Page MenuHome GnuPG
Feed Advanced Search

Jan 28 2021

gniibe closed T4998: scdaemon: PC/SC "No such device" without reader-port, a subtask of T3300: scd: Support multiple readers by PC/SC driver, as Resolved.
Jan 28 2021, 3:07 AM · Restricted Project, gnupg (gpg23), scd
gniibe closed T4246: GnuPG master does not allow decryption with bad usage flags (regression) as Resolved.
Jan 28 2021, 3:03 AM · Restricted Project, Bug Report, gnupg (gpg23)
gniibe closed T4246: GnuPG master does not allow decryption with bad usage flags (regression), a subtask of T4417: Work needed for gnupg 2.3, as Resolved.
Jan 28 2021, 3:03 AM · gnupg (gpg23)

Jan 20 2021

werner triaged T5253: expiration changes during interactive expire date verification as Low priority.

Thanks for the reports. IIRC, we had similar reports in the past either here or on a ML.

Jan 20 2021, 9:32 AM · gnupg24, gnupg (gpg23), Bug Report

Jan 8 2021

werner closed T4447: Fix addition of new GPG keys to LDAP as Resolved.

The code has been reworked to also support the updated schema which also stores the fingerprints and a parsed down mail address. See gnupg/doc/ldap/ . These changes are in master and 2.2.26. Sorry for taking so long to fix that.

Jan 8 2021, 9:56 AM · gnupg (gpg23), patch, LDAP, dirmngr, Bug Report

Jan 6 2021

rupor-github added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I wrote https://github.com/rupor-github/win-gpg-agent to simplify usage on Windows until this issue is resolved - it handles various edge cases on Windows.

Jan 6 2021, 7:25 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Jan 5 2021

werner triaged T5060: Feature to migrate a card based to a file based key pair as Normal priority.
Jan 5 2021, 9:36 AM · gnupg24, gnupg (gpg23), Feature Request

Dec 21 2020

werner closed T4788: System wide configuration of the GnuPG system as Resolved.
Dec 21 2020, 7:40 PM · gnupg (gpg23), Feature Request, gpg4win, g10code

Dec 14 2020

gniibe changed the status of T5170: card: Allow use cases with no corresponding *.key file under private-keys-v1.d from Open to Testing.
Dec 14 2020, 6:58 AM · Restricted Project, gnupg (gpg23)

Dec 12 2020

werner triaged T5179: add export-filter based on user ID calculated validity as Normal priority.
Dec 12 2020, 1:26 PM · gnupg24, gnupg (gpg23), Feature Request

Dec 11 2020

gniibe added a comment to T5150: scd: For NetKey cards READKEY with keygrip fails.

Reading the code again, I think that some configuration of NKS card doesn't work well, when it has no certificates but keys (e.g. IDLM config).
I'm going to fix do_readkey as well (the approach #1).

Dec 11 2020, 1:13 AM · backport, gnupg (gpg23), scd

Dec 10 2020

ikloecker closed T5150: scd: For NetKey cards READKEY with keygrip fails as Resolved.

With little (mostly no) knowledge of NKS card, I think I fixed this issue.

Dec 10 2020, 10:39 AM · backport, gnupg (gpg23), scd
gniibe added a comment to T5150: scd: For NetKey cards READKEY with keygrip fails.

Thanks a lot for your time to locate the problem. I took the approach of #2.

Dec 10 2020, 2:37 AM · backport, gnupg (gpg23), scd

Dec 9 2020

ikloecker reassigned T5150: scd: For NetKey cards READKEY with keygrip fails from ikloecker to gniibe.

I'm not sure why I thought that it would work now. With current master I get

$ gpg-connect-agent "SCD READKEY --info-only -- 39400430E38BB96F105B740A7119FE113578B59D" /bye
ERR 100663414 Invalid ID <SCD>
Dec 9 2020, 12:19 PM · backport, gnupg (gpg23), scd
ikloecker closed T5166: gpg --quick-gen-key userid card fails on first run resp. for unknown key, a subtask of T5170: card: Allow use cases with no corresponding *.key file under private-keys-v1.d, as Resolved.
Dec 9 2020, 9:36 AM · Restricted Project, gnupg (gpg23)
ikloecker added a subtask for T5170: card: Allow use cases with no corresponding *.key file under private-keys-v1.d: T5166: gpg --quick-gen-key userid card fails on first run resp. for unknown key.
Dec 9 2020, 9:34 AM · Restricted Project, gnupg (gpg23)
ikloecker removed a parent task for T5170: card: Allow use cases with no corresponding *.key file under private-keys-v1.d: T5166: gpg --quick-gen-key userid card fails on first run resp. for unknown key.
Dec 9 2020, 9:33 AM · Restricted Project, gnupg (gpg23)

Dec 8 2020

gniibe created T5170: card: Allow use cases with no corresponding *.key file under private-keys-v1.d.
Dec 8 2020, 4:10 AM · Restricted Project, gnupg (gpg23)

Dec 7 2020

ikloecker closed T5141: GnuPG: Make quick-gen-key work for keys on PIV cards as Resolved.
Dec 7 2020, 3:18 PM · gnupg (gpg23)
ikloecker claimed T5141: GnuPG: Make quick-gen-key work for keys on PIV cards.
Dec 7 2020, 1:25 PM · gnupg (gpg23)
werner placed T5141: GnuPG: Make quick-gen-key work for keys on PIV cards up for grabs.
Dec 7 2020, 11:45 AM · gnupg (gpg23)

Dec 4 2020

werner added a comment to T4788: System wide configuration of the GnuPG system.

And I also did a backport to 2.2 :-) See rGa028f24136a062f55408a5fec84c6d31201b2143

Dec 4 2020, 12:21 PM · gnupg (gpg23), Feature Request, gpg4win, g10code

Dec 1 2020

werner added a comment to T5141: GnuPG: Make quick-gen-key work for keys on PIV cards.

Go ahead (but w/o the /*if (keytime*)*/ line ;-)

Dec 1 2020, 9:11 AM · gnupg (gpg23)

Nov 30 2020

ikloecker added a comment to T5141: GnuPG: Make quick-gen-key work for keys on PIV cards.

The following (probably not entirely correct) patch fixes the problem because it marks the PIV card key as pCARDKEY even though keytime is 0.

diff --git a/g10/keygen.c b/g10/keygen.c
index b510525e3..03c929c0b 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -4720,7 +4720,8 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
Nov 30 2020, 9:48 PM · gnupg (gpg23)
werner updated subscribers of T5141: GnuPG: Make quick-gen-key work for keys on PIV cards.
Nov 30 2020, 3:31 PM · gnupg (gpg23)
werner added a comment to T5141: GnuPG: Make quick-gen-key work for keys on PIV cards.

The error comes form using READKEY which is processed by gpg-agent. At this time the agent does not yet know the stub key and thus returns ENOENT. At the places before we used "SCD READKEY" which works directly with scdameon and does not need a stub file. We need to review the new(?) way of creating stub files, describe that and then fix this by either making sure tha the stub key is created first or that we use SCD READKEY there too.

Nov 30 2020, 3:30 PM · gnupg (gpg23)
ikloecker added a comment to T5150: scd: For NetKey cards READKEY with keygrip fails.

Seems to work now. I'm not sure whether I should close this issue because it's marked for backport.

Nov 30 2020, 10:19 AM · backport, gnupg (gpg23), scd
ikloecker closed T5144: scd: Fails/crashes on SCD LEARN --keypairinfo for NetKey cards as Resolved.

Works now. Thanks.

Nov 30 2020, 10:05 AM · Restricted Project, gnupg (gpg23), scd

Nov 27 2020

werner claimed T4398: Rework Console and command line handling on Windows.
Nov 27 2020, 6:33 PM · Feature Request, gnupg (gpg23)
werner closed T5038: UTF-8 handling in the command line, a subtask of T4398: Rework Console and command line handling on Windows, as Resolved.
Nov 27 2020, 6:33 PM · Feature Request, gnupg (gpg23)
werner renamed T4398: Rework Console and command line handling on Windows from Rework Console handling on Windows to Rework Console and command line handling on Windows.
Nov 27 2020, 6:31 PM · Feature Request, gnupg (gpg23)
werner added a subtask for T4398: Rework Console and command line handling on Windows: T5038: UTF-8 handling in the command line.
Nov 27 2020, 6:26 PM · Feature Request, gnupg (gpg23)
werner added a comment to T5150: scd: For NetKey cards READKEY with keygrip fails.

Regarding a backport I think that I will eventually backport all app-*c to stable by source copying them. We have a quite stable internal API and thus it is easier to keep at least the card specific code in sync. I did some local work in this directory some time ago.

Nov 27 2020, 5:54 PM · backport, gnupg (gpg23), scd

Nov 26 2020

werner added a project to T5150: scd: For NetKey cards READKEY with keygrip fails: backport.
Nov 26 2020, 7:55 AM · backport, gnupg (gpg23), scd
gniibe added a comment to T5150: scd: For NetKey cards READKEY with keygrip fails.

Applied and push the change above in rG920154370834: scd,nks: Fix caching keygrip..

Nov 26 2020, 1:38 AM · backport, gnupg (gpg23), scd

Nov 25 2020

gniibe triaged T5150: scd: For NetKey cards READKEY with keygrip fails as Normal priority.
Nov 25 2020, 3:48 AM · backport, gnupg (gpg23), scd
gniibe added a comment to T5150: scd: For NetKey cards READKEY with keygrip fails.

For the first issue, I pushed the change in rGc3a20c88fb30: scd: Fix an error return for READKEY..

Nov 25 2020, 3:48 AM · backport, gnupg (gpg23), scd
gniibe changed the status of T5144: scd: Fails/crashes on SCD LEARN --keypairinfo for NetKey cards from Open to Testing.
Nov 25 2020, 2:37 AM · Restricted Project, gnupg (gpg23), scd
gniibe claimed T5144: scd: Fails/crashes on SCD LEARN --keypairinfo for NetKey cards.

Fixed in rG006944b856ee: scd,nks: Fix SEGV for learn for older card..

Nov 25 2020, 2:37 AM · Restricted Project, gnupg (gpg23), scd

Nov 20 2020

werner added a project to T5144: scd: Fails/crashes on SCD LEARN --keypairinfo for NetKey cards: gnupg (gpg23).
Nov 20 2020, 6:31 PM · Restricted Project, gnupg (gpg23), scd
werner added a project to T5150: scd: For NetKey cards READKEY with keygrip fails: gnupg (gpg23).
Nov 20 2020, 6:31 PM · backport, gnupg (gpg23), scd
ikloecker added a comment to T5141: GnuPG: Make quick-gen-key work for keys on PIV cards.

The same problem occurs for NKS (v3) cards where the keys also do not have a keytime.

Nov 20 2020, 11:44 AM · gnupg (gpg23)
ikloecker added a parent task for T5141: GnuPG: Make quick-gen-key work for keys on PIV cards: T5128: Kleopatra: Generate OpenPGP public key for NetKey card key.
Nov 20 2020, 11:42 AM · gnupg (gpg23)
werner claimed T5141: GnuPG: Make quick-gen-key work for keys on PIV cards.
Nov 20 2020, 9:27 AM · gnupg (gpg23)

Nov 18 2020

ikloecker added a comment to T5141: GnuPG: Make quick-gen-key work for keys on PIV cards.

Output of (unpatched) gpg with --debug ipc:

$ GNUPGHOME=$HOME/.cache/gnupg-master-home gpg --debug ipc --quick-gen-key --yes piv@example.net card
gpg: reading options from '[cmdline]'
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: enabled debug flags: ipc
gpg: DBG: chan_3 <- OK Pleased to meet you, process 7588
gpg: DBG: connection to the gpg-agent established
gpg: DBG: chan_3 -> RESET
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION ttyname=/dev/pts/7
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION ttytype=xterm-256color
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION display=:0
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION xauthority=/home/ingo/.Xauthority
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION putenv=XMODIFIERS=@im=local
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION putenv=GTK_IM_MODULE=cedilla
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION putenv=QT_IM_MODULE=xim
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION lc-ctype=de_DE.UTF-8
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION lc-messages=de_DE.UTF-8
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.3.0-beta1481
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION allow-pinentry-notify
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION agent-awareness=2.1.0
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> SCD SERIALNO
gpg: DBG: chan_3 <- S SERIALNO FF020001008A7796
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> SCD SERIALNO
gpg: DBG: chan_3 <- S SERIALNO FF020001008A7796
gpg: DBG: chan_3 <- OK
gpg: Serial number of the card: FF020001008A7796
gpg: DBG: chan_3 -> SCD LEARN --keypairinfo
gpg: DBG: chan_3 <- S CHV-USAGE 40 00
gpg: DBG: chan_3 <- S CHV-STATUS -2 3 -2
gpg: DBG: chan_3 <- S KEYPAIRINFO EB6A99D61EF3BC7C7934173CD9833376D773E65D PIV.9A a
gpg: DBG: chan_3 <- S KEYPAIRINFO 482BD076054B6950A6FC476C356AF029A5115BBD PIV.9E a
gpg: DBG: chan_3 <- S KEYPAIRINFO 0773CFCB90C043F3A6151B3F2FBF23726F10A48A PIV.9C sc
gpg: DBG: chan_3 <- S KEYPAIRINFO ED6579C1360100BE92C46ECB1A1826A63614D5AB PIV.9D e
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> SCD GETATTR $SIGNKEYID
gpg: DBG: chan_3 <- S $SIGNKEYID PIV.9C
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> SCD READKEY --info -- PIV.9C
gpg: DBG: chan_3 <- S KEYPAIRINFO 0773CFCB90C043F3A6151B3F2FBF23726F10A48A PIV.9C sc - nistp256
gpg: DBG: chan_3 <- [ 44 20 28 31 30 3a 70 75 62 6c 69 63 2d 6b 65 79 ...(118 byte(s) skipped) ]
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> SCD SERIALNO
gpg: DBG: chan_3 <- S SERIALNO FF020001008A7796
gpg: DBG: chan_3 <- OK
gpg: Serial number of the card: FF020001008A7796
gpg: DBG: chan_3 -> SCD LEARN --keypairinfo
gpg: DBG: chan_3 <- S CHV-USAGE 40 00
gpg: DBG: chan_3 <- S CHV-STATUS -2 3 -2
gpg: DBG: chan_3 <- S KEYPAIRINFO EB6A99D61EF3BC7C7934173CD9833376D773E65D PIV.9A a
gpg: DBG: chan_3 <- S KEYPAIRINFO 482BD076054B6950A6FC476C356AF029A5115BBD PIV.9E a
gpg: DBG: chan_3 <- S KEYPAIRINFO 0773CFCB90C043F3A6151B3F2FBF23726F10A48A PIV.9C sc
gpg: DBG: chan_3 <- S KEYPAIRINFO ED6579C1360100BE92C46ECB1A1826A63614D5AB PIV.9D e
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> SCD GETATTR $ENCRKEYID
gpg: DBG: chan_3 <- S $ENCRKEYID PIV.9D
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> SCD READKEY --info -- PIV.9D
gpg: DBG: chan_3 <- S KEYPAIRINFO ED6579C1360100BE92C46ECB1A1826A63614D5AB PIV.9D e - rsa2048
gpg: DBG: chan_3 <- [ 44 20 28 31 30 3a 70 75 62 6c 69 63 2d 6b 65 79 ...(286 byte(s) skipped) ]
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> RESET
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> READKEY -- 0773CFCB90C043F3A6151B3F2FBF23726F10A48A
gpg: DBG: chan_3 <- ERR 67141713 No such file or directory <GPG Agent>
Key generation failed: No such file or directory
gpg: secmem usage: 0/32768 bytes in 0 blocks
Nov 18 2020, 2:12 PM · gnupg (gpg23)
werner added a comment to T5141: GnuPG: Make quick-gen-key work for keys on PIV cards.

Yes sure. --debug ipc should give you some insight why gpg does not thing the key is on the card.

Nov 18 2020, 10:39 AM · gnupg (gpg23)
ikloecker placed T5141: GnuPG: Make quick-gen-key work for keys on PIV cards up for grabs.
Nov 18 2020, 9:37 AM · gnupg (gpg23)

Nov 17 2020

ikloecker added a comment to T5141: GnuPG: Make quick-gen-key work for keys on PIV cards.

After patching the above mentioned if-clause the command fails on the first try, but it succeeds on the second try

$ gpgconf --kill all
Nov 17 2020, 3:46 PM · gnupg (gpg23)
ikloecker created T5141: GnuPG: Make quick-gen-key work for keys on PIV cards.
Nov 17 2020, 3:28 PM · gnupg (gpg23)

Nov 10 2020

werner added a comment to T5118: gpgconf: Master does not show some values.

Works for me. Also with a gpg.conf-2 file. Do you use a /etc/gnupg/gpg.conf ?

Nov 10 2020, 9:48 AM · gnupg24, Bug Report, gnupg (gpg23)
gniibe added a comment to T4667: "gpg: deleting secret key failed: No pinentry" when in --batch mode with --pinentry=loopback.

Fixed in master.
(confirmation interaction is also fixed.)

Nov 10 2020, 6:11 AM · gnupg24, gnupg (gpg23), Bug Report
gniibe changed the status of T4998: scdaemon: PC/SC "No such device" without reader-port, a subtask of T3300: scd: Support multiple readers by PC/SC driver, from Open to Testing.
Nov 10 2020, 4:00 AM · Restricted Project, gnupg (gpg23), scd

Nov 9 2020

werner edited projects for T5109: Initial socket connection to server, added: gnupg (gpg23); removed gnupg (gpg22).
Nov 9 2020, 12:35 PM · gnupg24, gnupg (gpg23)

Nov 3 2020

werner edited projects for T5118: gpgconf: Master does not show some values, added: gnupg (gpg23), Bug Report; removed gnupg.
Nov 3 2020, 12:39 PM · gnupg24, Bug Report, gnupg (gpg23)

Oct 29 2020

gniibe added a comment to T5114: GnuPG fails to import back generated and exported EdDSA secret key..

With Debian's GnuPG 2.2.12, I got an error:

Oct 29 2020, 7:22 AM · gnupg, Restricted Project, gpgagent, Bug Report
gniibe claimed T5114: GnuPG fails to import back generated and exported EdDSA secret key..

With bata1449, I cannot reproduce it.
I can import by gpg --import key-uids-sec.pgp
I tested with Debian's libgcrypt, as well as libgcrypt master (4a50c6b8).

Oct 29 2020, 6:35 AM · gnupg, Restricted Project, gpgagent, Bug Report

Oct 28 2020

werner added a project to T5114: GnuPG fails to import back generated and exported EdDSA secret key.: gnupg (gpg23).
Oct 28 2020, 5:01 PM · gnupg, Restricted Project, gpgagent, Bug Report

Oct 23 2020

werner edited projects for T4588: gpg-agent should guess pinentry's full path (using $PATH) if `pinentry-program` does not supply a full path, added: gnupg (gpg23); removed libassuan.

What can be done is to use gpgconf --list-dirs bindir as a fallback for pinentry.

Oct 23 2020, 6:51 PM · gnupg24, gpgagent

Oct 1 2020

bvieira added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@werner can you confirm if the environment I provided will work with OpenSSH support fully implemented?

Oct 1 2020, 5:49 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Sep 15 2020

werner triaged T5070: Retain the exact name of the archive when extracting/decrypting via gpgtar as Normal priority.

Using a not yet existing directory is a security feature. The directory is created at a time the signature has not yet been verified and thus it would be too easy to trick a user into overwriting important data.

Sep 15 2020, 9:26 PM · gnupg24, gnupg (gpg23), gpgtar, Feature Request

Sep 7 2020

werner triaged T5054: Preservation of modification date upon decryption/extraction. as Normal priority.
Sep 7 2020, 10:30 AM · gnupg26, Bug Report, gpgtar

Sep 5 2020

werner added projects to T5054: Preservation of modification date upon decryption/extraction.: gpgtar, gnupg (gpg23).

I will consider a -p option for gpgtar.

Sep 5 2020, 8:02 PM · gnupg26, Bug Report, gpgtar
werner triaged T5053: More gpg arguments available for use with gpgtar as Normal priority.
Sep 5 2020, 12:35 PM · gnupg24, gnupg (gpg23), gpgtar, Feature Request

Sep 4 2020

bvieira added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

So, if there's no support for native OpenSSH yet, I'll wait for it. After it's supported, I should be able to get the scenery I described working, right?

Sep 4 2020, 1:52 PM · Not A Bug, workaround, gnupg24, Windows, ssh
werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Unfortunately you can't pass extra arguments.

Sep 4 2020, 7:47 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Sep 3 2020

gpguser123 added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

@bvieira You need to set pinentry-mode=loopback for gpg program used in git.

Sep 3 2020, 4:22 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Sep 2 2020

bvieira added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I'm actually trying to do the following:

Sep 2 2020, 2:10 PM · Not A Bug, workaround, gnupg24, Windows, ssh
avemilia added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

In the meantime you can use [0]. I have tested with ssh key on yubikey and AuthenticationMethods publickey, win32-ssh (or ssh-portable, which is the new repository name) correctly works with gpg and pinentry is called. Despite it being called wsl, wsl environment is not required.

Sep 2 2020, 1:59 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Aug 27 2020

werner triaged T5029: server socket/pipe handling in GnuPG as Normal priority.

I still don't think that it is correct. We would also need to turn fd from an int to a gnupg_fd_t (ie. a HANDLE under Windows) which requires other changes and should be done in the other parts of the code as well. assuan_sock_close also delegates to the system specific function and on Windows removes the fd also from the cygwin table. This may trigger other bugs so I'd like to keep it as it is to go with the code which has been in active use for a long time - at least for 2.2

Aug 27 2020, 11:01 AM · Windows, scd, gnupg (gpg23)

Aug 25 2020

werner closed T4421: import-export does not remove duplicated subkeys as Resolved.

I implemented subkey collapsing in 2.3. It is enabled by default but you can disable it it with

Aug 25 2020, 10:42 AM · Feature Request, OpenPGP, gnupg (gpg23)

Aug 20 2020

werner edited projects for T4879: GnuPG treats reordered OpenPGP certificates differently, added: gnupg (gpg23); removed gnupg (gpg22).
Aug 20 2020, 11:10 AM · gnupg24, gnupg (gpg23), OpenPGP, Bug Report

Aug 19 2020

gniibe closed T4915: Cannot compile on macOS Mojave (utf8.c) as Resolved.
Aug 19 2020, 3:42 AM · Restricted Project, gnupg (gpg23), Bug Report

Aug 18 2020

bernhard added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

Hello,
just reading the issue in detail.

Aug 18 2020, 5:50 PM · gnupg (gpg23), Feature Request

Aug 9 2020

werner closed T4713: Bug in get_best_pubkey_byname as Resolved.

We won't do that for 2.2.

Aug 9 2020, 5:25 PM · Restricted Project, gnupg (gpg23)

Aug 7 2020

gniibe changed the status of T5000: trustdb,keybox: Adding support of v5key from Open to Testing.
Aug 7 2020, 6:11 AM · Restricted Project, gnupg (gpg23)
gniibe added a comment to T5000: trustdb,keybox: Adding support of v5key.

Applied and pushed.

Aug 7 2020, 6:10 AM · Restricted Project, gnupg (gpg23)
gniibe added a comment to T5000: trustdb,keybox: Adding support of v5key.

No, it didn't work, but we need more change:

diff --git a/g10/tdbio.c b/g10/tdbio.c
index bfeede991..9f01667b4 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -1909,12 +1909,9 @@ tdbio_search_trust_byfpr (ctrl_t ctrl, const byte *fingerprint, TRUSTREC *rec)
 gpg_error_t
 tdbio_search_trust_bypk (ctrl_t ctrl, PKT_public_key *pk, TRUSTREC *rec)
 {
-  byte fingerprint[MAX_FINGERPRINT_LEN];
-  size_t fingerlen;
+  byte fingerprint[20];
Aug 7 2020, 4:53 AM · Restricted Project, gnupg (gpg23)

Aug 6 2020

gniibe added a comment to T5000: trustdb,keybox: Adding support of v5key.

I revise the change, using different approach, so that we can keep better existing implementation compatibility.

Aug 6 2020, 12:31 PM · Restricted Project, gnupg (gpg23)

Aug 5 2020

gniibe merged task T3763: ECDH - encryption with obfuscated size of the symmetric key into T4908: ECDH with AES-128 decryption failure when fully padded.
Aug 5 2020, 7:22 AM · OpenPGP, gnupg (gpg23)
gniibe added a comment to T3763: ECDH - encryption with obfuscated size of the symmetric key.

Since it was handled in T4908, this task is merged into that.

Aug 5 2020, 7:22 AM · OpenPGP, gnupg (gpg23)

Jul 31 2020

gniibe added a comment to T4246: GnuPG master does not allow decryption with bad usage flags (regression).

I realized that it fails with GPG_ERR_INV_ID (with gpg master) when it's on smartcard.
It can't be decrypted if it's on smartcard, that's true, but more relevant error would be good for this case.

Jul 31 2020, 8:13 AM · Restricted Project, Bug Report, gnupg (gpg23)

Jul 20 2020

werner added a comment to T5000: trustdb,keybox: Adding support of v5key.

I deferred this thing because I hoped to implement this in the keyboxd. Another option is to use a truncated fingerprint - for displaying purposes we anyway truncate to 25 byte and 20 byte should also be okay until we can move this to keyboxd. But okay, if you want to add support please go ahead but make sure that there are no fatal conditions if a gpg 2.2 accesses the v5 enabled trustdb.

Jul 20 2020, 9:26 AM · Restricted Project, gnupg (gpg23)
gniibe renamed T5000: trustdb,keybox: Adding support of v5key from trustdb: Adding support of v5key to trustdb,keybox: Adding support of v5key.
Jul 20 2020, 7:30 AM · Restricted Project, gnupg (gpg23)
gniibe added a comment to T5000: trustdb,keybox: Adding support of v5key.

Here is the patch for trustdb and keybox. Not introduced new record structure, but RECTYPE_TRUST_SHA2 saving only 20-byte.

Jul 20 2020, 7:21 AM · Restricted Project, gnupg (gpg23)
gniibe renamed T5000: trustdb,keybox: Adding support of v5key from trustdb: Adding support of v5 keys to trustdb: Adding support of v5key.
Jul 20 2020, 7:18 AM · Restricted Project, gnupg (gpg23)
gniibe updated the task description for T5000: trustdb,keybox: Adding support of v5key.
Jul 20 2020, 4:25 AM · Restricted Project, gnupg (gpg23)
gniibe added a comment to T5000: trustdb,keybox: Adding support of v5key.

Something like:

  • 1-byte: TYPE
  • 1-byte: Reserved
  • 32-byte: fingerprint
  • 1-byte; ownertrust / min_ownertrust
  • 1-byte: depth
  • 4-byte: validlist recnum
Jul 20 2020, 4:25 AM · Restricted Project, gnupg (gpg23)
gniibe created T5000: trustdb,keybox: Adding support of v5key.
Jul 20 2020, 4:22 AM · Restricted Project, gnupg (gpg23)
bvieira added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Any news on this?

Jul 20 2020, 12:48 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Jul 17 2020

gniibe added a subtask for T3300: scd: Support multiple readers by PC/SC driver: T4998: scdaemon: PC/SC "No such device" without reader-port.
Jul 17 2020, 2:59 AM · Restricted Project, gnupg (gpg23), scd
gniibe added a parent task for T3300: scd: Support multiple readers by PC/SC driver: Unknown Object (Maniphest Task).
Jul 17 2020, 2:45 AM · Restricted Project, gnupg (gpg23), scd

Jul 15 2020

gniibe added a comment to T3763: ECDH - encryption with obfuscated size of the symmetric key.

@mbrinkers : I think that it was fixed in GnuPG 2.2.21 by T4908: ECDH with AES-128 decryption failure when fully padded.
It was unfortunate that this bug report didn't work to solve problem, with malformed data and discussion went to unrelated thing.

Jul 15 2020, 2:01 AM · OpenPGP, gnupg (gpg23)

Jul 14 2020

mbrinkers added a comment to T3763: ECDH - encryption with obfuscated size of the symmetric key.

I have run into an interoperability issue between BouncyCastle PGP (Java) library and gpg which seems to caused by key obfuscation.

Jul 14 2020, 2:59 PM · OpenPGP, gnupg (gpg23)

Jul 10 2020

gniibe changed the status of T4246: GnuPG master does not allow decryption with bad usage flags (regression), a subtask of T4417: Work needed for gnupg 2.3, from Open to Testing.
Jul 10 2020, 3:04 AM · gnupg (gpg23)
gniibe changed the status of T4246: GnuPG master does not allow decryption with bad usage flags (regression) from Open to Testing.
Jul 10 2020, 3:04 AM · Restricted Project, Bug Report, gnupg (gpg23)

Jul 9 2020

werner closed T2103: Improve the pinentry password quality indication as Resolved.
Jul 9 2020, 1:16 PM · gnupg (gpg23), Feature Request
werner removed a parent task for T4990: Release GnuPG 2.3.0: T4989: Gpg4win-4.0.0.
Jul 9 2020, 12:23 PM · gnupg (gpg23), Release Info
werner closed T4990: Release GnuPG 2.3.0 as Spite.

Duplicate - see T4702 instead

Jul 9 2020, 12:23 PM · gnupg (gpg23), Release Info
werner created T4990: Release GnuPG 2.3.0.
Jul 9 2020, 12:19 PM · gnupg (gpg23), Release Info
werner added a comment to T4246: GnuPG master does not allow decryption with bad usage flags (regression).

The first, I guess. The problem is that you are technical capable of _decryption_ but gpg does not allow this because for some reasons the key is arbitrary limited to signing. A warning message should be printed in thus a case but decryption should succeed.

Jul 9 2020, 10:41 AM · Restricted Project, Bug Report, gnupg (gpg23)