Page MenuHome GnuPG
Feed Advanced Search

Jul 28 2022

gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Here is a patch to implement the functionality with --enable-win32-openssh-support.

Jul 28 2022, 6:30 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Jul 26 2022

werner added a project to T5990: Option to ignore the user trustlist.txt: backport.
Jul 26 2022, 8:57 PM · Restricted Project, Restricted Project, gnupg (gpg22), S/MIME, gpgagent

Jul 18 2022

gniibe closed T6035: Portability issue: ftruncate as Resolved.
Jul 18 2022, 9:58 AM · backport, gpgagent, gnupg
gniibe edited projects for T6035: Portability issue: ftruncate, added: backport; removed Restricted Project.

It's in 2.3.7 and 2.2.36.

Jul 18 2022, 9:58 AM · backport, gpgagent, gnupg

Jul 12 2022

gniibe closed T5702: Display prompt to user when YubiKey is waiting for touch confirmation, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 7:10 AM · ssh, gpgagent, scd
gniibe closed T5099: Confirmation dialog for remote access (restricted extra socket), a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:30 AM · ssh, gpgagent, scd
gniibe closed T5985: private-key: Support "Use-for-ssh" flag as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:28 AM · Feature Request, ssh, gpgagent
gniibe closed T5985: private-key: Support "Use-for-ssh" flag, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:28 AM · ssh, gpgagent, scd
gniibe renamed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token to OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Jul 12 2022, 3:26 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe edited projects for T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required), added: Documentation; removed Restricted Project.

Changed the tags and the title.

Jul 12 2022, 3:26 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe closed T5986: card: Show "Label:" when prompting the insertion of a card, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:17 AM · ssh, gpgagent, scd
gniibe closed T5986: card: Show "Label:" when prompting the insertion of a card as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:17 AM · ssh, gpgagent, scd
gniibe closed T5987: card: New field to specify refusing operations when card/token is not available as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:14 AM · ssh, gpgagent, scd
gniibe closed T5987: card: New field to specify refusing operations when card/token is not available, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:14 AM · ssh, gpgagent, scd
gniibe closed T5988: agent: Add new command to update private key fields, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:13 AM · ssh, gpgagent, scd
gniibe closed T5988: agent: Add new command to update private key fields as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:13 AM · Feature Request, ssh, gpgagent
gniibe closed T6010: gpg-connect-agent: /definqprog semantics enhancement, a subtask of T5862: authentication with USB token, as Resolved.
Jul 12 2022, 3:12 AM · gpgagent, Feature Request, scd
gniibe closed T6012: gpg-agent: Add --format=ssh option for READKEY, a subtask of T5862: authentication with USB token, as Resolved.
Jul 12 2022, 3:11 AM · gpgagent, Feature Request, scd
gniibe closed T6012: gpg-agent: Add --format=ssh option for READKEY as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:11 AM · gpgagent, Feature Request

Jul 7 2022

gniibe closed T5120: Incompatible Ed25519 secret key (no-encryption), a subtask of T5114: GnuPG fails to import back generated and exported EdDSA secret key., as Resolved.
Jul 7 2022, 6:51 AM · gnupg, Restricted Project, gpgagent, Bug Report

Jun 28 2022

gniibe added a comment to T5985: private-key: Support "Use-for-ssh" flag.

We removed assuming "OPENPGP.3" means for ssh.

Jun 28 2022, 3:31 AM · Feature Request, ssh, gpgagent
gniibe closed T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jun 28 2022, 3:29 AM · ssh, gpgagent, scd
gniibe closed T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available as Resolved.
Jun 28 2022, 3:29 AM · ssh, gpgagent, scd
gniibe renamed T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available from ssh,card: OpenPGP.3 keys should be on the list (as default) even when card is not available to ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available.
Jun 28 2022, 3:22 AM · ssh, gpgagent, scd
gniibe added a comment to T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available.

Having "Use-for-ssh" flag now, experience shows that including OpenPGP.3 keys by default is not convenient.

Jun 28 2022, 3:20 AM · ssh, gpgagent, scd

Jun 23 2022

werner added a comment to T6035: Portability issue: ftruncate.

ACK. P[ease add it also to 2.2.

Jun 23 2022, 10:50 AM · backport, gpgagent, gnupg
gniibe added a project to T6035: Portability issue: ftruncate: Restricted Project.
Jun 23 2022, 4:27 AM · backport, gpgagent, gnupg
gniibe added a comment to T6035: Portability issue: ftruncate.

Even if it is only a single case (of old version of Wine), I think that it is worth to add es_fflush when writing to file.

Jun 23 2022, 4:05 AM · backport, gpgagent, gnupg
gniibe added a comment to T5988: agent: Add new command to update private key fields.

What about rejected changes to "Key:"?

Jun 23 2022, 3:05 AM · Feature Request, ssh, gpgagent

Jun 22 2022

werner added a comment to T5988: agent: Add new command to update private key fields.

What about rejected changes to "Key:"? Other this command would make it too easy to mess up the actual private key.

Jun 22 2022, 2:54 PM · Feature Request, ssh, gpgagent
gniibe added a project to T5988: agent: Add new command to update private key fields: Restricted Project.
Jun 22 2022, 8:49 AM · Feature Request, ssh, gpgagent

Jun 21 2022

gniibe added a comment to T6035: Portability issue: ftruncate.

Looking illumos-gate, Solaris variants have no issues.

Jun 21 2022, 12:46 PM · backport, gpgagent, gnupg
gniibe added a comment to T6035: Portability issue: ftruncate.

Wine 5.0.3 (on Debian bullseye) fails.
Wine 6.0.3 Debian testing does no failure.

Jun 21 2022, 10:35 AM · backport, gpgagent, gnupg
gniibe added a comment to T6035: Portability issue: ftruncate.

I created minimized test:

Jun 21 2022, 4:38 AM · backport, gpgagent, gnupg

Jun 20 2022

werner triaged T6035: Portability issue: ftruncate as Normal priority.
Jun 20 2022, 1:08 PM · backport, gpgagent, gnupg
werner added a comment to T6035: Portability issue: ftruncate.

iirc, we use ftruncate for ages now. The problem with the name ftruncate is that it looks to similar to the stdio functions. But sure, things should be flushed first.

Jun 20 2022, 12:59 PM · backport, gpgagent, gnupg
gniibe added projects to T6035: Portability issue: ftruncate: gnupg, gpgagent.
Jun 20 2022, 10:33 AM · backport, gpgagent, gnupg

Jun 9 2022

gniibe closed T5917: gpg-agent: Not writing password into file as Resolved.
Jun 9 2022, 7:55 AM · Bug Report, gpgagent

Jun 8 2022

gniibe renamed T5862: authentication with USB token from authentication with USB token, ~~screen lock on token removal~~ to authentication with USB token.
Jun 8 2022, 4:08 AM · gpgagent, Feature Request, scd
gniibe renamed T5862: authentication with USB token from authentication with USB token, screen lock on token removal to authentication with USB token, ~~screen lock on token removal~~.
Jun 8 2022, 4:07 AM · gpgagent, Feature Request, scd
gniibe added a comment to T5862: authentication with USB token.

Now, it also supports a reader with pinpad.

Jun 8 2022, 3:38 AM · gpgagent, Feature Request, scd

Jun 6 2022

gniibe added projects to T5862: authentication with USB token: gpgagent, Restricted Project.
Jun 6 2022, 7:02 AM · gpgagent, Feature Request, scd

Jun 2 2022

gniibe added a project to T6012: gpg-agent: Add --format=ssh option for READKEY: Restricted Project.
Jun 2 2022, 1:48 PM · gpgagent, Feature Request
gniibe triaged T6012: gpg-agent: Add --format=ssh option for READKEY as Normal priority.
Jun 2 2022, 10:54 AM · gpgagent, Feature Request

Jun 1 2022

gniibe claimed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Jun 1 2022, 5:09 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

May 27 2022

sergi added a watcher for gpgagent: sergi.
May 27 2022, 10:08 PM
srgblnchtrn removed a watcher for gpgagent: srgblnchtrn.
May 27 2022, 10:06 PM
gniibe added a project to T5987: card: New field to specify refusing operations when card/token is not available: Restricted Project.
May 27 2022, 3:02 AM · ssh, gpgagent, scd
gniibe added a comment to T5987: card: New field to specify refusing operations when card/token is not available.

Default is "yes". When Prompt: no is specified, it doesn't ask but fails.

May 27 2022, 2:48 AM · ssh, gpgagent, scd
gniibe added a comment to T5987: card: New field to specify refusing operations when card/token is not available.

The behavior has been changed by T5996, to ask card insertion for the consistency of the semantics of configuration.

May 27 2022, 2:47 AM · ssh, gpgagent, scd
gniibe updated the task description for T5987: card: New field to specify refusing operations when card/token is not available.
May 27 2022, 2:45 AM · ssh, gpgagent, scd

May 26 2022

gniibe added a project to T5985: private-key: Support "Use-for-ssh" flag: Restricted Project.
May 26 2022, 10:39 AM · Feature Request, ssh, gpgagent
gniibe added a comment to T5985: private-key: Support "Use-for-ssh" flag.

With the change for T5996 applied, the semantics is clear. "Use-for-ssh" flag is a key not for "OpenPGP.3", but other keys (not only OpenPGP.[12], but also for normal keys.)

May 26 2022, 10:38 AM · Feature Request, ssh, gpgagent
gniibe added a project to T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available: Restricted Project.
May 26 2022, 10:19 AM · ssh, gpgagent, scd

May 23 2022

werner triaged T5998: Extend gpg-check-patter to return a description as Low priority.
May 23 2022, 3:02 PM · gnupg24, Feature Request, Restricted Project, gpgagent
gniibe renamed T5984: gpg-agent interaction improvement (smartcard improvement #3) from gpg-agent interaction improvement ( (smartcard improvement #3) to gpg-agent interaction improvement (smartcard improvement #3).
May 23 2022, 6:41 AM · ssh, gpgagent, scd
gniibe added a comment to T5984: gpg-agent interaction improvement (smartcard improvement #3).

The order to solve:

May 23 2022, 3:39 AM · ssh, gpgagent, scd
gniibe triaged T5996: ssh,card: "Use-for-ssh:" (was: OpenPGP.3) keys should be on the list even when card is not available as Normal priority.
May 23 2022, 3:35 AM · ssh, gpgagent, scd
gniibe edited projects for T5988: agent: Add new command to update private key fields, added: Feature Request; removed scd.
May 23 2022, 3:27 AM · Feature Request, ssh, gpgagent
gniibe edited projects for T5985: private-key: Support "Use-for-ssh" flag, added: Feature Request; removed scd.
May 23 2022, 3:26 AM · Feature Request, ssh, gpgagent
gniibe lowered the priority of T5985: private-key: Support "Use-for-ssh" flag from Normal to Low.
May 23 2022, 3:24 AM · Feature Request, ssh, gpgagent
gniibe triaged T5995: Better prompt with SETKEYDESC as Normal priority.
May 23 2022, 3:15 AM · gnupg24, ssh, gpgagent, scd
gniibe added a comment to T5985: private-key: Support "Use-for-ssh" flag.

This is an experimental patch to support "Use-for-ssh":

May 23 2022, 2:55 AM · Feature Request, ssh, gpgagent

May 20 2022

werner triaged T5990: Option to ignore the user trustlist.txt as Normal priority.
May 20 2022, 9:18 AM · Restricted Project, Restricted Project, gnupg (gpg22), S/MIME, gpgagent
gniibe added a comment to T5985: private-key: Support "Use-for-ssh" flag.

cmd_keyinfo should be also updated to access the field correctly.

May 20 2022, 7:59 AM · Feature Request, ssh, gpgagent
gniibe added a project to T5986: card: Show "Label:" when prompting the insertion of a card: Restricted Project.
May 20 2022, 7:41 AM · ssh, gpgagent, scd
gniibe added subtasks for T5984: gpg-agent interaction improvement (smartcard improvement #3): T5099: Confirmation dialog for remote access (restricted extra socket), T5702: Display prompt to user when YubiKey is waiting for touch confirmation.
May 20 2022, 6:53 AM · ssh, gpgagent, scd
gniibe renamed T5984: gpg-agent interaction improvement (smartcard improvement #3) from smartcard interaction improvement #3 to gpg-agent interaction improvement ( (smartcard improvement #3).
May 20 2022, 6:39 AM · ssh, gpgagent, scd
gniibe triaged T5988: agent: Add new command to update private key fields as Normal priority.
May 20 2022, 6:38 AM · Feature Request, ssh, gpgagent
gniibe triaged T5987: card: New field to specify refusing operations when card/token is not available as Normal priority.
May 20 2022, 6:33 AM · ssh, gpgagent, scd
gniibe added a comment to T5986: card: Show "Label:" when prompting the insertion of a card.

Also, it is better for a user, not to be asked confirmation (even if "Confirm:" is specified), that is, skipping the confirmation, when it is going to prompt the insertion of a card.

May 20 2022, 6:29 AM · ssh, gpgagent, scd
gniibe triaged T5986: card: Show "Label:" when prompting the insertion of a card as Normal priority.
May 20 2022, 6:27 AM · ssh, gpgagent, scd
gniibe triaged T5985: private-key: Support "Use-for-ssh" flag as Normal priority.
May 20 2022, 6:23 AM · Feature Request, ssh, gpgagent
gniibe triaged T5984: gpg-agent interaction improvement (smartcard improvement #3) as Normal priority.
May 20 2022, 6:21 AM · ssh, gpgagent, scd

May 13 2022

werner added projects to T3391: cannot import subkey that was once marked to be on a card: scd, gpgagent.
May 13 2022, 2:43 PM · Restricted Project, gpgagent, scd, gnupg, OpenPGP, Bug Report

May 12 2022

ikloecker changed the status of T5972: Can't insert charaters in a magic-wand generated password from Open to Testing.

Editing a formatted password should work now as expected.

May 12 2022, 4:08 PM · Restricted Project, gnupg (gpg22), gpgagent, pinentry
ikloecker added a project to T5972: Can't insert charaters in a magic-wand generated password : Restricted Project.
May 12 2022, 2:18 PM · Restricted Project, gnupg (gpg22), gpgagent, pinentry
ebo reassigned T5972: Can't insert charaters in a magic-wand generated password from ebo to ikloecker.
May 12 2022, 11:51 AM · Restricted Project, gnupg (gpg22), gpgagent, pinentry
ebo added a comment to T5972: Can't insert charaters in a magic-wand generated password .

Its an issue of cursor position. If one either deletes or inputs a a character anywhere in the password string, the cursor always jumps to the end of the string.

May 12 2022, 11:50 AM · Restricted Project, gnupg (gpg22), gpgagent, pinentry

May 11 2022

werner triaged T5972: Can't insert charaters in a magic-wand generated password as Normal priority.
May 11 2022, 5:18 PM · Restricted Project, gnupg (gpg22), gpgagent, pinentry

May 3 2022

gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Nitrokey Start uses Gnuk as its firmware. You need to upgrade its firmware to version 1.2.16 or newer.
Please note that when upgrading the firmware, your keys will be removed.

May 3 2022, 10:43 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

May 2 2022

amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Its a nitrokey start. I gave it another spin just to make sure, and again when updating to openssh 9.0 and "gpg (GnuPG) 2.3.6-unknown", it fails (again with careful gpgconf --kill gpg-agent etc. Double checked the downloaded source code by arch's makepkg, appears to have that patch applied. Also tried adding -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com to the ssh command, which didn't help.

May 2 2022, 10:36 PM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Please describe what token is used. For my use cases with rGe8fb8e2b3e66: scd: Don't inhibit SSH authentication for larger data if it can., both of Gnuk (>= 1.2.16) and Yubikey (>= 5) work well.

May 2 2022, 1:53 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Apr 29 2022

dkg added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

this looks similar to https://dev.gnupg.org/T5935 and https://bugs.debian.org/1008573

Apr 29 2022, 6:24 PM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Apr 28 2022

ikloecker added a comment to T5942: scdaemon is blocking system shutdown.

FWIW, your comments about the autostart script do not match with the running processes. Obviously, the autostart script starts gpg-agent with different command line options than the running process. My conclusion is that the autostart script isn't used. Or maybe it is started, but gpg-agent immediately terminates because it notices that another instance is already running.

Apr 28 2022, 10:12 AM · Support, scd, gpgagent
ikloecker added a comment to T5942: scdaemon is blocking system shutdown.

If you add an autostart script then you may have to add a corresponding shutdown script as well, e.g. a script running gpgconf --kill all. You cannot expect that daemons, that you start via an autostart script, magically know when they should terminate.

Apr 28 2022, 10:01 AM · Support, scd, gpgagent
amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

FYI, I built 2.3.6 using a modified archlinux PKGBUILD (& disabling patches to avoid conflicts), then did:
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
but ssh still fails as before

Apr 28 2022, 9:16 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
werner lowered the priority of T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) from High to Normal.
Apr 28 2022, 8:55 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
werner triaged T5942: scdaemon is blocking system shutdown as Low priority.
Apr 28 2022, 8:48 AM · Support, scd, gpgagent
szotsaki added a comment to T5942: scdaemon is blocking system shutdown.

Thank you for the hints!

Apr 28 2022, 8:24 AM · Support, scd, gpgagent
gniibe reopened T5120: Incompatible Ed25519 secret key (no-encryption), a subtask of T5114: GnuPG fails to import back generated and exported EdDSA secret key., as Open.
Apr 28 2022, 4:39 AM · gnupg, Restricted Project, gpgagent, Bug Report
gniibe reopened T5942: scdaemon is blocking system shutdown as "Open".

Thank you for the explanation. (It's not related to --supervised, I suppose.)

Apr 28 2022, 4:03 AM · Support, scd, gpgagent

Apr 27 2022

szotsaki added a comment to T5942: scdaemon is blocking system shutdown.

I see the following GPG-related commands running currently (with disable-scdaemon in config file):

Apr 27 2022, 6:06 PM · Support, scd, gpgagent

Apr 25 2022

werner closed T5942: scdaemon is blocking system shutdown as Wontfix.

Please contact the Debian developers for any systemd/gnupg issues. We don't suggest the use of the --supervised option because it causes more problems than it claims to solve.

Apr 25 2022, 11:53 AM · Support, scd, gpgagent
szotsaki created T5942: scdaemon is blocking system shutdown.
Apr 25 2022, 8:15 AM · Support, scd, gpgagent

Apr 22 2022

gniibe closed T5538: gpg-agent's keytocard cmd should use a better default creation time. as Resolved.
Apr 22 2022, 6:49 AM · gpgagent, gnupg (gpg23)
gniibe added projects to T5917: gpg-agent: Not writing password into file: Restricted Project, gpgagent, Bug Report.
Apr 22 2022, 6:43 AM · Bug Report, gpgagent

Apr 14 2022

werner triaged T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) as High priority.

I have not yet tested OpenSSH 9 and thus the patch to master is here just as a test. Please better use gnupg 2.3 (stable) instead of 2.2 (LTS) because it is unlikely that we will backport all this new ssh stuff.

Apr 14 2022, 12:36 PM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
amalon created T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Apr 14 2022, 9:17 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Mar 30 2022

gniibe requested review of D550: gnupg: No writing passphrase as a file.
Mar 30 2022, 8:48 AM · gpgagent