Page MenuHome GnuPG
Feed Advanced Search

Mar 21 2023

werner set External Link to https://gnupg.org/blog/20230321-adsk.html on T6395: ADSK Feature .
Mar 21 2023, 6:23 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP
werner committed rD1565cfa32e3e: blog: The ADSK (authored by werner).
blog: The ADSK
Mar 21 2023, 6:09 PM
werner claimed T3054: dirmngr only using cAcertificate attr type when querying LDAP directory.

We need to extend dirmngr_ldap.c to take a list of attributes to return. We already have the --multi option which returns all attributes for latter filtering by the caller but the specified attr is also used and thus dirmngr's start_cacert_fetch_ldap() retruns only the requested caCertificate.

Mar 21 2023, 4:52 PM · Active Directory, dirmngr
werner placed T6395: ADSK Feature up for grabs.
Mar 21 2023, 4:36 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP
werner changed the status of T6395: ADSK Feature from Open to Testing.

Things for 2.4 are all done.

Mar 21 2023, 4:36 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP
werner moved T6395: ADSK Feature from Backlog to QA on the gnupg22 board.

For 2.2 we will for now only implement the encryption.

Mar 21 2023, 4:35 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP
werner committed rG9f27e448bf1f: gpg: New command --quick-add-adsk (authored by werner).
gpg: New command --quick-add-adsk
Mar 21 2023, 4:33 PM
werner committed rGd09301a9e133: po: Fix German translation regarding the caching of PINs. (authored by werner).
po: Fix German translation regarding the caching of PINs.
Mar 21 2023, 4:33 PM
werner triaged T6388: libgcrypt: gpgrt-config not found in $PREFIX if there are no less-preferred options found via $CC as Normal priority.
Mar 21 2023, 3:25 PM · gpgrt, patch, libgcrypt, Bug Report
werner assigned T6388: libgcrypt: gpgrt-config not found in $PREFIX if there are no less-preferred options found via $CC to gniibe.

@gniibe: Would you mind to look at this?

Mar 21 2023, 3:24 PM · gpgrt, patch, libgcrypt, Bug Report
werner triaged T6418: pinentry-qt: Accessibility in case of entering 2 different passphrases as Normal priority.
Mar 21 2023, 3:23 PM · a11y, pinentry, Restricted Project
werner added a project to T6418: pinentry-qt: Accessibility in case of entering 2 different passphrases: a11y.
Mar 21 2023, 3:22 PM · a11y, pinentry, Restricted Project
werner created a11y.
Mar 21 2023, 3:22 PM
werner committed rE68333be63042: Avoid segv in logging with improper use of the "socket://" . (authored by werner).
Avoid segv in logging with improper use of the "socket://" .
Mar 21 2023, 10:58 AM
werner committed rG658daae34aa3: doc: Suggest the use of out-of-source builds. (authored by werner).
doc: Suggest the use of out-of-source builds.
Mar 21 2023, 9:17 AM
werner closed T6313: 2.4.0 does not support in-source-tree builds as Resolved.

README and INSTALL now suggest to to use a build directory.

Mar 21 2023, 9:16 AM · gnupg24, workaround, Bug Report
werner committed rM6d21256c9220: core,cpp: Add new key flags to gpgme_subkey_t (authored by werner).
core,cpp: Add new key flags to gpgme_subkey_t
Mar 21 2023, 8:59 AM
werner closed T3753: Bad self-signatures and missing subkey usage flags when creating ECDSA/Ed25519 keys in batch mode as Wontfix.

Error checking of the parameter file is usually enhanced when adding new features. Keeping this task open for this specific request does not make sense,

Mar 21 2023, 8:58 AM · gnupg24, Bug Report

Mar 20 2023

werner committed rG625aeb65b0e7: dirmngr: New command AD_QUERY. (authored by werner).
dirmngr: New command AD_QUERY.
Mar 20 2023, 7:25 PM
werner committed rP8ab1682e80a2: Fix problem with inclusion of wrong memory.h. (authored by werner).
Fix problem with inclusion of wrong memory.h.
Mar 20 2023, 8:53 AM
werner added a project to D566: curses: Avoid including system <memory.h> header: pinentry.

Turned out to be a bit come complicated. I hope that I did not break any of the other pinentries:
rP8ab1682e80a2b4185ee9ef66cbb44340245966fc

Mar 20 2023, 8:34 AM · pinentry
werner accepted D566: curses: Avoid including system <memory.h> header.

This header was introduced close to 20 years ago. I agree that it does not make any sense - it might be a left-over from an old Hurd version. We can entirely remove it because string.h is already included and we also don't use memory.h anywhere in gnupg proper.

Mar 20 2023, 8:10 AM · pinentry

Mar 18 2023

werner closed T6414: Please don't remove ability to convert /export .kbx keyrings to the legacy .gpg format as Resolved.

Yes, --export creates the OpenPGP specified format.

Mar 18 2023, 7:20 PM · Feature Request

Mar 17 2023

werner committed rD40a34742ad86: swdb: gpgme 1.19.0 (authored by werner).
swdb: gpgme 1.19.0
Mar 17 2023, 5:05 PM
werner triaged T6416: Remove LDAP code duplication in dirmngr as Normal priority.
Mar 17 2023, 2:36 PM · Feature Request, LDAP, dirmngr, gnupg24
werner triaged T6415: Kleopatra clipboard does not remember selected signing and --encrypt-to key. as Normal priority.
Mar 17 2023, 1:25 PM · Restricted Project, Bug Report, kleopatra
werner closed T2179: GPA - clipboard encryption - use textmode as Wontfix.

We stopped maintaining GPA in favor of Kleopatra.

Mar 17 2023, 1:20 PM · gpa, Feature Request
werner closed T6341: Release GPGME 1.19.0 as Resolved.
Mar 17 2023, 12:23 PM · gpgme, Release Info
werner committed rM18e09b15d58d: Post release updates (authored by werner).
Post release updates
Mar 17 2023, 11:42 AM
werner committed rM96a30fdf3062: Release 1.19.0 (authored by werner).
Release 1.19.0
Mar 17 2023, 11:42 AM
werner committed rMd086653cc346: python: Update python.m4 configure script. (authored by Ben Greiner (bnavigator) <unknown@dev.gnupg.org>).
python: Update python.m4 configure script.
Mar 17 2023, 11:42 AM
werner added a comment to T6414: Please don't remove ability to convert /export .kbx keyrings to the legacy .gpg format.

Do you mean the pubring.gpg format or the on-wire OpenPGP format; ie. what gpg --export gives?

Mar 17 2023, 10:29 AM · Feature Request
werner closed T6413: Add mailmap feature to GnuPG for GDPR compliance as Wontfix.

Not if there are technical reasons to keep the address. BTW, you solution would not help because the fingerprint of key is personal data in the same way as a mail address.

Mar 17 2023, 8:21 AM · Feature Request

Mar 16 2023

werner accepted D546: build: Find correct version string for Python >= 3.10.

Will go into 1.19.0

Mar 16 2023, 3:13 PM · Python, Feature Request, gpgme
werner closed T6385: Regarding "gpg: can't connect to the agent - trying fall back " as Invalid.
Mar 16 2023, 2:54 PM · No Response, Bug Report
werner committed rGf5347fbc25ae: dirmngr: Add framework to implement a fake CRL feature. (authored by werner).
dirmngr: Add framework to implement a fake CRL feature.
Mar 16 2023, 2:53 PM
werner added a comment to T6413: Add mailmap feature to GnuPG for GDPR compliance.

A tool can't make some thing GDPR compliant - this is all about policy and informed choice. There is actually no problem if you allow ppl to decide whether to upload personal information to a public service.

Mar 16 2023, 2:46 PM · Feature Request
werner committed rGe4ac3e7dec92: gpgsm: New option --no-pretty-dn (authored by werner).
gpgsm: New option --no-pretty-dn
Mar 16 2023, 9:46 AM

Mar 15 2023

werner committed rEfbbc55b3febe: build: Improve the beta numbering by autogen.sh (authored by werner).
build: Improve the beta numbering by autogen.sh
Mar 15 2023, 9:09 PM
werner committed rM98a159eb5e04: build: Update autogen.sh from libgpg-error (authored by werner).
build: Update autogen.sh from libgpg-error
Mar 15 2023, 4:24 PM
werner closed T6411: Signing Other PGP Keys Fails when Using a SmartCard as Invalid.
Mar 15 2023, 4:11 PM · Support
werner added a comment to T6375: gpg-agent race-condition with parallel clients.

FYI: Quite some more days than a few passed by. I still did not found the time for this, sorry.

Mar 15 2023, 4:10 PM · gnupg24, gpgagent, Bug Report
werner committed rGe5066f2d1c26: gpgtar: Do not allow the use of stdout for --status-fd (authored by werner).
gpgtar: Do not allow the use of stdout for --status-fd
Mar 15 2023, 12:08 PM
werner committed rGda044776311e: gpgtar: Do not allow the use of stdout for --status-fd (authored by werner).
gpgtar: Do not allow the use of stdout for --status-fd
Mar 15 2023, 12:06 PM
werner committed rG0045583cd2ac: gpgtar: Print a result status with skipped files. (authored by werner).
gpgtar: Print a result status with skipped files.
Mar 15 2023, 12:06 PM
werner committed rGed9a420a221a: gpgtar: Emit progress status lines in create mode. (authored by werner).
gpgtar: Emit progress status lines in create mode.
Mar 15 2023, 12:06 PM
werner placed T6378: keytocard: invalid value up for grabs.
Mar 15 2023, 11:43 AM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
werner assigned T6234: Implement access to smartcards via a generic pkcs#11 interface to gniibe.
Mar 15 2023, 11:43 AM · Restricted Project, gnupg26, Feature Request, scd
werner moved T6363: Add progress status output to gpgtar from Backlog to WiP on the gnupg22 board.
Mar 15 2023, 11:29 AM · gpgme (gpgme 1.23.x), gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), Feature Request
werner committed rG56b65f33d261: gpgtar: Print a result status with skiupped files. (authored by werner).
gpgtar: Print a result status with skiupped files.
Mar 15 2023, 11:24 AM
werner closed T6402: [gnupg] configure: --with-libksba-prefix overrided by --with-ksba-prefix as Resolved.

That is not a bug but required for backward compatibility. See me/ksba.m4:

Mar 15 2023, 9:55 AM · Not A Bug, Bug Report
werner added a comment to T6410: Kleopatra: trust root certificate allowed for user.

I would suggest that with the VSD 3.2 we make --no-user-trustlist the default via the corresponding registry entry and explain how to use --sys-trustlist-name to use a custom trustlist.

Mar 15 2023, 9:49 AM · kleopatra
werner edited projects for T6411: Signing Other PGP Keys Fails when Using a SmartCard, added: Support; removed Bug Report.
Mar 15 2023, 9:46 AM · Support
werner moved T6378: keytocard: invalid value from Backlog to QA on the gnupg24 board.
Mar 15 2023, 9:43 AM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
werner committed rG5118beeec18f: gpg: Delete secret key after "keytocard". (authored by werner).
gpg: Delete secret key after "keytocard".
Mar 15 2023, 9:43 AM
werner committed rG2e065b4bd2d3: scd,openpgp: Switch key attributes between RSA and ECC in writekey. (authored by werner).
scd,openpgp: Switch key attributes between RSA and ECC in writekey.
Mar 15 2023, 9:43 AM
werner committed rG706d557a6451: gpg: Delete secret key after "keytocard". (authored by werner).
gpg: Delete secret key after "keytocard".
Mar 15 2023, 9:37 AM

Mar 14 2023

werner closed T6382: keytocard fails to import a nistp384 ECDSA key, a subtask of T6378: keytocard: invalid value, as Resolved.
Mar 14 2023, 4:20 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
werner closed T6382: keytocard fails to import a nistp384 ECDSA key as Resolved.

Closing this one - see T6378

Mar 14 2023, 4:20 PM · yubikey, scd, Bug Report
werner moved T6378: keytocard: invalid value from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Mar 14 2023, 4:18 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
werner changed the status of T6378: keytocard: invalid value from Open to Testing.

Fixed in 2.2 need to check 2.4

Mar 14 2023, 4:18 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
werner committed rG2630872cff71: scd,openpgp: Switch key attributes between RSA and ECC in writekey. (authored by werner).
scd,openpgp: Switch key attributes between RSA and ECC in writekey.
Mar 14 2023, 4:17 PM
werner added a comment to T6378: keytocard: invalid value.

Ooops. We do not have the automatic chnage of key type in the WRITEKEY command of scdaemon. This is only done when generating a key.

Mar 14 2023, 11:47 AM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
werner added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

There is actually a regression wit Yubikeys. The fix for 2.2 is in T5100: rG08cc34911470 - for 2.4 I need to check

Mar 14 2023, 11:35 AM · yubikey, scd, Bug Report
werner committed rG08cc34911470: gpg: Allow no version information of Yubikey (authored by werner).
gpg: Allow no version information of Yubikey
Mar 14 2023, 11:35 AM
werner claimed T6378: keytocard: invalid value.
Mar 14 2023, 10:53 AM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
werner moved T6378: keytocard: invalid value from Backlog to WiP on the gnupg22 board.
Mar 14 2023, 10:49 AM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
werner changed the status of T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key from Open to Testing.
Mar 14 2023, 10:26 AM · gnupg22 (gnupg-2.2.42), Bug Report
werner moved T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key from Backlog to QA on the gnupg22 board.

Ignoring the error seems to be the best choice. I also think that --force should not overwrite a shadow key file. It seems safer to explicitly delete the key first. A --force option for READKEY does not sound right.

Mar 14 2023, 10:26 AM · gnupg22 (gnupg-2.2.42), Bug Report
werner committed rGb28d9ff865a0: agent: Do not overwrite a key file by a shadow key file. (authored by werner).
agent: Do not overwrite a key file by a shadow key file.
Mar 14 2023, 10:16 AM
werner committed rG4f754caad885: agent: Make --disable-extended-key-format a dummy option. (authored by werner).
agent: Make --disable-extended-key-format a dummy option.
Mar 14 2023, 10:16 AM
werner added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

I did some reworking and the outcome of the READKEY command is now (agent log):

Mar 14 2023, 10:01 AM · gnupg22 (gnupg-2.2.42), Bug Report
werner closed T6406: gpg-agent: Fail on expiring YubiKey PIN as Resolved.
Mar 14 2023, 9:31 AM · Not A Bug, yubikey, gpgagent

Mar 13 2023

werner added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

I am pretty sure we have the same problem in 2.4 - due to different access patterns it might not exhibit itself.

Mar 13 2023, 9:34 AM · gnupg22 (gnupg-2.2.42), Bug Report
werner committed rG6d792ae2eb46: agent: Make --disable-extended-key-format a dummy option. (authored by werner).
agent: Make --disable-extended-key-format a dummy option.
Mar 13 2023, 9:12 AM
werner committed rGdb73f17f0c97: gpgconf,w32: Also print a GnuPG Install Directory Registry entry (authored by werner).
gpgconf,w32: Also print a GnuPG Install Directory Registry entry
Mar 13 2023, 7:45 AM
werner edited projects for T6406: gpg-agent: Fail on expiring YubiKey PIN, added: Not A Bug; removed Bug Report.

Smartcard PINs are different from passphrase for on-disk keys. Once a PIN is entered the smartcard is unlocked as long as it is powered up. In theory we could power down and power up the card to lock it. The question here is what is your threat model? If you have malware on your system it could simply brick your token or, more common, peek at your PIN.

Mar 13 2023, 7:29 AM · Not A Bug, yubikey, gpgagent

Mar 12 2023

werner added a comment to T6280: Release GnuPG 2.2.41.

Pushed to this site. Thanks for noting.

Mar 12 2023, 8:08 PM · gnupg22, Release Info

Mar 10 2023

werner accepted D565: curses: Change error reported for terminal issues.
Mar 10 2023, 4:11 PM
werner committed rG56ca164684b6: dirmngr: Add command "GETINFO stats". (authored by werner).
dirmngr: Add command "GETINFO stats".
Mar 10 2023, 11:35 AM
werner closed T6404: dirmngr/sks-keyservers.netCA.pem is expired and should be removed as Resolved.

Its not used, so it can't harm.

Mar 10 2023, 11:22 AM · Bug Report
werner closed T6405: Trojan identified in virustotal as Resolved.

Also recall that Antivirus software needs to search for a competitive advantage over other vendors and in particular over Windows Defender. Thus they need to show some extra positives compared to the Windows Defender. Who care whether this is a false positive - ppl like to get some evidence that their new AV software has a (phoney) advantage.

Mar 10 2023, 11:21 AM · Bug Report

Mar 9 2023

werner committed rGb52a0e244ae1: dirmngr: Distinguish between "no crl" and "crl not trusted". (authored by werner).
dirmngr: Distinguish between "no crl" and "crl not trusted".
Mar 9 2023, 6:29 PM

Mar 8 2023

werner committed rG65288fc52f0c: keyboxd: Allow import of v0 certificates. (authored by werner).
keyboxd: Allow import of v0 certificates.
Mar 8 2023, 4:12 PM
werner committed rMc1f6535f144d: core: Also detect legacy X.509 v0 certificates. (authored by werner).
core: Also detect legacy X.509 v0 certificates.
Mar 8 2023, 3:55 PM
werner committed rGd2d1db886083: gpg,gpgsm: New option --log-time (authored by werner).
gpg,gpgsm: New option --log-time
Mar 8 2023, 3:12 PM
werner committed rG2d088176b4bd: dirmngr: Minor code cleanup in the CRL cache. (authored by werner).
dirmngr: Minor code cleanup in the CRL cache.
Mar 8 2023, 3:12 PM
werner committed rM76351c4877d6: tests: Add option --binary to run-verify (authored by werner).
tests: Add option --binary to run-verify
Mar 8 2023, 12:42 PM
werner committed rGabcf0116ee45: scd: Fix checking memory allocation. (authored by gniibe).
scd: Fix checking memory allocation.
Mar 8 2023, 11:04 AM
werner committed rG37d7ee8b9846: agent: Add translatable text for Caps Lock hint (authored by ikloecker).
agent: Add translatable text for Caps Lock hint
Mar 8 2023, 11:04 AM
werner committed rG2a13f7f9dc75: gpgsm: Strip trailing zeroes from detached signatures. (authored by werner).
gpgsm: Strip trailing zeroes from detached signatures.
Mar 8 2023, 11:02 AM

Mar 6 2023

werner renamed T6234: Implement access to smartcards via a generic pkcs#11 interface from Write app-p11.c to Implement access to smartcards via a generic pkcs#11 interface.
Mar 6 2023, 8:52 AM · Restricted Project, gnupg26, Feature Request, scd
werner added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

I think we should make it explicit - this will be safer. As of now agent_write_shadow_key will do a check only in its special update mode which should be okay for now.

Mar 6 2023, 8:28 AM · gnupg22 (gnupg-2.2.42), Bug Report
werner added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

I can't see any explicit thing there.

Mar 6 2023, 8:20 AM · gnupg22 (gnupg-2.2.42), Bug Report

Mar 3 2023

werner added a comment to D546: build: Find correct version string for Python >= 3.10.

That's why I added some tags and also set me a reminder. We will try to get this into the next GPGME release we plan for this month.

Mar 3 2023, 4:02 PM · Python, Feature Request, gpgme
werner added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

I doubt that the bug is only in 2.2. The code in 2.4 is different but it may happen there anyway. It depends on the usage pattern.

Mar 3 2023, 3:57 PM · gnupg22 (gnupg-2.2.42), Bug Report
werner updated subscribers of T4550: Test certificates with valid CA.

(That's actually an old ticket but we still open)

Mar 3 2023, 12:10 PM · Tests
werner triaged T6399: Missing trustdb check on import of certificate as Normal priority.
Mar 3 2023, 10:17 AM · gnupg22 (gnupg-2.2.42), OpenPGP, Restricted Project
werner added projects to D546: build: Find correct version string for Python >= 3.10: gpgme, Feature Request, Python.
Mar 3 2023, 10:15 AM · Python, Feature Request, gpgme
werner committed rGe4f61df8509e: gpg: Implement encryption to ADSKs. (authored by werner).
gpg: Implement encryption to ADSKs.
Mar 3 2023, 10:12 AM