In T6617#173396, @werner wrote:What we have here is a clear text signature followed by a public key. If you run this with
gpg -o signedtext.txt --status-fd 2 signedtext.txt should only receive "bar" and not the key listing. If that is not the case something would be very wrong.
Feed All Stories
Jul 28 2023
Jul 28 2023
• ikloecker updated subscribers of T6622: Kleopatra: Misleading result when decrypting clear signed message followed by public key block in notepad.
• ikloecker committed rM777cf7f2d173: core: Return bad data error instead of general error on unexpected data (authored by • ikloecker).
core: Return bad data error instead of general error on unexpected data
• ebo closed T6013: Kleopatra: Email address of CA is not set as recipient when sending new CSR by email as Resolved.
This works on Linux with KMail and with Claws (although with Claws the attachment is added twice).
hefee committed rLIBKLEO6fcf77be6b8a: Make KeyResolverCore ready to create subclasses. (authored by hefee).
Make KeyResolverCore ready to create subclasses.
hefee committed rLIBKLEOff895f2d9b4e: [fix] setSigningKeys is ignored for unknown protocol. (authored by hefee).
[fix] setSigningKeys is ignored for unknown protocol.
• ebo closed T6036: Kleopatra: Show focus indicator for (text) labels that got focus, a subtask of T5824: Kleopatra: Full accessibility support, as Resolved.
works on windows, too
CarlSchwan committed rKLEOPATRAc987425ff7c6: Only enable isMime if GpgMe version >= 1.22 (authored by CarlSchwan).
Only enable isMime if GpgMe version >= 1.22
MimeTreeParser integration
• ikloecker added a comment to T6519: Kleopatra: "change validity" allows to set an expiry date in the past.
This issue should be tested together with T6621: Kleopatra: Remove "in n days/weeks/months/years" input from Change Validity Period dialog.
• ikloecker changed the status of T6621: Kleopatra: Remove "in n days/weeks/months/years" input from Change Validity Period dialog from Open to Testing.
I have also further unified the handling of the expiration date when
- generating a new OpenPGP certificate
- changing the validity period of an OpenPGP certificate
- certifying an OpenPGP certificate
• ikloecker committed rKLEOPATRAfb8d970115ac: Check for valid expiration date when creating new OpenPGP certificate (authored by • ikloecker).
Check for valid expiration date when creating new OpenPGP certificate
• ikloecker committed rKLEOPATRAd6ab68abf97e: Unify setup of expiration date selection (authored by • ikloecker).
Unify setup of expiration date selection
• ikloecker committed rKLEOPATRAc30cedf713aa: Do not rely on maximum date of combo box for unlimited validity (authored by • ikloecker).
Do not rely on maximum date of combo box for unlimited validity
• ikloecker committed rKLEOPATRA04ba26634573: Use the configured (or hard-coded) validity period also for certifications (authored by • ikloecker).
Use the configured (or hard-coded) validity period also for certifications
• ikloecker committed rKLEOPATRAc9fb37509edc: Fix the check for a valid expiration date (authored by • ikloecker).
Fix the check for a valid expiration date
• ikloecker committed rKLEOPATRA2d42d28c2a4d: Unify selection of expiration date in different dialogs (authored by • ikloecker).
Unify selection of expiration date in different dialogs
• ikloecker committed rKLEOPATRA33555baaaeed: Connect to the overriding accept (authored by • ikloecker).
Connect to the overriding accept
• gniibe committed rGPA12b102444d84: build: Update gpg-error.m4 and libassuan.m4. (authored by • gniibe).
build: Update gpg-error.m4 and libassuan.m4.
CarlSchwan committed rMTPd96492fb6ad2: Add missing KWidgetsAddons to .kde-ci.yml (authored by CarlSchwan).
Add missing KWidgetsAddons to .kde-ci.yml
MimeTreeParser integration
CarlSchwan committed rKLEOPATRAec136e20e9f9: Only enable isMime if GpgMe version >= 1.22 (authored by CarlSchwan).
Only enable isMime if GpgMe version >= 1.22
CarlSchwan committed rKLEOPATRA200a1ccd3c38: Only enable isMime if GpgMe version >= 1.22 (authored by CarlSchwan).
Only enable isMime if GpgMe version >= 1.22
I didn't check with a CardOS / PKCS#15 card but as the solution is not card specific, checking with another card should be sufficent.
CarlSchwan committed rKLEOPATRAbed99e526ae4: Only enable isMime if GpgMe version >= 1.22 (authored by CarlSchwan).
Only enable isMime if GpgMe version >= 1.22
CarlSchwan committed rKLEOPATRA01c37a6fa789: Only enable isMime if GpgMe version >= 1.22 (authored by CarlSchwan).
Only enable isMime if GpgMe version >= 1.22
• ikloecker added a project to T6621: Kleopatra: Remove "in n days/weeks/months/years" input from Change Validity Period dialog: Restricted Project.
CarlSchwan added a comment to T6199: Kleopatra: MIME viewer support.
Small summary onf the recent progress, I made:
MimeTreeParser integration
• werner added a comment to T6617: General error when trying to decrypt a public key block in the notepad.
I would change the error to GPG_ERR_BAD_DATA .
CarlSchwan added a comment to T6616: KMail: Use GpgME::Data::setEncoding(MimeEncoding) for encrypted / opaque signed data..
• werner triaged T6621: Kleopatra: Remove "in n days/weeks/months/years" input from Change Validity Period dialog as Normal priority.
I agree.
• ikloecker placed T6519: Kleopatra: "change validity" allows to set an expiry date in the past up for grabs.
We depend against qt6.5
• gniibe committed rM0518ed32e254: build: Update libassuan.m4 for libassuan version 3 in future. (authored by • gniibe).
build: Update libassuan.m4 for libassuan version 3 in future.
mlaurent committed rLIBKLEO55502ed8f430: Merge remote-tracking branch 'origin' into kf6 (authored by mlaurent).
Merge remote-tracking branch 'origin' into kf6
mlaurent committed rKLEOPATRA95347e93e7f2: Merge remote-tracking branch 'origin' into kf6 (authored by mlaurent).
Merge remote-tracking branch 'origin' into kf6
• gniibe committed rPa39ba412ab24: build: Update libassuan.m4 for libassuan version 3 in future. (authored by • gniibe).
build: Update libassuan.m4 for libassuan version 3 in future.
• gniibe committed rSdfa1f9adaaec: build: Update libassuan.m4 for libassuan version 3 in future. (authored by • gniibe).
build: Update libassuan.m4 for libassuan version 3 in future.
Pushed the change to libgpg-error.
l10n daemon script <scripty@kde.org> committed rKLEOPATRA0bd646f6c105: GIT_SILENT made messages (after extraction) (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT made messages (after extraction)
build: Fix libtool modification.
l10n daemon script <scripty@kde.org> committed rKLEOPATRAfb046464ecba: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rLIBKLEO0f0d57db47f3: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
• gniibe committed rEab8b4d58035f: build: Support --verbose option for mkheader. (authored by • gniibe).
build: Support --verbose option for mkheader.
• gniibe committed rEc1d3f5952f62: build: Apply libtool.patch at the last stage of configure. (authored by • gniibe).
build: Apply libtool.patch at the last stage of configure.
Jul 27 2023
Jul 27 2023
• ikloecker changed the status of T6519: Kleopatra: "change validity" allows to set an expiry date in the past, a subtask of T6553: Kleopatra: Expiry date issues and improvements, from Open to Testing.
• ikloecker changed the status of T6519: Kleopatra: "change validity" allows to set an expiry date in the past from Open to Testing.
• ikloecker added a comment to T6519: Kleopatra: "change validity" allows to set an expiry date in the past.
We now show an error message when the user tries to set an invalid expiration date when changing the expiration date. Additionally,
the configured minimum and maximum validity period is now taken into account, i.e. for changing the expiration now the same rules are applied as for new certificates.
• werner renamed T6620: Add a way to extract ECC key parameters from a public key from Add a way to extarct ECC key parameters from a public key to Add a way to extract ECC key parameters from a public key.
• ikloecker added a comment to T6379: Kleopatra: Brainpool key can not be moved to smart card.
Thanks for the pointer! I'll see how I can do what ecdh_param_str_from_pk does in gpgme.
• werner triaged T6620: Add a way to extract ECC key parameters from a public key as Normal priority.
• werner added a comment to T6379: Kleopatra: Brainpool key can not be moved to smart card.
The relevant commit is rGc03ba92576e34f791430ab1c68814ff16c81407b
• ikloecker committed rKLEOPATRAc17ab82b9add: Show an error message when the user enters an invalid expiration date (authored by • ikloecker).
Show an error message when the user enters an invalid expiration date
• ikloecker committed rKLEOPATRA887c68889877: Use same logic when changing expiration date as for new certificates (authored by • ikloecker).
Use same logic when changing expiration date as for new certificates
• ikloecker committed rKLEOPATRAdef2829b42bb: Take allowed range into account for default expiration date (authored by • ikloecker).
Take allowed range into account for default expiration date
• ikloecker committed rKLEOPATRA625aa531193a: Restrict the maximum allowed expiration date (authored by • ikloecker).
Restrict the maximum allowed expiration date
• ikloecker committed rKLEOPATRA5356456df30f: Extract the setup of the expiration combo box (authored by • ikloecker).
Extract the setup of the expiration combo box
• werner added a comment to T6379: Kleopatra: Brainpool key can not be moved to smart card.
We had to add the parameters because some keys don't use the default paramters PGP and gpg have used since the introduction of ECC 12 years ago. So yes, we could fallback to the standard parameters but it would bet better if Kleopatra could extract them from the public key (maybe via a GPGME helper).
• aheinecke added a comment to T6604: GpgOL: MIME parameters provided with "*=" instead of just "=" are not parsed - Resulting in hidden attachments.
I won't go so far to try to fully implement RFC2231 in the rfc822parse. But I have an idea how to implement this in a secure and robust manner in rfc822parse without touching the parser or the token stuff. My idea is to treat them as seperate TOKEN and then combine them in query parameter just for name and filename values.
MimeTreeParser integration
• ikloecker added a comment to T6379: Kleopatra: Brainpool key can not be moved to smart card.
The relevant logs are
2023-07-27 12:08:01 scdaemon[28156] opgp: ecdh parameters missing 2023-07-27 12:08:01 scdaemon[28156] operation writekey result: Invalid value
Jul 27 2023, 12:14 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, kleopatra
• werner added a comment to T6619: How to maintain our local libtool patch.
That assumes that libtool won't change substantially as it did several times in the past and broke our cross compiling stuff. But as long as we keep the ltmain.sh in our repo and tarball the patch is okay because it better documents the chnages.
• ebo added a comment to T6612: Kleopatra can't be started from the gpg shell of the AppImage.
It's a shell issue. With bash Kleopatra starts from the shell. Andre will debug further.
• ikloecker added a comment to T6612: Kleopatra can't be started from the gpg shell of the AppImage.
I used dbus-monitor to monitor the session bus. I'm seeing the following logged by dbus-monitor when starting kleopatra in the AppImage shell.
method call time=1690445994.197305 sender=:1.141 -> destination=org.freedesktop.DBus serial=1 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=Hello method return time=1690445994.197348 sender=org.freedesktop.DBus -> destination=:1.141 serial=1 reply_serial=1 string ":1.141" signal time=1690445994.197368 sender=org.freedesktop.DBus -> destination=(null destination) serial=93 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged string ":1.141" string "" string ":1.141" signal time=1690445994.197394 sender=org.freedesktop.DBus -> destination=:1.141 serial=2 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameAcquired string ":1.141" method call time=1690445994.197919 sender=:1.141 -> destination=org.freedesktop.DBus serial=2 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=AddMatch string "type='signal',sender='org.freedesktop.DBus',path='/org/freedesktop/DBus',interface='org.freedesktop.DBus',member='NameAcquired'" method call time=1690445994.198591 sender=:1.141 -> destination=org.freedesktop.DBus serial=3 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=RequestName string "org.kde.kleopatra" uint32 0 signal time=1690445994.198656 sender=org.freedesktop.DBus -> destination=(null destination) serial=94 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged string "org.kde.kleopatra" string "" string ":1.141" signal time=1690445994.198680 sender=org.freedesktop.DBus -> destination=:1.141 serial=3 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameAcquired string "org.kde.kleopatra" [...]
and when quitting Kleopatra I see
method call time=1690446001.636935 sender=:1.141 -> destination=org.freedesktop.DBus serial=21 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=ReleaseName string "org.kde.kleopatra" signal time=1690446001.636978 sender=org.freedesktop.DBus -> destination=:1.141 serial=10 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameLost string "org.kde.kleopatra" signal time=1690446001.636991 sender=org.freedesktop.DBus -> destination=(null destination) serial=97 path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=NameOwnerChanged string "org.kde.kleopatra" string ":1.141" string ""
• gniibe added a comment to T6619: How to maintain our local libtool patch.
I learned that AC_CONFIG_COMMANDS macro can be used to improve the case of config.status.
How about the change like:
• aheinecke closed T6618: Check that code signing chain is properly included in our signatures as Invalid.
this is not true. Our installers are always signed, even the included binaries are mostly signed.
l10n daemon script <scripty@kde.org> committed rLIBKLEO1ed911bc71ea: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA50e5a83e5357: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRAf903b56a3bbc: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
• gniibe committed rEda48e3cb30be: yat2m: No additional newline after the end of subsection. (authored by • gniibe).
yat2m: No additional newline after the end of subsection.
• gniibe committed rEff2763c46c7a: build: Recover the local change for libtool. (authored by • gniibe).
build: Recover the local change for libtool.
• gniibe committed rE692c29905986: build: Update libtool from version 2.4.7. (authored by • gniibe).
build: Update libtool from version 2.4.7.
• gniibe committed rEf599ff4988db: build: Update autobuild.m4 from autobuild 5.3. (authored by • gniibe).
build: Update autobuild.m4 from autobuild 5.3.
l10n daemon script <scripty@kde.org> committed rKLEOPATRAd29de61c4674: GIT_SILENT made messages (after extraction) (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT made messages (after extraction)
l10n daemon script <scripty@kde.org> committed rKLEOPATRA8a1ba037a8ac: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA20d75e0e59a9: GIT_SILENT made messages (after extraction) (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT made messages (after extraction)
Happyman0815 added a comment to T5709: Embedded images are seen as attachments after encrypting and decrypting.
Other options would be
- to display a warning if there are inline images in the email.
- an option not to automatically sign emails if they contain an inline image.
Jul 26 2023
Jul 26 2023
• ikloecker added a comment to T6612: Kleopatra can't be started from the gpg shell of the AppImage.
I have just started kleopatra in the shell. Moved it to the background (Ctrl+Z bg). Then started okular. Then opened certificate of signed PDF in kleopatra. Everything works. (Except "Show Signatures Panel" doesn't really work if the side panel is not visible, but that's a completely different issue.) I also tried first starting okular and then kleopatra in the same shell. This also worked.
• aheinecke added a comment to T6612: Kleopatra can't be started from the gpg shell of the AppImage.
Right, I had briefly uploaded a "GnuPG-Desktop" appimage but then realized that for the gnupg.org download site the "GnuPG-Foo" was actually the correct version. Werner and me discussed the future of that version and there will be some changes for future releases which I won't go in there. But functionally it is the same, only the VERSION file differs.
• ikloecker added a comment to T6612: Kleopatra can't be started from the gpg shell of the AppImage.
I cannot reproduce this. Neither with the official AppImage nor with my self-built AppImage. The error message suggests that some process is still registered with DBUS. Maybe a process left over from a previous run?
• ikloecker added a comment to T6115: Kleopatra: On "revoke certification" do not offer keys which did not certify that certificate.
I had a quick look. gpg --quick-revoke-sig [...] doesn't emit a status message that would tell Kleopatra that the signatures had already been revoked. It just emits a status message telling Kleopatra which key was considered. (Run gpg with --status-fd 2 to see which status messages gpg emits.)
• ikloecker updated subscribers of T6617: General error when trying to decrypt a public key block in the notepad.
I had a look at this. gpg emits the following status messages:
[GNUPG:] UNEXPECTED 0<LF> [GNUPG:] FAILURE decrypt 38<LF>
• ebo closed T5945: Kleopatra: Recipient input briefly shows error until lookup is completed as Resolved.
• ebo closed T6108: Kleopatra: Information on storage location of OpenPGP key should be per subkey as Resolved.
As described, the storage location is now shown per subkey in the subkey details window.
works
• ebo updated the task description for T6617: General error when trying to decrypt a public key block in the notepad.