Page MenuHome GnuPG
Feed All Stories

All Stories
Use Results
Edit Query

Oct 6 2022

manonfgoo added a comment to T6229: Include ability to use any/all of the keys stored on YubiKey's PIV applet ("retired" keys).
In T6229#163870, @werner wrote:

The other key slots are claimed to be used for expired or archived keys as you rightfully mention. We need to figure out the real world semantic behind this before we can repurpose such keys.

Oct 6 2022, 10:44 PM · yubikey, Feature Request
manonfgoo added a comment to T6229: Include ability to use any/all of the keys stored on YubiKey's PIV applet ("retired" keys).

Pleaee have a look at https://dev.gnupg.org/T5790, i added a patch.

Oct 6 2022, 10:30 PM · yubikey, Feature Request
manonfgoo added a comment to T5790: Cannot use "Retired Cert Key Mgm [1-20]” Slots on YubiKey.

Attached you find a patch to this issue. This Patch sets the "keypair" attribute to the keys 0x82 to 0x95 unconditionaly.

Oct 6 2022, 10:29 PM · gnupg24, gnupg (gpg23), scd, Feature Request
werner triaged T6229: Include ability to use any/all of the keys stored on YubiKey's PIV applet ("retired" keys) as Low priority.

The other key slots are claimed to be used for expired or archived keys as you rightfully mention. We need to figure out the real world semantic behind this before we can repurpose such keys.

Oct 6 2022, 6:44 PM · yubikey, Feature Request
werner committed rG7ccd489aa2e5: wkd: New command --mirror for gpg-wks-client. (authored by werner).
wkd: New command --mirror for gpg-wks-client.
Oct 6 2022, 6:40 PM
margirou created T6229: Include ability to use any/all of the keys stored on YubiKey's PIV applet ("retired" keys).
Oct 6 2022, 5:53 PM · yubikey, Feature Request
werner accepted rCa6a6e94027ab: random: Get maximum 32B of entropy at once in FIPS Mode.

That's more than sufficient. Thanks.

Oct 6 2022, 3:07 PM
hefee created T6228: TOFU data are not updated when creating an encrypted message.
Oct 6 2022, 1:47 PM · gpgme, TOFU
gniibe committed rCefdc87b305ff: tests: Reproducer for short dklen in FIPS mode (authored by Jakuje).
tests: Reproducer for short dklen in FIPS mode
Oct 6 2022, 7:12 AM
gniibe committed rC6e832840a8b7: random: Extend the comment about FIPS specifics (authored by Jakuje).
random: Extend the comment about FIPS specifics
Oct 6 2022, 7:11 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRA4d4d4a78ae07: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Oct 6 2022, 4:11 AM

Oct 5 2022

werner closed T6142: On Windows, gpg 2.3.7 thinks the certificates of major keyservers have expired as Resolved.
Oct 5 2022, 4:20 PM · workaround, gnupg, Keyserver, Bug Report
werner closed T6142: On Windows, gpg 2.3.7 thinks the certificates of major keyservers have expired, a subtask of T5882: Cross signing certificate in X.509 support, as Resolved.
Oct 5 2022, 4:20 PM
werner committed rK4b7d9cd4a018: Detect a possible overflow directly in the TLV parser. (authored by werner).
Detect a possible overflow directly in the TLV parser.
Oct 5 2022, 4:12 PM
werner committed rG7a01e806eac4: dirmngr: Support paged LDAP mode for KS_GET (authored by werner).
dirmngr: Support paged LDAP mode for KS_GET
Oct 5 2022, 3:16 PM
werner committed rKe11e17620189: Post release updates (authored by werner).
Post release updates
Oct 5 2022, 2:17 PM
werner committed rKd3c1e063d708: Release 1.6.1 (authored by werner).
Release 1.6.1
Oct 5 2022, 2:17 PM
gniibe committed rPTHe894f0197fb4: w32: Add comment for our intentional casting for TlsSetValue. (authored by gniibe).
w32: Add comment for our intentional casting for TlsSetValue.
Oct 5 2022, 9:27 AM
Jakuje added a comment to rCa6a6e94027ab: random: Get maximum 32B of entropy at once in FIPS Mode.

I tried to clarify the comment in the following merge request. Feel free to pull it from there or adjust if it is too verbose or missing some points:

Oct 5 2022, 9:17 AM
gniibe triaged T6227: Windows 64-bit: NPTH API as Wishlist priority.
Oct 5 2022, 8:40 AM · Windows 64, Memo, npth
mlaurent committed rLIBKLEO0f469f64c238: GIT_SILENT: make sure to depend against qt6.4, kpimtextedit needs it (authored by mlaurent).
GIT_SILENT: make sure to depend against qt6.4, kpimtextedit needs it
Oct 5 2022, 8:01 AM
mlaurent committed rKLEOPATRA0cd00b23dd13: GIT_SILENT: make sure to depend against qt6.4, kpimtextedit needs it (authored by mlaurent).
GIT_SILENT: make sure to depend against qt6.4, kpimtextedit needs it
Oct 5 2022, 7:56 AM

Oct 4 2022

isundil added a comment to T6005: Problem decrypting inline images came up again.

Hello,
I'm having the same issue here, and as I've an image in the signature of my emails the signature is not visible at all when I sign the messages.
The image attached seems to be well included in the attachments and the image is readable.
Thanks,
isundil

Oct 4 2022, 9:14 PM · Unreleased, Bug Report, gpgol
isundil added a comment to T4350: Attachments in Outlook.
Oct 4 2022, 9:12 PM · Info Needed, gpgol, Bug Report, gpg4win
werner added a comment to rCa6a6e94027ab: random: Get maximum 32B of entropy at once in FIPS Mode.

A minor clarification in the code comment would be enough. Something like: Some non-standard kernel return only 32 bytes of strong entropy to satisfy current FIPS requirements.

Oct 4 2022, 9:05 PM
werner added a comment to T6097: SC-HSM 4K Compatibility.

Yes, that's probably right. I talked to the vendor and they were nice enough to send us specs and samples. However, without a strong business case support for these cards we can't prioritize this work.

Oct 4 2022, 9:01 PM · Bug Report
werner closed T6226: Native PKCS#11 support, by attaching any module/library, without having to use workarounds (alternative gpg-agent etc.) as Wontfix.

Most PCKS#11 drivers are proprietary software which do not fit well into a free software system. Thus we avoid them. And of course we provide pcksc#11 support: Install Scute. There are no workarounds like alternative gpg-agent's - those things don't work reliable and are not supported.

Oct 4 2022, 8:57 PM · Feature Request
werner closed T6225: Gpg4win 4.0.3 and GnuPG 2.3.7 cannot use OpenPGP Card with ECC Keys as Resolved.

This is a duplicate of T6070. Please wait for gnupg 2.3.8

Oct 4 2022, 8:46 PM
margirou updated the task description for T6226: Native PKCS#11 support, by attaching any module/library, without having to use workarounds (alternative gpg-agent etc.).
Oct 4 2022, 5:49 PM · Feature Request
margirou added a comment to T6226: Native PKCS#11 support, by attaching any module/library, without having to use workarounds (alternative gpg-agent etc.).
Oct 4 2022, 5:04 PM · Feature Request
margirou created T6226: Native PKCS#11 support, by attaching any module/library, without having to use workarounds (alternative gpg-agent etc.).
Oct 4 2022, 5:01 PM · Feature Request
margirou added a comment to T6097: SC-HSM 4K Compatibility.

I am attaching one last log I have while trying to use the SC-HSM and using the debug options mentioned. From what I understand, the keys and certificates are recognised by scdaemon, but, for some reason, they don't show up in gpg --card-edit --expert or in Kleopatra. Having AES symmetric keys also causes the PrKDF to show up as invalid.

Oct 4 2022, 4:48 PM · Bug Report
margirou updated the task description for T6225: Gpg4win 4.0.3 and GnuPG 2.3.7 cannot use OpenPGP Card with ECC Keys.
Oct 4 2022, 4:03 PM
margirou created T6225: Gpg4win 4.0.3 and GnuPG 2.3.7 cannot use OpenPGP Card with ECC Keys.
Oct 4 2022, 3:56 PM
pirkes reopened T5216: Kleopatra: Fix handling of UNC paths as "Open".
Oct 4 2022, 2:38 PM · kleopatra
werner committed rG4de98d4468f3: dirmngr: New options --first and --next for KS_GET. (authored by werner).
dirmngr: New options --first and --next for KS_GET.
Oct 4 2022, 12:59 PM
werner moved T6219: Ensure minimum key length for KDF in FIPS mode from Backlog to Ready for release on the FIPS board.
Oct 4 2022, 11:09 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6219: Ensure minimum key length for KDF in FIPS mode.

Also applied to 1.10 branch.

Oct 4 2022, 11:09 AM · libgcrypt, FIPS, Bug Report
Jakuje added a comment to rCa6a6e94027ab: random: Get maximum 32B of entropy at once in FIPS Mode.
In rCa6a6e94027abf18a51f5f93bf9fb2cfe5496bdf8#74835, @werner wrote:

Why is that not stated in my man page which knows about kernel 3.19? Is that a regression or a RedHat specific patch?

Oct 4 2022, 9:57 AM
werner added a comment to rCa6a6e94027ab: random: Get maximum 32B of entropy at once in FIPS Mode.

Why is that not stated in my man page which knows about kernel 3.19? Is that a regression or a RedHat specific patch?

Oct 4 2022, 9:15 AM
gniibe committed rCa6a6e94027ab: random: Get maximum 32B of entropy at once in FIPS Mode (authored by Jakuje).
random: Get maximum 32B of entropy at once in FIPS Mode
Oct 4 2022, 6:57 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRA10ed3105966c: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Oct 4 2022, 4:11 AM
l10n daemon script <scripty@kde.org> committed rLIBKLEO3ca12f40beff: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Oct 4 2022, 4:11 AM

Oct 3 2022

l10n daemon script <scripty@kde.org> committed rLIBKLEO9697f54a92e8: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Oct 3 2022, 4:57 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRA0f22dd2be8d1: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Oct 3 2022, 4:53 AM

Oct 2 2022

jukivili committed rC567bc62e1c30: tests: Avoid memory leak (authored by Jakuje).
tests: Avoid memory leak
Oct 2 2022, 4:02 PM
jukivili committed rC0909186b9e66: t-rsa-testparm: fix 'function declaration isn’t a prototype' warning (authored by jukivili).
t-rsa-testparm: fix 'function declaration isn’t a prototype' warning
Oct 2 2022, 4:02 PM
jukivili committed rC6419fbb1d3dd: tests/benchmark: remove VLA usage (authored by jukivili).
tests/benchmark: remove VLA usage
Oct 2 2022, 4:02 PM
jukivili committed rC335b8eb1211b: tests/bench-slope: remove VLA usage (authored by jukivili).
tests/bench-slope: remove VLA usage
Oct 2 2022, 4:02 PM
jukivili committed rCce60a68a1172: cipher-ccm: remove VLA usage (authored by jukivili).
cipher-ccm: remove VLA usage
Oct 2 2022, 4:02 PM
jukivili committed rC9978fc22045c: mpi/ec: remove VLA usage (authored by jukivili).
mpi/ec: remove VLA usage
Oct 2 2022, 4:02 PM
jukivili added a comment to T6217: sha3: wrong results for large inputs.

Patch applied to master, thanks.

Oct 2 2022, 3:55 PM · libgcrypt, FIPS, Bug Report
l10n daemon script <scripty@kde.org> committed rLIBKLEO44002c652e0f: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Oct 2 2022, 5:22 AM
l10n daemon script <scripty@kde.org> committed rKLEOPATRA839c9123a2a6: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Oct 2 2022, 5:06 AM

Oct 1 2022

mkjmkj added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.
In T6218#163787, @gouttegd wrote:

Does the latest Scute require an instance of gpg-agent and/or scdaemon running to work?

Yes. Scute relies on those to interact with the token.

Oct 1 2022, 2:49 PM · gnupg24, scute, scd, Bug Report

Sep 30 2022

mlaurent committed rKLEOPATRAa2bb1403493a: Fix bug 459861: Compile error from missing #include lines (authored by mlaurent).
Fix bug 459861: Compile error from missing #include lines
Sep 30 2022, 5:06 PM
gouttegd added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.

Does the latest Scute require an instance of gpg-agent and/or scdaemon running to work?

Sep 30 2022, 4:58 PM · gnupg24, scute, scd, Bug Report
werner committed rG3390951ffd69: gpg: Show just keyserver and port with --send-keys. (authored by werner).
gpg: Show just keyserver and port with --send-keys.
Sep 30 2022, 4:42 PM
Jakuje added a comment to T6217: sha3: wrong results for large inputs.

One nit that I overlooked initially is the memory leak, which is fixed with the following patch:

libgcrypt-leak.patch732 BDownload

Sep 30 2022, 2:56 PM · libgcrypt, FIPS, Bug Report

Sep 29 2022

werner committed rG11aa5a93a754: dirmngr: Minor fix for baseDN fallback. (authored by werner).
dirmngr: Minor fix for baseDN fallback.
Sep 29 2022, 4:01 PM
werner committed rG2e22184ba5ac: gpg: Avoid to emit a compliance mode line if libgcrypt is non-compliant. (authored by werner).
gpg: Avoid to emit a compliance mode line if libgcrypt is non-compliant.
Sep 29 2022, 3:17 PM
werner committed rG46f9b0071f54: gpg: Fix assertion failure due to errors in encrypt_filter. (authored by werner).
gpg: Fix assertion failure due to errors in encrypt_filter.
Sep 29 2022, 3:17 PM
werner committed rGa51067a21f68: gpg: Make --require-compliance work for -se (authored by werner).
gpg: Make --require-compliance work for -se
Sep 29 2022, 3:17 PM
werner changed the status of T6221: When encrypting, gpg claims DE_VS compliance with non-compliant gcrypt from Open to Testing.

Indeed, the status line should not be emitted in this case. Thanks.

Sep 29 2022, 2:17 PM · gnupg (gpg22), Bug Report
werner committed rG07c6743148d4: gpg: Avoid to emit a compliance mode line if libgcrypt is non-compliant. (authored by werner).
gpg: Avoid to emit a compliance mode line if libgcrypt is non-compliant.
Sep 29 2022, 2:17 PM
justus added a comment to T6221: When encrypting, gpg claims DE_VS compliance with non-compliant gcrypt.
% gpgconf --list-options gpg  | grep compliance
compliance:16:2::1:1::"gnupg::
compliance_de_vs:144:3::2:2::0::
% dpkg --list libgcrypt20 | cat
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name              Version      Architecture Description
+++-=================-============-============-=====================================
ii  libgcrypt20:amd64 1.10.1-2     amd64        LGPL Crypto library - runtime library
% gpg --version
gpg (GnuPG) 2.2.39
libgcrypt 1.10.1
Copyright (C) 2022 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Sep 29 2022, 11:03 AM · gnupg (gpg22), Bug Report
werner added a project to T6223: GPGME incorrectly parses the signature class in SIG_CREATED status lines: Feature Request.

Let's don't forget that we need to have a sig_class replacement.

Sep 29 2022, 10:42 AM · Feature Request, gpgme, Bug Report
werner committed rMb1e5f3b18310: core: Fix SIG_CREATED status parsing for 0x1F sigs (authored by werner).
core: Fix SIG_CREATED status parsing for 0x1F sigs
Sep 29 2022, 10:10 AM
aheinecke triaged T6221: When encrypting, gpg claims DE_VS compliance with non-compliant gcrypt as Low priority.

With a gcrypt not claiming compliance you should not get the status compliant or not but GnuPG should error out with forbidden.

Sep 29 2022, 9:34 AM · gnupg (gpg22), Bug Report
werner added a comment to T6223: GPGME incorrectly parses the signature class in SIG_CREATED status lines.

This is not easy to fix because it would break the GPGME API. Here
are the values we can expect:

Sep 29 2022, 9:32 AM · Feature Request, gpgme, Bug Report
aheinecke created P15 (An Untitled Masterwork).
Sep 29 2022, 9:21 AM
werner triaged T6223: GPGME incorrectly parses the signature class in SIG_CREATED status lines as Normal priority.

I assume this is gpgme master. Please write proper bug reports.

Sep 29 2022, 8:30 AM · Feature Request, gpgme, Bug Report
werner added a project to T6221: When encrypting, gpg claims DE_VS compliance with non-compliant gcrypt: gnupg (gpg22).

Justus, you should know how to write a proper bug report. Please do that and don't just paste some more or less random output here with just hint that Libgcrypt is not compliant. tia.

Sep 29 2022, 8:28 AM · gnupg (gpg22), Bug Report
werner closed T6222: gpg --faked-system-time "$(date +%s)!" doesn't work as Wontfix.

This is a debug option; I see no use case for this.

Sep 29 2022, 8:22 AM · gnupg, Bug Report
werner triaged T6224: Mirror internal LDAP to a WKD as Normal priority.
Sep 29 2022, 8:21 AM · Restricted Project, Feature Request, gnupg (gpg23)
gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

Merged the changes in t6002 branch into master.

Sep 29 2022, 3:16 AM · Feature Request, scute
gniibe added a comment to T6047: Dirmngr - LDAP Schema V2 not used when Base DN is specified.

Applied and pushed the change from @joeyberkovitz in rG3257385378bb: dirmngr: Interrogate LDAP server when base DN specified..

Sep 29 2022, 3:10 AM · LDAP, dirmngr, gnupg (gpg23), Feature Request
gniibe committed rG3257385378bb: dirmngr: Interrogate LDAP server when base DN specified. (authored by joeyberkovitz).
dirmngr: Interrogate LDAP server when base DN specified.
Sep 29 2022, 2:54 AM
gniibe committed rG4b2066afb498: dirmngr: Change interrogate_ldap_dn for better memory semantics. (authored by gniibe).
dirmngr: Change interrogate_ldap_dn for better memory semantics.
Sep 29 2022, 2:54 AM
gniibe committed rG03f392333729: Register DCO for Joey Berkovitz. (authored by gniibe).
Register DCO for Joey Berkovitz.
Sep 29 2022, 2:54 AM
gniibe committed rG530d709607e5: dirnmgr: Fix the function prototype. (authored by gniibe).
dirnmgr: Fix the function prototype.
Sep 29 2022, 2:54 AM

Sep 28 2022

werner committed rG536b5cd66305: dirmngr: Fix lost flags during LDAP upload (authored by werner).
dirmngr: Fix lost flags during LDAP upload
Sep 28 2022, 3:44 PM
werner committed rG1b0c17dfab50: gpg: Silence some diagnostics. (authored by werner).
gpg: Silence some diagnostics.
Sep 28 2022, 3:44 PM
werner committed rGd7a0df4478ec: doc: Typo fix in a comment. (authored by werner).
doc: Typo fix in a comment.
Sep 28 2022, 3:42 PM
werner committed rG32ce7ac0c674: dirmngr: Fix lost flags during LDAP upload (authored by werner).
dirmngr: Fix lost flags during LDAP upload
Sep 28 2022, 3:42 PM
justus created T6223: GPGME incorrectly parses the signature class in SIG_CREATED status lines.
Sep 28 2022, 2:00 PM · Feature Request, gpgme, Bug Report
justus created T6222: gpg --faked-system-time "$(date +%s)!" doesn't work.
Sep 28 2022, 1:37 PM · gnupg, Bug Report
justus created T6221: When encrypting, gpg claims DE_VS compliance with non-compliant gcrypt.
Sep 28 2022, 1:33 PM · gnupg (gpg22), Bug Report
mkjmkj added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.

That sounds quite cool.

Sep 28 2022, 10:27 AM · gnupg24, scute, scd, Bug Report
werner added a comment to T6220: gpg --full-generate-key does not use max RSA keysize when --enable-large-rsa is set.

Add --expert and use a decent version of GnuPG. 2.2 is our long term support branch and is not the current stable production version (which is 2.3.7)

Sep 28 2022, 10:23 AM · g10code (gnupg-2.2), gnupg, Bug Report
werner added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.

Actually we developed PIV support to allow the use of PIV X.509 certificates and OpenPGP keys with Yubikeys. In fact, GnuPG is able to switch between the Yubikey PIV and OpenPGP applications on-the-fly while keeping their PIN verification states.

Sep 28 2022, 10:22 AM · gnupg24, scute, scd, Bug Report
mkjmkj added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.

I was indeed using version 1.5.0 for testing, but I wish to clarify the purpose of Scute in my setup before proceeding.

Sep 28 2022, 10:04 AM · gnupg24, scute, scd, Bug Report
werner committed rGd65a0335e5cb: dirmngr: New server flag "areconly" (A-record-only) (authored by werner).
dirmngr: New server flag "areconly" (A-record-only)
Sep 28 2022, 9:56 AM
werner committed rG6300035ba17b: dirmngr: New server flag "areconly" (A-record-only) (authored by werner).
dirmngr: New server flag "areconly" (A-record-only)
Sep 28 2022, 9:46 AM
2l47 added a comment to T6220: gpg --full-generate-key does not use max RSA keysize when --enable-large-rsa is set.

Perhaps --full-generate-key should provide more algorithm choices, then, e.g. ed25519?

Sep 28 2022, 9:26 AM · g10code (gnupg-2.2), gnupg, Bug Report
werner closed T6220: gpg --full-generate-key does not use max RSA keysize when --enable-large-rsa is set as Wontfix.

Sorry, this as been discussed ad nausea. We try our best to help people not to use useless and harmful (e.g. performance of the WoT) algorithm choices.

Sep 28 2022, 9:17 AM · g10code (gnupg-2.2), gnupg, Bug Report
gniibe committed rSfa6369651060: Fix keyinfo listing. (authored by gniibe).
Fix keyinfo listing.
Sep 28 2022, 8:19 AM
gniibe committed rS3bf758969ded: Do not launch gpg-agent if no-autostart is active. (authored by werner).
Do not launch gpg-agent if no-autostart is active.
Sep 28 2022, 8:07 AM
gniibe committed rS1a87b2f26ad9: Add option to return leaf certificate only. (authored by gouttegd).
Add option to return leaf certificate only.
Sep 28 2022, 8:07 AM
gniibe committed rS819009a5a782: Avoid segv in case of a MISSING_KEY error. (authored by werner).
Avoid segv in case of a MISSING_KEY error.
Sep 28 2022, 8:07 AM
First
Prev
Next