Page MenuHome GnuPG
Feed Advanced Search

Jun 8 2017

justus closed T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME as Resolved.
Jun 8 2017, 2:24 PM · g10code Sprint (KW 22), gpgme, gnupg

Jun 7 2017

justus reopened T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME as "Open".

GnuPG needs to report compliance when decrypting symmetrically encrypted packet.

Jun 7 2017, 11:02 AM · g10code Sprint (KW 22), gpgme, gnupg

Jun 6 2017

marcus archived g10code Sprint (KW 22).
Jun 6 2017, 10:18 AM

Jun 1 2017

justus closed T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME as Resolved.

Implemented in gpg, gpgsm, and gpgme with all bindings.

Jun 1 2017, 2:19 PM · g10code Sprint (KW 22), gpgme, gnupg

May 31 2017

aheinecke added a comment to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME.

Yes.

May 31 2017, 11:05 AM · g10code Sprint (KW 22), gpgme, gnupg
justus added a comment to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME.

Reading that PDF I guess we need the same functionality in gpgsm too, right?

May 31 2017, 9:56 AM · g10code Sprint (KW 22), gpgme, gnupg

May 30 2017

justus added revisions to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME: D430: Implement 'is_de_vs' for decryption results and signatures. xxx, D429: gpg: Report compliance with CO_DE_VS. xxx.
May 30 2017, 2:40 PM · g10code Sprint (KW 22), gpgme, gnupg
justus added a comment to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME.
In T3059#98047, @werner wrote:

DSA is signature-only but VS-NfD is only about encryption. Thus signatures are out of scope.

May 30 2017, 1:48 PM · g10code Sprint (KW 22), gpgme, gnupg
werner added a comment to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME.

DSA is signature-only but VS-NfD is only about encryption. Thus signatures are out of scope. Even key management is out of scope. OTOH, certain algorithms are simply not allowed. This means we can't use SHA-1 except for specified and approved usages (in our case OpenPGP fingerprints).

May 30 2017, 1:42 PM · g10code Sprint (KW 22), gpgme, gnupg
werner added a comment to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME.

Yes. mark them as non-compliant.

May 30 2017, 1:38 PM · g10code Sprint (KW 22), gpgme, gnupg
justus added a comment to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME.
In T3059#98039, @justus wrote:

Afaics the document does not specify the following. OpenPGP messages can carry multiple signatures, and the session key can be encrypted by multiple keys. I will implement the following logic:

  1. A verification operation is compliant if one of the signatures is compliant.
  2. A decryption operation is compliant if all of the algorithms used to encrypt the session keys are compliant.

Sounds exactly right to me.

May 30 2017, 12:52 PM · g10code Sprint (KW 22), gpgme, gnupg
aheinecke added a comment to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME.
In T3059#98039, @justus wrote:

Afaics the document does not specify the following. OpenPGP messages can carry multiple signatures, and the session key can be encrypted by multiple keys. I will implement the following logic:

  1. A verification operation is compliant if one of the signatures is compliant.
  2. A decryption operation is compliant if all of the algorithms used to encrypt the session keys are compliant.
May 30 2017, 11:34 AM · g10code Sprint (KW 22), gpgme, gnupg
justus added a comment to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME.

Afaics the document does not specify the following. OpenPGP messages can carry multiple signatures, and the session key can be encrypted by multiple keys. I will implement the following logic:

May 30 2017, 11:26 AM · g10code Sprint (KW 22), gpgme, gnupg
justus added a comment to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME.
In T3059#98015, @werner wrote:

g10/misc.c:gnupg_pk_is_compliant is my take on puble key algorithms.

May 30 2017, 9:15 AM · g10code Sprint (KW 22), gpgme, gnupg

May 29 2017

werner added a comment to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME.

See kerckhoffs:~wk/ST-Gpg4VSNfD-v0.6.pdf - eventually this will be published but right now we don't have clearance from the BSI to do that.

May 29 2017, 5:43 PM · g10code Sprint (KW 22), gpgme, gnupg
werner added a comment to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME.

g10/misc.c:gnupg_pk_is_compliant is my take on puble key algorithms. For cipher algorithm, we will only allow AES* and digest SHA-2-*. Other details are in a document we have in an project internal wiki - I'll send you a copy.

May 29 2017, 5:38 PM · g10code Sprint (KW 22), gpgme, gnupg
justus added a comment to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME.

Ok, good to know. However, I still need more information about what it means to comply with CO_DE_VS. Any pointers?

May 29 2017, 4:22 PM · g10code Sprint (KW 22), gpgme, gnupg
werner added a comment to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME.

I thought about this but in the end it is unlikely that we will see request for other protection profiles. Thus I did spend a single bit on the German thing. Further, it is quite possible that a message matches several profiles and than bit fields come really handy. For the very limited circle of users a dedicated sub system for such things would be overkill.

May 29 2017, 4:05 PM · g10code Sprint (KW 22), gpgme, gnupg
justus added a comment to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME.

The GPGME API uses field names like 'is_de_vs', but isn't that short-sighted because we hardcode names of compliance modes into the API? Also, 'vs' seems to match both 'VERSCHLUSSSACHE – VERTRAULICH' and 'VERSCHLUSSSACHE – NUR FÜR DEN DIENSTGEBRAUCH'.

May 29 2017, 4:01 PM · g10code Sprint (KW 22), gpgme, gnupg
justus added a project to T3059: Make information that a verifyresult / decrypt result was compliant to a compliance mode available through GPGME: g10code Sprint (KW 22).
May 29 2017, 12:44 PM · g10code Sprint (KW 22), gpgme, gnupg
marcus edited projects for T3113: Integrate gnupg commit message style in arc, added: g10code Sprint (KW 22); removed g10code Sprint (KW 21).
May 29 2017, 10:16 AM · g10code Sprint, dev.gnupg.org
marcus edited projects for T3081: Write PHP parser for gnupg style commit messages., added: g10code Sprint (KW 22); removed g10code Sprint (KW 21).
May 29 2017, 10:16 AM · g10code Sprint, dev.gnupg.org
marcus edited projects for T3147: Make a GPGME release, added: g10code Sprint (KW 22); removed g10code Sprint (KW 21).
May 29 2017, 10:16 AM · gpgme (gpgme 1.23.x), g10code Sprint
marcus edited projects for T3031: Get a bank account, added: g10code Sprint (KW 22); removed g10code Sprint (KW 21).
May 29 2017, 10:16 AM · g10code Sprint (KW 25), Verein
marcus edited projects for T3152: KDF DO support in OpenPGP card, added: g10code Sprint (KW 22); removed g10code Sprint (KW 21).
May 29 2017, 10:16 AM · scd
marcus edited projects for T3107: Gpg4win compendium should be accessible from Kleopatra, added: g10code Sprint (KW 22); removed g10code Sprint (KW 21).
May 29 2017, 10:15 AM · g10code Sprint, kleopatra, gpg4win
marcus edited projects for T3156: Offer to switch to automatic mode once in GpgOL and Kleopatra, added: g10code Sprint (KW 22); removed g10code Sprint (KW 21).
May 29 2017, 10:15 AM · g10code Sprint, gpg4win
marcus edited projects for T3158: Kleopatra Show User ID validity into keytreeviews, added: g10code Sprint (KW 22); removed g10code Sprint (KW 21).
May 29 2017, 10:15 AM · g10code Sprint, gpg4win
marcus edited projects for T3159: Various small Kleopatra improvements, added: g10code Sprint (KW 22); removed g10code Sprint (KW 21).
May 29 2017, 10:15 AM · g10code Sprint, kleopatra, gpg4win
marcus edited projects for T3050: Upload wizard, added: g10code Sprint (KW 22); removed g10code Sprint (KW 21).
May 29 2017, 10:15 AM · g10code Sprint, Enigmail
marcus edited projects for T3157: Improve TOFU handling in Kleopatra, added: g10code Sprint (KW 22); removed g10code Sprint (KW 21).
May 29 2017, 10:14 AM · g10code Sprint, gpg4win

May 22 2017

marcus created g10code Sprint (KW 22).
May 22 2017, 10:43 AM