• gniibe renamed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token to OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Jul 12 2022, 3:26 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

• gniibe edited projects for T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required), added: Documentation; removed Restricted Project.

Changed the tags and the title.

Jul 12 2022, 3:26 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

• gniibe closed T5948: Flaky test (<keyboxd>tests/openpgp/use-exact-key.scm) failure with gnupg 2.3.5, 2.3.6 as Resolved.

Fixed in 2.3.7.

Jul 12 2022, 3:23 AM · gnupg (gpg23), Bug Report

• gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

And 2.3.7.

Jul 12 2022, 3:22 AM · backport, yubikey, scd, segv, Bug Report

• gniibe closed T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys as Resolved.

Fixed in 2.2.36.

Jul 12 2022, 3:19 AM · backport, yubikey, scd, segv, Bug Report

• gniibe added a comment to T6070: Yubikey 5C 'not available: card error' regression.

Perhaps, rG53eddf9b9ea0: scd: Fail when no good algorithm attribute. should be backported to 2.2.

Jul 12 2022, 3:19 AM · gnupg (gpg23), scd, Bug Report

• gniibe closed T5986: card: Show "Label:" when prompting the insertion of a card, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.

Jul 12 2022, 3:17 AM · ssh, gpgagent, scd

• gniibe closed T5986: card: Show "Label:" when prompting the insertion of a card as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:17 AM · ssh, gpgagent, scd

• gniibe closed T5987: card: New field to specify refusing operations when card/token is not available as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:14 AM · ssh, gpgagent, scd

• gniibe closed T5987: card: New field to specify refusing operations when card/token is not available, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.

Jul 12 2022, 3:14 AM · ssh, gpgagent, scd

• gniibe closed T5988: agent: Add new command to update private key fields, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.

Jul 12 2022, 3:13 AM · ssh, gpgagent, scd

• gniibe closed T5988: agent: Add new command to update private key fields as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:13 AM · Feature Request, ssh, gpgagent

• gniibe removed a project from T6003: card: READCERT with KEYGRIP: Restricted Project.

It's in 2.3.7.

Jul 12 2022, 3:13 AM · scd, Feature Request

• gniibe closed T6010: gpg-connect-agent: /definqprog semantics enhancement, a subtask of T5862: authentication with USB token, as Resolved.

Jul 12 2022, 3:12 AM · gpgagent, Feature Request, scd

• gniibe closed T6010: gpg-connect-agent: /definqprog semantics enhancement as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:12 AM · Feature Request, scd

• gniibe closed T6012: gpg-agent: Add --format=ssh option for READKEY, a subtask of T5862: authentication with USB token, as Resolved.

Jul 12 2022, 3:11 AM · gpgagent, Feature Request, scd

• gniibe closed T6012: gpg-agent: Add --format=ssh option for READKEY as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:11 AM · gpgagent, Feature Request

• gniibe closed T6019: Parsing AEAD preference string parsing causes reads uninitialized memory as Resolved.

Fixed in 2.3.7.

Jul 12 2022, 3:10 AM · patch, gnupg (gpg23), Bug Report

• gniibe added a comment to T6070: Yubikey 5C 'not available: card error' regression.

Thank you. I learned that there is new firmware, version 5.4 series.

Jul 12 2022, 2:06 AM · gnupg (gpg23), scd, Bug Report

Jul 11 2022

• gniibe added a project to T6071: Duplicated output (repeated nearly once) of the GnuPG console-output to "stdout" on Windows-Console if "Legacy-Console" with any TrueType Fonts is activated under Windows: Windows.

In gnupg/common/ttyio.c, the function w32_write_console does:

Call WriteConsoleW, and when it fails, it calls
WriteConsoleA

Jul 11 2022, 9:24 AM · Windows, gnupg, Bug Report

• gniibe claimed T6070: Yubikey 5C 'not available: card error' regression.

Jul 11 2022, 7:53 AM · gnupg (gpg23), scd, Bug Report

• gniibe added a comment to T6070: Yubikey 5C 'not available: card error' regression.

Please let us know, your firmware version number (in bcdDevice) by lsusb.

Jul 11 2022, 7:52 AM · gnupg (gpg23), scd, Bug Report

Jul 8 2022

• gniibe committed rT5d3d9d9904d2: Allow server's use of SHA256 hash with secpr384 key. (authored by • gniibe).

Allow server's use of SHA256 hash with secpr384 key.

Jul 8 2022, 10:49 AM

• gniibe added a project to T6059: ntbtls: use of shorter hash for ECC: Restricted Project.

Pushed the change.

Jul 8 2022, 9:53 AM · Feature Request, Restricted Project, ntbtls

• gniibe added a comment to T6059: ntbtls: use of shorter hash for ECC.

There is a description: https://datatracker.ietf.org/doc/html/rfc8422#section-5.10

Jul 8 2022, 2:30 AM · Feature Request, Restricted Project, ntbtls

Jul 7 2022

• gniibe closed T5953: batch signature fails with imported ed25519 signing key as of 2.2.34 as Resolved.

Jul 7 2022, 6:53 AM · gnupg (gpg22), Bug Report

• gniibe closed T5120: Incompatible Ed25519 secret key (no-encryption), a subtask of T5114: GnuPG fails to import back generated and exported EdDSA secret key., as Resolved.

Jul 7 2022, 6:51 AM · gnupg, Restricted Project, gpgagent, Bug Report

• gniibe closed T5120: Incompatible Ed25519 secret key (no-encryption) as Resolved.

Jul 7 2022, 6:51 AM · gnupg (gpg22), Bug Report

• gniibe removed a project from T5953: batch signature fails with imported ed25519 signing key as of 2.2.34: Restricted Project.

Fixed in 2.2.36.

Jul 7 2022, 6:51 AM · gnupg (gpg22), Bug Report

• gniibe closed T5979: SCardListReaders: Conditional jump or move depends on uninitialised value(s) as Resolved.

Jul 7 2022, 6:50 AM · backport, gnupg, scd, patch

• gniibe closed T6033: Regression in GnuPG 2.2.34 with some ECC keys as Resolved.

Jul 7 2022, 6:50 AM · Bug Report, gnupg (gpg22)

• gniibe removed a project from T6033: Regression in GnuPG 2.2.34 with some ECC keys: Restricted Project.

Fixed in 2.2.36.

Jul 7 2022, 6:50 AM · Bug Report, gnupg (gpg22)

• gniibe committed rCb2a64ed4f34a: cipher: Fix gcry_pk_hash_verify for explicit hash. (authored by • gniibe).

cipher: Fix gcry_pk_hash_verify for explicit hash.

Jul 7 2022, 5:16 AM

• gniibe claimed T6066: gcry_pk_hash_verify() does not work with explicitly specified hash algorithm.

Thank you for your report. That's my badness (forgetting to implement in pk_verify_md function).

Jul 7 2022, 5:07 AM · backport, libgcrypt, Bug Report

• gniibe committed rC37b812f5e2a3: tests/t-kdf: Test KDF FIPS indicator (authored by Clemens Lang via Gcrypt-devel <gcrypt-devel@lists.gnupg.org>).

tests/t-kdf: Test KDF FIPS indicator

Jul 7 2022, 4:47 AM

• gniibe committed rC45a139b166a3: tests: Test gcry_pk_hash_sign w/explicit hash algo (authored by Clemens Lang via Gcrypt-devel <gcrypt-devel@lists.gnupg.org>).

tests: Test gcry_pk_hash_sign w/explicit hash algo

Jul 7 2022, 4:47 AM

Jul 6 2022

• gniibe added a comment to T6048: Test suite fixes with --enable-pubkey-ciphers=ecc.

Thanks. Applied. Also, fixed about a warning for ChaCha20.

Jul 6 2022, 7:56 AM · FIPS, libgcrypt

• gniibe triaged T6059: ntbtls: use of shorter hash for ECC as Normal priority.

Jul 6 2022, 6:57 AM · Feature Request, Restricted Project, ntbtls

• gniibe added a comment to T6058: clarify need of --batch and/or --pinentry-mode looback with --passphrase-* options.

I admit that documentation for users should be updated and/or semantics of options could be improved.

Jul 6 2022, 4:36 AM · gnupg, Documentation

• gniibe committed rC8d5053fb08cf: cipher,chacha20: Conditionalize a variable. (authored by • gniibe).

cipher,chacha20: Conditionalize a variable.

Jul 6 2022, 2:36 AM

• gniibe committed rC9d6203532d90: tests/basic: Skip non-FIPS tests in FIPS mode (authored by neverpanic).

tests/basic: Skip non-FIPS tests in FIPS mode

Jul 6 2022, 2:20 AM

Jul 5 2022

• gniibe committed rG424aa3543de0: gpg,build: Fix message for newer gettext. (authored by • gniibe).

gpg,build: Fix message for newer gettext.

Jul 5 2022, 6:48 AM

• gniibe added a comment to T6047: Dirmngr - LDAP Schema V2 not used when Base DN is specified.

Let me know how best to submit it

Jul 5 2022, 4:36 AM · LDAP, dirmngr, gnupg (gpg23), Feature Request

• gniibe committed rCe2a7a0c9f5d2: kdf: Fix memory leak on error. (authored by • gniibe).

kdf: Fix memory leak on error.

Jul 5 2022, 4:09 AM

Jul 1 2022

• gniibe committed rCc5480b4934bb: fips: Skip selftests of unsupported PK algos (authored by neverpanic).

fips: Skip selftests of unsupported PK algos

Jul 1 2022, 9:22 AM

• gniibe committed rC56000fb5c42f: build: Skip PK-specific tests if algo is disabled (authored by neverpanic).

build: Skip PK-specific tests if algo is disabled

Jul 1 2022, 9:22 AM

• gniibe committed rC572b0bf9668d: tests/keygen.c: Skip unavailable PK algorithms (authored by neverpanic).

tests/keygen.c: Skip unavailable PK algorithms

Jul 1 2022, 9:22 AM

• gniibe committed rC78c0d76f8092: tests/benchmark: Skip unavailable PK algorithms (authored by neverpanic).

tests/benchmark: Skip unavailable PK algorithms

Jul 1 2022, 9:22 AM

• gniibe committed rCe78cf3df23a2: tests/basic: Skip tests if PK algo is unavailable (authored by neverpanic).

tests/basic: Skip tests if PK algo is unavailable

Jul 1 2022, 9:22 AM

• gniibe committed rC4f4da6cbf065: tests/pubkey: Skip tests if PK algo is unavailable (authored by neverpanic).

tests/pubkey: Skip tests if PK algo is unavailable

Jul 1 2022, 9:22 AM

• gniibe committed rC96fafffeeba5: kdf: Skip tests if hash algo is not available (authored by neverpanic).

kdf: Skip tests if hash algo is not available

Jul 1 2022, 9:22 AM

• gniibe updated subscribers of T6048: Test suite fixes with --enable-pubkey-ciphers=ecc.

Jul 1 2022, 9:16 AM · FIPS, libgcrypt

• gniibe added a project to T6048: Test suite fixes with --enable-pubkey-ciphers=ecc: Restricted Project.

Applied and pushed.

Jul 1 2022, 9:16 AM · FIPS, libgcrypt

• gniibe added a project to T6048: Test suite fixes with --enable-pubkey-ciphers=ecc: FIPS.

The last patch is related to FIPS, so, I add the FIPS tag.

Jul 1 2022, 9:13 AM · FIPS, libgcrypt

• gniibe added a project to T6048: Test suite fixes with --enable-pubkey-ciphers=ecc: libgcrypt.

Jul 1 2022, 8:52 AM · FIPS, libgcrypt

Jun 30 2022

• gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

We could change how device keys are listed. Currently, Scute does KEYINFO --list, then asking gpgsm for each certificate.

Jun 30 2022, 3:57 AM · Feature Request, scute

• gniibe added a comment to T6050: GnuPG fails to import back generated and exported ed448 secret key..

Thank you for your report.

Jun 30 2022, 3:47 AM · Bug Report

• gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

The change requires "KEYINFO --list" command. This is not available through remote access of gpg-agent (extra socket).

Jun 30 2022, 3:05 AM · Feature Request, scute

• gniibe claimed T6050: GnuPG fails to import back generated and exported ed448 secret key..

Jun 30 2022, 3:03 AM · Bug Report

Jun 29 2022

• gniibe claimed T6048: Test suite fixes with --enable-pubkey-ciphers=ecc.

Jun 29 2022, 9:58 AM · FIPS, libgcrypt

• gniibe triaged T6048: Test suite fixes with --enable-pubkey-ciphers=ecc as Normal priority.

Jun 29 2022, 9:58 AM · FIPS, libgcrypt

• gniibe added a comment to T5912: libgpg-error: Drop WindowsCE support.

Applied the changes to master.

Jun 29 2022, 2:00 AM · gpgrt

Jun 28 2022

• gniibe moved T4873: Enable AES GCM in FIPS mode from Backlog to Next on the FIPS board.

Jun 28 2022, 11:19 AM · FIPS, libgcrypt, Feature Request

• gniibe moved T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF from Backlog to Next on the FIPS board.

Jun 28 2022, 10:58 AM · backport, libgcrypt, FIPS

• gniibe committed rKe51d5c7ce81f: build: Update gpg-error.m4. (authored by • gniibe).

build: Update gpg-error.m4.

Jun 28 2022, 6:48 AM

• gniibe committed rE2bafe2cdddb9: Remove W32CE support from mkheader.c. (authored by • gniibe).

Remove W32CE support from mkheader.c.

Jun 28 2022, 6:10 AM

• gniibe committed rEc49fc80e7640: Remove mkw32errmap.c file. (authored by • gniibe).

Remove mkw32errmap.c file.

Jun 28 2022, 6:10 AM

• gniibe committed rE084d135f44a0: Typo fix in autogen.sh. (authored by • gniibe).

Typo fix in autogen.sh.

Jun 28 2022, 6:10 AM

• gniibe committed rEb866f7baf86f: Remove W32CE support from autogen.sh. (authored by • gniibe).

Remove W32CE support from autogen.sh.

Jun 28 2022, 6:10 AM

• gniibe committed rE14ead267268f: Remove Windows CE support. (authored by • gniibe).

Remove Windows CE support.

Jun 28 2022, 6:10 AM

• gniibe committed rTb0e62c243165: build: Update gpg-error.m4. (authored by • gniibe).

build: Update gpg-error.m4.

Jun 28 2022, 5:27 AM

• gniibe added projects to T5912: libgpg-error: Drop WindowsCE support: gpgrt, Restricted Project.

Jun 28 2022, 5:15 AM · gpgrt

• gniibe committed rM02a2f3503590: build: When no gpg-error-config, not install gpgme-config. (authored by • gniibe).

build: When no gpg-error-config, not install gpgme-config.

Jun 28 2022, 5:00 AM

• gniibe committed rMaa94b4cee5aa: build: Update gpg-error.m4 (authored by • gniibe).

build: Update gpg-error.m4

Jun 28 2022, 5:00 AM

• gniibe added a comment to T5769: fix typo in autogen.sh.

Fixed in libgpg-error.

Jun 28 2022, 4:38 AM · Documentation, gpgrt

• gniibe committed rA3156f29a797d: build: Update gpg-error.m4. (authored by • gniibe).

build: Update gpg-error.m4.

Jun 28 2022, 4:34 AM

• gniibe committed rG8aa9f80be0bb: agent: Add description for "Prompt" field. (authored by • gniibe).

agent: Add description for "Prompt" field.

Jun 28 2022, 3:38 AM

• gniibe added a comment to T5985: private-key: Support "Use-for-ssh" flag.

We removed assuming "OPENPGP.3" means for ssh.

Jun 28 2022, 3:31 AM · Feature Request, ssh, gpgagent

• gniibe closed T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.

Jun 28 2022, 3:29 AM · ssh, gpgagent, scd

• gniibe closed T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available as Resolved.

Jun 28 2022, 3:29 AM · ssh, gpgagent, scd

• gniibe committed rG39422f1d63e2: agent: Don't assume "OPENPGP.3" key means "Use-for-ssh:". (authored by • gniibe).

agent: Don't assume "OPENPGP.3" key means "Use-for-ssh:".

Jun 28 2022, 3:27 AM

• gniibe renamed T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available from ssh,card: OpenPGP.3 keys should be on the list (as default) even when card is not available to ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available.

Jun 28 2022, 3:22 AM · ssh, gpgagent, scd

• gniibe added a comment to T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available.

Having "Use-for-ssh" flag now, experience shows that including OpenPGP.3 keys by default is not convenient.

Jun 28 2022, 3:20 AM · ssh, gpgagent, scd

Jun 24 2022

• gniibe added a comment to T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF.

The change allows internal use of HMAC with shorter key.

Jun 24 2022, 2:59 AM · backport, libgcrypt, FIPS

• gniibe committed rC58c92098d053: hmac,hkdf: Allow use of shorter salt for HKDF. (authored by • gniibe).

hmac,hkdf: Allow use of shorter salt for HKDF.

Jun 24 2022, 2:03 AM

• gniibe added a comment to T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF.

Considering again, I concluded the patch above should be applied.
The use of SALT in HKDF may be not secret and there are valid use cases with no last or shorter salt. It's different to the use case of HMAC, where KEY is secret.

Jun 24 2022, 1:59 AM · backport, libgcrypt, FIPS

• gniibe committed rG9e2307ddf0c2: agent: Flush before calling ftruncate. (authored by • gniibe).

agent: Flush before calling ftruncate.

Jun 24 2022, 1:51 AM