Page MenuHome GnuPG
Feed Advanced Search

Jul 29 2022

werner edited projects for T5119: TOFU messages are not completely and correctly localized to German, added: gnupg (gpg23); removed gnupg (gpg22).

It is unlikely that the tofu stuff will get into widespread use in the 2.2 version - if at all.

Jul 29 2022, 4:23 PM · gnupg24, gnupg (gpg23), i18n, Bug Report
bernhard added a comment to T5947: Release GnuPG 2.3.7.

As 2.3.7 was released on the 11th of July, see https://lists.gnupg.org/pipermail/gnupg-announce/2022q3/000474.html
I guess that this issue should be closed and some issues moved to one with 2.3.8.

Jul 29 2022, 2:55 PM · CVE, Release Info, gnupg (gpg23)

Jul 28 2022

gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Probably, PIPE_REJECT_REMOTE_CLIENTS mode and lpSecurityAttributes=NULL is OK.

Jul 28 2022, 9:00 AM · Not A Bug, workaround, gnupg24, Windows, ssh
gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Here is the parser output:

$ python3 sd.py --type=pipe "D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)"
D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)
    Discretionary ACL: P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)
        Flags: P: SE_DACL_PROTECTED (Blocks inheritance of parent's ACEs)
Jul 28 2022, 8:39 AM · Not A Bug, workaround, gnupg24, Windows, ssh
gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I think that the last argument of CreateNamedPipeA can limit the access to the named pipe.

Jul 28 2022, 8:20 AM · Not A Bug, workaround, gnupg24, Windows, ssh
gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Here is a patch to implement the functionality with --enable-win32-openssh-support.

Jul 28 2022, 6:30 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Jul 27 2022

werner changed the status of T5936: gpg: Support specifiying user ID to revoke as UID hash for --quick-revoke-uid from Open to Testing.

Backported for for 2.2.37

Jul 27 2022, 4:37 PM · gnupg (gpg23), Restricted Project, Feature Request
gniibe added a comment to T6070: Yubikey 5C 'not available: card error' regression.

I just confirmed that firmware 5.4.3 works fine with the changes (to be 2.2.37 and 2.3.8).

Jul 27 2022, 7:58 AM · gnupg (gpg23), scd, Bug Report

Jul 26 2022

werner added a project to T6052: gnupg2 tpm2d tests do not work: Tests.
Jul 26 2022, 9:15 PM · gnupg24 (gnupg-2.4.4), Tests, TPM, Bug Report
werner added a project to T6052: gnupg2 tpm2d tests do not work: TPM.
Jul 26 2022, 9:14 PM · gnupg24 (gnupg-2.4.4), Tests, TPM, Bug Report
werner closed T6052: gnupg2 tpm2d tests do not work as Resolved.
Jul 26 2022, 9:12 PM · gnupg24 (gnupg-2.4.4), Tests, TPM, Bug Report
werner claimed T6052: gnupg2 tpm2d tests do not work.
Jul 26 2022, 9:12 PM · gnupg24 (gnupg-2.4.4), Tests, TPM, Bug Report
werner added a project to T5936: gpg: Support specifiying user ID to revoke as UID hash for --quick-revoke-uid: backport.
Jul 26 2022, 7:44 PM · gnupg (gpg23), Restricted Project, Feature Request
werner updated the task description for T5947: Release GnuPG 2.3.7.
Jul 26 2022, 7:40 PM · CVE, Release Info, gnupg (gpg23)
werner triaged T6106: Release GnuPG 2.3.8 as Normal priority.
Jul 26 2022, 7:37 PM · Release Info, gnupg (gpg23)
werner closed T5937: Release GnuPG 2.3.6 as Resolved.
Jul 26 2022, 7:34 PM · Release Info, gnupg (gpg23)

Jul 18 2022

kmhuntly closed T6074: gpg v2.3.6 doesnt work with ssh as Resolved.

as of 2.3.7 (which I just updated to) this works. ticket can be closed

Jul 18 2022, 12:48 PM · Info Needed, gnupg (gpg23), ssh, Bug Report
gniibe added projects to T6074: gpg v2.3.6 doesnt work with ssh: ssh, gnupg (gpg23), Info Needed.

Please give us more information.

  • Do you change SSH program?
  • Do you mean, reinstalling gpg 2.3.4 fixes your issue?
  • Are you using with smartcard/token? Which one (Yubikey/Zeitcontrol/Gnuk), if it's the case?
Jul 18 2022, 10:31 AM · Info Needed, gnupg (gpg23), ssh, Bug Report

Jul 15 2022

gniibe merged T6082: Failed to decrypt with YubiKey on m1 mac into T6070: Yubikey 5C 'not available: card error' regression.
Jul 15 2022, 2:50 AM · gnupg (gpg23), scd, Bug Report
gniibe added a comment to T6070: Yubikey 5C 'not available: card error' regression.

Does Yubico furnish you with devices for test...

Jul 15 2022, 2:06 AM · gnupg (gpg23), scd, Bug Report

Jul 14 2022

OJFord added a comment to T6070: Yubikey 5C 'not available: card error' regression.

Thanks @gniibe. Does Yubico furnish you with devices for test, or did you have to order that at your own/the project's expense?

Jul 14 2022, 1:19 PM · gnupg (gpg23), scd, Bug Report
ikloecker merged T6077: gpg 2.3.6 and 2.3.7 don't seem to work with Yubikey anymore into T6070: Yubikey 5C 'not available: card error' regression.
Jul 14 2022, 9:07 AM · gnupg (gpg23), scd, Bug Report
gniibe added projects to T6070: Yubikey 5C 'not available: card error' regression: Restricted Project, scd, gnupg (gpg23), backport.
Jul 14 2022, 9:05 AM · gnupg (gpg23), scd, Bug Report

Jul 12 2022

gniibe closed T5331: Possibly incompatible Ed25519 signature between other implementations and 2.3-bata as Resolved.
Jul 12 2022, 9:14 AM · gnupg (gpg23), Bug Report
gniibe added a project to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com: backport.

I'm going to backport this to 2.2, as it found useful.

Jul 12 2022, 9:09 AM · workaround, gnupg (gpg23), ssh, Bug Report, scd
gniibe closed T5921: No sharing of log_fd between child process as Resolved.

It's in 2.3.7.

Jul 12 2022, 3:27 AM · Bug Report, gnupg (gpg23)
gniibe renamed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token to OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Jul 12 2022, 3:26 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe edited projects for T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required), added: Documentation; removed Restricted Project.

Changed the tags and the title.

Jul 12 2022, 3:26 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe closed T5948: Flaky test (<keyboxd>tests/openpgp/use-exact-key.scm) failure with gnupg 2.3.5, 2.3.6 as Resolved.

Fixed in 2.3.7.

Jul 12 2022, 3:23 AM · gnupg (gpg23), Bug Report
gniibe closed T6019: Parsing AEAD preference string parsing causes reads uninitialized memory as Resolved.

Fixed in 2.3.7.

Jul 12 2022, 3:10 AM · patch, gnupg (gpg23), Bug Report

Jul 10 2022

ikloecker added a comment to T6047: Dirmngr - LDAP Schema V2 not used when Base DN is specified.

Due to vacation the review may take some time.

Jul 10 2022, 12:00 PM · LDAP, dirmngr, gnupg (gpg23), Feature Request

Jul 8 2022

joeyberkovitz added a comment to T6047: Dirmngr - LDAP Schema V2 not used when Base DN is specified.

Any chance someone is able to review the posted patch?

Jul 8 2022, 4:54 PM · LDAP, dirmngr, gnupg (gpg23), Feature Request

Jul 5 2022

gniibe added a comment to T6047: Dirmngr - LDAP Schema V2 not used when Base DN is specified.

Let me know how best to submit it

Jul 5 2022, 4:36 AM · LDAP, dirmngr, gnupg (gpg23), Feature Request
joeyberkovitz added a comment to T6047: Dirmngr - LDAP Schema V2 not used when Base DN is specified.

I tried to submit the below patch to gnupg-devel@lists.gnupg.org, but get an Unrouteable address error. Let me know how best to submit it

Jul 5 2022, 3:27 AM · LDAP, dirmngr, gnupg (gpg23), Feature Request

Jul 4 2022

Jakuje created T6052: gnupg2 tpm2d tests do not work.
Jul 4 2022, 10:39 AM · gnupg24 (gnupg-2.4.4), Tests, TPM, Bug Report

Jun 29 2022

werner triaged T6047: Dirmngr - LDAP Schema V2 not used when Base DN is specified as Normal priority.

The first ideas sounds best to me. Patches please to the mailing list.

Jun 29 2022, 5:16 PM · LDAP, dirmngr, gnupg (gpg23), Feature Request

Jun 28 2022

neverpanic added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

FIPS 140-3 (https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-standards) points to SP 800-140Dr1 (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140Dr1.pdf) to list acceptable "Security Parameter Generation and Establishment Methods". From this document, RFC 5869 (i.e., HKDF with the counter at the end) can be reached via two paths:

Jun 28 2022, 12:31 PM · gnupg26, FIPS, Feature Request

Jun 24 2022

Saklad5 updated the task description for T6040: Allow embedding preferred keyserver URL in signatures.
Jun 24 2022, 4:07 PM · gnupg24, Feature Request, Keyserver
Saklad5 updated the task description for T6020: Make %-expandos available for --default-keyserver-url.
Jun 24 2022, 4:01 PM · gnupg24, Feature Request, Keyserver
Saklad5 added a comment to T6040: Allow embedding preferred keyserver URL in signatures.

I suppose you're right, we might have crossed that bridge a while ago. Simple availability of certificate- or even signature-specific keyserver URIs just make the risks of honor-keyserver-url more obvious than before.

Jun 24 2022, 3:32 PM · gnupg24, Feature Request, Keyserver
Valodim added a comment to T6040: Allow embedding preferred keyserver URL in signatures.

I suppose you're right, we might have crossed that bridge a while ago. Simple availability of certificate- or even signature-specific keyserver URIs just make the risks of honor-keyserver-url more obvious than before.

Jun 24 2022, 2:16 PM · gnupg24, Feature Request, Keyserver
ikloecker added a comment to T6040: Allow embedding preferred keyserver URL in signatures.

This is a reasonable feature, however it should be noted that this implies a fairly large metadata leak: You are essentially adding a URI to signatures that will be pinged on signature verification.

Jun 24 2022, 1:57 PM · gnupg24, Feature Request, Keyserver
Valodim added a comment to T6040: Allow embedding preferred keyserver URL in signatures.

This is a reasonable feature, however it should be noted that this implies a fairly large metadata leak: You are essentially adding a URI to signatures that will be pinged on signature verification.

Jun 24 2022, 12:31 PM · gnupg24, Feature Request, Keyserver
Saklad5 updated the task description for T6040: Allow embedding preferred keyserver URL in signatures.
Jun 24 2022, 1:38 AM · gnupg24, Feature Request, Keyserver
Saklad5 added a comment to T6040: Allow embedding preferred keyserver URL in signatures.

I don't see why this is a child task of T6020: the features are similar, but they don't actually impact each other in any way.

Jun 24 2022, 1:38 AM · gnupg24, Feature Request, Keyserver
Saklad5 renamed T6040: Allow embedding preferred keyserver URL in signatures from Allow embedding default keyserver URL in signatures to Allow embedding preferred keyserver URL in signatures.
Jun 24 2022, 1:37 AM · gnupg24, Feature Request, Keyserver

Jun 23 2022

werner triaged T6020: Make %-expandos available for --default-keyserver-url as Normal priority.
Jun 23 2022, 10:48 AM · gnupg24, Feature Request, Keyserver
werner added a parent task for T6040: Allow embedding preferred keyserver URL in signatures: T6020: Make %-expandos available for --default-keyserver-url.
Jun 23 2022, 10:47 AM · gnupg24, Feature Request, Keyserver
werner triaged T6040: Allow embedding preferred keyserver URL in signatures as Normal priority.
Jun 23 2022, 10:46 AM · gnupg24, Feature Request, Keyserver

Jun 22 2022

gniibe added a project to T5921: No sharing of log_fd between child process: Restricted Project.
Jun 22 2022, 6:37 AM · Bug Report, gnupg (gpg23)

Jun 16 2022

gniibe added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

I pushed the change needed for GnuPG to t5964 branch.
See: https://dev.gnupg.org/rGc281bd94349e4f7997a89927aaa2c2f45004b902

Jun 16 2022, 8:47 AM · gnupg26, FIPS, Feature Request
gniibe added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

Added HKDF implementation to master.

Jun 16 2022, 8:18 AM · gnupg26, FIPS, Feature Request

Jun 14 2022

werner closed T6027: Revisit write_status_text_and buffer as Resolved.
Jun 14 2022, 11:42 AM · Bug Report, gnupg (gpg23)
werner added a comment to T6027: Revisit write_status_text_and buffer.

Here is a test signature with long notation data. During verification gpg faults when emitting the NOTATION_DATA lines.

Jun 14 2022, 11:31 AM · Bug Report, gnupg (gpg23)
gniibe added a project to T6019: Parsing AEAD preference string parsing causes reads uninitialized memory: Restricted Project.

Thank you. Applied.

Jun 14 2022, 8:39 AM · patch, gnupg (gpg23), Bug Report

Jun 13 2022

werner triaged T6027: Revisit write_status_text_and buffer as High priority.
Jun 13 2022, 12:35 PM · Bug Report, gnupg (gpg23)
gniibe claimed T6019: Parsing AEAD preference string parsing causes reads uninitialized memory.
Jun 13 2022, 10:24 AM · patch, gnupg (gpg23), Bug Report

Jun 9 2022

ikloecker added a comment to T6023: Check how GnuPG handles several keys from WKD.

gpg tries to find the "best" key using get_best_pubkey_byname (https://dev.gnupg.org/source/gnupg/browse/master/g10/getkey.c$1507), but the applied rules are not clearly documented in one place.

Jun 9 2022, 11:23 AM · gnupg24, g10, common, Documentation, wkd
werner triaged T6023: Check how GnuPG handles several keys from WKD as High priority.
Jun 9 2022, 10:37 AM · gnupg24, g10, common, Documentation, wkd
gniibe added a comment to T5804: Using empty passphrase key pair, gpg2.3.4 fails to decrypt with error "No passphrase given" on a gpg1.4/2.0 keyring format even though the secret keys migration was successful .

Because it's the library which refuses null passphrase as input, only possible options are either:

Jun 9 2022, 7:50 AM · gnupg24, Bug Report

Jun 7 2022

Jakuje created T6019: Parsing AEAD preference string parsing causes reads uninitialized memory.
Jun 7 2022, 11:58 AM · patch, gnupg (gpg23), Bug Report
gniibe added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

I can only find this one: https://github.com/patrickfav/singlestep-kdf/wiki/NIST-SP-800-56C-Rev1:-Non-Official-Test-Vectors

Jun 7 2022, 8:51 AM · gnupg26, FIPS, Feature Request

Jun 2 2022

kuwv added a comment to T4537: gpgsm support for timestamp signatures.

nice, that's great news! I'll have to try it out when I get a chance.

Jun 2 2022, 7:37 PM · gnupg26, S/MIME, Feature Request
werner added a comment to T4537: gpgsm support for timestamp signatures.

Funnily I created a file dirmngr/rfc3161.c last Sunday. I can't tell how long it will take but I am definitely interested in using GnuPG to create qualified signatures. Timestamp support is at least good for testing.

Jun 2 2022, 8:00 AM · gnupg26, S/MIME, Feature Request

Jun 1 2022

kuwv updated subscribers of T4537: gpgsm support for timestamp signatures.

@werner There's renewed interest with protecting supply chains. GnuPG is used by a lot of open source systems. Is it possible to bump the priority on this?

Jun 1 2022, 7:48 PM · gnupg26, S/MIME, Feature Request
gniibe claimed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Jun 1 2022, 5:09 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

May 31 2022

gniibe added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

I learned that it's now called "OneStep KDF" in SP 800-56Cr2.
It's "SSKDF" in OpenSSL (Single Step KDF, perhaps).

May 31 2022, 8:17 AM · gnupg26, FIPS, Feature Request

May 29 2022

werner added a project to T5219: scd: Generating CSR for SigG NetKey card key fails: eIDAS.
May 29 2022, 3:54 PM · gnupg24, eIDAS, gnupg (gpg23), scd
werner raised the priority of T5219: scd: Generating CSR for SigG NetKey card key fails from Low to Normal.

Related problem exists with the modern ESIGN application. I think I fixed that but the whole Telesec eIDAS QES case needs more work.

May 29 2022, 3:51 PM · gnupg24, eIDAS, gnupg (gpg23), scd

May 27 2022

ikloecker closed D552: gpg: Support specifiying user ID to revoke as UID hash for --quick-revoke-uid.

The changes have been applied with Werner's suggested improvement with revision rG35b17550706c: gpg: Look up user ID to revoke by UID hash

May 27 2022, 9:23 PM · gnupg (gpg23)

May 23 2022

engel97 added a comment to T5804: Using empty passphrase key pair, gpg2.3.4 fails to decrypt with error "No passphrase given" on a gpg1.4/2.0 keyring format even though the secret keys migration was successful .

Any progress on how the solution for this have been considered? Thanks.

May 23 2022, 10:20 PM · gnupg24, Bug Report
werner triaged T5998: Extend gpg-check-patter to return a description as Low priority.
May 23 2022, 3:02 PM · gnupg24, Feature Request, Restricted Project, gpgagent
gniibe triaged T5995: Better prompt with SETKEYDESC as Normal priority.
May 23 2022, 3:15 AM · gnupg24, ssh, gpgagent, scd

May 19 2022

gniibe added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

At first, we need to add/enhance new API for KDF in libgcrypt. Currently, the term "KDF" in libgcrypt is used with narrower focus, that is, only for password->key KDF.

May 19 2022, 3:43 AM · gnupg26, FIPS, Feature Request

May 17 2022

werner moved T5964: gnupg should use the KDFs implemented in libgcrypt from Backlog to Next on the FIPS board.
May 17 2022, 11:07 AM · gnupg26, FIPS, Feature Request
werner added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

Lets implement it for 2.3

May 17 2022, 11:06 AM · gnupg26, FIPS, Feature Request
werner assigned T5964: gnupg should use the KDFs implemented in libgcrypt to gniibe.
May 17 2022, 11:06 AM · gnupg26, FIPS, Feature Request

May 10 2022

dschulman-repay closed T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406) as Resolved.

Thank you, @gniibe. That's what I was missing: installing libsqlite3-dev made the difference.

May 10 2022, 7:02 PM · Restricted Project, gnupg (gpg23), Bug Report
gniibe added a project to T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406): Restricted Project.

Pushed the fix.

May 10 2022, 4:52 AM · Restricted Project, gnupg (gpg23), Bug Report
gniibe claimed T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406).
May 10 2022, 2:50 AM · Restricted Project, gnupg (gpg23), Bug Report
gniibe added a comment to T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406).

You need to install a package like sqlite-devel or libsqlite3-dev, so that you can have development header files and library (sqlite3*.h and libsqite3.so) and pkgconfig file (pkgconfig/sqlite3.pc).

May 10 2022, 2:49 AM · Restricted Project, gnupg (gpg23), Bug Report
dschulman-repay added a comment to T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406).

Yes, I saw that in the logs and installed those packages. Now I have sqlite and sqlite3 in /usr/bin, but that doesn't seem to have changed anything.

May 10 2022, 2:21 AM · Restricted Project, gnupg (gpg23), Bug Report
gniibe added a comment to T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406).

the link's target doesn't exist

May 10 2022, 1:47 AM · Restricted Project, gnupg (gpg23), Bug Report

May 9 2022

dschulman-repay added a comment to T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406).

Yes, of course I did that. The error output I included followed the sequence

May 9 2022, 6:27 PM · Restricted Project, gnupg (gpg23), Bug Report
gniibe added a comment to T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406).

Please do make at first before invoking make check. It creates symbolic links for executables.

May 9 2022, 9:09 AM · Restricted Project, gnupg (gpg23), Bug Report
werner added a project to T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406): gnupg (gpg23).
May 9 2022, 7:18 AM · Restricted Project, gnupg (gpg23), Bug Report

May 6 2022

gniibe closed T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1 as Resolved.
May 6 2022, 2:16 AM · FIPS, gnupg (gpg23), Bug Report

May 5 2022

werner triaged T5964: gnupg should use the KDFs implemented in libgcrypt as Normal priority.

When we implemented this first, Libgcrypt had no appropriate KDF support. I recall that I considered to change this but it turned out the for 2.2 the changes are too large. For 2.3 we will consider such a change.

May 5 2022, 8:40 AM · gnupg26, FIPS, Feature Request

May 3 2022

gniibe moved T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1 from Next to Ready for release on the FIPS board.
May 3 2022, 10:58 AM · FIPS, gnupg (gpg23), Bug Report
gniibe removed a project from T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1: Restricted Project.
May 3 2022, 10:57 AM · FIPS, gnupg (gpg23), Bug Report
gniibe added a comment to T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1.

Fixed in GnuPG 2.3.5.

May 3 2022, 10:57 AM · FIPS, gnupg (gpg23), Bug Report
gniibe added a project to T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1: Restricted Project.
May 3 2022, 10:48 AM · FIPS, gnupg (gpg23), Bug Report
gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Nitrokey Start uses Gnuk as its firmware. You need to upgrade its firmware to version 1.2.16 or newer.
Please note that when upgrading the firmware, your keys will be removed.

May 3 2022, 10:43 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

May 2 2022

amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Its a nitrokey start. I gave it another spin just to make sure, and again when updating to openssh 9.0 and "gpg (GnuPG) 2.3.6-unknown", it fails (again with careful gpgconf --kill gpg-agent etc. Double checked the downloaded source code by arch's makepkg, appears to have that patch applied. Also tried adding -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com to the ssh command, which didn't help.

May 2 2022, 10:36 PM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
werner added a project to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com: workaround.
May 2 2022, 10:19 AM · workaround, gnupg (gpg23), ssh, Bug Report, scd
gniibe added a comment to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com.
KexAlgorithms -sntrup761x25519-sha512@openssh.com
May 2 2022, 10:17 AM · workaround, gnupg (gpg23), ssh, Bug Report, scd
gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Please describe what token is used. For my use cases with rGe8fb8e2b3e66: scd: Don't inhibit SSH authentication for larger data if it can., both of Gnuk (>= 1.2.16) and Yubikey (>= 5) work well.

May 2 2022, 1:53 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Apr 29 2022

dkg added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

this looks similar to https://dev.gnupg.org/T5935 and https://bugs.debian.org/1008573

Apr 29 2022, 6:24 PM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
dschulman-repay added a comment to T5406: gnupg-2.3.1: 'make check' on all tests tries to use installed 'keyboxd'.

I'm seeing something just like this when attempting to install gnupg-2.3.6 on Ubuntu 22.04 LTS (running under WSL 2, if it matters).

Apr 29 2022, 3:58 AM · gnupg (gpg23), Bug Report

Apr 28 2022

amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

FYI, I built 2.3.6 using a modified archlinux PKGBUILD (& disabling patches to avoid conflicts), then did:
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
but ssh still fails as before

Apr 28 2022, 9:16 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent