Feed Advanced Search

Thu, Jun 11

dkg reopened T4892: gpgsm --gen-key with existing key from "ssh-add" fails as "Open".

This appears to still be a problem, despite upgrading to libksba 1.4.0:

Thu, Jun 11, 1:29 AM · Bug Report, S/MIME

May 27 2020

werner added a comment to T4098: GpgSM: Add ECC support.

GnuTLS seems to have some CMS support; see https://gitlab.com/gnutls/gnutls/-/issues/227 .

May 27 2020, 10:35 AM · gnupg (gpg23), Feature Request, S/MIME

May 19 2020

werner closed T4920: Support ECDH in Libksba as Resolved.
May 19 2020, 4:49 PM · libksba, Feature Request, S/MIME
werner closed T4920: Support ECDH in Libksba, a subtask of T4098: GpgSM: Add ECC support, as Resolved.
May 19 2020, 4:49 PM · gnupg (gpg23), Feature Request, S/MIME
werner changed the status of T4104: gpgsm/ksba removes leading zeros from signature byte array from Open to Testing.

Seems to be fixed now.

May 19 2020, 3:13 PM · Testing, libksba, S/MIME, Bug Report
werner lowered the priority of T4896: ksba: Ed25519 support from High to Normal.

Parsing and creating of certs does now work. I was not able to find sample CMS objects so this part is not yet finished.

May 19 2020, 3:12 PM · Info Needed, libksba, Feature Request, S/MIME
werner closed T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed, a subtask of T4888: GpgSM: Support ECC key generation by gpgsm_genkey, as Resolved.
May 19 2020, 2:43 PM · Testing, Feature Request, S/MIME
werner closed T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed as Resolved.
May 19 2020, 2:43 PM · Testing, Feature Request, S/MIME
werner added a comment to T4888: GpgSM: Support ECC key generation by gpgsm_genkey.

Finished if an existing key is used. See rG6dc3846d78192e393be73c16c72750734a9174d1 for examples.

May 19 2020, 2:42 PM · Testing, Feature Request, S/MIME
werner added a comment to T4098: GpgSM: Add ECC support.

See rG6dc3846d78192e393be73c16c72750734a9174d1 for examples on how to create a cert

May 19 2020, 2:41 PM · gnupg (gpg23), Feature Request, S/MIME
werner added a commit to T4098: GpgSM: Add ECC support: rG44676819f287: sm: Create ECC certificates with AKI and SKI by default..
May 19 2020, 2:37 PM · gnupg (gpg23), Feature Request, S/MIME
werner added a commit to T4888: GpgSM: Support ECC key generation by gpgsm_genkey: rGb18fb0264abd: agent: Allow to use SETHASH for arbitrary data..
May 19 2020, 2:37 PM · Testing, Feature Request, S/MIME
werner added a commit to T4888: GpgSM: Support ECC key generation by gpgsm_genkey: rG6dc3846d7819: sm: Support creation of EdDSA certificates..
May 19 2020, 2:37 PM · Testing, Feature Request, S/MIME

May 18 2020

werner added a commit to T4098: GpgSM: Add ECC support: rK71a2f1e87790: Finish creation of ECDSA and EdDSA certificates..
May 18 2020, 7:34 PM · gnupg (gpg23), Feature Request, S/MIME

May 14 2020

werner removed a subtask for T4098: GpgSM: Add ECC support: T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed.
May 14 2020, 10:50 AM · gnupg (gpg23), Feature Request, S/MIME
werner removed a parent task for T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed: T4098: GpgSM: Add ECC support.
May 14 2020, 10:50 AM · Testing, Feature Request, S/MIME
werner added a parent task for T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed: T4888: GpgSM: Support ECC key generation by gpgsm_genkey.
May 14 2020, 10:50 AM · Testing, Feature Request, S/MIME
werner added a subtask for T4888: GpgSM: Support ECC key generation by gpgsm_genkey: T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed.
May 14 2020, 10:50 AM · Testing, Feature Request, S/MIME
werner added a subtask for T4098: GpgSM: Add ECC support: T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed.
May 14 2020, 10:47 AM · gnupg (gpg23), Feature Request, S/MIME
werner added a parent task for T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed: T4098: GpgSM: Add ECC support.
May 14 2020, 10:47 AM · Testing, Feature Request, S/MIME

May 12 2020

werner added a commit to T4896: ksba: Ed25519 support: rK60943d9f1816: Allow parsing of EdDSA certificates..
May 12 2020, 12:04 PM · Info Needed, libksba, Feature Request, S/MIME

May 11 2020

werner claimed T4896: ksba: Ed25519 support.
May 11 2020, 7:50 PM · Info Needed, libksba, Feature Request, S/MIME
werner added a commit to T4098: GpgSM: Add ECC support: rGf44d395bdfec: sm: Support signing using ECDSA..
May 11 2020, 7:02 PM · gnupg (gpg23), Feature Request, S/MIME
werner changed the status of T4098: GpgSM: Add ECC support from Open to Testing.

Signing using ECDSA does now also work. Tested with 3 in disk keys: nistp256, nistp384 and RSA and verified using gpgsm and Governikus Signer.

May 11 2020, 6:46 PM · gnupg (gpg23), Feature Request, S/MIME
werner added a commit to T4920: Support ECDH in Libksba: rKcda81bec2e14: Support creation of ECDSA signed data..
May 11 2020, 6:23 PM · libksba, Feature Request, S/MIME

May 8 2020

werner added a project to T4098: GpgSM: Add ECC support: gnupg (gpg23).
May 8 2020, 6:16 PM · gnupg (gpg23), Feature Request, S/MIME
werner renamed T4098: GpgSM: Add ECC support from GpgSM: Add ECC support (Option to create an X.509/ECDSA key) to GpgSM: Add ECC support.
May 8 2020, 6:15 PM · gnupg (gpg23), Feature Request, S/MIME
werner added a comment to T4098: GpgSM: Add ECC support.

Basic en- and decryption test against Governikus_Signer has now been done. Beware: I had to add a debug option to gpgsm to workaround non-compliance in algorithm support of Governikus; see the rG68b857df13c8a4e6cae5e3a29fd065bf90764547 for details.

May 8 2020, 6:14 PM · gnupg (gpg23), Feature Request, S/MIME
werner added a commit to T4098: GpgSM: Add ECC support: rG68b857df13c8: sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme..
May 8 2020, 6:11 PM · gnupg (gpg23), Feature Request, S/MIME

May 7 2020

werner added a commit to T4938: Support Signature Card V2.0 (NKS15): rGaecc008acb64: scd:nks: Get the PIN prompts right for the Signature Card.
May 7 2020, 2:08 PM · scd, Feature Request, S/MIME
werner added a commit to T4938: Support Signature Card V2.0 (NKS15): rGaf45d884aa1c: scd:nks: Support decryption using ECDH..
May 7 2020, 8:20 AM · scd, Feature Request, S/MIME
werner added a commit to T4098: GpgSM: Add ECC support: rGee6d29f1797e: sm: Support decryption of ECDH data using a smartcard..
May 7 2020, 8:20 AM · gnupg (gpg23), Feature Request, S/MIME
werner created T4938: Support Signature Card V2.0 (NKS15).
May 7 2020, 8:18 AM · scd, Feature Request, S/MIME

May 4 2020

werner changed the status of T4920: Support ECDH in Libksba, a subtask of T4098: GpgSM: Add ECC support, from Open to Testing.
May 4 2020, 3:05 PM · gnupg (gpg23), Feature Request, S/MIME
werner changed the status of T4920: Support ECDH in Libksba from Open to Testing.

It works for me(tm).

May 4 2020, 3:05 PM · libksba, Feature Request, S/MIME
werner added a commit to T4098: GpgSM: Add ECC support: rGd5051e31a8fc: sm: Support encryption using ECDH keys..
May 4 2020, 3:02 PM · gnupg (gpg23), Feature Request, S/MIME
werner added a commit to T4920: Support ECDH in Libksba: rK8ade151b1048: Support creation of ECDH enveloped data object (part 2 of 2).
May 4 2020, 2:55 PM · libksba, Feature Request, S/MIME

May 1 2020

werner added a commit to T4920: Support ECDH in Libksba: rK0ddfbb464e0a: Support creation of ECDH enveloped data object (part 1).
May 1 2020, 5:17 PM · libksba, Feature Request, S/MIME

Apr 27 2020

werner changed the status of T4921: Support import of PKCS#12 encoded ECC private keys. from Open to Testing.
Apr 27 2020, 8:09 PM · backport, gnupg (gpg23), Feature Request, S/MIME
werner changed the status of T4921: Support import of PKCS#12 encoded ECC private keys., a subtask of T4098: GpgSM: Add ECC support, from Open to Testing.
Apr 27 2020, 8:09 PM · gnupg (gpg23), Feature Request, S/MIME
werner added a comment to T4921: Support import of PKCS#12 encoded ECC private keys..

Done for master

Apr 27 2020, 8:09 PM · backport, gnupg (gpg23), Feature Request, S/MIME
werner added a commit to T4921: Support import of PKCS#12 encoded ECC private keys.: rG5da6925a334c: sm: Add support to export ECC private keys..
Apr 27 2020, 7:57 PM · backport, gnupg (gpg23), Feature Request, S/MIME

Apr 23 2020

werner added a commit to T4098: GpgSM: Add ECC support: rG95d83cf90617: sm: Support decryption of ECDH data..
Apr 23 2020, 10:08 AM · gnupg (gpg23), Feature Request, S/MIME

Apr 21 2020

werner added a commit to T4921: Support import of PKCS#12 encoded ECC private keys.: rG8dfef5197af9: sm: Support import of PKCS#12 encoded ECC private keys..
Apr 21 2020, 9:18 PM · backport, gnupg (gpg23), Feature Request, S/MIME
werner created T4921: Support import of PKCS#12 encoded ECC private keys..
Apr 21 2020, 5:01 PM · backport, gnupg (gpg23), Feature Request, S/MIME
werner added a commit to T4920: Support ECDH in Libksba: rK401dc58d3d55: Support parsing of the CMS KeyAgreeRecipientInfo..
Apr 21 2020, 2:50 PM · libksba, Feature Request, S/MIME
werner created T4920: Support ECDH in Libksba.
Apr 21 2020, 2:33 PM · libksba, Feature Request, S/MIME

Apr 17 2020

werner added a comment to T4098: GpgSM: Add ECC support.

I am working on the Telesec Signature Card v2. I will add encryption support to gpgsm.

Apr 17 2020, 6:03 PM · gnupg (gpg23), Feature Request, S/MIME

Apr 16 2020

werner added a commit to T4898: auto import CA certs with authInfo.caIssuers: rGaec7d136e4bd: sm: Always allow authorityInfoAccess lookup if CRLs are also enabled..
Apr 16 2020, 7:08 PM · dirmngr, S/MIME, gnupg (gpg23)
werner added a commit to T4898: auto import CA certs with authInfo.caIssuers: rGbbb7edb8807b: sm: Always allow authorityInfoAccess lookup if CRLs are also enabled..
Apr 16 2020, 7:07 PM · dirmngr, S/MIME, gnupg (gpg23)
werner added a commit to T4898: auto import CA certs with authInfo.caIssuers: rGd57209553da7: sm: Lookup missing issuers first using authorityInfoAccess..
Apr 16 2020, 6:07 PM · dirmngr, S/MIME, gnupg (gpg23)
werner added a commit to T4898: auto import CA certs with authInfo.caIssuers: rGf5efbd5a1169: sm: Lookup missing issuers first using authorityInfoAccess..
Apr 16 2020, 6:05 PM · dirmngr, S/MIME, gnupg (gpg23)
werner closed T4898: auto import CA certs with authInfo.caIssuers as Resolved.

We do this now always if --auto-issuer-key-retrieve is set. Also backported to 2.2

Apr 16 2020, 6:02 PM · dirmngr, S/MIME, gnupg (gpg23)

Apr 15 2020

werner added a commit to T4538: Support PSS signed CRLs: rG24d563749f50: sm: Support rsaPSS verification also for CMS signatures..
Apr 15 2020, 3:48 PM · dirmngr, S/MIME, libksba
werner added a commit to T4538: Support PSS signed CRLs: rGddc74f50d423: sm,dirmngr: Restrict allowed parameters used with rsaPSS..
Apr 15 2020, 3:48 PM · dirmngr, S/MIME, libksba
werner added a commit to T4538: Support PSS signed CRLs: rG0626cc8fed34: sm,dirmngr: Support rsaPSS signature verification..
Apr 15 2020, 3:48 PM · dirmngr, S/MIME, libksba
werner added a commit to T4538: Support PSS signed CRLs: rG8bf17eb94d0d: dirmngr: Support rsaPSS also in the general validate module..
Apr 15 2020, 3:48 PM · dirmngr, S/MIME, libksba
werner added a commit to T4538: Support PSS signed CRLs: rGc0d5c673542b: sm,dirmngr: Restrict allowed parameters used with rsaPSS..
Apr 15 2020, 11:11 AM · dirmngr, S/MIME, libksba

Apr 14 2020

werner added a commit to T4538: Support PSS signed CRLs: rKe6e9858970ed: Support rsaPSS also for CRLs..
Apr 14 2020, 4:53 PM · dirmngr, S/MIME, libksba
werner added a commit to T4538: Support PSS signed CRLs: rK17a09f41fc4b: Allow for Null hash algo parameters on rsaPSS and add pss flag..
Apr 14 2020, 4:53 PM · dirmngr, S/MIME, libksba
werner closed T4538: Support PSS signed CRLs as Resolved.

Data (ie.e CMS) signatures do now also work.

Apr 14 2020, 4:26 PM · dirmngr, S/MIME, libksba
werner added a commit to T4538: Support PSS signed CRLs: rG6c28d9343ea6: sm: Support rsaPSS verification also for CMS signatures..
Apr 14 2020, 3:51 PM · dirmngr, S/MIME, libksba

Apr 9 2020

werner added a comment to T4538: Support PSS signed CRLs.

Okay certificate and CRL checking does now work with rsaPSS. Need to work on data signatures and check the compliance modes.

Apr 9 2020, 1:09 PM · dirmngr, S/MIME, libksba
werner added a commit to T4538: Support PSS signed CRLs: rGba34f1415366: dirmngr: Support rsaPSS also in the general validate module..
Apr 9 2020, 1:07 PM · dirmngr, S/MIME, libksba
werner added a commit to T4538: Support PSS signed CRLs: rGb45ab0ca08f8: sm,dirmngr: Support rsaPSS signature verification..
Apr 9 2020, 12:24 PM · dirmngr, S/MIME, libksba

Apr 8 2020

werner added a commit to T4538: Support PSS signed CRLs: rKf5695be600ab: Add read-only support for rsaPSS..
Apr 8 2020, 8:52 PM · dirmngr, S/MIME, libksba
werner claimed T4538: Support PSS signed CRLs.

I started to work on it so that I can actually use the certificates on my new D-Trust card. This will be a verify-only implementation.

Apr 8 2020, 8:37 PM · dirmngr, S/MIME, libksba

Apr 6 2020

gniibe changed the status of T4888: GpgSM: Support ECC key generation by gpgsm_genkey, a subtask of T4098: GpgSM: Add ECC support, from Open to Testing.
Apr 6 2020, 6:49 AM · gnupg (gpg23), Feature Request, S/MIME
gniibe changed the status of T4888: GpgSM: Support ECC key generation by gpgsm_genkey from Open to Testing.
Apr 6 2020, 6:49 AM · Testing, Feature Request, S/MIME

Mar 31 2020

werner triaged T4898: auto import CA certs with authInfo.caIssuers as Normal priority.
Mar 31 2020, 12:04 PM · dirmngr, S/MIME, gnupg (gpg23)
werner created T4898: auto import CA certs with authInfo.caIssuers.
Mar 31 2020, 12:04 PM · dirmngr, S/MIME, gnupg (gpg23)
gniibe added a commit to T4896: ksba: Ed25519 support: rK2625e13bc9d5: ecc: Add Ed25519 and Ed448 public key support..
Mar 31 2020, 9:00 AM · Info Needed, libksba, Feature Request, S/MIME
gniibe added a comment to T4888: GpgSM: Support ECC key generation by gpgsm_genkey.

genkey for Ed25519 works now with libksba in master.

Mar 31 2020, 8:59 AM · Testing, Feature Request, S/MIME
gniibe added a comment to T4896: ksba: Ed25519 support.

For public key, it's done.

Mar 31 2020, 8:59 AM · Info Needed, libksba, Feature Request, S/MIME

Mar 30 2020

dkg closed T4892: gpgsm --gen-key with existing key from "ssh-add" fails as Resolved.
Mar 30 2020, 9:59 PM · Bug Report, S/MIME
dkg reopened T4892: gpgsm --gen-key with existing key from "ssh-add" fails as "Open".
Mar 30 2020, 9:59 PM · Bug Report, S/MIME
werner closed T4895: segfaults in certreqen.c from logging NULL return from get_parameter as Resolved.

Thanks.

Mar 30 2020, 5:35 PM · gnupg (gpg22), S/MIME, Bug Report
werner added a commit to T4895: segfaults in certreqen.c from logging NULL return from get_parameter: rG9c5c7c6f602c: sm: Fix possible NULL deref in error messages of --gen-key..
Mar 30 2020, 5:35 PM · gnupg (gpg22), S/MIME, Bug Report
werner added a commit to T4895: segfaults in certreqen.c from logging NULL return from get_parameter: rG2b4b0b1223aa: sm: Fix possible NULL deref in error messages of --gen-key..
Mar 30 2020, 5:35 PM · gnupg (gpg22), S/MIME, Bug Report
werner added a commit to T4892: gpgsm --gen-key with existing key from "ssh-add" fails: rK1e903fe558bd: Allow optional elements in keyinfo objects..
Mar 30 2020, 5:32 PM · Bug Report, S/MIME
werner added a comment to T4892: gpgsm --gen-key with existing key from "ssh-add" fails.

The problem was the comment field which was not expected in an rsa key. However ist makes sense to allow additional fields and thus I pushed a change to Libksba.

Mar 30 2020, 5:00 PM · Bug Report, S/MIME
gniibe added a project to T4896: ksba: Ed25519 support: libksba.
Mar 30 2020, 7:55 AM · Info Needed, libksba, Feature Request, S/MIME
gniibe created T4896: ksba: Ed25519 support.
Mar 30 2020, 7:55 AM · Info Needed, libksba, Feature Request, S/MIME
dkg created T4895: segfaults in certreqen.c from logging NULL return from get_parameter.
Mar 30 2020, 12:37 AM · gnupg (gpg22), S/MIME, Bug Report

Mar 27 2020

gniibe added a comment to T4888: GpgSM: Support ECC key generation by gpgsm_genkey.

NIST P-256 key generation looks good.

Mar 27 2020, 11:53 AM · Testing, Feature Request, S/MIME

Mar 26 2020

dkg added a comment to T4892: gpgsm --gen-key with existing key from "ssh-add" fails.

OK, i've asked on gnupg-devel.

Mar 26 2020, 3:24 PM · Bug Report, S/MIME
werner closed T4892: gpgsm --gen-key with existing key from "ssh-add" fails as Wontfix.

Please use the mailing list for help on generating keys. I would also suggest to use GnuPG master for such experiments.

Mar 26 2020, 10:27 AM · Bug Report, S/MIME
gniibe added a commit to T4888: GpgSM: Support ECC key generation by gpgsm_genkey: rG49ea53b755f0: gpgsm: Support key generation with ECC..
Mar 26 2020, 7:56 AM · Testing, Feature Request, S/MIME
gniibe added a commit to T4888: GpgSM: Support ECC key generation by gpgsm_genkey: rG238707db8b05: gpgsm: Remove restriction of key generation (only RSA)..
Mar 26 2020, 3:44 AM · Testing, Feature Request, S/MIME
dkg created T4892: gpgsm --gen-key with existing key from "ssh-add" fails.
Mar 26 2020, 2:05 AM · Bug Report, S/MIME

Mar 25 2020

werner created T4891: Support CBOR content in gpgsm.
Mar 25 2020, 12:54 PM · Feature Request, gnupg, S/MIME

Mar 24 2020

gniibe added a comment to T4098: GpgSM: Add ECC support.

There are two code paths to generate key: gpgsm_genkey and gpgsm_gencertreq_tty. Latter is partially supported with card key.
Firstly, I'm going to work for T4888.

Mar 24 2020, 6:32 AM · gnupg (gpg23), Feature Request, S/MIME
gniibe created T4888: GpgSM: Support ECC key generation by gpgsm_genkey.
Mar 24 2020, 6:30 AM · Testing, Feature Request, S/MIME
gniibe changed the status of T4013: Certificate requests generated from Ed25519 keys are not compliant with draft-ietf-curdle-pkix from Open to Testing.

This should work well with libksba master and gnupg/sm master.

Mar 24 2020, 3:35 AM · Testing, S/MIME, Feature Request, libksba
gniibe changed the status of T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed from Open to Testing.

The commits in 2019 (for libksba and gnupg/sm) handles the problem (of key generation using card).

Mar 24 2020, 3:32 AM · Testing, Feature Request, S/MIME

Mar 20 2020

werner closed T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID as Resolved.
Mar 20 2020, 5:59 PM · S/MIME, gnupg (gpg22), Bug Report
werner closed T4847: "gpgsm: invalid radix64 character 2d skipped" when trying to import a PEM file with DOS line endings (CR+LF) as Resolved.
Mar 20 2020, 5:59 PM · gnupg (gpg22), S/MIME, Bug Report
dkg added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

That option does the same as --disable-dirmngr which in trun has the same effect as disable-crl-checks

Mar 20 2020, 4:49 PM · Not A Bug, S/MIME, gpgme
dkg added a comment to T4883: gpgme X.509 certificates have unknown validity in offline mode unless `disable-crl-checks` is set.

@werner wrote:

Mar 20 2020, 4:45 PM · Not A Bug, S/MIME, gpgme
aheinecke added a comment to T4884: PKCS #15 support in gpgsm.

The return value that was mapped to invalid value was "SW_WRONG_LENGTH" so I tested using the codepath for the SW_EXACT_LENGTH sw return value, too and it worked for readcert.

Mar 20 2020, 3:52 PM · scd, S/MIME