Page MenuHome GnuPG
Feed Advanced Search

Jan 23 2024

werner committed rW7e51af9073c6: Add another gnupg snapshopt and bump version to 4.3.0 (authored by werner).
Add another gnupg snapshopt and bump version to 4.3.0
Jan 23 2024, 9:46 AM
werner committed rGb7c15948610b: speedo: Minor fix to the install target (authored by werner).
speedo: Minor fix to the install target
Jan 23 2024, 9:03 AM

Jan 22 2024

werner changed the status of T6944: The default card key generation keeps an unprotected backup of the encryption key on disk, a subtask of T6943: Add tool to detect and clean unsolicited copies of smartcard keys, from Open to Testing.
Jan 22 2024, 4:53 PM · gnupg24 (gnupg-2.4.4), Feature Request
werner changed the status of T6944: The default card key generation keeps an unprotected backup of the encryption key on disk from Open to Testing.
Jan 22 2024, 4:53 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner changed the status of T6943: Add tool to detect and clean unsolicited copies of smartcard keys from Open to Testing.
Jan 22 2024, 4:52 PM · gnupg24 (gnupg-2.4.4), Feature Request
werner committed rGead2982286f8: gpg: Use ephemeral mode for generating card keys. (authored by werner).
gpg: Use ephemeral mode for generating card keys.
Jan 22 2024, 4:52 PM
werner committed rG434a641d40cb: agent: Add "ephemeral" Assuan option. (authored by werner).
agent: Add "ephemeral" Assuan option.
Jan 22 2024, 4:52 PM
werner assigned T6948: unnamed semaphores leak on AIX to gniibe.
Jan 22 2024, 12:07 PM · Bug Report, AIX, npth
werner triaged T6954: Add wipememory function to gpgrt as Normal priority.
Jan 22 2024, 11:04 AM · gnupg26, gpgrt, Feature Request
werner committed rG18320d692cfd: doc: Fix description of gpg --unwrap (authored by werner).
doc: Fix description of gpg --unwrap
Jan 22 2024, 10:33 AM
werner committed rGee56f71c8a68: gpg: Add a communication object to the key generation code. (authored by werner).
gpg: Add a communication object to the key generation code.
Jan 22 2024, 10:33 AM
werner committed rGadeb17e37588: card: New subcommand "checkkeys". (authored by werner).
card: New subcommand "checkkeys".
Jan 22 2024, 10:33 AM
werner committed rGc8060a8f23a7: doc: Document Backup-info in keyformat.txt (authored by werner).
doc: Document Backup-info in keyformat.txt
Jan 22 2024, 10:33 AM

Jan 20 2024

werner closed T6949: Kleopatra & GnuPG - higher key sizes made available as Wontfix.

Sorry, we won't do that. Please search on the Net for reasons why this is not a good idea. In any case you better move to Ed25519 or - if you really feel like this - to X448. The GnuPG FAQ als gives a rationale why larger keys are not useful.

Jan 20 2024, 8:43 PM · Feature Request
werner added projects to T6948: unnamed semaphores leak on AIX: npth, AIX, Bug Report.
Jan 20 2024, 8:41 PM · Bug Report, AIX, npth

Jan 19 2024

werner set External Link to https://forum.gnupg.org/t/privater-schlussel-von-smart-card-in-kleopatra-gespeichert/3858 on T6944: The default card key generation keeps an unprotected backup of the encryption key on disk.
Jan 19 2024, 12:38 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner triaged T6946: gpgv: Help automatic reject too short keys as Normal priority.

I noticed the Debian bug and was about to answer but a feature request is also a good thing.

Jan 19 2024, 12:27 PM · gnupg24 (gnupg-2.4.5), Feature Request, gpgv
werner added a comment to T6708: Allow to inhibit the use of a default PGP keyserver.

I would also suggest that we show the git last git commit in Kleo's About dialog. That makes it far easier to see what we are testing. The Kleo version numbers are a bit arbitrary.

Jan 19 2024, 9:03 AM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request
werner added a comment to T6708: Allow to inhibit the use of a default PGP keyserver.

Sorry, it was my fault building the test installer.

Jan 19 2024, 9:01 AM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request

Jan 18 2024

werner added a comment to T6944: The default card key generation keeps an unprotected backup of the encryption key on disk.

We tested with Kleopatra:

  • Only gpg4win 4.2 is affected (the current version) but 4.1 is not affected.
  • No vsd version is affected.
Jan 18 2024, 8:35 AM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner added a comment to T6944: The default card key generation keeps an unprotected backup of the encryption key on disk.

FWIW, I am already working on this.

Jan 18 2024, 8:31 AM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report

Jan 17 2024

werner added a comment to T6637: PQC for Libgcrypt.

Regading Kyber in GnuPG, there are a couple of open questions. For example whether the implicit lengths used for the key parameters match well with the overall protocol structure. Thus, as soon as we have finished the Libgcrypt part we will address this and implement it in some way. Before we do this we have to do a couple of changes to GnuPG required for FIPS compliance.

Jan 17 2024, 4:17 PM · PQC, libgcrypt
werner triaged T6944: The default card key generation keeps an unprotected backup of the encryption key on disk as High priority.
Jan 17 2024, 4:07 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner added a comment to T6943: Add tool to detect and clean unsolicited copies of smartcard keys.

Example output:

Jan 17 2024, 3:13 PM · gnupg24 (gnupg-2.4.4), Feature Request
werner triaged T6943: Add tool to detect and clean unsolicited copies of smartcard keys as High priority.
Jan 17 2024, 3:10 PM · gnupg24 (gnupg-2.4.4), Feature Request

Jan 16 2024

werner changed the status of T6942: Differing fingerprint length with curve 448 from Open to Testing.
Jan 16 2024, 3:14 PM · gnupg24 (gnupg-2.4.4), Bug Report
werner committed rG5402e6fb936d: gpg: For v5 key generation for X448 also in parm file mode. (authored by werner).
gpg: For v5 key generation for X448 also in parm file mode.
Jan 16 2024, 3:12 PM
werner committed rG1a2c8267f54b: gpg: When using a parm file w/o usage don't set the RENC usage. (authored by werner).
gpg: When using a parm file w/o usage don't set the RENC usage.
Jan 16 2024, 3:12 PM
werner lowered the priority of T6942: Differing fingerprint length with curve 448 from Unbreak Now! to Normal.

Tested with 2.4.4 beta and the problem shows only up with the parameter file but not when using --expert-full-gen-key or --quick-gen-key. The problem seems to be that the v5 flag is not enforced when using the parameter file. Thus the key is created as v4 key despite that we want to use v5 for the new x448 keys. It is not a severe bug becuase the key will work anyway using software supporting X448. Will of course be fixed for 2.4.4.

Jan 16 2024, 11:13 AM · gnupg24 (gnupg-2.4.4), Bug Report
werner moved T6654: gpgsm: p12 passphrase visible in debug output from WiP to QA on the gnupg24 board.
Jan 16 2024, 10:49 AM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), vsd32 (vsd-3.2.0), S/MIME, Restricted Project
werner moved T4704: Wrong error message when key is expired from WiP to QA on the gnupg24 board.
Jan 16 2024, 10:49 AM · gnupg24 (gnupg-2.4.4), UI, Bug Report
werner moved T6710: Improve Speedo for Linux to set DT_RUNPATH. from WiP to QA on the gnupg24 board.
Jan 16 2024, 10:49 AM · gnupg24 (gnupg-2.4.4), Feature Request
werner triaged T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN" as Normal priority.

Interesting. I need to look closer at it. I scheduled it for 2.4 but it won't be in the forthcoming 2.4.4. There are still other interesting things on the short list (e.g. timestamping support) but we may do that only in 2.6.

Jan 16 2024, 10:47 AM · gnupg26, S/MIME, Feature Request
werner added a comment to T6737: libgpg-error: String filter should *NOT* be called with non-nul-terminated string.

Alright.

Jan 16 2024, 10:42 AM · gpgrt, Bug Report
werner triaged T6940: gpgsm: .p12 AES-256-CBC support as Normal priority.

Thanks for the report. It comes right in time for the next release. It might already be fixed due to a lot of changes in the pkcs#12 parser.

Jan 16 2024, 10:39 AM · gnupg24 (gnupg-2.4.4), Feature Request
werner claimed T6942: Differing fingerprint length with curve 448.

Thanks for the report. This is the fun with different code pathes. Obviously the v5 fingerprint needs to be used for the pre-made revocation.

Jan 16 2024, 10:35 AM · gnupg24 (gnupg-2.4.4), Bug Report

Jan 15 2024

werner added a reviewer for D545: build: Python without distutils: ikloecker.

Ingo, what do you think?

Jan 15 2024, 5:26 PM
werner committed rGdaedb3c96549: doc: Describe the ssh-agent protocol options for Windows. (authored by werner).
doc: Describe the ssh-agent protocol options for Windows.
Jan 15 2024, 5:21 PM
werner triaged T6873: v2.4 unnecessarily prompts on multi-key encryption despite 1st key being unlocked as Normal priority.
Jan 15 2024, 1:58 PM · Feature Request, gnupg24, Bug Report
werner added projects to T6873: v2.4 unnecessarily prompts on multi-key encryption despite 1st key being unlocked: gnupg24, Feature Request.
Jan 15 2024, 1:57 PM · Feature Request, gnupg24, Bug Report
werner committed rW7f10dc63f64d: Add snapshot of gnupg 2.4.4 (authored by werner).
Add snapshot of gnupg 2.4.4
Jan 15 2024, 1:23 PM
werner committed rE521e8d4db70c: po: Update Russian translation. (authored by Ineiev <ineiev@gnu.org>).
po: Update Russian translation.
Jan 15 2024, 1:13 PM
werner committed rE5142d0d7a2a3: po: update Polish translation (authored by Jakub Bogusz <qboosh@pld-linux.org>).
po: update Polish translation
Jan 15 2024, 1:13 PM
werner changed the status of T6737: libgpg-error: String filter should *NOT* be called with non-nul-terminated string from Testing to Open.
Jan 15 2024, 12:25 PM · gpgrt, Bug Report
werner added a comment to T6737: libgpg-error: String filter should *NOT* be called with non-nul-terminated string.

Like this:

@@ -1196,10 +1196,25 @@ pr_string (estream_printf_out_t outfnc, void *outfncarg,
    future, when breaking API/ABI is OK, we can change signature of
    gpgrt_string_filter_t to have another argument for precision.  */
   int allow_non_nul_string = (arg->precision >= 0);
+  char *stringbuf = NULL;
Jan 15 2024, 12:25 PM · gpgrt, Bug Report
werner added a comment to T6737: libgpg-error: String filter should *NOT* be called with non-nul-terminated string.

We could also pass a nul terminated copy to the filter function in pr_string.

Jan 15 2024, 12:14 PM · gpgrt, Bug Report
werner committed rG4cdfc1d0d903: po: Update parts of the Polish translation (authored by Jakub Bogusz <qboosh@pld-linux.org>).
po: Update parts of the Polish translation
Jan 15 2024, 11:29 AM
werner committed rM18388f93abb0: doc: Add a deprecated warning to gpgme_op_delete. (authored by werner).
doc: Add a deprecated warning to gpgme_op_delete.
Jan 15 2024, 11:12 AM
werner committed rG0cb622d632f7: gpgsm: Allow parsing of PKCS#12 files with two private keys. (authored by werner).
gpgsm: Allow parsing of PKCS#12 files with two private keys.
Jan 15 2024, 10:25 AM
werner committed rG092154e17e88: gpgsm: Improve the status line for --verify errors. (authored by werner).
gpgsm: Improve the status line for --verify errors.
Jan 15 2024, 9:21 AM
werner committed rG3d60ad5c8c43: po: Fix indentation for key generation options (authored by hamarituc).
po: Fix indentation for key generation options
Jan 15 2024, 9:21 AM
werner committed rMb37efb11bea7: doc: Fix minor typo. (authored by werner).
doc: Fix minor typo.
Jan 15 2024, 8:56 AM

Jan 12 2024

werner committed rGb97a36f52d80: Prepare the NEWS (authored by werner).
Prepare the NEWS
Jan 12 2024, 4:53 PM
werner renamed T6929: Kleopatra: Allow revocation of RSA 2048 keys from Kleopatra: Allow revokation of RSA 2048 keys to Kleopatra: Allow revocation of RSA 2048 keys.
Jan 12 2024, 4:44 PM · kleopatra, gnupg
werner edited projects for T6902: gpgconf: the questionable value 256 for flags in gpgrt_opt_t, added: gnupg22; removed backport.
Jan 12 2024, 4:29 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4)
werner edited projects for T6843: after enable kdf-setup impossible change user/admin pin, added: gnupg22; removed backport, gnupg.
Jan 12 2024, 4:26 PM · gnupg22 (gnupg-2.2.43), scd, yubikey
werner moved T5768: Dirmngr: Use windows proxy settings if system proxy settings should be used from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Jan 12 2024, 3:52 PM · Feature Request, gnupg, Restricted Project
werner closed T5768: Dirmngr: Use windows proxy settings if system proxy settings should be used as Resolved.
Jan 12 2024, 3:52 PM · Feature Request, gnupg, Restricted Project
werner closed T5252: bad expiration value when using --batch Creation-Date/Expire-Date as Resolved.
Jan 12 2024, 3:36 PM · gnupg, Bug Report
werner moved T6719: Support Proxy-Authorization: Negotiate on Windows from Backlog to WiP on the gnupg24 board.
Jan 12 2024, 3:27 PM · Active Directory, test on hold, gpd5x, gnupg24, gnupg22, Feature Request
werner changed the status of T6710: Improve Speedo for Linux to set DT_RUNPATH. from Open to Testing.

Now you can untar and run

Jan 12 2024, 1:55 PM · gnupg24 (gnupg-2.4.4), Feature Request
werner committed rG3f12e3dacbe6: speedo: Add install target for Unix. (authored by werner).
speedo: Add install target for Unix.
Jan 12 2024, 1:51 PM
werner committed rG5a6df94a9a4b: speedo: Patch ELF binaries to use built libraries (authored by werner).
speedo: Patch ELF binaries to use built libraries
Jan 12 2024, 10:54 AM
werner committed rTe9e743150c23: Post release updates (authored by werner).
Post release updates
Jan 12 2024, 9:43 AM
werner committed rT2c38007bc4a5: Release 0.3.2 (authored by werner).
Release 0.3.2
Jan 12 2024, 9:43 AM
werner committed rT93ed93fc1256: Add release and sign-release targets. (authored by werner).
Add release and sign-release targets.
Jan 12 2024, 9:43 AM
werner committed rDf7f3d4d7a416: swdb: ntbtls 0.3.2 (authored by werner).
swdb: ntbtls 0.3.2
Jan 12 2024, 8:02 AM
werner committed rD76d489c1f65c: ids: Update a Makefile (authored by werner).
ids: Update a Makefile
Jan 12 2024, 8:01 AM
werner committed rW6b85b5257788: Update ntbtls (authored by werner).
Update ntbtls
Jan 12 2024, 7:52 AM
werner closed T6925: Release ntbtls 0.3.2 as Resolved.

Noteworthy changes in version 0.3.2 (2024-01-12)

Jan 12 2024, 7:45 AM · ntbtls, Release Info

Jan 11 2024

werner triaged T6928: Kleopatra: Speed up S/MIME crypto operations for large files (on Windows) as Normal priority.
Jan 11 2024, 4:44 PM
werner moved T6710: Improve Speedo for Linux to set DT_RUNPATH. from Backlog to WiP on the gnupg24 board.
Jan 11 2024, 4:12 PM · gnupg24 (gnupg-2.4.4), Feature Request
werner added a comment to T5085: Filter APDUs in log output.

The extra option --debug-allow-pin-logging was implemented with commit rGe43bd2a7a78.

Jan 11 2024, 4:05 PM · gnupg, Feature Request, scd
werner added a project to T5590: OpenPGP: Curve 448, modernize?: rationale.
Jan 11 2024, 4:02 PM · rationale, gnupg, OpenPGP
werner created rationale.
Jan 11 2024, 4:01 PM
werner closed T5590: OpenPGP: Curve 448, modernize? as Wontfix.

Way to late for a change and also adding another algorithm (SIV) complicates things for no good purposes.

Jan 11 2024, 4:00 PM · rationale, gnupg, OpenPGP
werner committed rGbbad0a2644d1: gpg: Improve error message for expired default keys. (authored by werner).
gpg: Improve error message for expired default keys.
Jan 11 2024, 3:54 PM
werner changed the status of T4704: Wrong error message when key is expired from Open to Testing.
Jan 11 2024, 3:54 PM · gnupg24 (gnupg-2.4.4), UI, Bug Report
werner removed a project from T4704: Wrong error message when key is expired: gnupg (gpg23).
Jan 11 2024, 3:38 PM · gnupg24 (gnupg-2.4.4), UI, Bug Report
werner moved T6578: Release GnuPG 2.4.4 from Backlog to WiP on the gnupg24 board.
Jan 11 2024, 3:35 PM · gnupg24 (gnupg-2.4.4), Release Info
werner closed T6838: keyboxd hangs on stale locks after changing hostname as Resolved.

Tested this some time ago.

Jan 11 2024, 3:31 PM · gnupg24 (gnupg-2.4.4), Bug Report
werner moved T6838: keyboxd hangs on stale locks after changing hostname from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 11 2024, 3:30 PM · gnupg24 (gnupg-2.4.4), Bug Report
werner committed rGe65720f286cc: doc: Document the gpgconf --unlock command. (authored by werner).
doc: Document the gpgconf --unlock command.
Jan 11 2024, 3:30 PM
werner moved T6838: keyboxd hangs on stale locks after changing hostname from Backlog to QA on the gnupg24 board.

Better don't remove your entire ~/.gnupg - removing the *.lock files after gpgconf -K all is sufficient.

Jan 11 2024, 3:12 PM · gnupg24 (gnupg-2.4.4), Bug Report
werner added a comment to T6927: gpgsm: Accept file names for input and output in server mode.

This either requires an updated libassuan which allows "INPUT FILE=foo" in addition to INPUT FD=n" or using custom handlers in for INPUT et al. in gpgsm. I'd prefer the former. Anoter option would be to open and close the file in ggpgme and pass the fd.

Jan 11 2024, 12:03 PM · gnupg, Restricted Project
werner changed the status of T6929: Kleopatra: Allow revocation of RSA 2048 keys from Open to Testing.

Already done with rG89c7eccba51554 which will be in the next VSD release.

Jan 11 2024, 12:00 PM · kleopatra, gnupg
werner committed rG8dfbad0c416e: gpg: Fix regression in the Revoker keyword of the parmeter file. (authored by werner).
gpg: Fix regression in the Revoker keyword of the parmeter file.
Jan 11 2024, 9:09 AM
werner triaged T6923: gpg fails to parse sensitive revokers from param files as Normal priority.
Jan 11 2024, 9:09 AM · gnupg, Bug Report
werner triaged T6924: Kleopatra: Make columns of subkey details editable as Normal priority.
Jan 11 2024, 8:58 AM · vsd33 (vsd-3.3.0), Feature Request, kleopatra, Restricted Project

Jan 10 2024

werner committed rG89c7eccba515: gpg: Allow to create revocations even with non-compliant algos. (authored by werner).
gpg: Allow to create revocations even with non-compliant algos.
Jan 10 2024, 5:21 PM
werner committed rG9938e8d3f4a3: common: Fix unused variable warning on Unix. (authored by werner).
common: Fix unused variable warning on Unix.
Jan 10 2024, 5:21 PM
werner committed rGb7f45ee6adbc: gpg: Allow to create revocations even with non-compliant algos. (authored by werner).
gpg: Allow to create revocations even with non-compliant algos.
Jan 10 2024, 5:18 PM
werner committed rG275ced5067da: scd:p15: Allow signing for CVISION cards (authored by werner).
scd:p15: Allow signing for CVISION cards
Jan 10 2024, 2:37 PM
werner triaged T6926: No tray icon for Kleopatra in dark mode on Windows. as Normal priority.
Jan 10 2024, 8:54 AM · Restricted Project, Bug Report, Windows, kleopatra

Jan 9 2024

werner committed rG6233a17ac99d: g13: New option --no-mount. (authored by werner).
g13: New option --no-mount.
Jan 9 2024, 7:53 PM
werner committed rG4ca017e43bb2: gpg: Print a useful error id SKI algo 253 is found. (authored by werner).
gpg: Print a useful error id SKI algo 253 is found.
Jan 9 2024, 5:25 PM
werner committed rG880dde8e5baf: scd:p15: Allow PIN verification and decryption for CVISION cards. (authored by werner).
scd:p15: Allow PIN verification and decryption for CVISION cards.
Jan 9 2024, 5:19 PM
werner moved T6918: gpgconf parsing of VERSION file broken from Backlog to gnupg-2.2.43 on the gnupg22 board.
Jan 9 2024, 12:53 PM · gnupg22 (gnupg-2.2.43), gnupg24, Bug Report
werner closed T6918: gpgconf parsing of VERSION file broken as Resolved.
Jan 9 2024, 12:53 PM · gnupg22 (gnupg-2.2.43), gnupg24, Bug Report
werner committed rG35fd89b168b6: gpgconf: Adjust -X command for the new VERSION file format (authored by werner).
gpgconf: Adjust -X command for the new VERSION file format
Jan 9 2024, 12:52 PM