Page MenuHome GnuPG
Feed Advanced Search

May 20 2020

anarcat added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

I had assumed that GnuPG prioritized the safety of its users over strict adherence to a particular view of a cryptographic protocol

May 20 2020, 4:12 AM · gnupg (gpg23), Feature Request

May 16 2019

anarcat created T4520: gpg --verify foo.asc --output foo yields a warning when everything is good in the S1 Public space.
May 16 2019, 10:08 PM · OpenPGP, gnupg

Nov 16 2018

anarcat created T4261: create matching --import-ssh-key in the S1 Public space.
Nov 16 2018, 6:38 PM · ssh

Nov 15 2018

anarcat created T4260: export all valid authentication subkeys in --export-ssh-key.
Nov 15 2018, 10:52 PM · ssh, Feature Request

Jul 2 2018

anarcat added a comment to T3894: re-evaluate default randomness choices during key generation on GNU/Linux platforms.

Looking at the table in random(7) it seems clear to me that what we want to just invoke getrandom() with no arguments. This blocks until the kernel's PRNG has been adequately seeded, but once seeded it doesn't block, while still pulling from an unbreakably-strong PRNG. this is the best-of-both-worlds situation that we want.

Changing the GnuPG long-term (and short-term) key generation techniques to use this approach might require coordination with gcrypt. gcrypt's gcry_random_level currently has GCRY_WEAK_RANDOM and GCRY_STRONG_RANDOM and GCRY_VERY_STRONG_RANDOM, which doesn't represent the nuance described above.

One approach might be to just have gcrypt on Linux treat all values of gcry_random_level the same, and use getrandom() for all of them.

Jul 2 2018, 5:24 PM · libgcrypt, gnupg

Feb 13 2017

anarcat added a comment to T2954: signing a file shows me my short keyid instead of long.

that is true. however i still think the actual key fingerprint used should be
shown here. shouldn't we avoid short keyids everywhere?

Feb 13 2017, 2:17 PM · gnupg

Feb 10 2017

anarcat set Version to 2.1.18 on T2954: signing a file shows me my short keyid instead of long.
Feb 10 2017, 11:58 PM · gnupg
anarcat added projects to T2954: signing a file shows me my short keyid instead of long: gnupg, Bug Report.
Feb 10 2017, 11:58 PM · gnupg

Feb 6 2017

anarcat added a comment to T2945: gpg should explicitly set output file permissions during decryption.

well, it looks like i stand corrected: the problem happens both in encryption
and decryption. i *meant* to post about decryption, but i only pasted the setup
part... :p

[1012]anarcat@curie:~130$ rm foo
rm : supprimer fichier 'foo' ? y
[1013]anarcat@curie:~$ gpg foo.gpg
gpg: encrypted with 4096-bit RSA key, ID A51D5B109C5A5581, created 2009-05-29

"Antoine Beaupré <anarcat@orangeseeds.org>"

[1014]anarcat@curie:~$ ls -al foo*
-rw-r--r-- 1 anarcat anarcat 4 fév 6 13:16 foo
-rw-r--r-- 1 anarcat anarcat 594 fév 6 13:04 foo.gpg
[1015]anarcat@curie:~$ chmod 600 foo.gpg
[1016]anarcat@curie:~$ ls -al foo*^C
[1016]anarcat@curie:~130$ rm foo
rm : supprimer fichier 'foo' ? y
[1017]anarcat@curie:~$ gpg foo.gpg
gpg: encrypted with 4096-bit RSA key, ID A51D5B109C5A5581, created 2009-05-29

"Antoine Beaupré <anarcat@orangeseeds.org>"

[1018]anarcat@curie:~$ =k^C
[1018]anarcat@curie:~130$ ls -al foo*
-rw-r--r-- 1 anarcat anarcat 4 fév 6 13:16 foo
-rw------- 1 anarcat anarcat 594 fév 6 13:04 foo.gpg

Feb 6 2017, 7:16 PM · Feature Request, gnupg
anarcat set Version to 2.1.18 on T2945: gpg should explicitly set output file permissions during decryption.
Feb 6 2017, 7:07 PM · Feature Request, gnupg
anarcat added projects to T2945: gpg should explicitly set output file permissions during decryption: gnupg, Bug Report.
Feb 6 2017, 7:07 PM · Feature Request, gnupg

Oct 12 2016

anarcat added a comment to T2749: gpg --secret-keyring is silently ignored.

thank you for taking time to formulate this correctly, dkg. :)

regarding symlinks, i got the idea from reading the caff source code. after a
quick chat with the caff author, i was pointed towards that discussion:

https://lists.gnupg.org/pipermail/gnupg-devel/2015-January/029301.html

... where Werner Koch suggests symlinks as a solution.

in my opinion, the solution is sub-optimal: symlinks increases the attack
surface and adds un-necessary overhead. i would prefer an a commandline flag
(e.g. --agent-socket) or environment variable to be able to select relevant
agents...

the same applies to dirmngr, apparently - caff creates symlinks for both the
agent and dirmngr. i am not sure why, but i suspect I may have to do the same,
since I have seen stray dirmngr processes lying around in my session. a
different issue, maybe, but related, implementation-wise.

Oct 12 2016, 5:28 PM · Support, gnupg

Aug 18 2015

anarcat added a comment to T2067: gpg2 cannot find keys by non-ASCII User IDs unless the system locale is UTF-8.

i prefer solution (c): we should assume utf8, if we are going to assume anything
at all.

if the user doesn't provide UTF8 *and* doesn't have the proper locale set, then
we should exit with a meaningful message.

that way, things break for people that don't have a properly configured locale
*and* try to input non-UTF8 as opposed to just fail if locale is *not
configured*, which is a pretty common scenario.

Aug 18 2015, 1:30 AM · gnupg, Bug Report, Debian
anarcat changed External Link from https://bugs.debian.org/795229, to https://bugs.debian.org/795229 on T2067: gpg2 cannot find keys by non-ASCII User IDs unless the system locale is UTF-8.
Aug 18 2015, 1:30 AM · gnupg, Bug Report, Debian