What about rejected changes to "Key:"?
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Jun 23 2022
Jun 22 2022
What about rejected changes to "Key:"? Other this command would make it too easy to mess up the actual private key.
Jun 21 2022
Looking illumos-gate, Solaris variants have no issues.
Wine 5.0.3 (on Debian bullseye) fails.
Wine 6.0.3 Debian testing does no failure.
I created minimized test:
Jun 20 2022
iirc, we use ftruncate for ages now. The problem with the name ftruncate is that it looks to similar to the stdio functions. But sure, things should be flushed first.
Jun 9 2022
Jun 8 2022
Now, it also supports a reader with pinpad.
Jun 6 2022
Jun 2 2022
Jun 1 2022
May 27 2022
Default is "yes". When Prompt: no is specified, it doesn't ask but fails.
The behavior has been changed by T5996, to ask card insertion for the consistency of the semantics of configuration.
May 26 2022
With the change for T5996 applied, the semantics is clear. "Use-for-ssh" flag is a key not for "OpenPGP.3", but other keys (not only OpenPGP.[12], but also for normal keys.)
May 23 2022
The order to solve:
This is an experimental patch to support "Use-for-ssh":
May 20 2022
cmd_keyinfo should be also updated to access the field correctly.
Also, it is better for a user, not to be asked confirmation (even if "Confirm:" is specified), that is, skipping the confirmation, when it is going to prompt the insertion of a card.
May 13 2022
May 12 2022
Editing a formatted password should work now as expected.
Its an issue of cursor position. If one either deletes or inputs a a character anywhere in the password string, the cursor always jumps to the end of the string.
May 11 2022
May 3 2022
Nitrokey Start uses Gnuk as its firmware. You need to upgrade its firmware to version 1.2.16 or newer.
Please note that when upgrading the firmware, your keys will be removed.
May 2 2022
Its a nitrokey start. I gave it another spin just to make sure, and again when updating to openssh 9.0 and "gpg (GnuPG) 2.3.6-unknown", it fails (again with careful gpgconf --kill gpg-agent etc. Double checked the downloaded source code by arch's makepkg, appears to have that patch applied. Also tried adding -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com to the ssh command, which didn't help.
Please describe what token is used. For my use cases with rGe8fb8e2b3e66: scd: Don't inhibit SSH authentication for larger data if it can., both of Gnuk (>= 1.2.16) and Yubikey (>= 5) work well.
Apr 29 2022
this looks similar to https://dev.gnupg.org/T5935 and https://bugs.debian.org/1008573
Apr 28 2022
FWIW, your comments about the autostart script do not match with the running processes. Obviously, the autostart script starts gpg-agent with different command line options than the running process. My conclusion is that the autostart script isn't used. Or maybe it is started, but gpg-agent immediately terminates because it notices that another instance is already running.
If you add an autostart script then you may have to add a corresponding shutdown script as well, e.g. a script running gpgconf --kill all. You cannot expect that daemons, that you start via an autostart script, magically know when they should terminate.
FYI, I built 2.3.6 using a modified archlinux PKGBUILD (& disabling patches to avoid conflicts), then did:
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
but ssh still fails as before
Thank you for the hints!
Thank you for the explanation. (It's not related to --supervised, I suppose.)
Apr 27 2022
I see the following GPG-related commands running currently (with disable-scdaemon in config file):
Apr 25 2022
Please contact the Debian developers for any systemd/gnupg issues. We don't suggest the use of the --supervised option because it causes more problems than it claims to solve.
Apr 22 2022
Apr 14 2022
I have not yet tested OpenSSH 9 and thus the patch to master is here just as a test. Please better use gnupg 2.3 (stable) instead of 2.2 (LTS) because it is unlikely that we will backport all this new ssh stuff.
Mar 30 2022
Mar 25 2022
Implemented.
Mar 16 2022
Mar 2 2022
What about at least accepting env variables OR tilde expansions? That will make it easier to integrate with dotfiles that intentionally use a home-dir based executable without having to pass the full path, so it could work cross platforms.
Jan 17 2022
In T5783#153879, @werner wrote:Sending a private key with just the local protection is not a good idea.
Sending a private key with just the local protection is not a good idea. It is better to export the key and then send it in an encrypted mail - for example in symmetric mode with a strong password.
Saw this again and the commit was not in the Stable 2.2 branch. I have cherry picked it. This should resolve this issue.
Jan 16 2022
Jan 15 2022
Nov 25 2021
Nov 23 2021
Nov 13 2021
Oct 13 2021
@rupor-github no problem for the delay. Thanks for explaining!
Oct 12 2021
@bernhard Sorry for the delayed answer, was on sabbatical.
Sep 29 2021
@rupor-github no problem! :)
Sep 28 2021
@bernhard thank you for explaining, did not mean to offend anybody. Before creating win-gpg-agent I tried to read as much as I could on a history and obviously had to study source a bit. Be it as it may - I decided to have separate wrapper, rather then contributing directly to gpg code base. There is noticable number of use cases on Windows which presently not addressed, some I believe are sitting it the queue already.
@rupor-github thanks for your explanations and the contribution to the GnuPG and crypto Free Software code base!
Since Windows user naively could expect multiple methods of accessing certificates from different programs (or sometimes from the same program but different supported environments, like Git4Win and git in WSL) to work together transparently, win-gpg-agent covers translation of one accidentally supported method (32 bit putty shared memory) to multiple unsupported ones (named pipe, cygwin, etc). It also takes care of managing gpg-agent.exe lifetime tying it to user login session for convenience. It uses command line parameters to only to overwrite staff critical to its functionality and does not prevent user from having configuration file(s). Optionally it provides pinentry which is integrated with Windows native Crypto Vault and UX rather than using wonderful QT or GTK. As specified in documentation when developers of gpg and WIndows will get their act together and figure out what they want and how they want it - most of functionality would not be needed. I would like to point out that simply claiming superiority and not supporting cygwin (Git4Win) or working Assuan ssh socket or putty shared memory in 64 bits Windows build does not help with user experience a single bit.
Lots of detailed documentation but frankly, after a brief read I have not yet figured out what it really does. We won't support Cygwin stuff - this is all obsolete and awe also removed starting gpg-agent as a service for good reasons. Instead of starting gpg-agent with lot of command line args it would be better to put this into a per user or system wide config file.
There is a user report that got things to work with https://github.com/rupor-github/win-gpg-agent
on https://wald.intevation.org/forum/forum.php?thread_id=2359&forum_id=21&group_id=11