Page MenuHome GnuPG
Feed Advanced Search

Jul 12 2022

gniibe added a project to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com: backport.

I'm going to backport this to 2.2, as it found useful.

Jul 12 2022, 9:09 AM · workaround, gnupg (gpg23), ssh, Bug Report, scd
gniibe added a project to T6066: gcry_pk_hash_verify() does not work with explicitly specified hash algorithm: Restricted Project.
Jul 12 2022, 7:11 AM · backport, libgcrypt, Bug Report
gniibe closed T5702: Display prompt to user when YubiKey is waiting for touch confirmation, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 7:10 AM · ssh, gpgagent, scd
gniibe closed T5702: Display prompt to user when YubiKey is waiting for touch confirmation as Resolved.

Please use the feature in 2.3.7 of T5099, instead.

Jul 12 2022, 7:10 AM · patch, Feature Request
gniibe closed T5099: Confirmation dialog for remote access (restricted extra socket), a subtask of T5702: Display prompt to user when YubiKey is waiting for touch confirmation, as Resolved.
Jul 12 2022, 3:30 AM · patch, Feature Request
gniibe closed T5099: Confirmation dialog for remote access (restricted extra socket), a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:30 AM · ssh, gpgagent, scd
gniibe closed T5099: Confirmation dialog for remote access (restricted extra socket) as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:30 AM · Feature Request, gnupg
gniibe closed T5985: private-key: Support "Use-for-ssh" flag as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:28 AM · Feature Request, ssh, gpgagent
gniibe closed T5985: private-key: Support "Use-for-ssh" flag, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:28 AM · ssh, gpgagent, scd
gniibe closed T5861: ntbtls: AEAD GCM nonce as Resolved.
Jul 12 2022, 3:28 AM · ntbtls
gniibe closed T5921: No sharing of log_fd between child process as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:27 AM · Bug Report, gnupg (gpg23)
gniibe renamed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token to OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Jul 12 2022, 3:26 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe edited projects for T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required), added: Documentation; removed Restricted Project.

Changed the tags and the title.

Jul 12 2022, 3:26 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe closed T5948: Flaky test (<keyboxd>tests/openpgp/use-exact-key.scm) failure with gnupg 2.3.5, 2.3.6 as Resolved.

Fixed in 2.3.7.

Jul 12 2022, 3:23 AM · gnupg (gpg23), Bug Report
gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

And 2.3.7.

Jul 12 2022, 3:22 AM · backport, yubikey, scd, segv, Bug Report
gniibe closed T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys as Resolved.

Fixed in 2.2.36.

Jul 12 2022, 3:19 AM · backport, yubikey, scd, segv, Bug Report
gniibe added a comment to T6070: Yubikey 5C 'not available: card error' regression.

Perhaps, rG53eddf9b9ea0: scd: Fail when no good algorithm attribute. should be backported to 2.2.

Jul 12 2022, 3:19 AM · gnupg (gpg23), scd, Bug Report
gniibe closed T5986: card: Show "Label:" when prompting the insertion of a card, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:17 AM · ssh, gpgagent, scd
gniibe closed T5986: card: Show "Label:" when prompting the insertion of a card as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:17 AM · ssh, gpgagent, scd
gniibe closed T5987: card: New field to specify refusing operations when card/token is not available as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:14 AM · ssh, gpgagent, scd
gniibe closed T5987: card: New field to specify refusing operations when card/token is not available, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:14 AM · ssh, gpgagent, scd
gniibe closed T5988: agent: Add new command to update private key fields, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:13 AM · ssh, gpgagent, scd
gniibe closed T5988: agent: Add new command to update private key fields as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:13 AM · Feature Request, ssh, gpgagent
gniibe removed a project from T6003: card: READCERT with KEYGRIP: Restricted Project.

It's in 2.3.7.

Jul 12 2022, 3:13 AM · scd, Feature Request
gniibe closed T6010: gpg-connect-agent: /definqprog semantics enhancement, a subtask of T5862: authentication with USB token, as Resolved.
Jul 12 2022, 3:12 AM · gpgagent, Feature Request, scd
gniibe closed T6010: gpg-connect-agent: /definqprog semantics enhancement as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:12 AM · Feature Request, scd
gniibe closed T6012: gpg-agent: Add --format=ssh option for READKEY, a subtask of T5862: authentication with USB token, as Resolved.
Jul 12 2022, 3:11 AM · gpgagent, Feature Request, scd
gniibe closed T6012: gpg-agent: Add --format=ssh option for READKEY as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:11 AM · gpgagent, Feature Request
gniibe closed T6019: Parsing AEAD preference string parsing causes reads uninitialized memory as Resolved.

Fixed in 2.3.7.

Jul 12 2022, 3:10 AM · patch, gnupg (gpg23), Bug Report
gniibe added a comment to T6070: Yubikey 5C 'not available: card error' regression.

Thank you. I learned that there is new firmware, version 5.4 series.

Jul 12 2022, 2:06 AM · gnupg (gpg23), scd, Bug Report

Jul 11 2022

gniibe added a project to T6071: Duplicated output (repeated nearly once) of the GnuPG console-output to "stdout" on Windows-Console if "Legacy-Console" with any TrueType Fonts is activated under Windows: Windows.

In gnupg/common/ttyio.c, the function w32_write_console does:

  • Call WriteConsoleW, and when it fails, it calls
  • WriteConsoleA
Jul 11 2022, 9:24 AM · Windows, gnupg, Bug Report
gniibe claimed T6070: Yubikey 5C 'not available: card error' regression.
Jul 11 2022, 7:53 AM · gnupg (gpg23), scd, Bug Report
gniibe added a comment to T6070: Yubikey 5C 'not available: card error' regression.

Please let us know, your firmware version number (in bcdDevice) by lsusb.

Jul 11 2022, 7:52 AM · gnupg (gpg23), scd, Bug Report

Jul 8 2022

gniibe committed rT5d3d9d9904d2: Allow server's use of SHA256 hash with secpr384 key. (authored by gniibe).
Allow server's use of SHA256 hash with secpr384 key.
Jul 8 2022, 10:49 AM
gniibe added a project to T6059: ntbtls: use of shorter hash for ECC: Restricted Project.

Pushed the change.

Jul 8 2022, 9:53 AM · Feature Request, Restricted Project, ntbtls
gniibe added a comment to T6059: ntbtls: use of shorter hash for ECC.

There is a description: https://datatracker.ietf.org/doc/html/rfc8422#section-5.10

Jul 8 2022, 2:30 AM · Feature Request, Restricted Project, ntbtls

Jul 7 2022

gniibe closed T5953: batch signature fails with imported ed25519 signing key as of 2.2.34 as Resolved.
Jul 7 2022, 6:53 AM · gnupg (gpg22), Bug Report
gniibe closed T5120: Incompatible Ed25519 secret key (no-encryption), a subtask of T5114: GnuPG fails to import back generated and exported EdDSA secret key., as Resolved.
Jul 7 2022, 6:51 AM · gnupg, Restricted Project, gpgagent, Bug Report
gniibe closed T5120: Incompatible Ed25519 secret key (no-encryption) as Resolved.
Jul 7 2022, 6:51 AM · gnupg (gpg22), Bug Report
gniibe removed a project from T5953: batch signature fails with imported ed25519 signing key as of 2.2.34: Restricted Project.

Fixed in 2.2.36.

Jul 7 2022, 6:51 AM · gnupg (gpg22), Bug Report
gniibe closed T5979: SCardListReaders: Conditional jump or move depends on uninitialised value(s) as Resolved.
Jul 7 2022, 6:50 AM · backport, gnupg, scd, patch
gniibe closed T6033: Regression in GnuPG 2.2.34 with some ECC keys as Resolved.
Jul 7 2022, 6:50 AM · Bug Report, gnupg (gpg22)
gniibe removed a project from T6033: Regression in GnuPG 2.2.34 with some ECC keys: Restricted Project.

Fixed in 2.2.36.

Jul 7 2022, 6:50 AM · Bug Report, gnupg (gpg22)
gniibe committed rCb2a64ed4f34a: cipher: Fix gcry_pk_hash_verify for explicit hash. (authored by gniibe).
cipher: Fix gcry_pk_hash_verify for explicit hash.
Jul 7 2022, 5:16 AM
gniibe claimed T6066: gcry_pk_hash_verify() does not work with explicitly specified hash algorithm.

Thank you for your report. That's my badness (forgetting to implement in pk_verify_md function).

Jul 7 2022, 5:07 AM · backport, libgcrypt, Bug Report
gniibe committed rC37b812f5e2a3: tests/t-kdf: Test KDF FIPS indicator (authored by Clemens Lang via Gcrypt-devel <gcrypt-devel@lists.gnupg.org>).
tests/t-kdf: Test KDF FIPS indicator
Jul 7 2022, 4:47 AM
gniibe committed rC45a139b166a3: tests: Test gcry_pk_hash_sign w/explicit hash algo (authored by Clemens Lang via Gcrypt-devel <gcrypt-devel@lists.gnupg.org>).
tests: Test gcry_pk_hash_sign w/explicit hash algo
Jul 7 2022, 4:47 AM

Jul 6 2022

gniibe added a comment to T6048: Test suite fixes with --enable-pubkey-ciphers=ecc.

Thanks. Applied. Also, fixed about a warning for ChaCha20.

Jul 6 2022, 7:56 AM · FIPS, libgcrypt
gniibe triaged T6059: ntbtls: use of shorter hash for ECC as Normal priority.
Jul 6 2022, 6:57 AM · Feature Request, Restricted Project, ntbtls
gniibe added a comment to T6058: clarify need of --batch and/or --pinentry-mode looback with --passphrase-* options.

I admit that documentation for users should be updated and/or semantics of options could be improved.

Jul 6 2022, 4:36 AM · gnupg, Documentation
gniibe committed rC8d5053fb08cf: cipher,chacha20: Conditionalize a variable. (authored by gniibe).
cipher,chacha20: Conditionalize a variable.
Jul 6 2022, 2:36 AM
gniibe committed rC9d6203532d90: tests/basic: Skip non-FIPS tests in FIPS mode (authored by neverpanic).
tests/basic: Skip non-FIPS tests in FIPS mode
Jul 6 2022, 2:20 AM

Jul 5 2022

gniibe committed rG424aa3543de0: gpg,build: Fix message for newer gettext. (authored by gniibe).
gpg,build: Fix message for newer gettext.
Jul 5 2022, 6:48 AM
gniibe added a comment to T6047: Dirmngr - LDAP Schema V2 not used when Base DN is specified.

Let me know how best to submit it

Jul 5 2022, 4:36 AM · LDAP, dirmngr, gnupg (gpg23), Feature Request
gniibe committed rCe2a7a0c9f5d2: kdf: Fix memory leak on error. (authored by gniibe).
kdf: Fix memory leak on error.
Jul 5 2022, 4:09 AM

Jul 1 2022

gniibe committed rCc5480b4934bb: fips: Skip selftests of unsupported PK algos (authored by neverpanic).
fips: Skip selftests of unsupported PK algos
Jul 1 2022, 9:22 AM
gniibe committed rC56000fb5c42f: build: Skip PK-specific tests if algo is disabled (authored by neverpanic).
build: Skip PK-specific tests if algo is disabled
Jul 1 2022, 9:22 AM
gniibe committed rC572b0bf9668d: tests/keygen.c: Skip unavailable PK algorithms (authored by neverpanic).
tests/keygen.c: Skip unavailable PK algorithms
Jul 1 2022, 9:22 AM
gniibe committed rC78c0d76f8092: tests/benchmark: Skip unavailable PK algorithms (authored by neverpanic).
tests/benchmark: Skip unavailable PK algorithms
Jul 1 2022, 9:22 AM
gniibe committed rCe78cf3df23a2: tests/basic: Skip tests if PK algo is unavailable (authored by neverpanic).
tests/basic: Skip tests if PK algo is unavailable
Jul 1 2022, 9:22 AM
gniibe committed rC4f4da6cbf065: tests/pubkey: Skip tests if PK algo is unavailable (authored by neverpanic).
tests/pubkey: Skip tests if PK algo is unavailable
Jul 1 2022, 9:22 AM
gniibe committed rC96fafffeeba5: kdf: Skip tests if hash algo is not available (authored by neverpanic).
kdf: Skip tests if hash algo is not available
Jul 1 2022, 9:22 AM
gniibe updated subscribers of T6048: Test suite fixes with --enable-pubkey-ciphers=ecc.
Jul 1 2022, 9:16 AM · FIPS, libgcrypt
gniibe added a project to T6048: Test suite fixes with --enable-pubkey-ciphers=ecc: Restricted Project.

Applied and pushed.

Jul 1 2022, 9:16 AM · FIPS, libgcrypt
gniibe added a project to T6048: Test suite fixes with --enable-pubkey-ciphers=ecc: FIPS.

The last patch is related to FIPS, so, I add the FIPS tag.

Jul 1 2022, 9:13 AM · FIPS, libgcrypt
gniibe added a project to T6048: Test suite fixes with --enable-pubkey-ciphers=ecc: libgcrypt.
Jul 1 2022, 8:52 AM · FIPS, libgcrypt

Jun 30 2022

gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

We could change how device keys are listed. Currently, Scute does KEYINFO --list, then asking gpgsm for each certificate.

Jun 30 2022, 3:57 AM · Feature Request, scute
gniibe added a comment to T6050: GnuPG fails to import back generated and exported ed448 secret key..

Thank you for your report.

Jun 30 2022, 3:47 AM · Bug Report
gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

The change requires "KEYINFO --list" command. This is not available through remote access of gpg-agent (extra socket).

Jun 30 2022, 3:05 AM · Feature Request, scute
gniibe claimed T6050: GnuPG fails to import back generated and exported ed448 secret key..
Jun 30 2022, 3:03 AM · Bug Report

Jun 29 2022

gniibe claimed T6048: Test suite fixes with --enable-pubkey-ciphers=ecc.
Jun 29 2022, 9:58 AM · FIPS, libgcrypt
gniibe triaged T6048: Test suite fixes with --enable-pubkey-ciphers=ecc as Normal priority.
Jun 29 2022, 9:58 AM · FIPS, libgcrypt
gniibe added a comment to T5912: libgpg-error: Drop WindowsCE support.

Applied the changes to master.

Jun 29 2022, 2:00 AM · gpgrt

Jun 28 2022

gniibe moved T4873: Enable AES GCM in FIPS mode from Backlog to Next on the FIPS board.
Jun 28 2022, 11:19 AM · FIPS, libgcrypt, Feature Request
gniibe moved T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF from Backlog to Next on the FIPS board.
Jun 28 2022, 10:58 AM · backport, libgcrypt, FIPS
gniibe committed rKe51d5c7ce81f: build: Update gpg-error.m4. (authored by gniibe).
build: Update gpg-error.m4.
Jun 28 2022, 6:48 AM
gniibe committed rE2bafe2cdddb9: Remove W32CE support from mkheader.c. (authored by gniibe).
Remove W32CE support from mkheader.c.
Jun 28 2022, 6:10 AM
gniibe committed rEc49fc80e7640: Remove mkw32errmap.c file. (authored by gniibe).
Remove mkw32errmap.c file.
Jun 28 2022, 6:10 AM
gniibe committed rE084d135f44a0: Typo fix in autogen.sh. (authored by gniibe).
Typo fix in autogen.sh.
Jun 28 2022, 6:10 AM
gniibe committed rEb866f7baf86f: Remove W32CE support from autogen.sh. (authored by gniibe).
Remove W32CE support from autogen.sh.
Jun 28 2022, 6:10 AM
gniibe committed rE14ead267268f: Remove Windows CE support. (authored by gniibe).
Remove Windows CE support.
Jun 28 2022, 6:10 AM
gniibe committed rTb0e62c243165: build: Update gpg-error.m4. (authored by gniibe).
build: Update gpg-error.m4.
Jun 28 2022, 5:27 AM
gniibe added projects to T5912: libgpg-error: Drop WindowsCE support: gpgrt, Restricted Project.
Jun 28 2022, 5:15 AM · gpgrt
gniibe committed rM02a2f3503590: build: When no gpg-error-config, not install gpgme-config. (authored by gniibe).
build: When no gpg-error-config, not install gpgme-config.
Jun 28 2022, 5:00 AM
gniibe committed rMaa94b4cee5aa: build: Update gpg-error.m4 (authored by gniibe).
build: Update gpg-error.m4
Jun 28 2022, 5:00 AM
gniibe added a comment to T5769: fix typo in autogen.sh.

Fixed in libgpg-error.

Jun 28 2022, 4:38 AM · Documentation, gpgrt
gniibe committed rA3156f29a797d: build: Update gpg-error.m4. (authored by gniibe).
build: Update gpg-error.m4.
Jun 28 2022, 4:34 AM
gniibe committed rG8aa9f80be0bb: agent: Add description for "Prompt" field. (authored by gniibe).
agent: Add description for "Prompt" field.
Jun 28 2022, 3:38 AM
gniibe added a comment to T5985: private-key: Support "Use-for-ssh" flag.

We removed assuming "OPENPGP.3" means for ssh.

Jun 28 2022, 3:31 AM · Feature Request, ssh, gpgagent
gniibe closed T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jun 28 2022, 3:29 AM · ssh, gpgagent, scd
gniibe closed T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available as Resolved.
Jun 28 2022, 3:29 AM · ssh, gpgagent, scd
gniibe committed rG39422f1d63e2: agent: Don't assume "OPENPGP.3" key means "Use-for-ssh:". (authored by gniibe).
agent: Don't assume "OPENPGP.3" key means "Use-for-ssh:".
Jun 28 2022, 3:27 AM
gniibe renamed T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available from ssh,card: OpenPGP.3 keys should be on the list (as default) even when card is not available to ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available.
Jun 28 2022, 3:22 AM · ssh, gpgagent, scd
gniibe added a comment to T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available.

Having "Use-for-ssh" flag now, experience shows that including OpenPGP.3 keys by default is not convenient.

Jun 28 2022, 3:20 AM · ssh, gpgagent, scd

Jun 24 2022

gniibe added a comment to T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF.

The change allows internal use of HMAC with shorter key.

Jun 24 2022, 2:59 AM · backport, libgcrypt, FIPS
gniibe committed rC58c92098d053: hmac,hkdf: Allow use of shorter salt for HKDF. (authored by gniibe).
hmac,hkdf: Allow use of shorter salt for HKDF.
Jun 24 2022, 2:03 AM
gniibe added a comment to T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF.

Considering again, I concluded the patch above should be applied.
The use of SALT in HKDF may be not secret and there are valid use cases with no last or shorter salt. It's different to the use case of HMAC, where KEY is secret.

Jun 24 2022, 1:59 AM · backport, libgcrypt, FIPS
gniibe committed rG9e2307ddf0c2: agent: Flush before calling ftruncate. (authored by gniibe).
agent: Flush before calling ftruncate.
Jun 24 2022, 1:51 AM

Jun 23 2022

gniibe added a project to T6035: Portability issue: ftruncate: Restricted Project.
Jun 23 2022, 4:27 AM · backport, gpgagent, gnupg
gniibe committed rG99d2931887e5: agent: Flush before calling ftruncate. (authored by gniibe).
agent: Flush before calling ftruncate.
Jun 23 2022, 4:07 AM