM · kleopatra, Restricted Project

• ikloecker changed the status of T5865: Kleopatra: Force usage in advanced settings for newcertificate if key type is forced from Open to Testing.

Done. This also fixes the state of the encryption check box in case the OpenPGP key type is forced.

Apr 19 2022, 12:21 PM · Unknown Object (Project), kleopatra, Restricted Project

• ikloecker committed rKLEOPATRAfd7c920c6c19: GIT_SILENT Clear list of words to ignore by codespell (authored by • ikloecker).

GIT_SILENT Clear list of words to ignore by codespell

Apr 19 2022, 12:20 PM

• ikloecker committed rKLEOPATRA450adb21e1aa: Update usage flags even if key type is forced (authored by • ikloecker).

Update usage flags even if key type is forced

Apr 19 2022, 12:20 PM

• ikloecker committed rKLEOPATRA9994d17edfa0: Force usage flags if key type is forced (authored by • ikloecker).

Force usage flags if key type is forced

Apr 19 2022, 12:20 PM

• aheinecke committed rWdcab636fe46c: Update ecm, libkleo and kleopatra (authored by • aheinecke).

Update ecm, libkleo and kleopatra

Apr 19 2022, 12:07 PM

• aheinecke committed rW4e3b735532fc: Add sm switch for authenticode_sign command (authored by • aheinecke).

Add sm switch for authenticode_sign command

Apr 19 2022, 12:07 PM

• gniibe moved T5918: Disable RSA PKCS #1.5 encryption in FIPS mode from Backlog to Next on the FIPS board.

Apr 19 2022, 11:27 AM · backport, libgcrypt, FIPS, Bug Report

• gniibe claimed T5918: Disable RSA PKCS #1.5 encryption in FIPS mode.

Apr 19 2022, 11:27 AM · backport, libgcrypt, FIPS, Bug Report

• ikloecker claimed T5865: Kleopatra: Force usage in advanced settings for newcertificate if key type is forced.

Apr 19 2022, 11:20 AM · Unknown Object (Project), kleopatra, Restricted Project

• gniibe moved T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime" from Backlog to Next on the FIPS board.

Apr 19 2022, 11:07 AM · backport, FIPS, libgcrypt, Bug Report

• gniibe moved T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1 from Backlog to Next on the FIPS board.

Apr 19 2022, 11:07 AM · FIPS, gnupg (gpg23), Bug Report

• ikloecker renamed T5836: Kleopatra: Optionally, delete private key locally after moving a key to a smartcard from Reload key list after a key has been moved to a smartcard to Kleopatra: Optionally, delete private key locally after moving a key to a smartcard.

Apr 19 2022, 11:02 AM · Bug Report, kleopatra, Restricted Project

• gniibe claimed T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".

Apr 19 2022, 11:01 AM · backport, FIPS, libgcrypt, Bug Report

neverpanic added a comment to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".

That sounds reasonable. The FIPS 186-5 draft (https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf) covers this in section A.1.3, although I'm not quite sure why a lower bound for p was chosen compared to q. The comment that seems to have triggered this change is published on page 68 of https://csrc.nist.gov/CSRC/media/Publications/fips/186/4/final/documents/comments-received-fips186-4-december-2015.pdf by Allen Roginsky. It only contains a suggestion of 20, presumably for both numbers.

Apr 19 2022, 9:53 AM · backport, FIPS, libgcrypt, Bug Report

• ikloecker added a comment to T5836: Kleopatra: Optionally, delete private key locally after moving a key to a smartcard.

In Kleopatra's KeyToCardCommand there is this comment

/* TODO DELETE_KEY is too strong, because it also deletes the stub
 * of the secret key. I could not find out how GnuPG does this. Question
 * to GnuPG Developers is pending an answer

before a commented out code snippet that asks the user whether the key should be deleted locally and, if the user confirms, asks the agent to do DELETE_KEY --force <keygrip of subkey>.

Apr 19 2022, 9:42 AM · Bug Report, kleopatra, Restricted Project

• gniibe committed rC9e9f30733699: Use offsetof instead of null ptr calculation. (authored by • gniibe).

Use offsetof instead of null ptr calculation.

Apr 19 2022, 6:10 AM

Apr 18 2022

• gniibe committed rC51754fa2ed06: cipher: Fix rsa key generation. (authored by • gniibe).

cipher: Fix rsa key generation.

Apr 18 2022, 4:09 AM

• gniibe added a comment to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".

I checked FIPS 186-4 (and FIPS 186-5-draft). It is Appendix A 1.3.

Apr 18 2022, 3:35 AM · backport, FIPS, libgcrypt, Bug Report

Apr 15 2022

Heiko Becker <heiko.becker@kde.org> committed rLIBKLEO5c4b8edb6d0b: Include <iterator>. (authored by Martin Liska <mliska@suse.cz>).

Include <iterator>.

Apr 15 2022, 10:33 PM

Laurent Montel <montel@kde.org> committed rLIBKLEO75e85016d68b: GIT_SILENT: add codespell settings (authored by Laurent Montel <montel@kde.org>).

GIT_SILENT: add codespell settings

Apr 15 2022, 8:32 AM

Laurent Montel <montel@kde.org> committed rKLEOPATRA5b467723d00f: GIT_SILENT: add codespell settings (authored by Laurent Montel <montel@kde.org>).

GIT_SILENT: add codespell settings

Apr 15 2022, 8:14 AM

Laurent Montel <montel@kde.org> committed rLIBKLEO4c1129a91ed2: GIT_SILENT: Add test CI support (authored by Laurent Montel <montel@kde.org>).

GIT_SILENT: Add test CI support

Apr 15 2022, 7:15 AM

Apr 14 2022

timon-michel added a comment to rO81c048b716ec: Improve handling for disallowed filenames.

I've just had an issue probably related to this.
Outlook was showing an error message like the following: "Empty messages cannot be encrypted" (I am translating, so the exact message may differ)

Apr 14 2022, 4:32 PM

• ikloecker closed T5904: gpgme: Revoke own key as Resolved.

Works for Kleopatra.

Apr 14 2022, 3:59 PM · gpgme, Restricted Project

• ikloecker closed T5904: gpgme: Revoke own key, a subtask of T5859: Kleopatra: Revoke own key, as Resolved.

Apr 14 2022, 3:59 PM · kleopatra, Restricted Project

• ikloecker updated subscribers of T5932: Kleopatra: Make fingerprint easier accessible.

Apr 14 2022, 3:56 PM · kleopatra

• werner committed rG74f9e3e6c498: Prepare NEWS for the next release (authored by • werner).

Prepare NEWS for the next release

Apr 14 2022, 3:47 PM

• ikloecker changed the status of T5916: Kleopatra: Change Add E-Mail to add name and E-Mail and remove advanced mode from Open to Testing.

Done. I have also tried to make this dialog as accessible as possible as prototype for other form-like dialogs. The error reporting could still be improved by specifying what exactly is wrong instead of simply saying what could be wrong, but QValidator is too limited for this.

Apr 14 2022, 3:43 PM · Restricted Project, kleopatra

• ikloecker committed rKLEOPATRA2dff4b9ee25b: Use an instruction for the "all inputs are empty" error (authored by • ikloecker).

Use an instruction for the "all inputs are empty" error

Apr 14 2022, 3:41 PM

• ikloecker committed rKLEOPATRA7b28b77540fb: Change text of error summary and always use error message box (authored by • ikloecker).

Change text of error summary and always use error message box

Apr 14 2022, 3:41 PM

• ikloecker committed rKLEOPATRA3d26858fed34: Allow only plain text for label, hint, and error messages (authored by • ikloecker).

Allow only plain text for label, hint, and error messages

Apr 14 2022, 3:41 PM

• ikloecker committed rKLEOPATRAd2df55340080: Use the currently shown error messages for the error summary (authored by • ikloecker).

Use the currently shown error messages for the error summary

Apr 14 2022, 3:41 PM

• ikloecker committed rKLEOPATRAb5e66009907e: Prefix the error messages with "Error: " (authored by • ikloecker).

Prefix the error messages with "Error: "

Apr 14 2022, 3:41 PM

• werner closed T5599: Make gpg use the helpers baked into its AppImage as Resolved.

Seems we can close this bug.

Apr 14 2022, 3:14 PM · gnupg, Restricted Project, Feature Request

• werner closed T5599: Make gpg use the helpers baked into its AppImage, a subtask of T5598: AppImage of gpg, as Resolved.

Apr 14 2022, 3:14 PM · AppImage, gnupg, Restricted Project, Feature Request

• werner archived gnupg (gpg20).

Apr 14 2022, 3:06 PM

• werner closed T1954: Password too long as Resolved.

Apr 14 2022, 3:05 PM · Info Needed, gnupg (gpg20), Bug Report, gnupg

• werner closed T5235: Delays in dirmngr http connections on Windows as Resolved.

We have not seen this problem anymore in recent versions. Thus closing.

Apr 14 2022, 3:02 PM · can't replicate, dirmngr, ntbtls, Windows, gnupg (gpg22)

• ebo created T5932: Kleopatra: Make fingerprint easier accessible.

Apr 14 2022, 2:53 PM · kleopatra

• werner closed T5639: dirmngr uses the wrong Let's encrypt chain as Resolved.

We have a solulion for this bug. For further improvements we will use T5882.

Apr 14 2022, 2:00 PM · gnupg (gpg22), dirmngr

• werner closed T5639: dirmngr uses the wrong Let's encrypt chain, a subtask of T5882: Cross signing certificate in X.509 support, as Resolved.

Apr 14 2022, 2:00 PM

• werner closed T5809: Expire subkey violates assertion "! sig->hashed" as Resolved.

Fixed in 2.3
assert replaced by a fatal error message

Apr 14 2022, 1:57 PM · Unknown Object (Project), gnupg (gpg22), Bug Report

• werner committed rG41fb46007e65: gpg: Replace an assert by a log_fatal. (authored by • werner).

gpg: Replace an assert by a log_fatal.

Apr 14 2022, 1:56 PM

• werner committed rGc8c71fc7161b: gpg: Replace an assert by a log_fatal. (authored by • werner).

gpg: Replace an assert by a log_fatal.

Apr 14 2022, 1:54 PM

• werner triaged T5927: gpg: quick-gen-key and quick-add-uid require --check-trustdb to make trust in user ids "ultimate" as Low priority.

Printing a note as we do in --edit-key is a good idea.

Apr 14 2022, 1:44 PM · Feature Request, gnupg, Bug Report

• werner triaged T5930: Use the FIPS-compatible digest&sign API as Normal priority.

Passing fds etc adds complex extra code to gpg-agent. This was not the original design goal, although we violated this anyway by have some OpenPGP specific code there. This needs more thinking. Due to our internal use of OCB we can't make it FIPS compliant without large changes.

Apr 14 2022, 1:42 PM · FIPS, Feature Request

• werner triaged T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) as High priority.

I have not yet tested OpenSSH 9 and thus the patch to master is here just as a test. Please better use gnupg 2.3 (stable) instead of 2.2 (LTS) because it is unlikely that we will backport all this new ssh stuff.

Apr 14 2022, 12:36 PM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

• werner committed rG46d62d80a2b8: ssh: Returned faked response for the new session-bind extension. (authored by • werner).

ssh: Returned faked response for the new session-bind extension.

Apr 14 2022, 12:33 PM

• ikloecker committed rKLEOPATRAfac8b1863000: Ensure that assistive tools use the accessible hint text if available (authored by • ikloecker).

Ensure that assistive tools use the accessible hint text if available

Apr 14 2022, 12:26 PM

• ikloecker committed rKLEOPATRA95ee796e27d8: Mark hint label and error label as related labels (authored by • ikloecker).

Mark hint label and error label as related labels

Apr 14 2022, 12:26 PM

• ikloecker committed rKLEOPATRA82aa98db34b4: Set label text and optional accessible name with one setter (authored by • ikloecker).

Set label text and optional accessible name with one setter