Page MenuHome GnuPG
Feed Advanced Search

Jul 9 2019

werner closed T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32 as Resolved.
Jul 9 2019, 3:22 PM · gpgagent, gnupg, Bug Report

Jul 1 2019

werner triaged T4588: gpg-agent should guess pinentry's full path (using $PATH) if `pinentry-program` does not supply a full path as Normal priority.
Jul 1 2019, 9:34 PM · gnupg24, gpgagent
werner added a comment to T4588: gpg-agent should guess pinentry's full path (using $PATH) if `pinentry-program` does not supply a full path.

As I said we do this with all GnuPG components. Pinentry is a bit of exception because it is an external package.
I have also had bug reports which later turned out that a wrong pinentry was used; I prefer to know eactly which pinentry is used. Regarding your concrete problem I suggested to add a note with the full name of the pinentry or to change the error message to something better understandable.

Jul 1 2019, 9:34 PM · gnupg24, gpgagent
dkg added a comment to T4588: gpg-agent should guess pinentry's full path (using $PATH) if `pinentry-program` does not supply a full path.

So this is a defense against an adversary capable of creating a pinentry-wrapper somewhere in $PATH, but not capable of modifying gpg-agent.conf? It sounds to me like this is a defense against a very unusually-constrained attacker, at the expense of regular, common bug reports and user confusion.

Jul 1 2019, 6:24 PM · gnupg24, gpgagent
werner removed a project from T4588: gpg-agent should guess pinentry's full path (using $PATH) if `pinentry-program` does not supply a full path: Bug Report.

GnuPG invokes its components always with their absolute file name. We want to mitigate attacks where malware creates a pinentry wrapper somewhere in an improper set PATH.

Jul 1 2019, 10:02 AM · gnupg24, gpgagent
gniibe changed the status of T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32 from Open to Testing.
Jul 1 2019, 6:14 AM · gpgagent, gnupg, Bug Report

Jun 27 2019

dkg created T4588: gpg-agent should guess pinentry's full path (using $PATH) if `pinentry-program` does not supply a full path.
Jun 27 2019, 5:35 PM · gnupg24, gpgagent

Jun 25 2019

werner triaged T4580: Update the password checking algorithm as Low priority.
Jun 25 2019, 10:24 AM · gpgagent, Feature Request
dkg added a comment to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

I'm unlikely to put a windows-specific patch into the debian source, as
i have no good way of testing it, and it wouldn't affect any binary that
we ship.

Jun 25 2019, 2:57 AM · gpgagent, gnupg, Bug Report

Jun 24 2019

gniibe added a comment to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

@dkg, for your patch, it can be improved for Windows by using its event mechanism. You can see gnupg/scd/scdaemon.c.

Jun 24 2019, 4:00 AM · gpgagent, gnupg, Bug Report
dkg updated subscribers of T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

Hm, T4521 suggests that the two different cases should not be treated differently. If you think that they *should* cause distinct behavior, please do mention it over there!

Jun 24 2019, 2:24 AM · gpgagent, gnupg, Bug Report
gniibe added a comment to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

There are two different cases: (1) By SIGTERM and (2) By KILLAGENT. It's true that the agent stops accepting on the listening socket for (1), but it's not the case for (2).
This particular problem is for the case (2).

Jun 24 2019, 1:59 AM · gpgagent, gnupg, Bug Report

Jun 21 2019

dkg added a comment to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

@gniibe, thanks for the diagnosis! I agree that restarting or shutting down the backends should be done in the reverse order as a simple workaround.

Jun 21 2019, 6:24 PM · gpgagent, gnupg, Bug Report
gniibe added a comment to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

Correct solution is to implement KILLAGENT synchronously, but it's somehow harder to implement.
Easier workaround is modifying gpgconf like:

Jun 21 2019, 3:47 AM · gpgagent, gnupg, Bug Report
gniibe edited projects for T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32, added: gnupg, gpgagent; removed gnupg (gpg22).

I found a race condition between KILLAGENT command and accepting another request.
Here is a patch to replicate the race condition :

Jun 21 2019, 2:33 AM · gpgagent, gnupg, Bug Report

Jun 4 2019

gniibe closed T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry as Resolved.
Jun 4 2019, 2:38 AM · Bug Report, gpgagent

May 29 2019

ideaantenna updated the task description for T4546: make check error on gnupg-2.2.15 and gpgme-1.13.0.
May 29 2019, 6:55 PM · Not A Bug, gnupg, gpgme, Bug Report
ideaantenna added projects to T4546: make check error on gnupg-2.2.15 and gpgme-1.13.0: gpgme, gnupg.
May 29 2019, 6:52 PM · Not A Bug, gnupg, gpgme, Bug Report
ideaantenna updated the task description for T4546: make check error on gnupg-2.2.15 and gpgme-1.13.0.
May 29 2019, 6:39 PM · Not A Bug, gnupg, gpgme, Bug Report
ideaantenna updated the task description for T4546: make check error on gnupg-2.2.15 and gpgme-1.13.0.
May 29 2019, 6:35 PM · Not A Bug, gnupg, gpgme, Bug Report
ideaantenna created T4546: make check error on gnupg-2.2.15 and gpgme-1.13.0.
May 29 2019, 6:30 PM · Not A Bug, gnupg, gpgme, Bug Report

May 28 2019

maiden_taiwan added a comment to T4542: gpg-agent loses characters when prompting for a GPG passphrase over SSH in Emacs.

I also tried adding this to my gpg-agent.conf file:

May 28 2019, 2:05 PM · Emacs, Documentation, pinentry, Bug Report
maiden_taiwan added a comment to T4542: gpg-agent loses characters when prompting for a GPG passphrase over SSH in Emacs.

Oh, in case it wasn't clear, the idea that another application (GNU emacs) is receiving keystrokes meant for the gpg-agent prompt is probably a security risk....

May 28 2019, 2:01 PM · Emacs, Documentation, pinentry, Bug Report
maiden_taiwan created T4542: gpg-agent loses characters when prompting for a GPG passphrase over SSH in Emacs.
May 28 2019, 2:00 PM · Emacs, Documentation, pinentry, Bug Report

May 23 2019

gniibe closed T4326: Reloading gpg-agent with disable-scdaemon set does not stop scdaemon. as Resolved.

Simply sending "KILLSCD" is implemented.

May 23 2019, 3:19 AM · Bug Report, scd, gpgagent

May 21 2019

werner closed T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte as Resolved.

Also fixed for 2.2

May 21 2019, 9:16 AM · gpgagent, ssh
werner closed T4273: agent: Request insertion of smartcard when no card present as Resolved.

The behaviour related to ssh key access is due to the way ssh works: After a connection has been established to a server ssh presents to to the server all identities (public keys) it has access to (meaning it has a corresponding private key). Thus we can't tell ssh all the keys we have because that would be an information leak and may also take too long. Because the user may in some cases not want to use the ssh-agent but resort to ssh command line input of the passphrase, we do not insist on using a key known by gpg-agent.

May 21 2019, 9:13 AM · Feature Request, Documentation, gpgagent
gniibe claimed T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte.

I located the bug in agent/command-ssh.c.
Our practice is two calls of gcry_sexp_sprint; One to determine the length including last NUL byte, and another to actually fills the buffer.
The first call return +1 for NUL byte.
The second call fills NUL at the end, but returns +0 length (length sans last NUL).

May 21 2019, 8:48 AM · gpgagent, ssh
werner triaged T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache as Low priority.
May 21 2019, 7:45 AM · Feature Request, gpgagent
ctubbsii added a comment to T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache .

I spent a lot of time trying to figure out how to automate the interface between my preferred password store (gnome-keyring, via libsecret), but with the loopback pinentry mode changes in gpg 2.1, it is much harder (if not impossible) to do. Having passphrase caching is the only thing preventing me from choosing a weaker passphrase on my gpg keyring.

May 21 2019, 2:03 AM · Feature Request, gpgagent
ctubbsii added a comment to T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache .

Disallowing passphrase caching is likely to have the unintended consequence of users choosing weaker passphrases that are more easily memorized and/or typed. Caching should be permitted, IMO. This puts more decisions about passphrase management into the control of the user.

May 21 2019, 1:38 AM · Feature Request, gpgagent

May 20 2019

dkg added a comment to T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache .

And yet, that interface is already being used by the agent-transfer utility in monkeysphere. The interface exists, it is not marked in any way as unusable or deprecated or off-limits, so it is used.

May 20 2019, 11:38 PM · Feature Request, gpgagent
werner triaged T4521: gpg-agent behavior on SIGTERM differs from KILLAGENT handling as Normal priority.
May 20 2019, 9:30 AM · Bug Report, gpgagent
werner added a comment to T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache .

That is on purpose. Exporting of a secret key should in theory not be possible at all via gpg. In practice we need a way to export a key, but that should be the exception and thus we do not want any caches for passphrases to have an effect.

May 20 2019, 9:29 AM · Feature Request, gpgagent
dkg added a comment to T4106: Terminal use case for gpg-agent and gpg-agent for ssh-agent feature.

trigger what command? i'm pretty sure gpgconf --reload gpg-agent does not trigger updatestartuptty. And it should not do so, afaict -- if you think it should, i'd be interested in hearing the rationale for it.

May 20 2019, 5:28 AM · Debian, gpgagent, Bug Report
ageis added a comment to T4106: Terminal use case for gpg-agent and gpg-agent for ssh-agent feature.

Does gpgconf --reload gpg-agent trigger that command? that's the ExecReload setting in the systemd service unit I'm looking at.

May 20 2019, 1:05 AM · Debian, gpgagent, Bug Report

May 19 2019

dkg created T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache .
May 19 2019, 10:43 PM · Feature Request, gpgagent
dkg created T4521: gpg-agent behavior on SIGTERM differs from KILLAGENT handling.
May 19 2019, 9:17 PM · Bug Report, gpgagent
dkg added a comment to T4106: Terminal use case for gpg-agent and gpg-agent for ssh-agent feature.

This doesn't sound systemd-specific to me, fwiw, though i don't understand how to reproduce the problem from the given description here.

May 19 2019, 9:05 PM · Debian, gpgagent, Bug Report

May 15 2019

werner merged task T4248: gpg-agent: Rare unresponsiveness after importing a secret S/MIME cert on Windows into T4505: SM, W32: GPGSM hangs up the GnuPG System.
May 15 2019, 9:22 AM · S/MIME, gnupg (gpg22), gpgagent, gpg4win

May 12 2019

werner triaged T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte as Normal priority.

I often put an extra nul byte at the end of binary data so that accidental printing the data (e.g. in gdb) assures that there is a string terminator. But right, it should not go out to a file.

May 12 2019, 8:16 PM · gpgagent, ssh
dkg created T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte.
May 12 2019, 12:37 AM · gpgagent, ssh

May 8 2019

aheinecke added a comment to T4427: Windows 10 update KB4489899 stops gpg-agent launching.

As this update lists multiple issues and following fixes for them, maybe it was resolved by Microsoft?

May 8 2019, 10:46 AM · Info Needed, Windows, gpgagent, Bug Report
werner triaged T4427: Windows 10 update KB4489899 stops gpg-agent launching as High priority.
May 8 2019, 8:54 AM · Info Needed, Windows, gpgagent, Bug Report

Apr 29 2019

werner closed T4473: The presence of gpg key disables ulimit and coredump in X11 session as Wontfix.

Since 2.1 the standard use of gpg-agent is to have it started on demand by the components which require it. The use of
"gpg-agent --daemon /bin/sh " should be used for debugging only.

Apr 29 2019, 10:12 PM · gpgagent, Bug Report
pmgdeb created T4473: The presence of gpg key disables ulimit and coredump in X11 session.
Apr 29 2019, 5:28 PM · gpgagent, Bug Report
aheinecke changed the status of T4333: Job objects on Windows interfere with automatic start of gpg-agent from Open to Testing.

I've applied your patch with an additional comment to our master branch. Thanks!

Apr 29 2019, 9:37 AM · patch, Windows, gpgagent, Bug Report

Apr 5 2019

werner closed T4377: gpg-agent does not anymore restart a killed scdaemon as Resolved.

I did lot of tests in the last weeks while working on gpg-card.

Apr 5 2019, 5:07 PM · gnupg (gpg23), gpgagent, scd

Mar 27 2019

aheinecke added a comment to T4333: Job objects on Windows interfere with automatic start of gpg-agent.

Sorry, this did not make it into 3.1.6. But I'll definitely see about it for the next release. If it is an institutional / corporate issue you could also contract us through www.gnupg.com

Mar 27 2019, 1:50 PM · patch, Windows, gpgagent, Bug Report
aheinecke edited subtasks for T4333: Job objects on Windows interfere with automatic start of gpg-agent, added: T4389: Gpg4win 3.1.8; removed: T4264: Gpg4win 3.1.6.
Mar 27 2019, 1:48 PM · patch, Windows, gpgagent, Bug Report

Mar 26 2019

mjb added a comment to T4427: Windows 10 update KB4489899 stops gpg-agent launching.

Can you please run

gpg --debug ipc -vK

which will also start gpg-agent and print some diagnostics. You may want to redact the output. You can also run

Mar 26 2019, 11:04 PM · Info Needed, Windows, gpgagent, Bug Report
jegrp added a comment to T4333: Job objects on Windows interfere with automatic start of gpg-agent.

From: aheinecke (Andre Heinecke)
Sent: Montag, 28. Januar 2019 19:25

fwiw. Your patch is beautiful in which it follows our coding style and
debug output. I'm confident that we will accept it but currently I have
to read up on Job's a bit.

Is there a way I could help you with this? This issue is hampering adoption
of GnuPG 2 here.

--

Jan Echternach

Mar 26 2019, 6:49 PM · patch, Windows, gpgagent, Bug Report
aheinecke added a comment to T4427: Windows 10 update KB4489899 stops gpg-agent launching.

Trying to install the update manually (according to windows update my windows is fully updated) it says "This update is not meant for your computer" and aborts.

Mar 26 2019, 3:41 PM · Info Needed, Windows, gpgagent, Bug Report
werner added a comment to T4427: Windows 10 update KB4489899 stops gpg-agent launching.

Can you please run

gpg --debug ipc -vK

which will also start gpg-agent and print some diagnostics. You may want to redact the output. You can also run

gpg-agent -v --daemon

which should also print some more info.

Mar 26 2019, 7:57 AM · Info Needed, Windows, gpgagent, Bug Report
mjb created T4427: Windows 10 update KB4489899 stops gpg-agent launching.
Mar 26 2019, 1:14 AM · Info Needed, Windows, gpgagent, Bug Report

Mar 18 2019

werner closed T4319: New 2017 MAC permission isues on gpg-agent as Invalid.
Mar 18 2019, 7:27 PM · MacOS, gpgagent, gnupg (gpg22)

Mar 6 2019

werner added a comment to T4377: gpg-agent does not anymore restart a killed scdaemon.

Thanks for fixing that.

Mar 6 2019, 8:05 AM · gnupg (gpg23), gpgagent, scd
gniibe changed the status of T4377: gpg-agent does not anymore restart a killed scdaemon from Open to Testing.
Mar 6 2019, 3:05 AM · gnupg (gpg23), gpgagent, scd
gniibe added a comment to T4377: gpg-agent does not anymore restart a killed scdaemon.

That's my badness. In wait_child_thread, assuan_release may cause thread context switch to agent_reset_scd which accesses scd_local_list; This access should be serialized.
And... in start_scd, calling unlock_scd should be after unlocking start_scd_lock.

Mar 6 2019, 3:05 AM · gnupg (gpg23), gpgagent, scd

Feb 26 2019

werner added a comment to T4377: gpg-agent does not anymore restart a killed scdaemon.

Does not happen in 2.2. Additional requirement to test this bug in master: Another connection to the scdaemon must be open. For example running scute or, easier, call "gpg --card-edit" and keep it open.

Feb 26 2019, 1:21 PM · gnupg (gpg23), gpgagent, scd
werner created T4377: gpg-agent does not anymore restart a killed scdaemon.
Feb 26 2019, 12:41 PM · gnupg (gpg23), gpgagent, scd

Feb 19 2019

gniibe changed the status of T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry from Open to Testing.
Feb 19 2019, 8:17 AM · Bug Report, gpgagent
gniibe added a comment to T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry.

Fixed in master.

Feb 19 2019, 6:42 AM · Bug Report, gpgagent
gniibe claimed T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry.
Feb 19 2019, 3:55 AM · Bug Report, gpgagent
gniibe closed T4340: gpg-agent should support clearing passphrase cache for SSH as Resolved.
Feb 19 2019, 2:45 AM · gpgagent
gniibe closed T4348: When pinentry cache is used, gpg-agent should clear the cache if it failed at unprotect, a subtask of T4340: gpg-agent should support clearing passphrase cache for SSH, as Resolved.
Feb 19 2019, 2:45 AM · gpgagent
gniibe closed T4348: When pinentry cache is used, gpg-agent should clear the cache if it failed at unprotect as Resolved.
Feb 19 2019, 2:45 AM · gpgagent
gniibe lowered the priority of T4319: New 2017 MAC permission isues on gpg-agent from High to Low.

Your problem is apparently not an issue of upstream development of GnuPG; It is your setup script (agent.sh?) which specifies /dev/shm/SOMETHING.
Standard GnuPG never does that. We have no idea about use of /dev/shm/SOMETHING.

Feb 19 2019, 2:37 AM · MacOS, gpgagent, gnupg (gpg22)

Jan 28 2019

aheinecke added a comment to T4333: Job objects on Windows interfere with automatic start of gpg-agent.

fwiw. Your patch is beautiful in which it follows our coding style and debug output. I'm confident that we will accept it but currently I have to read up on Job's a bit.

Jan 28 2019, 7:24 PM · patch, Windows, gpgagent, Bug Report
aheinecke added a subtask for T4333: Job objects on Windows interfere with automatic start of gpg-agent: T4264: Gpg4win 3.1.6.
Jan 28 2019, 7:22 PM · patch, Windows, gpgagent, Bug Report
aheinecke claimed T4333: Job objects on Windows interfere with automatic start of gpg-agent.

That is a very interesting problem that we did not have on our radar.

Jan 28 2019, 7:22 PM · patch, Windows, gpgagent, Bug Report
gniibe added a comment to T4348: When pinentry cache is used, gpg-agent should clear the cache if it failed at unprotect.

When bogus entry is "", the error is GPG_ERR_NO_PASSPHRASE, and user cannot input the passphrase.

Jan 28 2019, 4:55 AM · gpgagent
gniibe added a comment to T4348: When pinentry cache is used, gpg-agent should clear the cache if it failed at unprotect.

Confirmed that manually created entry in gnome-keyring-daemon causes trouble.

Jan 28 2019, 4:52 AM · gpgagent

Jan 26 2019

gniibe created T4348: When pinentry cache is used, gpg-agent should clear the cache if it failed at unprotect.
Jan 26 2019, 2:46 PM · gpgagent

Jan 25 2019

werner triaged T4338: gpg-agent fails to start on Windows if GNUPGHOME is longer than 80 characters as Normal priority.
Jan 25 2019, 9:26 PM · Windows, gpgagent, Bug Report
gniibe changed the status of T4340: gpg-agent should support clearing passphrase cache for SSH from Open to Testing.
Jan 25 2019, 4:10 AM · gpgagent
gniibe added a comment to T4340: gpg-agent should support clearing passphrase cache for SSH.

Since there is --mode=normal option, it should be --mode=ssh.

Jan 25 2019, 4:10 AM · gpgagent
gniibe created T4340: gpg-agent should support clearing passphrase cache for SSH.
Jan 25 2019, 1:04 AM · gpgagent

Jan 23 2019

jegrp created T4338: gpg-agent fails to start on Windows if GNUPGHOME is longer than 80 characters.
Jan 23 2019, 9:10 PM · Windows, gpgagent, Bug Report

Jan 21 2019

jegrp added a project to T4333: Job objects on Windows interfere with automatic start of gpg-agent: patch.

I've developed a simple patch that sets the CREATE_BREAKAWAY_FROM_JOB flag when creating a new background process. This flag requires a special permission on the job object, which is tested first. This means that the patch only works if the parent process sets JOB_OBJECT_LIMIT_BREAKAWAY_OK on the job object, otherwise the behavior should be as without the patch.

Jan 21 2019, 7:06 PM · patch, Windows, gpgagent, Bug Report
jegrp created T4333: Job objects on Windows interfere with automatic start of gpg-agent.
Jan 21 2019, 6:58 PM · patch, Windows, gpgagent, Bug Report

Jan 17 2019

werner created T4326: Reloading gpg-agent with disable-scdaemon set does not stop scdaemon..
Jan 17 2019, 5:45 PM · Bug Report, scd, gpgagent

Jan 11 2019

Cocoanino created T4319: New 2017 MAC permission isues on gpg-agent in the S1 Public space.
Jan 11 2019, 5:09 AM · MacOS, gpgagent, gnupg (gpg22)

Jan 5 2019

werner closed T4309: gpg agent in ssh-support does not import RSA-Keys greater than 4160 bits as Wontfix.

Right. We won't change that though. Sorry.

Jan 5 2019, 8:23 PM · gpgagent, Bug Report

Jan 4 2019

madonius created T4309: gpg agent in ssh-support does not import RSA-Keys greater than 4160 bits.
Jan 4 2019, 1:51 PM · gpgagent, Bug Report

Dec 20 2018

gniibe added a parent task for T4273: agent: Request insertion of smartcard when no card present: T2291: Smartcard interaction improvement (was: Shadowed private key design (for smartcard)).
Dec 20 2018, 12:59 AM · Feature Request, Documentation, gpgagent
gniibe triaged T4273: agent: Request insertion of smartcard when no card present as Normal priority.
Dec 20 2018, 12:57 AM · Feature Request, Documentation, gpgagent

Dec 19 2018

werner added a comment to T4273: agent: Request insertion of smartcard when no card present.

FWIW, the canonical way to make sure that gpg-agent has been started is to run

Dec 19 2018, 7:58 AM · Feature Request, Documentation, gpgagent
mjb added a comment to T4273: agent: Request insertion of smartcard when no card present.

You're very welcome. In my instance, this is "resolved" - I now get the prompt I realised I needed so to me this bug could be considered closed or wontfix, but I'll leave you to do with it as you please.

Dec 19 2018, 3:54 AM · Feature Request, Documentation, gpgagent
gniibe added a comment to T4273: agent: Request insertion of smartcard when no card present.

Basically, you are right. In addition, gpg-agent asks scdaemon about list of card/token.

Dec 19 2018, 3:47 AM · Feature Request, Documentation, gpgagent
mjb added a comment to T4273: agent: Request insertion of smartcard when no card present.

OK - so if an entry is not required in sshcontrol for a smart-card key - is the private key stub sufficiently detailed enough for the agent to realise that it can ask for that card to be inserted for an ssh connection?

Dec 19 2018, 3:35 AM · Feature Request, Documentation, gpgagent
gniibe added a comment to T4273: agent: Request insertion of smartcard when no card present.

sshcontrol entry is required for non-smartcard keys, but not for keys on smartcard. This is intentional. For gpg-agent and current format, it is only the information for gpg-agent to know if a key is for SSH or not.

Dec 19 2018, 3:31 AM · Feature Request, Documentation, gpgagent
mjb added a comment to T4273: agent: Request insertion of smartcard when no card present.

Also - going back to sshcontrol - with an ssh key added to the agent with ssh-add, an entry in sshcontrol is required - but not for a key on a smartcard. Is that intentional, or just a byproduct of the smartcard diversion that happens?

Dec 19 2018, 3:22 AM · Feature Request, Documentation, gpgagent
mjb added a comment to T4273: agent: Request insertion of smartcard when no card present.

Oh, wow - yes, adding to sshcontrol brings up the prompt - I do however need to stop the agent from being restarted on insertion for it to subsequently ask for the unlock.

Dec 19 2018, 3:09 AM · Feature Request, Documentation, gpgagent
gniibe removed a project from T4273: agent: Request insertion of smartcard when no card present: Windows.

I see your point. You are right. For SSH access, it just fails without asking insertion. It's not Windows specific.
I checked the change of history of gpg-agent, but I cannot find prompting insertion was supported.
So, I don't thin this is a regression.

Dec 19 2018, 2:52 AM · Feature Request, Documentation, gpgagent
mjb added a comment to T4273: agent: Request insertion of smartcard when no card present.

Yes, it's running. I have a scheduled task that spawns a vbscript to ensure that gpg-agent is started on login, and restarts it on insertion of a card (specifically for two reasons: windows ssh clients don't typically start agents automatically, and windows can cause gpg-agent to get a but upset after a card is removed and re-inserted. Edit: although, I think that latter reason might be resolved now... I haven't investigated deeply. more info here and here).

Dec 19 2018, 2:34 AM · Feature Request, Documentation, gpgagent
gniibe added a comment to T4273: agent: Request insertion of smartcard when no card present.

Thanks for your information.
Hum, you are using gpg-agent for SSH access.

Dec 19 2018, 2:19 AM · Feature Request, Documentation, gpgagent

Dec 18 2018

mjb added a comment to T4273: agent: Request insertion of smartcard when no card present.

When no card is inserted, usage of an ssh client simply fails to request insertion of the card for the stub keys present in ~/.gnupg/.

Dec 18 2018, 6:19 AM · Feature Request, Documentation, gpgagent

Dec 17 2018

aheinecke assigned T3724: Gpg-Agent asks twice for passphrase for key without passphrase to werner.

Asked to raise the priority on this. The quality bar issue is T2103

Dec 17 2018, 11:19 AM · gpgagent
gniibe edited projects for T4273: agent: Request insertion of smartcard when no card present, added: Info Needed; removed Feature Request.

Please let us know the version of GnuPG, the output of gpg --card-status when inserted, and how gpg is not working well, etc.

Dec 17 2018, 9:22 AM · Feature Request, Documentation, gpgagent