Page MenuHome GnuPG
Feed Advanced Search

May 7 2019

werner triaged T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing as Wishlist priority.

That is not a functional feature request and I see no value in chnaging data structures just for being up to the latest RFC. Actually the ASN.1 is not from an RFC but from a specific X.509 profile. For CMS most parsing is anyway done with handcrafted code.

May 7 2019, 8:54 AM · libksba, Feature Request

May 6 2019

dkg created T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing.
May 6 2019, 11:53 PM · libksba, Feature Request

May 3 2019

aheinecke added a comment to T4476: gpgol should make it easy to attach the user's key.

Good to hear this request from someone else, this gives it more priority :-).

May 3 2019, 10:54 AM · gpgol, Feature Request
aheinecke merged task T4476: gpgol should make it easy to attach the user's key into T4090: GpgOL: Add entry to attach public key in attachment menu.
May 3 2019, 10:54 AM · gpgol, Feature Request
aheinecke created T4479: GpgOL: S/MIME Addressbook integration.
May 3 2019, 9:14 AM · gpg4win, Feature Request, gpgol

May 1 2019

dkg created T4476: gpgol should make it easy to attach the user's key.
May 1 2019, 9:59 PM · gpgol, Feature Request
aa7356 added a comment to T4475: Gemalto IDBridge CT710 && Pinentry.

+
Thanks, WK
But before, I have a dumb question-> I need to connect the wires first, isn't it?
++

May 1 2019, 10:38 AM · Feature Request

Apr 30 2019

werner triaged T4359: Convert backup keyfiles to regular key's as Normal priority.
Apr 30 2019, 4:40 PM · gnupg24, gnupg (gpg23), Feature Request
werner added a comment to T4475: Gemalto IDBridge CT710 && Pinentry.

Put

log-file /somewhere/scd.log
debug ipc,cardio
verbose

into ~/.gnupg/scdaemon.conf and kill scdaemon. Then look at the output. I would suggest to first stop the pcscd so that GnuPG's internal CCID driver will be used. Make also sure that there is no a permission problem with the usb port. In case of a CCID (card reader protocol) problem a

debug-ccid-driver

in scdaemon.conf will also be helpful.

Apr 30 2019, 4:08 PM · Feature Request
aa7356 created T4475: Gemalto IDBridge CT710 && Pinentry.
Apr 30 2019, 1:48 PM · Feature Request

Apr 21 2019

cepxuo added a comment to T2760: Populate comment field when exporting authentication key for SSH.

This bug makes it impossible to use gpg-agent as ssh-agent for keys generated from gnupg.
(How should I understand what passphrase should I enter?)
The only way is to load them with ssh-add.

Apr 21 2019, 4:00 AM · gnupg24, ssh, Feature Request

Apr 10 2019

dkg added a comment to T3767: simplify sharing dirmngr's across multiple GNUPGHOMEs.

One of the things that dirmngr has going for it is that it tracks the current network state, and it would be nice to be able to reuse that state across sessions. If an ephemeral keyring can't use a shared dirmngr, there are fewer arguments for having dirmngr in the first place, and people might be more justified in replacing it with things like https://gitlab.com/anarcat/scripts/blob/master/openpgp-key-get

Apr 10 2019, 2:52 AM · Documentation, Feature Request, gnupg, dirmngr

Apr 9 2019

werner lowered the priority of T3767: simplify sharing dirmngr's across multiple GNUPGHOMEs from High to Normal.

I don't anymore think this is a high priority request. BTW, A more real problem than several dirmngr instances is multi-user access to smartcards.

Apr 9 2019, 8:59 AM · Documentation, Feature Request, gnupg, dirmngr

Apr 8 2019

aheinecke merged task T4452: Send Attachments in Outlook with G-Suite Sync into T3545: GpgOL: Support G Suite Sync Accounts.
Apr 8 2019, 2:49 PM · Feature Request
aheinecke added a comment to T4452: Send Attachments in Outlook with G-Suite Sync.

Yep, I'd like that, too. Sadly G-Suite Sync does not support "PGP/MIME" which is the standardized format we need to put together a message with attachments in a Mail.
So for now we only have PGP/Inline support. See: T3545

Apr 8 2019, 2:49 PM · Feature Request
Kobi updated the task description for T4452: Send Attachments in Outlook with G-Suite Sync.
Apr 8 2019, 11:05 AM · Feature Request
Kobi updated the task description for T4452: Send Attachments in Outlook with G-Suite Sync.
Apr 8 2019, 11:05 AM · Feature Request
Kobi created T4452: Send Attachments in Outlook with G-Suite Sync.
Apr 8 2019, 11:04 AM · Feature Request

Apr 5 2019

werner added a comment to T4448: Add "Autocrypt" key-origin.
  • If the original key origin is a KEYSERVER or WKD it is fine to fetch an update of the key from a keyserver/wkd without user interaction.
  • if the key origin is file it can be assumed that the key has bee received hand to hand and thus the existence of that key should not be made public.
Apr 5 2019, 5:12 PM · Feature Request
patrick added a comment to T4448: Add "Autocrypt" key-origin.

I did not yet implement the use of "key origin" in Enigmail. I don't believe that it adds much value, because I anyway need to track more details about autocrypt keys separately from the keyring (such as the peer-state).

Apr 5 2019, 5:07 PM · Feature Request
dkg added a comment to T4448: Add "Autocrypt" key-origin.

does the proposed mail value indicate that the key was received over e-mail, or is it intended to have some more nuanced semantics?

Apr 5 2019, 4:47 PM · Feature Request
Valodim added a comment to T4448: Add "Autocrypt" key-origin.

I disagree that it's conceptionally the same, unless you also consider any key on an HTTP server to be "conceptionally the same" as WKD.

Apr 5 2019, 4:34 PM · Feature Request
werner added a comment to T4448: Add "Autocrypt" key-origin.

Conceptionally it is the same. You receive a key and start to use it, everything else is not a matter of gpg; in particular not the autocrypt protocol.

Apr 5 2019, 4:26 PM · Feature Request
Valodim added a comment to T4448: Add "Autocrypt" key-origin.

Certain origins do have special treatment but in general the key origin is meta data for the frontend.

Apr 5 2019, 10:56 AM · Feature Request
aheinecke updated subscribers of T4448: Add "Autocrypt" key-origin.

I agree with you and GpgOL handles it that way so for me this would work. But I'm not actually implementing autocrypt, so I also added @patrick to the subscribers.
I've talked about using key-origin in Enigmail with him in Brussels and I would be interested what he thinks Enigmail might require and if gpg could be improved for that.

Apr 5 2019, 9:29 AM · Feature Request
werner triaged T4448: Add "Autocrypt" key-origin as Normal priority.
Apr 5 2019, 9:27 AM · Feature Request
werner added a comment to T4448: Add "Autocrypt" key-origin.

autocrypt is not different from attaching a file to a (signed) message as it has always been done. We have no special treatment for that in gpg. Certain origins do have special treatment but in general the key origin is meta data for the frontend. For example it allows us to update a key received from WKD when it has expired.

Apr 5 2019, 9:18 AM · Feature Request
aheinecke closed T4449: Configurable timer for having-to-input passphrase via "kleopatra" as Resolved.

Hi,
if I don't misunderstand you, we already have that:

Apr 5 2019, 8:41 AM · Feature Request
aheinecke added a comment to T4448: Add "Autocrypt" key-origin.

My interpretation of the key-origin is that it's basically up to the application what it does with the information. It is added information, like the TOFU history we can have. I don't necessarily think in terms of "trustworthyness".

Apr 5 2019, 8:36 AM · Feature Request
esdee created T4449: Configurable timer for having-to-input passphrase via "kleopatra".
Apr 5 2019, 8:15 AM · Feature Request

Apr 4 2019

Valodim added a comment to T4448: Add "Autocrypt" key-origin.

I'm a bit confused. The origin of Autocrypt keys is clearly different from keyservers ("ks"), why would they use the same value? I was aware that origin values are mapped to integers, but your description seems to imply that these integers have significant ordering in terms of trust. The documentation in the man page is a bit bare bones, but my interpretation of "key-origin" was that it simply stated the method of discovery for a key, leaving any implications of trust to the client. Is this incorrect?

Apr 4 2019, 7:23 PM · Feature Request
dkg added a comment to T4448: Add "Autocrypt" key-origin.

@werner: what if the autocrypt header is in a dkim-signed message, and the dkim signature covers the autocrypt header, and the dkim signature is verifiable using dnssec? is it still the same as from a keyserver?

Apr 4 2019, 6:32 PM · Feature Request
werner added a comment to T4448: Add "Autocrypt" key-origin.

Receiving a key by mail should in general be considered unknown and is not more trustworthy than receiving a key from a keyserver. I would suggest that you use "ks-pref" for this purpose. That origin value has no special meaning in gnupg but is numerical ordered between keyserver and and DANE; gpgme currently maps it to keyserver level anyway.

Apr 4 2019, 5:50 PM · Feature Request
Valodim renamed T4448: Add "Autocrypt" key-origin from Add "Autocrypt" origin to Add "Autocrypt" key-origin.
Apr 4 2019, 11:06 AM · Feature Request
Valodim created T4448: Add "Autocrypt" key-origin.
Apr 4 2019, 11:05 AM · Feature Request

Apr 3 2019

werner triaged T4446: please add --quick-revoke-subkey as Normal priority.
Apr 3 2019, 10:46 PM · Restricted Project, gnupg24, Feature Request
ap4y added a comment to T4009: POLDI: Support for EC (nist, brainpool, at least).

I implemented support for ECC and DSA public keys in poldi. Tested with ECC (curve 25519) key on Gnuk smartcard (Nitrokey Start).

Apr 3 2019, 11:07 AM · poldi, Feature Request

Apr 2 2019

dkg created T4446: please add --quick-revoke-subkey.
Apr 2 2019, 5:41 PM · Restricted Project, gnupg24, Feature Request

Apr 1 2019

FrederickZh added a comment to T3416: gpg should select available signing key on card (even with -u option).

Here's an ugly hack to make this work (patch based on v2.2.15).

Apr 1 2019, 2:24 PM · Restricted Project, Feature Request, gnupg
werner created T4445: New feature to list keys signed by a certain key..
Apr 1 2019, 10:56 AM · gnupg24, Feature Request, gnupg (gpg23)

Mar 30 2019

FrederickZh added a comment to T3416: gpg should select available signing key on card (even with -u option).

@vsrinu26f No worries, looks like we are on the same page :)

Mar 30 2019, 10:06 AM · Restricted Project, Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

Sorry i think i blabbered without understanding context.

Mar 30 2019, 10:00 AM · Restricted Project, Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

I wish gnupg natively supports creating backup cards. To be able to import
private key material to do another keyto card. And every time it moves that
to card and removes from gnupg.

Mar 30 2019, 9:46 AM · Restricted Project, Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

For exactly same key material on tokens. Just before writing first token
backup .gnupg folder or export all key info. Do key to card. Delete .gnupg
folder and restore from backup and keytocard second token.

Mar 30 2019, 9:39 AM · Restricted Project, Feature Request, gnupg

Mar 29 2019

FrederickZh added a comment to T3416: gpg should select available signing key on card (even with -u option).

Both tokens should have same material.

Mar 29 2019, 1:38 PM · Restricted Project, Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

On the other hand if we want to track which token is used by having multiple unexpired signing subkeys and each token have its own subkey is a possible usecase where multiple admins have the tokens.

Mar 29 2019, 1:28 PM · Restricted Project, Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

I think if we have to update one token then we have to update backup token as well if moved to new subkey.

Mar 29 2019, 1:21 PM · Restricted Project, Feature Request, gnupg
FrederickZh added a comment to T3416: gpg should select available signing key on card (even with -u option).

@vsrinu26f Yes I'm using subkeys with YubiKey.

Mar 29 2019, 1:17 PM · Restricted Project, Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

Sorry, ignore my comment if there is something with subkeys and you are
already using latest gnupg.

Mar 29 2019, 1:11 PM · Restricted Project, Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

This is already implemented by yutaka.

Mar 29 2019, 1:05 PM · Restricted Project, Feature Request, gnupg
FrederickZh added a comment to T3416: gpg should select available signing key on card (even with -u option).

Sorry for jumping in out of the blue but the idea of automatically selecting the available signing key sounds also very appealing to me.

Mar 29 2019, 9:29 AM · Restricted Project, Feature Request, gnupg

Mar 24 2019

jukivili closed T2388: Inform callers about memory alignment requirements of a cipher implementation as Resolved.
Mar 24 2019, 8:56 PM · libgcrypt, Feature Request
jukivili claimed T2388: Inform callers about memory alignment requirements of a cipher implementation.
Mar 24 2019, 9:51 AM · libgcrypt, Feature Request

Mar 23 2019

crollinsphoto added a comment to T4392: Imports public key only, will not import secret key.

Great. Let me know when the newest gpg4win is released.

Mar 23 2019, 9:49 PM · gnupg, Feature Request, gpg4win
dkg added a comment to T3389: canonical OpenPGP certificate export.

fwiw, a comment over on T4422 contains a bash script that tries to force GnuPG to do its certificate/signature re-ordering. this doesn't produce anything canonical yet, but it's the closest i've come so far to getting GnuPG to do something repeatable with a certificate after merging (but even that is not quite stable).

Mar 23 2019, 2:34 AM · gnupg, Feature Request

Mar 21 2019

werner added a parent task for T3495: The --list-keys should account for groups that are defined: T4417: Work needed for gnupg 2.3.
Mar 21 2019, 1:09 PM · gnupg, Feature Request
werner added a parent task for T4406: Allow the use of the default-new-key-algo format for --quick-gen-key.: T4417: Work needed for gnupg 2.3.
Mar 21 2019, 1:09 PM · gnupg24, Feature Request
werner added a parent task for T4362: Replace the exec funtions for photoids in gpg by our standard exec functions.: T4417: Work needed for gnupg 2.3.
Mar 21 2019, 1:09 PM · gnupg, Feature Request
werner added a parent task for T4398: Rework Console and command line handling on Windows: T4417: Work needed for gnupg 2.3.
Mar 21 2019, 1:09 PM · Feature Request, gnupg (gpg23)
werner added a parent task for T4344: Periodic check of own keys with the WKD: T4417: Work needed for gnupg 2.3.
Mar 21 2019, 1:09 PM · wkd, gnupg, Feature Request
werner merged T1654: Add group aliases to key listings into T3495: The --list-keys should account for groups that are defined.
Mar 21 2019, 1:03 PM · gnupg, Feature Request
werner merged task T1654: Add group aliases to key listings into T3495: The --list-keys should account for groups that are defined.
Mar 21 2019, 1:03 PM · gpa, Feature Request
werner added a comment to T3495: The --list-keys should account for groups that are defined.

See also
https://lists.gnupg.org/pipermail/gnupg-devel/2018-December/034131.html
for a first patch to implement this.

Mar 21 2019, 1:02 PM · gnupg, Feature Request

Mar 20 2019

dkg added a comment to T714: Meaningful RETURN values.

werner wrote:

Mar 20 2019, 11:10 PM · gnupg, Feature Request
crollinsphoto added a comment to T4392: Imports public key only, will not import secret key.

Great. Thank you.

Mar 20 2019, 5:15 PM · gnupg, Feature Request, gpg4win
aheinecke added a comment to T4392: Imports public key only, will not import secret key.

We are aiming for this week.

Mar 20 2019, 4:03 PM · gnupg, Feature Request, gpg4win
crollinsphoto added a comment to T4392: Imports public key only, will not import secret key.

When will the new gnupg program be released so I can install it?

Charles

Mar 20 2019, 3:21 PM · gnupg, Feature Request, gpg4win

Mar 19 2019

crollinsphoto added a comment to T4392: Imports public key only, will not import secret key.

So where can I get the corrected file to install? I suppose I need the
new gpg4win, it hasn't been updated yet. If I need the signature or TAR
from your website how can I implement that?

Charles

Mar 19 2019, 3:57 PM · gnupg, Feature Request, gpg4win
werner closed T4412: Release GnuPG 2.2.14, a subtask of T4392: Imports public key only, will not import secret key, as Resolved.
Mar 19 2019, 12:33 PM · gnupg, Feature Request, gpg4win
crollinsphoto added a comment to T4392: Imports public key only, will not import secret key.

Where can I get the new thing file to install?

Mar 19 2019, 12:12 PM · gnupg, Feature Request, gpg4win
werner closed T4392: Imports public key only, will not import secret key as Resolved.
Mar 19 2019, 9:40 AM · gnupg, Feature Request, gpg4win
aheinecke added a subtask for T4392: Imports public key only, will not import secret key: T4412: Release GnuPG 2.2.14.
Mar 19 2019, 9:20 AM · gnupg, Feature Request, gpg4win
aheinecke changed the status of T4392: Imports public key only, will not import secret key from Open to Testing.

Thanks! I've confirmed that it works for me.

Mar 19 2019, 9:20 AM · gnupg, Feature Request, gpg4win

Mar 18 2019

werner removed a project from T1537: gpgv does not handle expired or revoked keys: gnupg (gpg22).
Mar 18 2019, 7:31 PM · Feature Request, gnupg
werner edited projects for T3257: dirmngr cannot set port for nameserver, added: Feature Request; removed gnupg (gpg22), Bug Report.
Mar 18 2019, 7:30 PM · Feature Request, dirmngr
werner removed a project from T2398: finger support using SRV DNS records: gnupg (gpg22).
Mar 18 2019, 7:29 PM · gnupg, Feature Request, dirmngr

Mar 15 2019

werner added a comment to T4392: Imports public key only, will not import secret key.

The secret import code actually had a bug in that it silently imported the secret key anyway, so that after importing the public key the secret key showed up. That was not intended because we do not want to allow importing arbitrary keys or subkeys if the don't have a corresponding public (sub)key with the mandatory key-binding signature. This has now been fixed. A fix for the actual problem will come soon.

Mar 15 2019, 7:45 PM · gnupg, Feature Request, gpg4win
werner claimed T4392: Imports public key only, will not import secret key.
Mar 15 2019, 12:18 PM · gnupg, Feature Request, gpg4win

Mar 14 2019

werner created T4406: Allow the use of the default-new-key-algo format for --quick-gen-key..
Mar 14 2019, 12:29 PM · gnupg24, Feature Request
aheinecke removed a project from T4098: GpgSM: Add ECC support: gpg4win.
Mar 14 2019, 9:34 AM · gnupg (gpg23), Feature Request, S/MIME
aheinecke added a comment to T2103: Improve the pinentry password quality indication.

Regarding the quality evaluation, several months ago I proposed to optionally delegate that task to an external tool (specified by a new gpg-agent option passphrase-checker). I posted a first draft as D442 and then submitted a proper patchset to gnupg-devel, but although @werner expressed interest it was never merged. I have just checked that the patchset still applies cleanly to both the master branch and the STABLE-BRANCH-2-2. I can re-submit it to the mailing list if needed.

Mar 14 2019, 9:27 AM · gnupg (gpg23), Feature Request

Mar 13 2019

wuximeniyu added a comment to T4165: Dirmngr: Ipv6 causes network failure if Ipv6 can't be reached.

There is a solution for it:

Mar 13 2019, 9:55 PM · Keyserver, Feature Request, dirmngr

Mar 12 2019

bernhard added a comment to T3505: Port GPGME's Python bindings to Windows.

Reading through this issue and the related documentation: Thanks for writing this all down and adding links!

Mar 12 2019, 5:50 PM · Feature Request, gpgme, Python
crollinsphoto added a comment to T4392: Imports public key only, will not import secret key.

Ok. Let me know so I can try it out.

Mar 12 2019, 11:50 AM · gnupg, Feature Request, gpg4win
aheinecke added a comment to T4392: Imports public key only, will not import secret key.

Yes, I think that if I see an import result with "secret-keys-read && w/o userId's" I can just do a second try.

Mar 12 2019, 8:18 AM · gnupg, Feature Request, gpg4win
werner added projects to T4392: Imports public key only, will not import secret key: Feature Request, gnupg.

Checking the OpenPGP specs again, there is actually an "exit" clause for this PGP bug. Or well, what I would consider to be a bug. A fix for this is not easy because it would require to detect this at an outer level (the ascii armor) which we don't do because gpg is build along a streaming concept as almost all Unix tools. What we can do is to allow import of a secret key in that PGP format iff a public key is already there. In practise this would mean to run the import two times and ignore the errors from the first import.

Mar 12 2019, 7:53 AM · gnupg, Feature Request, gpg4win

Mar 11 2019

werner closed T4401: GnuPG should generate a direct-key signature to constrain the primary key, and convey preferences and features as Wontfix.

See T4400.

Mar 11 2019, 2:00 PM · Feature Request
justus created T4401: GnuPG should generate a direct-key signature to constrain the primary key, and convey preferences and features.
Mar 11 2019, 1:54 PM · Feature Request

Mar 8 2019

werner added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

I meant the abbreviations. PGP is based on a code base dating back to 1992; for example we mostly used the term keyblock instead of certificate in the code.

Mar 8 2019, 8:26 AM · gnupg (gpg23), Feature Request
werner created T4398: Rework Console and command line handling on Windows.
Mar 8 2019, 8:12 AM · Feature Request, gnupg (gpg23)

Mar 7 2019

justus added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

Those terms are not arbitrary, they are in the RFC.

Mar 7 2019, 9:42 AM · gnupg (gpg23), Feature Request
werner triaged T4393: GnuPG should always accept key updates even if the update does not contain UIDs as Normal priority.

Thanks. [I wonder why the looong established terms public-keyblock and key-signature must be replace by arbitrary new terms.]

Mar 7 2019, 7:50 AM · gnupg (gpg23), Feature Request

Mar 6 2019

dkg added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.
  • TPK: transferable public key (an "OpenPGP certificate")
  • TPS: Third-party signature (any certification within a TPK that is not made by the primary key, and is not a cross-sig made by a subkey over the primary)
Mar 6 2019, 7:53 PM · gnupg (gpg23), Feature Request
werner edited projects for T4393: GnuPG should always accept key updates even if the update does not contain UIDs, added: gnupg; removed gnupg (gpg22).
Mar 6 2019, 6:05 PM · gnupg (gpg23), Feature Request
werner added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

TPK ?
TPS ?

Mar 6 2019, 6:04 PM · gnupg (gpg23), Feature Request
justus added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.
In T4393#123047, @dkg wrote:

i don't understand why "import-drop-uids" is useful --

Mar 6 2019, 4:44 PM · gnupg (gpg23), Feature Request
dkg added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

i don't understand why "import-drop-uids" is useful -- it sounds to me like the functionality you're looking for is something more accurately named "accept-certs-without-uids". is that right?

Mar 6 2019, 4:37 PM · gnupg (gpg23), Feature Request
justus created T4393: GnuPG should always accept key updates even if the update does not contain UIDs.
Mar 6 2019, 12:16 PM · gnupg (gpg23), Feature Request

Mar 5 2019

florian2833z added a comment to T4388: GpgOL: Add draft encryption as an option..

Something to add: This also affects deleted drafts. If I write a new email and decide to delete & not send it, Outlook saves the aborted draft in the trash without encryption.

Mar 5 2019, 1:43 PM · Feature Request, gpg4win, gpgol

Mar 4 2019

aheinecke added a subtask for T4388: GpgOL: Add draft encryption as an option.: T4389: Gpg4win 3.1.8.
Mar 4 2019, 9:38 AM · Feature Request, gpg4win, gpgol