Page MenuHome GnuPG
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Yesterday

werner triaged T8207: gpgsm 2.5.x fails to decrypt S/MIME messages using RSAES-OAEP (SHA-256) as Wishlist priority.

gpgsm does not support OAEP. Actually it does not make much sense to use this padding scheme at all. It has not advantage over PKCS#1. Thus I change this to a feature request to allow decryption using OAEP

Fri, Apr 17, 1:38 PM · gnupg, Feature Request, S/MIME

Thu, Apr 16

timegrid moved T7866: Allow separate LDAP keyserver for uploading from Backlog to WiP on the gnupg22 board.
Thu, Apr 16, 5:34 PM · gnupg22, vsd33 (vsd-3.3.6), LDAP, Feature Request, gnupg26
timegrid moved T7866: Allow separate LDAP keyserver for uploading to Backlog on the gnupg22 board.
Thu, Apr 16, 5:34 PM · gnupg22, vsd33 (vsd-3.3.6), LDAP, Feature Request, gnupg26
timegrid changed the status of T7866: Allow separate LDAP keyserver for uploading from Open to Testing.
Thu, Apr 16, 5:33 PM · gnupg22, vsd33 (vsd-3.3.6), LDAP, Feature Request, gnupg26
timegrid changed the status of T7866: Allow separate LDAP keyserver for uploading from Testing to Open.

Still does not work on vsd-3.3.7-beta90.9 @ win10. Essentially the same behavior as before:

Thu, Apr 16, 5:32 PM · gnupg22, vsd33 (vsd-3.3.6), LDAP, Feature Request, gnupg26
timegrid changed the status of T7133: Add feature to load designated revoker from LDAP from Testing to Open.
Thu, Apr 16, 5:00 PM · gnupg22, vsd33 (vsd-3.3.6), backport, Feature Request
timegrid changed the status of T7133: Add feature to load designated revoker from LDAP from Open to Testing.
Thu, Apr 16, 4:51 PM · gnupg22, vsd33 (vsd-3.3.6), backport, Feature Request
timegrid changed the status of T7133: Add feature to load designated revoker from LDAP from Testing to Open.

Do I understand this correctly, that on CLI key generation the public key of the designated revoker should be fetched automatically?

Thu, Apr 16, 4:51 PM · gnupg22, vsd33 (vsd-3.3.6), backport, Feature Request
ebo edited projects for T7133: Add feature to load designated revoker from LDAP, added: gnupg22 (gnupg-2.2.53); removed gnupg22.
Thu, Apr 16, 3:05 PM · gnupg22, vsd33 (vsd-3.3.6), backport, Feature Request
ebo edited projects for T7866: Allow separate LDAP keyserver for uploading, added: vsd33 (vsd-3.3.6), gnupg22 (gnupg-2.2.53); removed gnupg22, vsd34.
Thu, Apr 16, 3:04 PM · gnupg22, vsd33 (vsd-3.3.6), LDAP, Feature Request, gnupg26
ebo moved T7133: Add feature to load designated revoker from LDAP from QA to vsd-3.3.6 on the vsd33 board.
Thu, Apr 16, 2:19 PM · gnupg22, vsd33 (vsd-3.3.6), backport, Feature Request
ebo moved T7133: Add feature to load designated revoker from LDAP from Backlog to QA on the vsd33 board.
Thu, Apr 16, 2:18 PM · gnupg22, vsd33 (vsd-3.3.6), backport, Feature Request
ebo moved T7133: Add feature to load designated revoker from LDAP from WiP to QA on the gnupg22 board.
Thu, Apr 16, 2:18 PM · gnupg22, vsd33 (vsd-3.3.6), backport, Feature Request
ebo edited projects for T7133: Add feature to load designated revoker from LDAP, added: vsd33; removed vsd34.
Thu, Apr 16, 2:18 PM · gnupg22, vsd33 (vsd-3.3.6), backport, Feature Request

Tue, Apr 14

pl13 moved T8221: gpgsm: emit more details when failing to check a crl from a crlDP from Backlog to WIP on the vsd34 board.
Tue, Apr 14, 1:08 PM · gpd5x, vsd34, Feature Request
pl13 moved T8221: gpgsm: emit more details when failing to check a crl from a crlDP from Backlog to WIP on the gpd5x board.
Tue, Apr 14, 1:07 PM · gpd5x, vsd34, Feature Request
pl13 triaged T8221: gpgsm: emit more details when failing to check a crl from a crlDP as Wishlist priority.
Tue, Apr 14, 9:18 AM · gpd5x, vsd34, Feature Request

Wed, Apr 8

ikloecker added a comment to T6702: Kleopatra: Offer retry of S/MIME encryption if encryption failed with "not trusted".

Maybe. EncryptionResult has a list of invalid recipients and I've changed the code to show the Retry dialog only if there's at least one invalid recipient.

Wed, Apr 8, 2:03 PM · needs discussion, gpd5x, vsd34, Feature Request, kleopatra
ebo added a comment to T6702: Kleopatra: Offer retry of S/MIME encryption if encryption failed with "not trusted".

Your suggestion sounds ok to me, maybe with a slight change for the message: "Failed to encrypt the notepad because at least on certificate could not be validated."

Wed, Apr 8, 1:01 PM · needs discussion, gpd5x, vsd34, Feature Request, kleopatra
ikloecker added a comment to T6702: Kleopatra: Offer retry of S/MIME encryption if encryption failed with "not trusted".

I tried to add the list of invalid recipients to the message box, but it seems that gpgsm stops the validation of the certificates at the first invalid recipient. I got only the first Bob certificate reported as invalid recipient when I tried to encrypt to both Bob certificates so that it doesn't make sense to list the (incomplete) list of invalid recipients. It also means that Kleopatra cannot update the invalid recipient certificates because it knows only of one invalid certificate.

Wed, Apr 8, 12:18 PM · needs discussion, gpd5x, vsd34, Feature Request, kleopatra
ikloecker added a comment to T6702: Kleopatra: Offer retry of S/MIME encryption if encryption failed with "not trusted".

Ideally the certificate would change, but Kleopatra has no idea that this certificate turned out to be not valid. In fact, Kleopatra doesn't even know that the encryption failed because of some certificate. It could have failed for any other reason (e.g. full disk). Kleopatra only knows that an error occurred and offers to retry with lower security. (I looked at GpgOL and it does the same.)

Wed, Apr 8, 10:50 AM · needs discussion, gpd5x, vsd34, Feature Request, kleopatra
ebo updated subscribers of T6702: Kleopatra: Offer retry of S/MIME encryption if encryption failed with "not trusted".

yes, basically it's what we want.

Wed, Apr 8, 9:31 AM · needs discussion, gpd5x, vsd34, Feature Request, kleopatra

Tue, Apr 7

ikloecker added a comment to T6702: Kleopatra: Offer retry of S/MIME encryption if encryption failed with "not trusted".

Current implementation for the case of an S/MIME certificate which turns out to be invalid when it's used for encryption. Is that what we want?

Tue, Apr 7, 5:01 PM · needs discussion, gpd5x, vsd34, Feature Request, kleopatra
werner added a project to T8209: Replace GnuPG's name-value impl by the one from GpgRT: Feature Request.
Tue, Apr 7, 4:54 PM · Feature Request, gnupg26
werner changed the status of T7593: Check the trustlist de-vs flag in the per key compliance check from Open to Testing.
Tue, Apr 7, 3:14 PM · gpd5x, gnupg26, vsd, Feature Request
werner changed the status of T7593: Check the trustlist de-vs flag in the per key compliance check, a subtask of T5079: Add compliance flag to trustlist.txt, from Open to Testing.
Tue, Apr 7, 3:14 PM · gnupg22 (gnupg-2.2.45), gnupg24 (gnupg-2.4.1), Restricted Project, Feature Request
werner moved T7593: Check the trustlist de-vs flag in the per key compliance check from Backlog to WIP on the gnupg26 board.
Tue, Apr 7, 2:51 PM · gpd5x, gnupg26, vsd, Feature Request

Mon, Mar 30

timegrid renamed T8193: Add a workflow to force encryption/signature with invalid or expired certificates from Draft: Add a workflow to force encryption/signature with invalid or expired certificates to Add a workflow to force encryption/signature with invalid or expired certificates.
Mon, Mar 30, 1:16 PM · gnupg, Feature Request, gpgol, kleopatra
ikloecker claimed T6702: Kleopatra: Offer retry of S/MIME encryption if encryption failed with "not trusted".
Mon, Mar 30, 11:57 AM · needs discussion, gpd5x, vsd34, Feature Request, kleopatra
ikloecker triaged T8201: Kleopatra: Optionally, allow encryption with invalid or expired certificates as Normal priority.
Mon, Mar 30, 11:54 AM · gpd5x, Feature Request, kleopatra
ikloecker added a subtask for T8193: Add a workflow to force encryption/signature with invalid or expired certificates: T6702: Kleopatra: Offer retry of S/MIME encryption if encryption failed with "not trusted".
Mon, Mar 30, 11:39 AM · gnupg, Feature Request, gpgol, kleopatra
ikloecker added a parent task for T6702: Kleopatra: Offer retry of S/MIME encryption if encryption failed with "not trusted": T8193: Add a workflow to force encryption/signature with invalid or expired certificates.
Mon, Mar 30, 11:39 AM · needs discussion, gpd5x, vsd34, Feature Request, kleopatra
ikloecker removed a parent task for T8193: Add a workflow to force encryption/signature with invalid or expired certificates: T6702: Kleopatra: Offer retry of S/MIME encryption if encryption failed with "not trusted".
Mon, Mar 30, 11:39 AM · gnupg, Feature Request, gpgol, kleopatra
ikloecker removed a subtask for T6702: Kleopatra: Offer retry of S/MIME encryption if encryption failed with "not trusted": T8193: Add a workflow to force encryption/signature with invalid or expired certificates.
Mon, Mar 30, 11:39 AM · needs discussion, gpd5x, vsd34, Feature Request, kleopatra
ikloecker renamed T6702: Kleopatra: Offer retry of S/MIME encryption if encryption failed with "not trusted" from Kleopatra: Use GPGME_ENCRYPT_ALWAYS_TRUST to Kleopatra: Offer retry of S/MIME encryption if encryption failed with "not trusted".
Mon, Mar 30, 11:38 AM · needs discussion, gpd5x, vsd34, Feature Request, kleopatra
ikloecker removed a parent task for T6702: Kleopatra: Offer retry of S/MIME encryption if encryption failed with "not trusted": T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST.
Mon, Mar 30, 11:31 AM · needs discussion, gpd5x, vsd34, Feature Request, kleopatra
ikloecker added a parent task for T6559: GPGSM: "always trust like override" or "force" option: T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST.
Mon, Mar 30, 11:31 AM · gnupg24 (gnupg-2.4.4), gpgme (gpgme 1.23.x), gnupg22 (gnupg-2.2.42), Feature Request, gpgol, S/MIME, kleopatra, Restricted Project

Fri, Mar 27

ebo added a comment to T8193: Add a workflow to force encryption/signature with invalid or expired certificates.

Before making subtickets for each application: I wonder if it is not all Kleopatra anyway? Isn't the security approval dialog basically Kleopatra?

Fri, Mar 27, 3:23 PM · gnupg, Feature Request, gpgol, kleopatra
ebo added a comment to T8193: Add a workflow to force encryption/signature with invalid or expired certificates.

The equivalent for invalid S/MIME certificates are not-certified *PGP certificates.
(Valid/invalid are not ideal as technical terms as they have a broad general meaning, too. I hope my usage here is correct ;-) It is what I gathered from an explanation given by Werner.)

Fri, Mar 27, 3:07 PM · gnupg, Feature Request, gpgol, kleopatra
Next