Probably, PIPE_REJECT_REMOTE_CLIENTS mode and lpSecurityAttributes=NULL is OK.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Aug 23 2022
Aug 19 2022
Aug 11 2022
While playing with your scripts I figured that it would be useful to enhance the KEYINFO command. With
rG989eae648c8f3d2196517e8fc9cce247b21f9629 we could now
Aug 4 2022
Please reopen my issue. This is a serious issue that we encounter and do not have any explication.
Hi!
No, it's not waiting for the password. This was a 2 times error happening on our server.
We already provided the password but it was hung. We entered different things but it won't make anything.
I can tell you it doesn't wait for anything because we tested the same command on 2 different machines. On one machine it was hung, on another it worked.
gpg was waiting for the passphrase for the signing key to be provided via stdin.
Aug 1 2022
Jul 29 2022
Jul 28 2022
Probably, PIPE_REJECT_REMOTE_CLIENTS mode and lpSecurityAttributes=NULL is OK.
Here is the parser output:
$ python3 sd.py --type=pipe "D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)" D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU) Discretionary ACL: P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU) Flags: P: SE_DACL_PROTECTED (Blocks inheritance of parent's ACEs)
I think that the last argument of CreateNamedPipeA can limit the access to the named pipe.
Here is a patch to implement the functionality with --enable-win32-openssh-support.
Jul 26 2022
Jul 18 2022
It's in 2.3.7 and 2.2.36.
Jul 12 2022
It's in 2.3.7.
Changed the tags and the title.
It's in 2.3.7.
It's in 2.3.7.
It's in 2.3.7.
It's in 2.3.7.
Jul 7 2022
Jun 28 2022
We removed assuming "OPENPGP.3" means for ssh.
Having "Use-for-ssh" flag now, experience shows that including OpenPGP.3 keys by default is not convenient.
Jun 23 2022
ACK. P[ease add it also to 2.2.
Even if it is only a single case (of old version of Wine), I think that it is worth to add es_fflush when writing to file.
What about rejected changes to "Key:"?
Jun 22 2022
What about rejected changes to "Key:"? Other this command would make it too easy to mess up the actual private key.
Jun 21 2022
Looking illumos-gate, Solaris variants have no issues.
Wine 5.0.3 (on Debian bullseye) fails.
Wine 6.0.3 Debian testing does no failure.
I created minimized test:
Jun 20 2022
iirc, we use ftruncate for ages now. The problem with the name ftruncate is that it looks to similar to the stdio functions. But sure, things should be flushed first.
Jun 9 2022
Jun 8 2022
Now, it also supports a reader with pinpad.
Jun 6 2022
Jun 2 2022
Jun 1 2022
May 27 2022
Default is "yes". When Prompt: no is specified, it doesn't ask but fails.
The behavior has been changed by T5996, to ask card insertion for the consistency of the semantics of configuration.
May 26 2022
With the change for T5996 applied, the semantics is clear. "Use-for-ssh" flag is a key not for "OpenPGP.3", but other keys (not only OpenPGP.[12], but also for normal keys.)
May 23 2022
The order to solve:
This is an experimental patch to support "Use-for-ssh":
May 20 2022
cmd_keyinfo should be also updated to access the field correctly.
Also, it is better for a user, not to be asked confirmation (even if "Confirm:" is specified), that is, skipping the confirmation, when it is going to prompt the insertion of a card.
May 13 2022
May 12 2022
Editing a formatted password should work now as expected.
Its an issue of cursor position. If one either deletes or inputs a a character anywhere in the password string, the cursor always jumps to the end of the string.
May 11 2022
May 3 2022
Nitrokey Start uses Gnuk as its firmware. You need to upgrade its firmware to version 1.2.16 or newer.
Please note that when upgrading the firmware, your keys will be removed.
May 2 2022
Its a nitrokey start. I gave it another spin just to make sure, and again when updating to openssh 9.0 and "gpg (GnuPG) 2.3.6-unknown", it fails (again with careful gpgconf --kill gpg-agent etc. Double checked the downloaded source code by arch's makepkg, appears to have that patch applied. Also tried adding -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com to the ssh command, which didn't help.
Please describe what token is used. For my use cases with rGe8fb8e2b3e66: scd: Don't inhibit SSH authentication for larger data if it can., both of Gnuk (>= 1.2.16) and Yubikey (>= 5) work well.
Apr 29 2022
this looks similar to https://dev.gnupg.org/T5935 and https://bugs.debian.org/1008573
Apr 28 2022
FWIW, your comments about the autostart script do not match with the running processes. Obviously, the autostart script starts gpg-agent with different command line options than the running process. My conclusion is that the autostart script isn't used. Or maybe it is started, but gpg-agent immediately terminates because it notices that another instance is already running.
If you add an autostart script then you may have to add a corresponding shutdown script as well, e.g. a script running gpgconf --kill all. You cannot expect that daemons, that you start via an autostart script, magically know when they should terminate.
FYI, I built 2.3.6 using a modified archlinux PKGBUILD (& disabling patches to avoid conflicts), then did:
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
but ssh still fails as before