This feature is implemented in different way, by T5099.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
May 27 2022
May 26 2022
May 25 2022
Pushed the solution which doesn't require new flag for libassuan.
May 24 2022
May 23 2022
In T5975#158113, @werner wrote:I can imagine thar there are use cases for this. Thus I see no problems for the first part.
The second part is imho not a good idea. Libgcrypt is a building block for all kind of software and there are for sure legitimate reasons to use rsa512 (MCUs, short living keys, etc). Thus I think that the decision on the key size should be done by the software using libgcrypt.
May 20 2022
May 19 2022
Pushed the change (master and 1.10).
May 18 2022
May 17 2022
I do not claim I understand anything of this assembler syntax :)
For the second, I wonder if newer xlclang++ compiler works with 1.9.
Thank you for the bug report.
Pushed the change.
To detect these kinds of bugs, possibly, we can use new GCC option: -ftrivial-auto-var-init=0xFEFEFEFE.
https://gcc.gnu.org/gcc-12/changes.html#uninitialized
May 13 2022
May 12 2022
Editing a formatted password should work now as expected.
May 11 2022
The change improve error handling for possible other errors by device: rG53eddf9b9ea0: scd: Fail when no good algorithm attribute.
May 10 2022
Thank you, @gniibe. That's what I was missing: installing libsqlite3-dev made the difference.
Pushed the change. Also, it's backported to 1.10 branch.
Applied to 2.2 branch, too.
Pushed the change to master.
Pushed the fix.
May 9 2022
May 6 2022
Proper accessible error reporting will be done with the accessibility related tasks.
For the same reasons "Print Secret Keys..." is now also disabled for keys stored on smart cards. No other command seems to require access to the secret key data.
May 5 2022
The Certificate Details window now has an Update button.
This can be bypassed by entering the date manually, was reported by a customer and I have just confirmed this.
May 3 2022
Fixed in GnuPG 2.3.5.
Nitrokey Start uses Gnuk as its firmware. You need to upgrade its firmware to version 1.2.16 or newer.
Please note that when upgrading the firmware, your keys will be removed.
May 2 2022
Its a nitrokey start. I gave it another spin just to make sure, and again when updating to openssh 9.0 and "gpg (GnuPG) 2.3.6-unknown", it fails (again with careful gpgconf --kill gpg-agent etc. Double checked the downloaded source code by arch's makepkg, appears to have that patch applied. Also tried adding -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com to the ssh command, which didn't help.
KexAlgorithms -sntrup761x25519-sha512@openssh.com
Please describe what token is used. For my use cases with rGe8fb8e2b3e66: scd: Don't inhibit SSH authentication for larger data if it can., both of Gnuk (>= 1.2.16) and Yubikey (>= 5) work well.
Apr 29 2022
this looks similar to https://dev.gnupg.org/T5935 and https://bugs.debian.org/1008573
Tested
Apr 28 2022
FYI, I built 2.3.6 using a modified archlinux PKGBUILD (& disabling patches to avoid conflicts), then did:
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
but ssh still fails as before
Apr 27 2022
Apr 26 2022
Fixed. Until the lookup is completed, a question mark icon should be shown and no error should be displayed.
My Yubikey (Yubico.com Yubikey 4/5 OTP+U2F+CCID) (key Ed25519) works fine with OpenSSH using kex of sntrup761x25519-sha512@openssh.com.
Apr 25 2022
Works together with the changes for T5939: Kleopatra: Better error for wrong password in symmetric decryption. Tested with symmetric encrypted file and with symmetric+pk encrypted file.
Sorry, I was confused. For RSA-4096, data is hashed by gpg-agent and hashed data is signed by a card.
We are using rsa-4096 on smartcard for quite some time; so I wonder what's the problem here. Is that that we don't use our Assuan hack for large key material with OpenPGP.3?
There is another case: RSA-4096 key. scdaemon rejects data by Invalid value. Unfortunately, there is no fix for this, as it's really too large. Even if scdaemon allows larger data, the card implementation rejects, when it conforms to PKCS #1 standard (data should not be larger than 40% of the modulus).
Apr 24 2022
You should not use log messages because they are subject to change and they are translated. Let us return an ERROR status instead.
Apr 22 2022
I have added the check for a possibly wrong symmetric password to QGpgMEDecryptVerifyJob because it relies on logging messages emitted by gpg which are not part of gpg's status API.
Apr 19 2022
Done. Note that different from the comments in your example a non-negative ValidityPeriodInDaysMax value implies that an expiration date is required. This way it's possible to require a validity period of at least 10 days, but still allow unlimited validity.
Done. This also fixes the state of the encryption check box in case the OpenPGP key type is forced.
Apr 14 2022
Done. I have also tried to make this dialog as accessible as possible as prototype for other form-like dialogs. The error reporting could still be improved by specifying what exactly is wrong instead of simply saying what could be wrong, but QValidator is too limited for this.
- Fixed in 2.3
- assert replaced by a fatal error message
Mar 29 2022
Not applying the change to GnuPG 2.2, users can use GnuPG 2.3 for that.
Mar 25 2022
Confirmed to work, thanks!
Thank you. Applied.
Implemented.
Thank you for the error output.
it still shows the no certificate or invalid encoded error message:
Mar 24 2022
I gave it a try. It works now, but it still shows the no certificate or invalid encoded error message:
Thank you. Confirmed.