Page MenuHome GnuPG
Feed Advanced Search

Jun 26 2019

wiktor-k added a comment to T4584: --quick-sign-key offers no way to override a current certification.

For the record in my original message I asked about adding self-signatures.

Jun 26 2019, 11:12 AM · Restricted Project, gnupg (gpg22), Feature Request
werner triaged T4584: --quick-sign-key offers no way to override a current certification as Normal priority.
Jun 26 2019, 7:53 AM · Restricted Project, gnupg (gpg22), Feature Request

Jun 25 2019

werner triaged T4580: Update the password checking algorithm as Low priority.
Jun 25 2019, 10:24 AM · gpgagent, Feature Request
equwal created T4580: Update the password checking algorithm.
Jun 25 2019, 2:44 AM · gpgagent, Feature Request

Jun 24 2019

Valodim added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

It's been a while, any word on this? I sent the DCO as requested. Are there any technical concerns left to address?

Jun 24 2019, 12:48 PM · gnupg (gpg23), Feature Request

Jun 21 2019

Valodim added a comment to T4493: Default to HKPS, not HKP.

A possible exception here is that .onion TLDs should stick with HKP by default

Jun 21 2019, 11:16 AM · dirmngr, Feature Request
werner triaged T4578: python3 gpg module should offer an "encrypt" function that takes an email.message.EmailMessage and returns a new one as Normal priority.
Jun 21 2019, 10:04 AM · gpgme, Python, Feature Request

Jun 19 2019

dkg added a comment to T4578: python3 gpg module should offer an "encrypt" function that takes an email.message.EmailMessage and returns a new one.

I note that "the best" seems like it might be a pretty subjective thing. The standard GnuPG framing asks about the validity of keys for the User ID in question. Perhaps the caller could indicate whether they want to require full validity for each key to make this key selection more strict.

Jun 19 2019, 7:22 PM · gpgme, Python, Feature Request
dkg added a comment to T4578: python3 gpg module should offer an "encrypt" function that takes an email.message.EmailMessage and returns a new one.

The function would do something like:

  • from msg, extract all e-mail addresses from to, cc, bcc fields
  • find "the best" keys that match these addresses, storing them in keylist
  • copy msg to tmp, remove bcc header from tmp
  • wrap armored output of gpg.Context.encrypt(bytes(tmp), recipients=keylist) in the necessary RFC 3156 cladding, copying most headers from msg (maybe stubbing out the subject), producing an email.message.EmailMessage object.
Jun 19 2019, 7:19 PM · gpgme, Python, Feature Request
dkg created T4578: python3 gpg module should offer an "encrypt" function that takes an email.message.EmailMessage and returns a new one.
Jun 19 2019, 6:59 PM · gpgme, Python, Feature Request

Jun 18 2019

dkg added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

we now have a DCO from @Valodim

Jun 18 2019, 2:05 PM · gnupg (gpg23), Feature Request

Jun 16 2019

dkg added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

@werner, My usual approach for private branches is to prefix with dkg/, but (a) playfair rejects branch names with a /, and (b) i'm not the author of these patches, and i didn't want to claim credit that doesn't belong to me.

Jun 16 2019, 5:40 PM · gnupg (gpg23), Feature Request

Jun 14 2019

werner added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

Please use a private branch as usual. There has been no agreement or a discussion over this change nor do we have a DCO from him.

Jun 14 2019, 6:10 PM · gnupg (gpg23), Feature Request
dkg added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

I've pushed @Valodim's proposed patches to the fix-4393 branch in our git repo. they look good to me, and i think they should be merged to master.

Jun 14 2019, 6:08 PM · gnupg (gpg23), Feature Request

Jun 6 2019

werner added a comment to T4544: More prompts before key deletion.

Nope

Jun 6 2019, 7:39 AM · gnupg, Feature Request, patch
matheusmoreira renamed T4544: More prompts before key deletion from Key deletion: more prompts, new commands to More prompts before key deletion.
Jun 6 2019, 5:39 AM · gnupg, Feature Request, patch
matheusmoreira reopened T4544: More prompts before key deletion as "Open".

Here are the patches without any new commands:

Jun 6 2019, 3:58 AM · gnupg, Feature Request, patch
matheusmoreira added a comment to T4544: More prompts before key deletion.

@werner Only patches 2 and 3 introduce new commands. What do you think about the other changes?

Jun 6 2019, 3:20 AM · gnupg, Feature Request, patch

Jun 5 2019

werner closed T4544: More prompts before key deletion as Wontfix.

In case I not already mentioned it: There won't be any new commands to delete a key. Of course you are free to change GnuPG as you like but I won't apply them here.

Jun 5 2019, 6:18 PM · gnupg, Feature Request, patch
matheusmoreira changed Version from 2.2.15 to 2.2.16 on T4544: More prompts before key deletion.
Jun 5 2019, 11:53 AM · gnupg, Feature Request, patch

Jun 4 2019

aheinecke changed the status of T4553: Compatibilty with encrypted mails sent to SecurePIM from Testing to Open.

The change in message class did not help.

Jun 4 2019, 1:34 PM · Feature Request, gpg4win, gpgol
aheinecke changed the status of T4479: GpgOL: S/MIME Addressbook integration from Open to Testing.
Jun 4 2019, 11:00 AM · gpg4win, Feature Request, gpgol
aheinecke added a subtask for T4479: GpgOL: S/MIME Addressbook integration: T4389: Gpg4win 3.1.8.
Jun 4 2019, 11:00 AM · gpg4win, Feature Request, gpgol
aheinecke changed the status of T4388: GpgOL: Add draft encryption as an option. from Open to Testing.
Jun 4 2019, 10:41 AM · Feature Request, gpg4win, gpgol
werner reopened T3383: scdaemon option 'card-timeout' does not have any effect, a subtask of T3362: Prevent Smartcard from caching PIN when cache-ttl is set accordingly, as Open.
Jun 4 2019, 7:45 AM · Feature Request
gniibe claimed T3950: gnupg-2.2.6 fails to find correct library config programs when cross-compiling for ARM.
Jun 4 2019, 4:41 AM · Feature Request
gniibe closed T3383: scdaemon option 'card-timeout' does not have any effect, a subtask of T3362: Prevent Smartcard from caching PIN when cache-ttl is set accordingly, as Resolved.
Jun 4 2019, 3:01 AM · Feature Request
gniibe closed T3119: gpg: Improve public key decryption, a subtask of T2291: Smartcard interaction improvement (was: Shadowed private key design (for smartcard)), as Resolved.
Jun 4 2019, 2:34 AM · Restricted Project, gnupg, Feature Request
gniibe closed T1854: Problems with same encryption and signing key on smartcard as Resolved.

While it's not recommended, current master has a support of sharing same raw key materials. I think that it now works (I don't try, though).
Closing.

Jun 4 2019, 2:33 AM · gnupg, Feature Request, scd

Jun 3 2019

aheinecke added a subtask for T4553: Compatibilty with encrypted mails sent to SecurePIM: T4389: Gpg4win 3.1.8.
Jun 3 2019, 3:28 PM · Feature Request, gpg4win, gpgol
aheinecke created T4553: Compatibilty with encrypted mails sent to SecurePIM.
Jun 3 2019, 3:24 PM · Feature Request, gpg4win, gpgol
aheinecke added a subtask for T4552: Compatibility with mails sent from SecurePIM: T4389: Gpg4win 3.1.8.
Jun 3 2019, 3:19 PM · Feature Request, gpg4win, gpgol
aheinecke created T4552: Compatibility with mails sent from SecurePIM.
Jun 3 2019, 3:18 PM · Feature Request, gpg4win, gpgol

Jun 1 2019

ametzler1 added a comment to T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing.

gniibe wrote:

Jun 1 2019, 6:09 PM · libksba, Feature Request

May 31 2019

gniibe added a comment to T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing.

RFC 5280 only addresses about BCP78 and not about TLP, while RFC 5652, RFC 5755, RFC 5911 and RFC 5912 address explicitly about TLP. In this situation, I wonder if it's better to take the definitions of Extensions, UniqueIdentifier, and GeneralNames from RFC 5280. To be conservative, I don't include them now.

May 31 2019, 7:32 AM · libksba, Feature Request
gniibe added a comment to T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing.

I pushed more changes to include modules in RFC 5911 and RFC 5912.

May 31 2019, 5:50 AM · libksba, Feature Request
gniibe added a comment to T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing.

Comparing old cms.asn and new cms.asn, now I understand how RFC 3370 matters. I added those things back from RFC 5911 (which cites RFC 3370) which comes with BSD license for code.

May 31 2019, 4:52 AM · libksba, Feature Request

May 30 2019

dkg added a comment to T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing.

@gniibe thank you!

May 30 2019, 10:53 PM · libksba, Feature Request
gniibe added a comment to T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing.

I did some work (since Debian is important for us).
Please have a look at my topic branch: gniibe/fix-4487
or:
https://dev.gnupg.org/source/libksba/history/gniibe%252Ffix-4487/
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=shortlog;h=refs/heads/gniibe/fix-4487

May 30 2019, 10:18 AM · libksba, Feature Request

May 29 2019

dkg added a comment to T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing.

Perhaps i wasn't clear enough in the earlier messages on this thread. The inclusion of restrictively-licensed code in a file that also claims LGPL/GPL appears to be an unredistributable license. Could you please clarify why the GPL or LGPL applies to libksba while it contains src/cms.asn in its current form?

May 29 2019, 7:52 PM · libksba, Feature Request
matheusmoreira updated the task description for T4544: More prompts before key deletion.
May 29 2019, 10:10 AM · gnupg, Feature Request, patch
matheusmoreira updated the task description for T4544: More prompts before key deletion.
May 29 2019, 10:00 AM · gnupg, Feature Request, patch
gniibe changed the status of T4539: libgpg-error on Windows: strerror_s can be used instead of strerror_r from Open to Testing.

Fix pushed.

May 29 2019, 4:19 AM · gpgrt, Feature Request
gniibe claimed T4539: libgpg-error on Windows: strerror_s can be used instead of strerror_r.

I think that detecting strerror_s by configure is better, because it's a new feature on Windows.

May 29 2019, 3:54 AM · gpgrt, Feature Request

May 28 2019

werner triaged T4544: More prompts before key deletion as Low priority.
May 28 2019, 6:12 PM · gnupg, Feature Request, patch
matheusmoreira added revisions to T4544: More prompts before key deletion: D480: gpg: factor out secret key deletion function, D485: gpg: add the --delete-secret-subkeys command, D488: gpg: add the --delete-secret-key-stubs command, D481: gpg: confirm deletion of each key individually, D482: gpg: confirm again before deleting primary key.
May 28 2019, 5:39 PM · gnupg, Feature Request, patch
matheusmoreira created T4544: More prompts before key deletion in the S1 Public space.
May 28 2019, 5:21 PM · gnupg, Feature Request, patch

May 27 2019

werner added a comment to T4165: Dirmngr: Ipv6 causes network failure if Ipv6 can't be reached.

I doubt that we are going to implement this.

May 27 2019, 6:15 PM · Keyserver, Feature Request, dirmngr
werner triaged T4537: gpgsm support for timestamp signatures as Normal priority.
May 27 2019, 3:58 PM · gnupg26, S/MIME, Feature Request

May 24 2019

werner triaged T4539: libgpg-error on Windows: strerror_s can be used instead of strerror_r as Normal priority.

I guess we can do that. Thanks for the hint.

May 24 2019, 3:19 PM · gpgrt, Feature Request
vtorri created T4539: libgpg-error on Windows: strerror_s can be used instead of strerror_r.
May 24 2019, 1:19 PM · gpgrt, Feature Request
slandden added a revision to T4530: libgcrypt: POWER SHA-2 Vector Acceleration: D492: Add PowerPC crypto acceleration support for SHA2..
May 24 2019, 6:06 AM · libgcrypt, Feature Request
slandden added a revision to T4529: libgcrypt: POWER AES Vector Acceleration: D491: Support for PowerPC's AES acceleration..
May 24 2019, 6:03 AM · libgcrypt, Feature Request

May 23 2019

misterzed88 created T4537: gpgsm support for timestamp signatures.
May 23 2019, 4:25 PM · gnupg26, S/MIME, Feature Request

May 21 2019

werner closed T4273: agent: Request insertion of smartcard when no card present as Resolved.

The behaviour related to ssh key access is due to the way ssh works: After a connection has been established to a server ssh presents to to the server all identities (public keys) it has access to (meaning it has a corresponding private key). Thus we can't tell ssh all the keys we have because that would be an information leak and may also take too long. Because the user may in some cases not want to use the ssh-agent but resort to ssh command line input of the passphrase, we do not insist on using a key known by gpg-agent.

May 21 2019, 9:13 AM · Feature Request, Documentation, gpgagent
werner closed T4273: agent: Request insertion of smartcard when no card present, a subtask of T2291: Smartcard interaction improvement (was: Shadowed private key design (for smartcard)), as Resolved.
May 21 2019, 9:13 AM · Restricted Project, gnupg, Feature Request
werner added a parent task for T4529: libgcrypt: POWER AES Vector Acceleration: T4531: PowerPC performance improvements.
May 21 2019, 7:54 AM · libgcrypt, Feature Request
werner added a parent task for T4530: libgcrypt: POWER SHA-2 Vector Acceleration: T4531: PowerPC performance improvements.
May 21 2019, 7:54 AM · libgcrypt, Feature Request
werner renamed T4530: libgcrypt: POWER SHA-2 Vector Acceleration from [$] libgcrypt: POWER SHA-2 Vector Acceleration to libgcrypt: POWER SHA-2 Vector Acceleration.
May 21 2019, 7:52 AM · libgcrypt, Feature Request
werner triaged T4529: libgcrypt: POWER AES Vector Acceleration as Normal priority.

Perl would be okay for maintainer mode but not for regular builds. The reason is that perl is already used by autotools but a build shall still be possible w/o perl.

May 21 2019, 7:51 AM · libgcrypt, Feature Request
werner renamed T4529: libgcrypt: POWER AES Vector Acceleration from [$] libgcrypt: POWER AES Vector Acceleration to libgcrypt: POWER AES Vector Acceleration.
May 21 2019, 7:47 AM · libgcrypt, Feature Request
werner triaged T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache as Low priority.
May 21 2019, 7:45 AM · Feature Request, gpgagent

May 20 2019

slandden added a comment to T4529: libgcrypt: POWER AES Vector Acceleration.

I'm looking into doing a pretty epic hack of using the switch_endian syscall to speed this up.

May 20 2019, 11:52 PM · libgcrypt, Feature Request
gcwilson added a comment to T4529: libgcrypt: POWER AES Vector Acceleration.

I don't know. That would make it a relatively easy transplant. We've also used the Cryptogams code as a reference for Golang enhancements, if that helps. I'd welcome guidance on the matter from a maintainer.

May 20 2019, 9:46 PM · libgcrypt, Feature Request
slandden added a comment to T4529: libgcrypt: POWER AES Vector Acceleration.

Would the maintainers accept having perl in the repository? Linux does it.[1]

May 20 2019, 8:35 PM · libgcrypt, Feature Request
gcwilson created T4530: libgcrypt: POWER SHA-2 Vector Acceleration.
May 20 2019, 7:04 PM · libgcrypt, Feature Request
gcwilson created T4529: libgcrypt: POWER AES Vector Acceleration.
May 20 2019, 7:01 PM · libgcrypt, Feature Request
aheinecke added a subtask for T4527: Kleopatra, GPG: Display reason if a certificate is not compliant to a compliance level: T4523: Gpg4win: Multiple problems reported 05-2019.
May 20 2019, 2:14 PM · Feature Request, kleopatra
aheinecke created T4527: Kleopatra, GPG: Display reason if a certificate is not compliant to a compliance level.
May 20 2019, 2:13 PM · Feature Request, kleopatra

May 18 2019

werner added a comment to T4108: Support for verifying OpenPGP standalone and timestamp signatures.

FWIW, I disabled @aa7356 because he again started to troll.

May 18 2019, 10:59 PM · gnupg24, gnupg (gpg23), Feature Request
aa7356 added a comment to T4108: Support for verifying OpenPGP standalone and timestamp signatures.

Snap question regards to the clock;

May 18 2019, 6:53 PM · gnupg24, gnupg (gpg23), Feature Request

May 17 2019

werner triaged T4108: Support for verifying OpenPGP standalone and timestamp signatures as Normal priority.
May 17 2019, 6:48 PM · gnupg24, gnupg (gpg23), Feature Request
werner closed T4475: Gemalto IDBridge CT710 && Pinentry as Invalid.

Sorry, I can't parse that. For development question please use gnupg-devel at gnupg.org.

May 17 2019, 1:49 PM · Feature Request

May 16 2019

gniibe merged task T2898: Option to ignore card serial number (to be able to use backup tokens containing same subkeys) into T4301: Handling multiple subkeys on two SmartCards.
May 16 2019, 9:26 AM · gnupg, Feature Request
gniibe changed the status of T2898: Option to ignore card serial number (to be able to use backup tokens containing same subkeys) from Open to Testing.

Feature supported in master.

May 16 2019, 9:26 AM · gnupg, Feature Request
gniibe changed the status of T2898: Option to ignore card serial number (to be able to use backup tokens containing same subkeys), a subtask of T2291: Smartcard interaction improvement (was: Shadowed private key design (for smartcard)), from Open to Testing.
May 16 2019, 9:26 AM · Restricted Project, gnupg, Feature Request

May 15 2019

aheinecke added a comment to T4515: GpgOL 2.3.3 - Attachment Problem (Encryption).

Or a better tl;dr; When you send mails without "inline" option everything is fine and standardized. The problem is that the old version of GpgOL that your college uses is too stupid to handle this ;-)

May 15 2019, 2:40 PM · Feature Request, gpg4win, gpgol
aheinecke added a comment to T4515: GpgOL 2.3.3 - Attachment Problem (Encryption).

Yes your colleague should or basically needs to upgrade. 2.2.3 is very outdated. There are security issues that were fixed by then etc.

May 15 2019, 2:38 PM · Feature Request, gpg4win, gpgol
AlexD added a comment to T4515: GpgOL 2.3.3 - Attachment Problem (Encryption).

Hi,

What client does your colleague use so that you have to use PGP/Inline?

That format where the attachment is it's own PGP Encrypted file is very problematic. You basically have mutliple signature and encryption states. An attacker can easily remove or add attachments to the message. The attachment name is leaked. etc. Also see: https://wiki.gnupg.org/PgpPartitioned

Our opinion is that if you really _have_ to use PGP/Inline that you must do so manually using Kleopatra's notepad and Encrypted files.

I am a bit unsure if I just close this as "Wontfix" or move it to Wishlist. I think for now I go with Wishlist but do not expect that feature soon. At least until maybe some really important use case comes up.

Anyway, thanks for your feedback. It is always valuable to know what users would like to have.

Best Regards,
Andre

May 15 2019, 10:26 AM · Feature Request, gpg4win, gpgol
aheinecke lowered the priority of T4515: GpgOL 2.3.3 - Attachment Problem (Encryption) from High to Wishlist.

What client does your colleague use so that you have to use PGP/Inline?

May 15 2019, 8:33 AM · Feature Request, gpg4win, gpgol

May 14 2019

werner triaged T4503: include extension for OpenPGP creation timestamp in X.509 output as Normal priority.

Thanks for the hint on the existing OID I already looked into that and planned to use one from the GnuPG arc, But an existing OID is better. I still need to figure useful workflows but something like this will be useful for smartcards..

May 14 2019, 10:42 AM · Feature Request, S/MIME
werner triaged T4513: dirmngr should try the configured keyservers anyway even if they are all dead as Normal priority.
May 14 2019, 10:09 AM · Feature Request, Keyserver, dirmngr
werner triaged T4514: Batch mode/unattended key generation: support multiple subkeys as Normal priority.

I anyway plan to extend the --quick-gen-key parameters to allow the specification of several subkeys on the command line.

May 14 2019, 8:44 AM · gnupg24, gnupg (gpg23), Feature Request
dkg added a comment to T4514: Batch mode/unattended key generation: support multiple subkeys.

I think you'll be better off doing this with the simpler --quick-generate-key and --quick-add-key interfaces, rather than hacking on the domain-specific language used by --batch --generate-key.

May 14 2019, 7:55 AM · gnupg24, gnupg (gpg23), Feature Request
ageis updated the task description for T4514: Batch mode/unattended key generation: support multiple subkeys.
May 14 2019, 5:32 AM · gnupg24, gnupg (gpg23), Feature Request
ageis updated the task description for T4514: Batch mode/unattended key generation: support multiple subkeys.
May 14 2019, 5:19 AM · gnupg24, gnupg (gpg23), Feature Request
ageis created T4514: Batch mode/unattended key generation: support multiple subkeys.
May 14 2019, 5:18 AM · gnupg24, gnupg (gpg23), Feature Request
dkg added a comment to T4448: Add "Autocrypt" key-origin.

@werner, why is it the case that if i'm willing to look up a key via WKD on Monday, i should by definition also be willing to send a followup request to that WKD server on Thursday just because the certificate is marked with an expiration?

May 14 2019, 2:17 AM · Feature Request

May 13 2019

dkg added a comment to T4493: Default to HKPS, not HKP.

see also T4467

May 13 2019, 11:12 PM · dirmngr, Feature Request
aa7356 added a comment to T4475: Gemalto IDBridge CT710 && Pinentry.

WK you command me to put the file scd.log somewhere.
I am trying to do it on the wires set "F103RB" from ARM (GeeNuke)

May 13 2019, 4:05 PM · Feature Request

May 12 2019

dkg created T4503: include extension for OpenPGP creation timestamp in X.509 output.
May 12 2019, 1:01 AM · Feature Request, S/MIME

May 10 2019

werner triaged T4493: Default to HKPS, not HKP as Normal priority.
May 10 2019, 7:23 PM · dirmngr, Feature Request

May 9 2019

werner triaged T4489: gpg --quick-add-key should be able to add an existing key as a subkey, not just generating a new one as Normal priority.
May 9 2019, 8:09 AM · gnupg, OpenPGP, Feature Request
dkg added a comment to T4489: gpg --quick-add-key should be able to add an existing key as a subkey, not just generating a new one.

i'm thinking that if the algo parameter to --quick-add-key is a keygrip, then it would find the key directly in the existing keyring(s) and attach it as a new subkey.

May 9 2019, 12:15 AM · gnupg, OpenPGP, Feature Request
dkg created T4489: gpg --quick-add-key should be able to add an existing key as a subkey, not just generating a new one.
May 9 2019, 12:14 AM · gnupg, OpenPGP, Feature Request

May 8 2019

aheinecke added a comment to T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing.

Thanks for the explanation.

May 8 2019, 3:14 PM · libksba, Feature Request
dkg reopened T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing as "Open".

If the ASN.1 is not from an RFC, then the AUTHORS file should not claim that it is from an RFC.

May 8 2019, 1:42 PM · libksba, Feature Request

May 7 2019

aheinecke closed T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing as Wontfix.

As I want to keep this tracker clean I would say this is a Wontfix at least until someone (DKG?) provides an argument what would be gained and why we should do this.

May 7 2019, 9:30 AM · libksba, Feature Request
werner triaged T4485: Add AEAD mode AES-GCM-SIV to libgcrypt (RFC 8452) as Normal priority.
May 7 2019, 8:55 AM · Feature Request, libgcrypt
werner triaged T4486: Add AEAD mode AES-SIV to libgcrypt (RFC 5297) as Normal priority.
May 7 2019, 8:55 AM · Feature Request, libgcrypt