Page MenuHome GnuPG
Feed Advanced Search

Thu, Jan 25

werner added a comment to T6944: The default card key generation keeps an unprotected backup of the encryption key on disk.

Also fixed in the fortgcoming 2.2.43

Thu, Jan 25, 2:05 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner shifted T6944: The default card key generation keeps an unprotected backup of the encryption key on disk from the Restricted Space space to the S1 Public space.
Thu, Jan 25, 11:56 AM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report

Wed, Jan 24

werner closed T4676: libgcrypt S2K (algo 3) doesn't match OpenPGP as Resolved.
Wed, Jan 24, 2:50 PM · Documentation, OpenPGP
werner moved T6831: May chose a signing key from a not inserted card over an inserted one from QA to gnupg-2.4.4 on the gnupg24 board.
Wed, Jan 24, 2:45 PM · gnupg24 (gnupg-2.4.4), OpenPGP, patch, Bug Report
werner closed T6831: May chose a signing key from a not inserted card over an inserted one as Resolved.

Fixed in 2.4.4. Feel free to re-open if you still see problems.

Wed, Jan 24, 2:45 PM · gnupg24 (gnupg-2.4.4), OpenPGP, patch, Bug Report
werner closed T6944: The default card key generation keeps an unprotected backup of the encryption key on disk as Resolved.
Wed, Jan 24, 2:31 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner moved T6944: The default card key generation keeps an unprotected backup of the encryption key on disk from WiP to gnupg-2.2.43 on the gnupg22 board.
Wed, Jan 24, 2:31 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner moved T6944: The default card key generation keeps an unprotected backup of the encryption key on disk from QA to gnupg-2.4.4 on the gnupg24 board.
Wed, Jan 24, 2:31 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner added a comment to T6944: The default card key generation keeps an unprotected backup of the encryption key on disk.

Fixed in 2.4.4 and 2.2.43 - see above for affected versions.

Wed, Jan 24, 2:31 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner moved T6944: The default card key generation keeps an unprotected backup of the encryption key on disk from Backlog to WiP on the gnupg22 board.
Wed, Jan 24, 11:23 AM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner added a project to T6944: The default card key generation keeps an unprotected backup of the encryption key on disk: gnupg22.

We need to fix 2.2.42 too. This because we backported the responsible patch.

Wed, Jan 24, 11:22 AM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report

Jan 22 2024

werner changed the status of T6944: The default card key generation keeps an unprotected backup of the encryption key on disk from Open to Testing.
Jan 22 2024, 4:53 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report

Jan 19 2024

werner set External Link to https://forum.gnupg.org/t/privater-schlussel-von-smart-card-in-kleopatra-gespeichert/3858 on T6944: The default card key generation keeps an unprotected backup of the encryption key on disk.
Jan 19 2024, 12:38 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report

Jan 18 2024

werner added a comment to T6944: The default card key generation keeps an unprotected backup of the encryption key on disk.

We tested with Kleopatra:

  • Only gpg4win 4.2 is affected (the current version) but 4.1 is not affected.
  • No vsd version is affected.
Jan 18 2024, 8:35 AM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
werner added a comment to T6944: The default card key generation keeps an unprotected backup of the encryption key on disk.

FWIW, I am already working on this.

Jan 18 2024, 8:31 AM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report
gniibe added a comment to T6944: The default card key generation keeps an unprotected backup of the encryption key on disk.

Currently, there is no support for gpg-agent to keep private key not on disk, but only on memory of gpg-agent. Given the situation,
I think that it is good to:

Jan 18 2024, 2:17 AM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report

Jan 17 2024

werner triaged T6944: The default card key generation keeps an unprotected backup of the encryption key on disk as High priority.
Jan 17 2024, 4:07 PM · gnupg22 (gnupg-2.2.43), gnupg24 (gnupg-2.4.4), OpenPGP, scd, Bug Report

Jan 11 2024

werner added a project to T5590: OpenPGP: Curve 448, modernize?: rationale.
Jan 11 2024, 4:02 PM · rationale, gnupg, OpenPGP
werner closed T5590: OpenPGP: Curve 448, modernize? as Wontfix.

Way to late for a change and also adding another algorithm (SIV) complicates things for no good purposes.

Jan 11 2024, 4:00 PM · rationale, gnupg, OpenPGP

Jan 2 2024

werner changed the status of T6831: May chose a signing key from a not inserted card over an inserted one from Open to Testing.

I applied your patch and also fixed another possible problem.

Jan 2 2024, 10:33 AM · gnupg24 (gnupg-2.4.4), OpenPGP, patch, Bug Report

Nov 27 2023

gniibe added a comment to T6465: Store the ECDH parameters in the key file.

It's true that for KEYTOCARD command, there is optional argument for ECDH.
My point is that for PKDECRYPT command, it will be needed to add mechanism for getting such a parameter (when we use KEM API in gpg-agent).

Nov 27 2023, 10:23 AM · gnupg26, OpenPGP, scd, Bug Report
werner added a comment to T6465: Store the ECDH parameters in the key file.

We already have the ECDH parameters for OpenPGP in the gpg-agent API. The question is how large the data for PQC will be - likely we need to use an inquire already for this reason.

Nov 27 2023, 9:12 AM · gnupg26, OpenPGP, scd, Bug Report
gniibe added a comment to T6465: Store the ECDH parameters in the key file.

Considering the design of gpg-agent which focuses on private key operations and data, it would be better to enhance the gpg-agent protocol to inquire public key data of any format defined by the client (including ECDH KDF parameters of OpenPGP). I mean, instead of storing data in the key file (originally designed for private key + some additional data), we will enhance the protocol.

Nov 27 2023, 2:18 AM · gnupg26, OpenPGP, scd, Bug Report

Nov 23 2023

werner added a subtask for T6465: Store the ECDH parameters in the key file: T6620: Add a way to extract ECC key parameters from a public key.
Nov 23 2023, 12:04 PM · gnupg26, OpenPGP, scd, Bug Report

Nov 21 2023

werner triaged T6831: May chose a signing key from a not inserted card over an inserted one as Normal priority.
Nov 21 2023, 10:32 AM · gnupg24 (gnupg-2.4.4), OpenPGP, patch, Bug Report

Nov 13 2023

werner triaged T6815: PQC encryption for GnuPG as Normal priority.
Nov 13 2023, 4:06 PM · OpenPGP, PQC, gnupg

Nov 10 2023

werner closed T6395: ADSK Feature as Resolved.

Further investigation showed that this was due to a bogus key creating during I wrote the code.

Nov 10 2023, 9:08 AM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP
werner moved T6395: ADSK Feature from WiP to gnupg-2.2.42 on the gnupg22 board.
Nov 10 2023, 9:07 AM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP

Oct 26 2023

werner closed T6705: Provide strong v5 fingerprints also for v4 keys as Resolved.

Will be in GnuPG 2.2.42 and 2.4.4. GPGME 1.23.0 with support has been released.

Oct 26 2023, 9:07 AM · gpgme (gpgme 1.23.x), OpenPGP, Feature Request
werner moved T6705: Provide strong v5 fingerprints also for v4 keys from Backlog to gpgme 1.23.x on the gpgme board.
Oct 26 2023, 9:05 AM · gpgme (gpgme 1.23.x), OpenPGP, Feature Request

Oct 25 2023

werner moved T5438: gpgme_op_keylist_from_data_start ignores GPGME_KEYLIST_MODE_SIGS from QA for next release to gpgme 1.23.x on the gpgme board.
Oct 25 2023, 10:43 AM · gpgme (gpgme 1.23.x), OpenPGP, Bug Report

Oct 24 2023

werner changed the status of T6395: ADSK Feature from Testing to Open.

While trying to replicate your findings I might have found a but in the import code which rejected one of the keys (using gnupg 2.2). I'll take care of this.

Oct 24 2023, 4:14 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP

Oct 5 2023

werner added a comment to T6395: ADSK Feature .

@ebo: Du have the Ted Tester key (i.e. the ADSK key) also in you keyring?

Oct 5 2023, 11:27 AM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP

Sep 22 2023

ebo moved T6395: ADSK Feature from QA to WiP on the gnupg22 board.

Encryption to the ADSK seems to work but I'm not sure if everything is displayed as expected.

Sep 22 2023, 4:29 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP
ebo moved T6399: Missing trustdb check on import of certificate from QA to gnupg-2.2.42 on the gnupg22 board.
Sep 22 2023, 1:20 PM · gnupg22 (gnupg-2.2.42), OpenPGP, Restricted Project

Sep 12 2023

ebo closed T6399: Missing trustdb check on import of certificate as Resolved.

works

Sep 12 2023, 3:56 PM · gnupg22 (gnupg-2.2.42), OpenPGP, Restricted Project

Sep 6 2023

werner moved T6399: Missing trustdb check on import of certificate from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Sep 6 2023, 12:15 PM · gnupg22 (gnupg-2.2.42), OpenPGP, Restricted Project
werner changed the status of T6399: Missing trustdb check on import of certificate from Open to Testing.

Bugs goes back to 2002 where we stopped checking trust for keys without any signature. This was really useful but has this strange behaviour.

Sep 6 2023, 12:15 PM · gnupg22 (gnupg-2.2.42), OpenPGP, Restricted Project

Sep 4 2023

werner updated the task description for T6705: Provide strong v5 fingerprints also for v4 keys.
Sep 4 2023, 3:35 PM · gpgme (gpgme 1.23.x), OpenPGP, Feature Request
werner triaged T6705: Provide strong v5 fingerprints also for v4 keys as Normal priority.
Sep 4 2023, 3:35 PM · gpgme (gpgme 1.23.x), OpenPGP, Feature Request

Aug 28 2023

werner added a comment to T6399: Missing trustdb check on import of certificate.

I am not sure about the initial state of the key. What you are doing is to sign the key with itself (self-signature). Why?
In any case, I can't replicate this. Let's talk about this next week.

Aug 28 2023, 5:35 PM · gnupg22 (gnupg-2.2.42), OpenPGP, Restricted Project

Aug 25 2023

werner claimed T6399: Missing trustdb check on import of certificate.
Aug 25 2023, 4:05 PM · gnupg22 (gnupg-2.2.42), OpenPGP, Restricted Project

Aug 8 2023

werner triaged T6638: PQC for GnuPG as Wishlist priority.
Aug 8 2023, 11:50 AM · OpenPGP, PQC, gnupg

Aug 1 2023

werner closed T6615: v5 document signatures verification. as Resolved.
Aug 1 2023, 11:49 AM · Documentation, OpenPGP, Bug Report
werner added a comment to T6615: v5 document signatures verification..

Okay, will go into the next revision. Thanks.

Aug 1 2023, 11:49 AM · Documentation, OpenPGP, Bug Report

Jul 31 2023

onickolay added a comment to T6615: v5 document signatures verification..

Thanks for the reply!

Jul 31 2023, 2:45 PM · Documentation, OpenPGP, Bug Report
werner added projects to T6615: v5 document signatures verification.: OpenPGP, Documentation.
Jul 31 2023, 1:42 PM · Documentation, OpenPGP, Bug Report

Jul 24 2023

ebo moved T6174: Option --require-comliance does not work in sign+encrypt mode from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Jul 24 2023, 2:12 PM · Restricted Project, OpenPGP, Bug Report, gnupg

May 30 2023

werner renamed T6504: Adding an ADSK to several keys may fail with Wrong Key Usage. from Adding an ADKS to several keys may fail with Wrong Key Usage. to Adding an ADSK to several keys may fail with Wrong Key Usage..
May 30 2023, 10:36 AM · gnupg24 (gnupg-2.4.2), OpenPGP, Bug Report

May 26 2023

werner edited projects for T6465: Store the ECDH parameters in the key file, added: gnupg26; removed gnupg24.
May 26 2023, 10:00 AM · gnupg26, OpenPGP, scd, Bug Report

May 25 2023

werner closed T6504: Adding an ADSK to several keys may fail with Wrong Key Usage. as Resolved.

The fix actually does the same as my suggested workaround.

May 25 2023, 12:03 PM · gnupg24 (gnupg-2.4.2), OpenPGP, Bug Report
werner moved T6504: Adding an ADSK to several keys may fail with Wrong Key Usage. from Backlog to gnupg-2.4.2 on the gnupg24 board.
May 25 2023, 12:03 PM · gnupg24 (gnupg-2.4.2), OpenPGP, Bug Report
werner lowered the priority of T6504: Adding an ADSK to several keys may fail with Wrong Key Usage. from High to Normal.

There is an easy workaround: Append an exclamation mark to the adsk key. This way gpg will only search for this subkey.
An example with my test keys:

May 25 2023, 11:21 AM · gnupg24 (gnupg-2.4.2), OpenPGP, Bug Report

May 23 2023

werner updated the task description for T6504: Adding an ADSK to several keys may fail with Wrong Key Usage..
May 23 2023, 3:18 PM · gnupg24 (gnupg-2.4.2), OpenPGP, Bug Report
werner triaged T6504: Adding an ADSK to several keys may fail with Wrong Key Usage. as High priority.
May 23 2023, 3:18 PM · gnupg24 (gnupg-2.4.2), OpenPGP, Bug Report

May 9 2023

werner closed T4669: Key expiration time sometimes improperly interpreted as a signed 32-bit value as Resolved.
May 9 2023, 7:50 AM · Not A Bug, OpenPGP, gnupg

Apr 21 2023

werner edited parent tasks for T6465: Store the ECDH parameters in the key file, added: T6382: keytocard fails to import a nistp384 ECDSA key; removed: T6378: keytocard: invalid value.
Apr 21 2023, 3:21 PM · gnupg26, OpenPGP, scd, Bug Report
werner triaged T6465: Store the ECDH parameters in the key file as Normal priority.
Apr 21 2023, 3:13 PM · gnupg26, OpenPGP, scd, Bug Report

Apr 14 2023

gniibe merged task T3391: cannot import subkey that was once marked to be on a card into T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before.
Apr 14 2023, 8:05 AM · Restricted Project, gpgagent, scd, gnupg, OpenPGP, Bug Report

Apr 13 2023

ebo added a comment to T3391: cannot import subkey that was once marked to be on a card.

isn't T3456 the same issue?

Apr 13 2023, 2:57 PM · Restricted Project, gpgagent, scd, gnupg, OpenPGP, Bug Report
ebo added a project to T3391: cannot import subkey that was once marked to be on a card: Restricted Project.
Apr 13 2023, 2:50 PM · Restricted Project, gpgagent, scd, gnupg, OpenPGP, Bug Report

Apr 12 2023

werner triaged T6445: Chunking armored messages and pubkeys? as Low priority.
Apr 12 2023, 8:45 AM · OpenPGP, Feature Request

Apr 3 2023

werner moved T6395: ADSK Feature from QA to gnupg-2.4.1 on the gnupg24 board.
Apr 3 2023, 2:33 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP

Mar 24 2023

werner closed T6422: --rfc4880 not working in Gpg4win 4.1.0? as Resolved.

OCB mode (i.e. packet 20) is only used if the keys announce it. Thus only after moving a (private) key from GnuPG to a non-GnuPG compatible implementation you will run into this problem. The compatibility options won't override the preference system.

Mar 24 2023, 9:14 AM · OpenPGP, Support, gnupg

Mar 21 2023

werner set External Link to https://gnupg.org/blog/20230321-adsk.html on T6395: ADSK Feature .
Mar 21 2023, 6:23 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP
werner placed T6395: ADSK Feature up for grabs.
Mar 21 2023, 4:36 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP
werner changed the status of T6395: ADSK Feature from Open to Testing.

Things for 2.4 are all done.

Mar 21 2023, 4:36 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP
werner moved T6395: ADSK Feature from Backlog to QA on the gnupg22 board.

For 2.2 we will for now only implement the encryption.

Mar 21 2023, 4:35 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP

Mar 3 2023

werner triaged T6399: Missing trustdb check on import of certificate as Normal priority.
Mar 3 2023, 10:17 AM · gnupg22 (gnupg-2.2.42), OpenPGP, Restricted Project
werner closed T6390: ECC: Explain GnuPG's CV25519 key and its ECDH (comarison to X25519) as Resolved.

Thanks for the description; this is good for documentation.

Mar 3 2023, 8:25 AM · Support, Documentation, OpenPGP, gnupg

Mar 2 2023

werner moved T6395: ADSK Feature from Backlog to WiP on the gnupg24 board.
Mar 2 2023, 11:32 AM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP

Mar 1 2023

werner triaged T6395: ADSK Feature as Normal priority.
Mar 1 2023, 5:21 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP

Feb 8 2023

gniibe reopened T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG. as "Open".

Sorry, I mistakenly closed this task. I reopen it.

Feb 8 2023, 2:45 AM · Support, gnupg, OpenPGP

Feb 7 2023

gniibe closed T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG. as Resolved.

Could it be the case that your implementation actually used those bits to calculate a public key?

Feb 7 2023, 11:39 AM · Support, gnupg, OpenPGP

Feb 3 2023

onickolay added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Sorry for a bit late follow up. How do you calculate a public key? RNP's crypto backend, Botan, is calculating public key without taking in account bits which should be tweaked. I.e. both tweaked and non-tweaked secret keys would produce the same public key. The same is with decryption. Could it be the case that your implementation actually used those bits to calculate a public key?

Feb 3 2023, 12:39 PM · Support, gnupg, OpenPGP

Jan 26 2023

werner added a comment to T6358: --locate-key does not consider expired subkeys..

To fix this we also need to fix our key selection test (key-selection.scm) which is can't cope with all combinations. The tests are run with a faked time of 2004-01-01 on all subsets of this ordered list of keys

Jan 26 2023, 11:19 AM · gnupg24, OpenPGP
werner added a comment to T6358: --locate-key does not consider expired subkeys..

See also T4713

Jan 26 2023, 9:51 AM · gnupg24, OpenPGP
werner triaged T6358: --locate-key does not consider expired subkeys. as Normal priority.
Jan 26 2023, 9:40 AM · gnupg24, OpenPGP

Jan 19 2023

werner removed a project from T4446: please add --quick-revoke-subkey: gnupg (gpg23).
Jan 19 2023, 4:52 PM · Restricted Project, gnupg24, Feature Request
werner removed a project from T3513: Change of trust of new uid not immediately reflected in user interface: gnupg (gpg23).
Jan 19 2023, 4:50 PM · gnupg24, OpenPGP, Feature Request
werner removed a project from T5590: OpenPGP: Curve 448, modernize?: gnupg (gpg23).
Jan 19 2023, 4:49 PM · rationale, gnupg, OpenPGP
werner removed a project from T5649: Issue better error message for invalid OpenPGP RSA keys: gnupg (gpg23).
Jan 19 2023, 4:49 PM · gnupg24, OpenPGP, Feature Request

Jan 18 2023

bigmomma added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

So here is a redacted CLI-dump of the exact sequence I'm describing in my post. This is with untweaked keys and gpg 2.2.40 and a factory-reset yubikey.

Jan 18 2023, 6:30 PM · Support, gnupg, OpenPGP
bigmomma added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

So in case this was not clear... What I'm describing is very similar to the original description, but it is "inverted" - the untweaked key works flawlessly (import and decryption) except for keytocard. And the tweaked key can't be imported - either "Bad Secret Key" or asking for passphrase.

Jan 18 2023, 3:38 PM · Support, gnupg, OpenPGP
bigmomma added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

@onickolay Yes, I have. I have used --check-cv25519-bits and it said that it needs patching. I then did --fix-cv25519-bits and exported the key. Looking at the CV25519 private-key bytes produced by my code and by RNP, I confirmed that they did the exact same transformation.
When trying to re-import the exported key into gpg, I got the "Bad Secret Key" error again

Jan 18 2023, 3:27 PM · Support, gnupg, OpenPGP
onickolay added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

@bigmomma Just for a quick check - did you try to use RNP's CLI command --edit-key --fix-cv25519-bits, as it's not clear from the message?

Jan 18 2023, 3:17 PM · Support, gnupg, OpenPGP
bigmomma added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Hi! I would like to chime in on this issue as I am having some weird problems with a CV25519 sub-key and after stumbling upon this thread, I think it is related to this.
Unfortunately, I can't post the key material here, because it is my actual encryption private-key.

Jan 18 2023, 3:12 PM · Support, gnupg, OpenPGP

Dec 6 2022

ikloecker added a comment to T6109: Kleopatra: Better way to show expired subkeys.

Another idea (based on above ideas): We add an optional column named "Valid For" and only list the usages that are currently possible. If the encryption subkey is expired, then the key will probably only be valid for signing and certifying. This should be easier to understand than my fancy color coding idea while still giving the user a hint what a certain certificate can be used for. I'd still abbreviate the usage to a single letter in English. Translators could still use more letters if a single letter would be ambiguous.

Dec 6 2022, 10:37 AM · Feature Request, Restricted Project, OpenPGP, kleopatra

Oct 28 2022

werner added a project to T5704: Ed448/X448 defined in draft-ietf-openpgp-crypto-refresh-04: OpenPGP.

Meanwhile I have _some_ doubts that the v5 format is a good idea. It will introduce a lot of problems and thus a more lean way of replacing the fingerprint should be re-considered. Even if that means, we have to live with two kinds of fingerprints for a decade or so.

Oct 28 2022, 4:11 PM · gnupg24, OpenPGP, gnupg (gpg23)
werner added a comment to T5590: OpenPGP: Curve 448, modernize?.

Given that the OpenPGP WG practically decided to fork OpenPGP I don't see a reason why we should keep this bug open.

Oct 28 2022, 4:03 PM · rationale, gnupg, OpenPGP

Oct 10 2022

werner closed T4482: GPG: Error on sign-key with compliance de-vs because of SHA-1 usage as Resolved.
Oct 10 2022, 11:23 AM · OpenPGP, gnupg
werner added a parent task for T4482: GPG: Error on sign-key with compliance de-vs because of SHA-1 usage: T6063: GnuPG: Ignore invalid hash algorithm preferences when signing & encrypting combined.
Oct 10 2022, 11:17 AM · OpenPGP, gnupg

Sep 2 2022

ikloecker added a comment to T6109: Kleopatra: Better way to show expired subkeys.

We could use single letters or icons (with proper tool tip and accessible name). I'm not sure mentioning the cert usage is that useful.

Sep 2 2022, 11:24 AM · Feature Request, Restricted Project, OpenPGP, kleopatra
aheinecke added a comment to T6109: Kleopatra: Better way to show expired subkeys.

Another point where this is very problematic are S/MIME certificates for signing and encryption. While the certificate line edit and the certificate combo box filter the usage, Groups are problematic. If you want to create an encryption group and include one "signing only" certificate the whole group is no longer visible for example in Outlook when encrypting. Both me and Eva thought that S/MIME Groups did not work at all in Outlook because of this.

Sep 2 2022, 10:22 AM · Feature Request, Restricted Project, OpenPGP, kleopatra

Aug 31 2022

werner closed T6174: Option --require-comliance does not work in sign+encrypt mode as Resolved.
Aug 31 2022, 5:46 PM · Restricted Project, OpenPGP, Bug Report, gnupg

Aug 30 2022

werner triaged T6174: Option --require-comliance does not work in sign+encrypt mode as High priority.
Aug 30 2022, 6:53 PM · Restricted Project, OpenPGP, Bug Report, gnupg

Aug 15 2022

gniibe closed T5438: gpgme_op_keylist_from_data_start ignores GPGME_KEYLIST_MODE_SIGS as Resolved.

It's in 1.18.0.

Aug 15 2022, 2:57 AM · gpgme (gpgme 1.23.x), OpenPGP, Bug Report

Aug 5 2022

gniibe moved T5438: gpgme_op_keylist_from_data_start ignores GPGME_KEYLIST_MODE_SIGS from For a future release to QA for next release on the gpgme board.
Aug 5 2022, 8:12 AM · gpgme (gpgme 1.23.x), OpenPGP, Bug Report

Jul 27 2022

ikloecker renamed T6109: Kleopatra: Better way to show expired subkeys from Better way to show expired subkeys in Kleopatra to Kleopatra: Better way to show expired subkeys.
Jul 27 2022, 4:48 PM · Feature Request, Restricted Project, OpenPGP, kleopatra
ikloecker updated subscribers of T6109: Kleopatra: Better way to show expired subkeys.

This is related to T5950: Allow viewing expired certificates more easily where a user was wondering why some key wasn't offered as encryption key. It turned out that the encryption subkey was expired.

Jul 27 2022, 4:45 PM · Feature Request, Restricted Project, OpenPGP, kleopatra