In T6466#169934, @werner wrote:Funny enough that Python seems not to allow to set the permission with open. Low priority because a proper umask must anyway be used on a multi-user system.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Apr 24 2023
Apr 24 2023
ikloecker added a comment to T6466: gpgme python example code contains insecure code pattern / chmod permission race condition.
• werner triaged T6466: gpgme python example code contains insecure code pattern / chmod permission race condition as Low priority.
Funny enough that Python seems not to allow to set the permission with open. Low priority because a proper umask must anyway be used on a multi-user system.
Apr 13 2023
Apr 13 2023
Fixed in 1.19.0.
Apr 12 2023
Apr 12 2023
The crypto profiles have been removed in Gpg4win 4.1.1
Apr 4 2023
Apr 4 2023
Any volunteers to write a manual? ;-)
Mar 28 2023
Mar 28 2023
• werner renamed T6400: Improve Pinentry error message for a bad $TERM from Key generation on freebsd fails with message about screen size to Improve Pinentry error message for a bad $TERM.
Actually this is about improving an error message.
Mar 24 2023
Mar 24 2023
• werner closed T3469: gpg: decryption failed: No secret key <= after debian upgrade from Jessie to Stretch as Resolved.
Thanks for your follwup. Let me remark that it is sufficient to stop all gnupg processes (pkill gpg-agent) and then rename the ~/.gnupg to .gnupg-save-NNNN. This way you have a backup and gpg will create a new ~/.gnupg.
Mar 3 2023
Mar 3 2023
• werner closed T6390: ECC: Explain GnuPG's CV25519 key and its ECDH (comarison to X25519) as Resolved.
Thanks for the description; this is good for documentation.
Jan 31 2023
Jan 31 2023
Thanks. I fixed the documentation. Will go into 1.19
Jan 19 2023
Jan 19 2023
• werner removed a project from T6023: Check how GnuPG handles several keys from WKD: gnupg (gpg23).
• werner removed a project from T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent: gnupg (gpg23).
Jan 10 2023
Jan 10 2023
aheinecke moved T5227: GpgOL: User documentation from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Dec 20 2022
Dec 20 2022
Dec 12 2022
Dec 12 2022
• werner moved T6023: Check how GnuPG handles several keys from WKD from Backlog to WiP on the g10 board.
• werner moved T6023: Check how GnuPG handles several keys from WKD from Backlog to WiP on the common board.
• werner moved T5227: GpgOL: User documentation from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Dec 9 2022
Dec 9 2022
bernhard added a comment to T4613: document implementation guidance for WKD clients in draft-koch-openpgp-webkey-service.
The current WKD/WKS draft offers no direct guidance to WKD clients about the type of filtering they should do.
Dec 5 2022
Dec 5 2022
ikloecker edited projects for T3903: Kleopatra: Use the term password instead of passphrase, added: kleopatra; removed gnupg (gpg23).
Nov 29 2022
Nov 29 2022
Well, the modern way, recommended by the FSFE, for license notices in source files is SPDX instead of verbose license notices. https://reuse.software/
Modern way for license notice seems use of URL: https://www.gnu.org/prep/maintain/maintain.html#License-Notices-for-Code
https://www.gnu.org/licenses/gpl-howto.html
Nov 25 2022
Nov 25 2022
• gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Implications are... you won't be possible to use new protocols introduced by newer OpenSSH:
Nov 24 2022
Nov 24 2022
amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Thanks. Adding 'PubkeyAuthentication unbound' to my ~/.ssh/config seems to workaround it for me on openssh-9.1p1-3 (arch). I don't quite follow what the implications of that setting are though.
• gniibe renamed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) to OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
• gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
In my cases (tested with 9.1), here are the length of data to be signed by ssh-agent (emulation by gpg-agent).
- 164 bytes: Both features disabled by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com -o PubkeyAuthentication=unbound
- 192 bytes: Unbound only by: ssh -o PubkeyAuthentication=unbound
- 298 bytes: No Post Quantum only by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com
- 330 bytes: Both features enabled (no options)
Nov 22 2022
Nov 22 2022
Thank you, looks good to me.
• gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
I tested with openssh 9.1. When I add -o PubkeyAuthentication=unbound, I can make the length of data smaller.
• gniibe changed the status of T6274: documentation needs update for replacing gpgme-config from Open to Testing.
Please use gpgme.pc to configure your build. Your options are:
(1) With Autoconf:
(1-1) Use pkg.m4 and PKG_CHECK_MODULES (which uses pkg-config to access gpgme.pc)
(1-2) Use gpgme.m4 and AM_PATH_GPGME (which uses gpgrt-config to access gpgme.pc)
(2) Or... use pkg-config to access gpgme.pc.
Nov 10 2022
Nov 10 2022
Thanks. There should also be SPDX indentifiers everywhere.
Nov 9 2022
Nov 9 2022
amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
In T5931#165009, @alexk wrote:A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:
KexAlgorithms -sntrup761x25519-sha512@openssh.comFor me ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com ... does work as well.
• alexk added a project to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required): workaround.
A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:
Nov 1 2022
Nov 1 2022
• gniibe edited projects for T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent, added: Documentation; removed Bug Report.
The problem here is how large the data to be signed is. It is an issue of protocol design. The protocols are explained in openssh/PROTOCOL.certkeys and openssh/PROTOCOL. Unfortunately, it seems that it was designed with not much consideration for smartcard use case, so, data to be signed may be longer (than the capability of smartcard).
Oct 11 2022
Oct 11 2022
Fixed in libgpg-error 1.46 and pinentry 1.2.1.
Oct 8 2022
Oct 8 2022
jukivili closed T6232: Documentation refers to wrong the RFC for GCM-SIV cipher mode (GCRY_CIPHER_MODE_GCM_SIV) as Resolved.
Thanks. Fix has been pushed to master.
Oct 7 2022
Oct 7 2022
Aug 23 2022
Aug 23 2022
• werner renamed T6146: Add gcry_kdf_open et al. documentation from Add fcry_kdf_open et al. documentation to Add gcry_kdf_open et al. documentation.
Aug 1 2022
Aug 1 2022
• werner lowered the priority of T6023: Check how GnuPG handles several keys from WKD from High to Normal.
I don't think that we need to fix things here. Important is that the WKD import uses a filter which imports only keys with the requested mail address. However, if a key with the same fingerprint already exists it will be merged.
Jul 27 2022
Jul 27 2022
What I found: When the page is served by the server, it omits "charset=utf-8" part. This is the issue.
Jul 26 2022
Jul 26 2022
Thanks for fixing.
• werner triaged T6058: clarify need of --batch and/or --pinentry-mode looback with --passphrase-* options as Low priority.
There won't be any semantic changes for obvious reasons.
Thanks for reporting.
The first thing is a problem of the GNU makeinfo tool. Can't be fixed int the source.
Jul 25 2022
Jul 25 2022
• werner triaged T6068: clarify what a line is in --passphrase-fd and --passphrase-file as Low priority.
Jul 19 2022
Jul 19 2022
But then again: The three other apostrophes that occur in the text are represented by single quote characters. Maybe sticking to ASCII characters is the better fix after all.
Typographically the apostrophe character ’ is a different character than the single quote character '. So, the correct fix would be to fix the probably wrong encoded apostrophe instead of replacing it by a single quote character.
patch783 BDownload
Jul 14 2022
Jul 14 2022
Jul 12 2022
Jul 12 2022
• gniibe renamed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token to OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
• gniibe edited projects for T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required), added: Documentation; removed Restricted Project.
Changed the tags and the title.
Jun 28 2022
Jun 28 2022
Fixed in libgpg-error.
May 20 2022
May 20 2022
maltejur added a reviewer for D554: doc: Document usage of prefix to specify keyring type: Documentation.
May 13 2022
May 13 2022
• werner triaged T5712: Yubikey 5 NFC only recognized immediately after it is inserted as Normal priority.
Mar 21 2022
Mar 21 2022
• werner triaged T5887: gpgme_data_identify() function prototype not as documented as Normal priority.
Mar 19 2022
Mar 19 2022
pert updated the task description for T5887: gpgme_data_identify() function prototype not as documented.
Mar 14 2022
Mar 14 2022
• werner triaged T5596: Libgcrypt documentation: corrections to obvious misprints as Normal priority.
Thanks for you patches. Most of them applied cleanly despite that I delayed processing them for half a year.
Jan 25 2022
Jan 25 2022
There are reasons why we don't used pcsc-shared by default; for example: Not all OpenPGP cards support reading the current verification state (whether a PIN has already been entered) and thus we use a local cache for this. Other shared applications may change the state behind our back or even switch to another application on the card. Thus we use the safe way.
Jan 20 2022
Jan 20 2022
Thanks
Jan 11 2022
Jan 11 2022
The primary version of that script is in libgpg-error. Thus it needs to be fixed therefirst.
• gniibe added a project to T5712: Yubikey 5 NFC only recognized immediately after it is inserted: Documentation.
Jan 8 2022
Jan 8 2022
Jan 7 2022
Jan 7 2022
Oct 18 2021
Oct 18 2021
• werner added a comment to T3204: Include documentation for technicians in Gpg4win that matches the packaged versions of GnuPG, GPGME.
I would prefer to store legacy manuals on the web server. That is the easier solution.
bernhard updated subscribers of T3204: Include documentation for technicians in Gpg4win that matches the packaged versions of GnuPG, GPGME.
@werner, because we have talked about it:
Oct 15 2021
Oct 15 2021
It would be convenient if the -c option could be easily set in the gpg-agent.conf or in some configuration file for pinentry. The workaround that I use now to create a script that I can then use as pinentry-program is extra work because it requires an additional script.
Oct 13 2021
Oct 13 2021
Oct 12 2021
Oct 12 2021
Sep 29 2021
Sep 29 2021
Well, as I've said in the comment above, there doesn't seem to be any correction towarads --passphrase-fd not requiring --pinentry-mode loopback (still works withou)... and --no-default-keyring still gives the impression that it would be needed (while --no-keyring works as well).
Sep 28 2021
Sep 28 2021
Please don't, if you really feel like tha tis not resolved please re-open this ticket.
@werner shall I open a new ticket for the remaining stuff?
Sep 17 2021
Sep 17 2021
The changes do not seem to touch anything I've mentoned in (1)?
Sep 14 2021
Sep 14 2021
Sep 13 2021
Sep 13 2021
Yes, --no-keyring should enough for the subset of gpg commands which do not need keys.
Sep 12 2021
Sep 12 2021
MikhailRyazanov renamed T5596: Libgcrypt documentation: corrections to obvious misprints from Corrections to obvious Libgcrypt documentation misprints to Libgcrypt documentation: corrections to obvious misprints.
MikhailRyazanov renamed T5596: Libgcrypt documentation: corrections to obvious misprints from Corrections to obvious documentation misprints to Corrections to obvious Libgcrypt documentation misprints.
MikhailRyazanov added a project to T5596: Libgcrypt documentation: corrections to obvious misprints: libgcrypt.
MikhailRyazanov updated the task description for T5596: Libgcrypt documentation: corrections to obvious misprints.
MikhailRyazanov updated the task description for T5596: Libgcrypt documentation: corrections to obvious misprints.
Sep 8 2021
Sep 8 2021
Sep 3 2021
Sep 3 2021
I think the behavior makes perfect sense for Unix but the default delimiter for .txt in Windows is \r\n.
The OP wants to do symmetric encryption. This isn't about the passphrase that protects a key.
Yes, we read up to the first LF. This has been the traditional way of PGP2 and is still used by mail programs like Mutt.
Sep 2 2021
Sep 2 2021
I'm guessing gpg in Unix has stripped the \n if present? I don't have access to a real Unix system at the moment.
I see that problem but gpg has traditionally not interpreted the passphrase in any way. Right, for Windows we could strip the CR but I fear that this might break other users scripts/passphrases. However there should be a warning in the manual.
Aug 26 2021
Aug 26 2021
I have rather created D536 as IMO the timeout should be changed, not the documentation.
Aug 25 2021
Aug 25 2021
Aug 13 2021
Aug 13 2021