In T6282#165263, @werner wrote:It turned out that the reason for the problem is the use of the --ignore-cert-with-oid option in gpgsm.conf.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Nov 28 2022
Nov 28 2022
ikloecker renamed T6282: Kleopatra: Smartcard dialog for Signature Card 2.0 does not show keys if one key wasn't imported from the card from Kleopatra smartcard dialog for Signature Card 2.0 to Kleopatra: Smartcard dialog for Signature Card 2.0 does not show keys if one key wasn't imported from the card.
Nov 17 2022
Nov 17 2022
ikloecker added a comment to T6282: Kleopatra: Smartcard dialog for Signature Card 2.0 does not show keys if one key wasn't imported from the card.
• werner added a comment to T6282: Kleopatra: Smartcard dialog for Signature Card 2.0 does not show keys if one key wasn't imported from the card.
It turned out that the reason for the problem is the use of the --ignore-cert-with-oid option in gpgsm.conf.
We need to do this also for CHANGE REFERENCE DATA - however, there should be an extra option so that we can debug this despite of the redacting.
Nov 14 2022
Nov 14 2022
Oct 28 2022
Oct 28 2022
Will be released with 2.3.9
• werner closed T6252: Support ECC for Netkey cards also in 2.2, a subtask of T4938: Support Signature Card V2.0 (NKS15), as Resolved.
• werner moved T6252: Support ECC for Netkey cards also in 2.2 from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Oct 20 2022
Oct 20 2022
• werner added a parent task for T6252: Support ECC for Netkey cards also in 2.2: T6253: GpgSM: Backport ECC support to 2.2.
• werner changed the status of T6252: Support ECC for Netkey cards also in 2.2, a subtask of T4938: Support Signature Card V2.0 (NKS15), from Open to Testing.
• werner changed the status of T6252: Support ECC for Netkey cards also in 2.2 from Open to Testing.
• werner added a parent task for T6252: Support ECC for Netkey cards also in 2.2: T4938: Support Signature Card V2.0 (NKS15).
Oct 11 2022
Oct 11 2022
is there any news for gnupgp 4.0.4 release with gnupg 2.3.8?
Oct 10 2022
Oct 10 2022
• werner triaged T6234: Implement access to smartcards via a generic pkcs#11 interface as Normal priority.
Oct 9 2022
Oct 9 2022
In T5790#163980, @manonfgoo wrote:
Oct 8 2022
Oct 8 2022
In T5790#163886, @werner wrote:[Merging didn't work]
Can you test the Patch, does it work for you ?
Oct 7 2022
Oct 7 2022
manonfgoo updated the task description for T5790: Cannot use "Retired Cert Key Mgm [1-20]” Slots on YubiKey.
Here is the patch as file:
piv.patch3 KBDownload
The patch applies with -p1 to the master brach, alternatively I could push a commit, but my user does not seam to be allowed to do so:
[Merging didn't work]
Oct 6 2022
Oct 6 2022
Attached you find a patch to this issue. This Patch sets the "keypair" attribute to the keys 0x82 to 0x95 unconditionaly.
Oct 1 2022
Oct 1 2022
In T6218#163787, @gouttegd wrote:Does the latest Scute require an instance of gpg-agent and/or scdaemon running to work?
Yes. Scute relies on those to interact with the token.
Sep 30 2022
Sep 30 2022
Does the latest Scute require an instance of gpg-agent and/or scdaemon running to work?
Sep 28 2022
Sep 28 2022
That sounds quite cool.
Actually we developed PIV support to allow the use of PIV X.509 certificates and OpenPGP keys with Yubikeys. In fact, GnuPG is able to switch between the Yubikey PIV and OpenPGP applications on-the-fly while keeping their PIN verification states.
I was indeed using version 1.5.0 for testing, but I wish to clarify the purpose of Scute in my setup before proceeding.
Sep 27 2022
Sep 27 2022
Which version of Scute are you using?
Using Scute as a drop-in replacement doesn't currently work. Perhaps my config needs more adjustments than just:
module = /usr/lib/x86_64-linux-gnu/scute/scute.so
Sep 26 2022
Sep 26 2022
Yes, I meant to use Scute as pkcsc11 module for pam_pkcs11. Thanks for explaining more verbosely what I meant.
I think Werner may have confused pam_pkcs11 with gnupg-pkcs11-scd. :)
I'm not sure what you mean with using Scute as PKCS#11 provider instead of pam_pkcs11, as pam_pkcs11 is not a provider but a user of PKCS#11
• werner triaged T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors as Normal priority.
There is a reason why pcsc-shared is not the default ;-). Please try using Scute (best the t6002 branch until it has been merged) as pkcs#11 provider instead of pam_pkcs11. And you should of course use the stable version of GnuPG and not the LTS (2.2).
Sep 22 2022
Sep 22 2022
Sep 20 2022
Sep 20 2022
Testing gpg-auth : There are two different use cases
- test with xsecurelock for screen lock
- test with pam-autoproto for login / gdm / etc.
Here are pam_authproto.c with Makefile, so that you can compile it with libpam:
pam_authproto-2022-09-20.tar.gz4 KBDownload
Sep 9 2022
Sep 9 2022
Here is a PAM module, which interact a spawned process using authproto protocol of xsecurelock.
pam_authproto.c13 KBDownload
Sep 5 2022
Sep 5 2022
Sep 3 2022
Sep 3 2022
Sep 2 2022
Sep 2 2022
• werner removed a project from T6135: Agent, P15: Insert Smartcard query uses serial number instead of $DISPSERIALNO: Restricted Project.
• werner changed the status of T6179: gnupg 2.3.7 broke YubiKey support: DBG: Curve with OID not supported: 2b06010401da470f01 from Open to Testing.
Aug 26 2022
Aug 26 2022
• gniibe removed a parent task for T5995: Better prompt with SETKEYDESC: T5984: gpg-agent interaction improvement (smartcard improvement #3).
Aug 24 2022
Aug 24 2022
• werner added projects to T6135: Agent, P15: Insert Smartcard query uses serial number instead of $DISPSERIALNO: backport, gnupg (gpg23).
Needs to be forward ported to master
The delays are due to /usr/sbin/laptop_mode from the laptop-mode-tools package.
Inserting as well as removal is detected on my machine always only after 25 seconds
I wrote a simple testusb.c if monitoring USB devices works:
#include <stdlib.h> #include <libusb.h> #include <poll.h> #include <stdio.h>
Aug 23 2022
Aug 23 2022
Aug 22 2022
Aug 22 2022
exact v.2.3.8 is expected, generally I don't import Key on yubico I generate them directly from yubico itself in order to have the private Key created directly on yubico and not exportable.
Hi! I would like to add my experience about this issue.
Aug 21 2022
Aug 21 2022
what's new for a possible gnupg 2.3.8 or gpg4win 4.0.4 release?
Aug 15 2022
Aug 15 2022
• werner added a comment to T6135: Agent, P15: Insert Smartcard query uses serial number instead of $DISPSERIALNO.
If the stub has been created or updated we will now ask for the card
with the Display-SN. If in addition a Label has been set to the key
that label is also shown. Note that the Display-S/N is associated wit
a card but the Label is associated with a key. For example if the
same key has been stored on two cards, the prompt will ask for one of
those cards but shows the same same Label. It is sufficient to insert
any of the cards with the key because that is what we actually need.
• werner added a comment to T6135: Agent, P15: Insert Smartcard query uses serial number instead of $DISPSERIALNO.
In master we already have Token lines which are created but not yet used. I am going to extend this with the display S/N and drop the idea of a separate Display-SN entry.
Aug 12 2022
Aug 12 2022
• werner added a comment to T6135: Agent, P15: Insert Smartcard query uses serial number instead of $DISPSERIALNO.
I am going to introduce a new DisplaySN: value for 2.2 which might also be useful for master.
• werner added a comment to T6135: Agent, P15: Insert Smartcard query uses serial number instead of $DISPSERIALNO.
We have changes for this in master; I need to see whether it is possible to backport them.
aheinecke triaged T6135: Agent, P15: Insert Smartcard query uses serial number instead of $DISPSERIALNO as Normal priority.
Aug 11 2022
Aug 11 2022
While playing with your scripts I figured that it would be useful to enhance the KEYINFO command. With
rG989eae648c8f3d2196517e8fc9cce247b21f9629 we could now
Aug 4 2022
Aug 4 2022
@gniibe Perfect, I got the update during the night actually. Thanks a lot for your work 🙏 .
For the firmware 5.4.3, I confirmed that it works well with the changes:
https://dev.gnupg.org/T6070#160150
Aug 3 2022
Aug 3 2022
Hi lovely people,
Aug 2 2022
Aug 2 2022
I have exactly this problem with yubikey here,
since i upgraded to gpg4win version 4.0.3 which contains gnupg 2.3.7 i get the same error as openpgp key not recognized.
@tigernero 2.3.8 is not yet released. Pretty sure gpg4win is a separate project, presumably you'll see a changelog entry here (as there is bumping to 2.3.7 in the latest 4.0.3) when it's in:
https://www.gpg4win.org/change-history.html
https://www.gpg4win.org/support.html
Jul 30 2022
Jul 30 2022
I can't find a url to download gnupg 2.3.8 for windows is it possible to know when gpg4win v.4.0.4 is out which fixes this bug? because currently on windows systems I am stuck using yubikey.
Jul 29 2022
Jul 29 2022
Fixed quite some time ago.
Jul 27 2022
Jul 27 2022
I just confirmed that firmware 5.4.3 works fine with the changes (to be 2.2.37 and 2.3.8).
New release of libassuan is expected to make sure it's cleared off.
Jul 26 2022
Jul 26 2022
Jul 15 2022
Jul 15 2022
Does Yubico furnish you with devices for test...
Jul 14 2022
Jul 14 2022
Thanks @gniibe. Does Yubico furnish you with devices for test, or did you have to order that at your own/the project's expense?
• gniibe added projects to T6070: Yubikey 5C 'not available: card error' regression: Restricted Project, scd, gnupg (gpg23), backport.
Jul 12 2022
Jul 12 2022
• gniibe added a project to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com: backport.
I'm going to backport this to 2.2, as it found useful.
• gniibe closed T5099: Confirmation dialog for remote access (restricted extra socket), a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
• gniibe closed T5985: private-key: Support "Use-for-ssh" flag, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
• gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.
And 2.3.7.
• gniibe closed T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys as Resolved.
Fixed in 2.2.36.
• gniibe closed T5986: card: Show "Label:" when prompting the insertion of a card, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
It's in 2.3.7.
• gniibe closed T5987: card: New field to specify refusing operations when card/token is not available as Resolved.
It's in 2.3.7.
• gniibe closed T5988: agent: Add new command to update private key fields, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
It's in 2.3.7.