Recently fixed.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Jun 23 2014
Jun 23 2014
Fixed for the next releases. The exact key depends on the Windows versions; I
added a repective note. Thanks.
• werner removed a project from T1376: gpgv2 generates Libgcrypt warning: missing initialization: In Progress.
• werner closed T1642: gnupg-1.4.* fails to compile with uClibc (patch to fix it attached) as Resolved.
• werner added a comment to T1642: gnupg-1.4.* fails to compile with uClibc (patch to fix it attached).
Fix will go into 1.4.17.
Fixed in 2.0.23.
Right, it should work in 2.0.23.
• werner removed a project from T1622: exits with a fatal error regarding missing trustdb although key is imported: Restricted Project.
@werner: I think, you mean 2.0.23
Should work in 2.0.13
• werner removed a project from T1549: scd: reader pinpad stopped working with gnupg-2.0.22: Restricted Project.
• werner added a comment to T1358: GPG 1.4.11 apdu.c -> uninitialized variable+ implicit typecast led to malloc error (patch attached).
Backported to 1.4. It has also been applied to master some time ago.
• werner added a comment to T1650: INV_RECP omits the reason for failing when encrypting to expired/revoked keys.
Backported parts of the change to 1.4.
I took the simpler solution of removing that outdated man page.
The man page is outdated and we do not use docbook for a long time now. If someone wants to revive such a man page, it would be best to translate the respective parts of the GnuPG manual in git master.
Jun 22 2014
Jun 22 2014
kingu added projects to T1657: Improvement of translation string 29 in description.txt of GnuPG: Not A Bug, Feature Request, gnupg, patch.
Jun 20 2014
Jun 20 2014
• werner added a comment to T1656: Warning message when using gpg (The GNOME keyring manager hijacked the GnuPG agent).
You need to configuire gnome-keyring-daemon not to hijack the gpg-agent. This
is done by not adding gpg to the
--components
options. It is a long standing GNOME problem that they willfully hijack the
interprocess connection to gpg-agent. This leads to lots of bug reports
directed to GnuPG and thus I finally added this warning.
Jun 19 2014
Jun 19 2014
Jun 16 2014
Jun 16 2014
438_final.txt1 KBDownload
f-a added projects to T1655: Expand/modify man explanation on exporting keys: Feature Request, gnupg.
No. It still does not explain why you need a new option for gpg. Something like
ssh REMOTE 'cd DIR && sha256sum *dat' | gpg -s >files.sig
does what you want.
Jun 13 2014
Jun 13 2014
istvanchung added projects to T1653: Always disallow group- and other-readable permission: Feature Request, gnupg.
Jun 12 2014
Jun 12 2014
In our use case we need to sign big RPMs, DVDs and Docker images. We have a
separate signing server to sign those files and sending all content to the
signing server is a huge overhead for us. Therefore we would like to sign only
headers of that files. In our setup we trust both servers so we can assume that
the signed digest of the given file really corresponds to that file.
Is it more clear now?
Jun 10 2014
Jun 10 2014
alphazo added projects to T1651: libgcrypt-git prevents encrypted LUKS/LVM to boot: libgcrypt, Bug Report.
• werner added a comment to T1650: INV_RECP omits the reason for failing when encrypting to expired/revoked keys.
The reason codes have been introduced for gpgms and when adding them to gpg it
was not easy to get the required information (think subkeys and primary keys).
As a first take on this I just pushed some fixes to master and introduced two
new reason codes. At least this one should be easy to backport to 2.0.
Jun 7 2014
Jun 7 2014
florianfieber set Version to 1.4.16 on T1650: INV_RECP omits the reason for failing when encrypting to expired/revoked keys.
tsndcb added a comment to T1148: 1.4.x pinpad support (reader covadis vega-alpha => cannot used secure PIN).
Hello Werner,
Jun 6 2014
Jun 6 2014
• werner added a comment to T1148: 1.4.x pinpad support (reader covadis vega-alpha => cannot used secure PIN).
This has recently been discussed at gnupg-devel. We have patches ready for 1.4
• werner removed a project from T1148: 1.4.x pinpad support (reader covadis vega-alpha => cannot used secure PIN): Restricted Project.
• werner added a comment to T1647: configure error: libgpg-error: tests/Makefile.in missing in git repo.
Ah well, you better do not use automake 1.13 - the test suite may or may not
work with that braindead new defaults of that version.
• werner closed T1647: configure error: libgpg-error: tests/Makefile.in missing in git repo as Resolved.
That still does not explain why you need to change gpg for this. I know every
well why a list of checksums is sometimes useful. It is actually a pretty
standard use pattern. I can't see the problem you try to solve.
• werner removed a project from T1648: Missing step in instructions for verifying integrity: Bug Report.
• werner lowered the priority of T1648: Missing step in instructions for verifying integrity from Normal to Wishlist.
• werner added projects to T1648: Missing step in instructions for verifying integrity: Feature Request, gpgweb.
Jun 3 2014
Jun 3 2014
mschauler removed a project from T1647: configure error: libgpg-error: tests/Makefile.in missing in git repo: Bug Report.
mschauler added a comment to T1647: configure error: libgpg-error: tests/Makefile.in missing in git repo.
I agree.
In fact, there is no README.GIT in this repo (at least not in commit
2f4e8c33b88d), but only a README.SVN
The correct fix for the issue on my system (OpenSUSE 13.1) is to run "automake
--add-missing" before running autogen.sh
This will add "build-aux/test-driver"
mschauler reopened T1647: configure error: libgpg-error: tests/Makefile.in missing in git repo as "Open".
mschauler lowered the priority of T1647: configure error: libgpg-error: tests/Makefile.in missing in git repo from Normal to Wishlist.
dkg added projects to T1649: kleopatra fails to sign keys when local sig already exists: gpg4win, Bug Report.
vincent renamed T1642: gnupg-1.4.* fails to compile with uClibc (patch to fix it attached) from gnupg-1.4.* fails to compile with uClibc (patch inside) to gnupg-1.4.* fails to compile with uClibc (patch to fix it attached).
vincent renamed T1642: gnupg-1.4.* fails to compile with uClibc (patch to fix it attached) from gnupg-1.4.* fails to compile with uClibc to gnupg-1.4.* fails to compile with uClibc (patch inside).
It's because the signer for signing the packages lives on another server and
moving all data there to do the signing is inefficient. Therefore this patch
adds the option to sign files using file digests.
tsndcb added a comment to T1148: 1.4.x pinpad support (reader covadis vega-alpha => cannot used secure PIN).
Hello Yutaka,
• gniibe added a comment to T1148: 1.4.x pinpad support (reader covadis vega-alpha => cannot used secure PIN).
With current 2.0 branch of git repository, I believe that Vega-Alpha works fine.
Please confirm.
• gniibe added a project to T1148: 1.4.x pinpad support (reader covadis vega-alpha => cannot used secure PIN): Restricted Project.
Jun 2 2014
Jun 2 2014
• werner removed a project from T1417: Unhashed signature subpacket "preferred keyserver" ignored for document signatures: Not A Bug.
• werner added a project to T1596: GnuPG does not work correctly with OSX MS-DOS/FAT implementation.: Stalled.
• werner removed a project from T1640: --with-fingerprint <FILE> does not show the fingerprint in some cases.: backport.
• werner added a comment to T1640: --with-fingerprint <FILE> does not show the fingerprint in some cases..
Fixed for master.
Fixed for 2.0.23 and master.
• werner removed a project from T1556: GnuPG failed to build on MIPS64 due to a typo in longlong.h: Restricted Project.
• werner added projects to T1640: --with-fingerprint <FILE> does not show the fingerprint in some cases.: Restricted Project, backport.
• werner added a comment to T1640: --with-fingerprint <FILE> does not show the fingerprint in some cases..
Fixed for 2.0. But take care: The code now also uses the fixed-list-mode which
is the default in --list-keys for ages:
pub:-:1024:17:4713D527ECE16009:1118095577:::-:
fpr:::::::::8BFD3F436366D9820E9EAB2F4713D527ECE16009:
uid:::::::::George Hacker <georgeh@axian.com>:
uid:::::::::George Hacker <ghacker@axian.com>:
uid:::::::::George Hacker (GLS) <ghacker@redhat.com>:
uat:::::::::1 2493:
sub:-:1024:16:0D94CF6C0C8C2F1B:1118095578::::
• werner added a project to T1588: GnuPG side channel attack, RSA4096 cracked via acoustic cryptanalysis: Mistaken.
• werner closed T1588: GnuPG side channel attack, RSA4096 cracked via acoustic cryptanalysis as Resolved.
• werner added a comment to T1588: GnuPG side channel attack, RSA4096 cracked via acoustic cryptanalysis.
I worked with the guys and fixed versions have been released in time. The paper
and website actuallay tell this.
It is not the keygrip but the authority key identifier based lookup
which fails. Quite obvious if they do that stupid re-issuing. The
problem with dirmngr is only a side-effect of gpg not using the proper
certificate form the chain. Though, the question is which is the
proper certificate? They are both correct. I solved that my looking
for all matching certificates and using the latest one. That should
match reality better. Below is a log using a certificate store with
both DFN certificates. I have not done any Dirmngr tests, though.
The old certificate:
ID: 0xFFFFFFFFA3EFE945 S/N: 00C7 Issuer: /CN=Deutsche Telekom Root CA 2/OU=T-TeleSec Trust
Center/O=Deutsche Telekom AG/C=DE
Subject: /CN=DFN-Verein PCA Global - G01/OU=DFN-PKI/O=DFN-Verein/C=DE validity: 2006-12-19 10:29:00 through 2019-06-30 23:59:00 key type: 2048 bit RSA key usage: certSign crlSign
chain length: 2
fingerprint: F0:28:8F:DA:C6:3A:F7:9A:31:9A:E9:72:F3:95:09:0E:A3:EF:E9:45
The re-issued one:
ID: 0x55715DB8 S/N: 0089901115583E879B Issuer: /CN=Deutsche Telekom Root CA 2/OU=T-TeleSec Trust
Center/O=Deutsche Telekom AG/C=DE
Subject: /CN=DFN-Verein PCA Global - G01/OU=DFN-PKI/O=DFN-Verein/C=DE validity: 2014-02-11 13:11:45 through 2019-07-09 23:59:00 key type: 2048 bit RSA key usage: certSign crlSign
chain length: 2
fingerprint: 2E:EF:D9:C0:99:A2:BB:1C:2B:AC:52:97:BD:FF:D8:C8:55:71:5D:B8
Use gpgsm --dump-cert to see the other info. By deleting one or the
other certificate and importing them in a different order, it is
possible to verify that the latest certificate is use.
$ echo hallo | ~/b/gnupg/sm/gpgsm -ea --disable-crl-checks --debug 1 -r Schnarre
gpgsm: used in a production environment or with production keys!
gpgsm: enabled debug flags: x509
gpgsm: DBG: BEGIN Certificate 'target':
gpgsm: DBG: serial: 13F7C661A329F4
gpgsm: DBG: notBefore: 2012-06-13 08:01:21
gpgsm: DBG: notAfter: 2015-06-13 08:01:21
gpgsm: DBG: issuer:
1.2.840.113549.1.9.1=#706B692D63614062756E6465737461672E6465,CN=Deutscher
Bundestag CA - G01,OU=Deutscher Bundestag,O=Deutscher Bundestag,C=DE
gpgsm: DBG: subject:
1.2.840.113549.1.9.1=#736162696E652E6C657574686575737365722D7363686E617272656E6265726765724062756E6465737461672E6465,CN=Sabine
Leutheusser-Schnarrenberger,OU=MdB,O=Deutscher Bundestag,C=DE
gpgsm: DBG: hash algo: 1.2.840.113549.1.1.5
gpgsm: DBG: SHA1 Fingerprint:
73:99:B8:58:93:E5:F8:E0:D7:7C:BE:7F:D8:4C:14:86:78:A1:E8:03
gpgsm: DBG: END Certificate
gpgsm: failed to open '/home/wk/.gnupg/policies.txt': No such file or directory
gpgsm: note: non-critical certificate policy not allowed
gpgsm: DBG: looking for parent certificate
gpgsm: DBG: found via authid and keyid
gpgsm: DBG: got issuer's certificate:
gpgsm: DBG: BEGIN Certificate 'issuer':
gpgsm: DBG: serial: 0D688CAF
gpgsm: DBG: notBefore: 2008-12-17 14:39:27
gpgsm: DBG: notAfter: 2019-06-30 00:00:00
gpgsm: DBG: issuer: CN=DFN-Verein PCA Global - G01,OU=DFN-PKI,O=DFN-Verein,C=DE
gpgsm: DBG: subject:
1.2.840.113549.1.9.1=#706B692D63614062756E6465737461672E6465,CN=Deutscher
Bundestag CA - G01,OU=Deutscher Bundestag,O=Deutscher Bundestag,C=DE
gpgsm: DBG: hash algo: 1.2.840.113549.1.1.5
gpgsm: DBG: SHA1 Fingerprint:
0A:0D:87:72:EE:E7:B9:47:AE:A7:FC:58:C5:47:90:7F:75:F9:50:62
gpgsm: DBG: END Certificate
gpgsm: DBG: gcry_pk_verify: Success
gpgsm: certificate is good
gpgsm: DBG: looking for parent certificate
gpgsm: DBG: found via authid and keyid
gpgsm: DBG: got issuer's certificate:
gpgsm: DBG: BEGIN Certificate 'issuer':
gpgsm: DBG: serial: 0089901115583E879B
gpgsm: DBG: notBefore: 2014-02-11 13:11:45
gpgsm: DBG: notAfter: 2019-07-09 23:59:00
gpgsm: DBG: issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust
Center,O=Deutsche Telekom AG,C=DE
gpgsm: DBG: subject: CN=DFN-Verein PCA Global - G01,OU=DFN-PKI,O=DFN-Verein,C=DE
gpgsm: DBG: hash algo: 1.2.840.113549.1.1.11
gpgsm: DBG: SHA1 Fingerprint:
2E:EF:D9:C0:99:A2:BB:1C:2B:AC:52:97:BD:FF:D8:C8:55:71:5D:B8
gpgsm: DBG: END Certificate
gpgsm: DBG: gcry_pk_verify: Success
gpgsm: intermediate certificate is good
gpgsm: DBG: looking for parent certificate
gpgsm: DBG: found via authid and keyid
gpgsm: DBG: got issuer's certificate:
gpgsm: DBG: BEGIN Certificate 'issuer':
gpgsm: DBG: serial: 26
gpgsm: DBG: notBefore: 1999-07-09 12:11:00
gpgsm: DBG: notAfter: 2019-07-09 23:59:00
gpgsm: DBG: issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust
Center,O=Deutsche Telekom AG,C=DE
gpgsm: DBG: subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust
Center,O=Deutsche Telekom AG,C=DE
gpgsm: DBG: hash algo: 1.2.840.113549.1.1.5
gpgsm: DBG: SHA1 Fingerprint:
85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF
gpgsm: DBG: END Certificate
gpgsm: DBG: gcry_pk_verify: Success
gpgsm: root certificate is good
gpgsm: CRLs not checked due to --disable-crl-checks option
gpgsm: validation model used: shell
gpgsm: encrypted data created