Feed Advanced Search

Fri, Jan 17

werner added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

ping keys.openpgp.org

Fri, Jan 17, 4:04 PM · Bug Report
werner added a comment to T4817: dirmgr keys.openpgp.org:443 Address family not supported by protocol.

The problem is likely that you don't have IPv4 support but keys.openpgp.org resolves only to a v4 address.
You should also use

Fri, Jan 17, 3:20 PM · Bug Report
werner committed rGa265d3997a91: gpgconf,w32: Print a warning for a suspicious homedir. (authored by werner).
gpgconf,w32: Print a warning for a suspicious homedir.
Fri, Jan 17, 2:28 PM
werner committed rG7f12fb55f975: gpgconf,w32: Print a warning for a suspicious homedir. (authored by werner).
gpgconf,w32: Print a warning for a suspicious homedir.
Fri, Jan 17, 2:27 PM
werner created T4815: Create simple index.html for gnupg.net.
Fri, Jan 17, 11:14 AM

Thu, Jan 16

werner added a comment to T2291: Smartcard interaction improvement (was: Shadowed private key design (for smartcard)).

BTW, I just pushed some new features to maste for the gpg-card tool. You can now do

Thu, Jan 16, 9:37 PM · Testing, gnupg, Feature Request
werner committed rGbd85f9232ad6: card: Allow switching of cards and applications. (authored by werner).
card: Allow switching of cards and applications.
Thu, Jan 16, 9:30 PM
werner committed rG718555874efc: scd: New commands SWITCHCARD and SWITCHAPP. (authored by werner).
scd: New commands SWITCHCARD and SWITCHAPP.
Thu, Jan 16, 9:30 PM
werner committed rG3ccad75d76b9: gpg: Print better debug info in case of broken sig subpackets. (authored by werner).
gpg: Print better debug info in case of broken sig subpackets.
Thu, Jan 16, 9:30 PM
werner committed rGdd61164410ee: scd:piv: Remove debug code from a recent commit. (authored by werner).
scd:piv: Remove debug code from a recent commit.
Thu, Jan 16, 9:30 PM
werner added a comment to T4812: GnuPG: Parse Paket prints source file name very verbosely.

Well that is due to "--debug packet" (aka --debug 1). We have this code

Thu, Jan 16, 1:08 PM · gnupg
werner closed T4809: Non-operational functions and missing feature as Resolved.
Thu, Jan 16, 8:50 AM · Fedora, pinentry, Bug Report

Wed, Jan 15

werner added a comment to T4809: Non-operational functions and missing feature.

FWIW, the GTK and QT pinentries do have a qualitybar. However is is only enabled:

Wed, Jan 15, 9:39 AM · Fedora, pinentry, Bug Report
werner added a comment to T4810: A key with only "C" capability cannot be selected as default key..

I agree.

Wed, Jan 15, 9:29 AM · gnupg (gpg22)
werner created T4811: --locate-key should try to fetch a key if the local copy is expired..
Wed, Jan 15, 9:25 AM · Bug Report, gnupg (gpg22)

Tue, Jan 14

werner added a comment to T4809: Non-operational functions and missing feature.

BTW, the qualitybar is not shown by default, only if you configure sme of the extra password checks. We may even remove it completely because it leads to wrong assumption on why a passphrase is required.

Tue, Jan 14, 7:34 AM · Fedora, pinentry, Bug Report

Mon, Jan 13

werner added a comment to T4809: Non-operational functions and missing feature.

It seems that gnome-keyring-daemon has some incompatible changes which breaks that version of pinentry-gnome. Or GKR has not been setup properly. I'd suggest to use pinentry-gtk until folks with knowledge about Gnome folks have figured out what is going wrong.

Mon, Jan 13, 7:42 PM · Fedora, pinentry, Bug Report
werner changed the status of T4791: Switch between PIV and OpenPGP app w/o reentering the PIN from Open to Testing.
Mon, Jan 13, 6:24 PM · scd, yubikey
werner committed rG2dd6b4b998dd: scd: Make the PIN cache robust against wrongdoing of gpg-agent. (authored by werner).
scd: Make the PIN cache robust against wrongdoing of gpg-agent.
Mon, Jan 13, 6:24 PM
werner committed rG60502c3606ee: scd:piv: Implement PIN cache. (authored by werner).
scd:piv: Implement PIN cache.
Mon, Jan 13, 6:24 PM
werner added a commit to T4791: Switch between PIV and OpenPGP app w/o reentering the PIN: rG60502c3606ee: scd:piv: Implement PIN cache..
Mon, Jan 13, 6:24 PM · scd, yubikey
werner added a comment to T4809: Non-operational functions and missing feature.

Please describe which features are missing.

Mon, Jan 13, 4:53 PM · Fedora, pinentry, Bug Report
werner added a comment to T4791: Switch between PIV and OpenPGP app w/o reentering the PIN.

Caching of the OpenPGP PIN while switching to and from PIV does now work in master

Mon, Jan 13, 4:48 PM · scd, yubikey
werner committed rG2e86cca7f418: agent: Avoid multiple calls to scd for KEYINFO. (authored by werner).
agent: Avoid multiple calls to scd for KEYINFO.
Mon, Jan 13, 4:28 PM
werner committed rGaaef0fc3a743: agent: Replace free by xfree in recently added code. (authored by werner).
agent: Replace free by xfree in recently added code.
Mon, Jan 13, 3:23 PM
werner committed rG14aa797bb8f3: gpg,sm: Avoid useless ASFW diagnostic in loopback mode. (authored by werner).
gpg,sm: Avoid useless ASFW diagnostic in loopback mode.
Mon, Jan 13, 3:21 PM
werner committed rG2b843be5ac9f: scd: Fix memory leak in command READKEY. (authored by werner).
scd: Fix memory leak in command READKEY.
Mon, Jan 13, 12:19 PM
werner committed rG0e48aa084921: scd: Make SERIALNO --all work correctly and use it. (authored by werner).
scd: Make SERIALNO --all work correctly and use it.
Mon, Jan 13, 12:19 PM
werner committed rDd51cd2013e66: web: Add warning notes to most HOWTOS. (authored by werner).
web: Add warning notes to most HOWTOS.
Mon, Jan 13, 10:00 AM
werner added a comment to E600: Weekly Standup.

fwiw, I think that AUTHKEYID is stillusable. Considere the case that a card has two auth capable keys. Both woyl bd listed by KEYINFO, but there is no way todecide which one to use for ssh. Thus I propose to keep this and let each app-foo.c decode which key to return.

Mon, Jan 13, 9:23 AM
werner is attending E600: Weekly Standup.
Mon, Jan 13, 9:16 AM
werner added a comment to T4807: Mime Compatibility with Symantec PGP.

Using base64 encoding for a fixed format part in us-ascii is not a good idea because in practise many PGP/MIME decoders won't be able to detect and then decyrypt such a message.

Mon, Jan 13, 9:14 AM · gpgol, Feature Request

Sat, Jan 11

werner closed T4806: File decrypts without password as Resolved.

It is a feature not a bug. For symmetric encryption the gpg-agent remembers the passphrase used for the encryption and thus for some time or until /gpgconf --reload gpg-agent/ it tries that passphrase for decryption.

Sat, Jan 11, 10:19 AM · Not A Bug

Thu, Jan 9

werner added a comment to T4802: Yubikey not recognized.

Maybe a silly question, but let's be sure: Is the Openpgp app enabled on that Yubikey and is it enabled for usb? I can't remember the Yubikey commands on how to check this but tehre should even be a GUI. These days I use the new gpg-card tool to manage my Yubikeys (from GnuPG master).

Thu, Jan 9, 9:53 PM · Bug Report, gpg4win
werner created T4803: Print a diagnostic for a missing encryption subkey.
Thu, Jan 9, 2:34 PM · Feature Request, OpenPGP, gnupg
werner committed rG63bda3aad8ec: scd:openpgp: Implement PIN cache. (authored by werner).
scd:openpgp: Implement PIN cache.
Thu, Jan 9, 12:15 PM
werner committed rGce5a7fb72b59: scd: Use a scdaemon internal key to protect the PIN cache IPC. (authored by werner).
scd: Use a scdaemon internal key to protect the PIN cache IPC.
Thu, Jan 9, 12:15 PM

Wed, Jan 8

werner closed T4799: Update kbxutil documentation to reflect OpenPGP usage as Resolved.

I removed the footnote form the 2.2 branch. Thanks.

Wed, Jan 8, 1:33 PM
werner added a commit to T4799: Update kbxutil documentation to reflect OpenPGP usage: rGb966d0583779: doc: Removed the footnote that OpenPGP is not used with the keybox.
Wed, Jan 8, 1:33 PM
werner committed rGb966d0583779: doc: Removed the footnote that OpenPGP is not used with the keybox (authored by werner).
doc: Removed the footnote that OpenPGP is not used with the keybox
Wed, Jan 8, 1:33 PM
werner triaged T4801: libksba reproducible builds as Normal priority.

Frankly, I am not sure why we sort that table at all. Your patch does not harm, though.

Wed, Jan 8, 1:26 PM · libksba, Bug Report
werner added a comment to T4755: WoT forgeries using SHA-1.

FWIW, the second listed commit is the right one. You should only look at the STABLE-STABLE-2-2 branch. master and that branch differ; in particular we do not have a cut-off date in master (to be 2.3).

Wed, Jan 8, 10:52 AM · CVE, gnupg
werner set External Link to https://sha-mbles.github.io/ on T4755: WoT forgeries using SHA-1.
Wed, Jan 8, 10:34 AM · CVE, gnupg
werner added a comment to rEa2674207f7fe: build: Don't use -O0 which is not portable..

No need to support it. What I had in mind was the compilation of tiger.c where we replace optimization flags by -O1 which, as you remarked, seems to b widely portable.

Wed, Jan 8, 8:30 AM

Tue, Jan 7

werner committed rGfbf97a7856bd: scd: First changes to implement a PIN cache. (authored by werner).
scd: First changes to implement a PIN cache.
Tue, Jan 7, 6:50 PM
werner committed rGd5c00354bb02: agent: First changes to support a PIN cache for scdaemon. (authored by werner).
agent: First changes to support a PIN cache for scdaemon.
Tue, Jan 7, 6:50 PM
werner committed rG41a882443622: kbx: Make sure the tables are joined in a select. (authored by werner).
kbx: Make sure the tables are joined in a select.
Tue, Jan 7, 6:50 PM
werner committed rDebc782809438: web: Moved old News to the archive and add gnupg.com press notice (authored by werner).
web: Moved old News to the archive and add gnupg.com press notice
Tue, Jan 7, 11:00 AM
werner added a comment to rEa2674207f7fe: build: Don't use -O0 which is not portable..

Well, that was probably from the time I wrote that tool.

Tue, Jan 7, 10:17 AM
werner triaged T4800: python-gpgme signature revokation assertion error: `gpg->cmd.code' failed as Normal priority.
Tue, Jan 7, 8:10 AM · gpgme, Bug Report
werner added a project to T4800: python-gpgme signature revokation assertion error: `gpg->cmd.code' failed: gpgme.
Tue, Jan 7, 8:10 AM · gpgme, Bug Report
werner added a comment to T4800: python-gpgme signature revokation assertion error: `gpg->cmd.code' failed.

Sorry, there have been quite some bindings with similar names, so I couldn't identify which one this is about. Can you please run with your test code with GPGME_DEBUG=9:/foo/gpgme.log set which makes it it easier to understand what is going on.

Tue, Jan 7, 8:10 AM · gpgme, Bug Report

Mon, Jan 6

werner added a comment to T4800: python-gpgme signature revokation assertion error: `gpg->cmd.code' failed.

I do not know this Python library. It looks like one of the older binding to GPGME. Please contact the author of gnupg.py or switch over to the Python language binding we provide with gpgme.

Mon, Jan 6, 7:06 PM · gpgme, Bug Report
werner claimed T4792: Improve X.509 support in Scute.
Mon, Jan 6, 11:05 AM
werner claimed T4791: Switch between PIV and OpenPGP app w/o reentering the PIN.
Mon, Jan 6, 11:04 AM · scd, yubikey

Fri, Jan 3

werner committed rGc0625c15c1fb: scd: Minor fix for readibility. (authored by werner).
scd: Minor fix for readibility.
Fri, Jan 3, 11:49 AM

Thu, Jan 2

werner committed rGf4da1455c7ab: kbx: Initial support for an SQLite backend (authored by werner).
kbx: Initial support for an SQLite backend
Thu, Jan 2, 2:26 PM
werner added a comment to T2370: libgpg-error: cross-compiling fails with "src/syscfg/lock-obj-pub.linux-gnueabi.h': No such file or directory".

Please read libgpg-error's README. For each architecture we need to have a dedicated config file - this has nothing to do with autotools. Big and little endian variants are obviously different architectures. Here is an excerpt from the README

Thu, Jan 2, 9:43 AM · Info Needed, gpgrt, Gentoo, Bug Report

Wed, Jan 1

werner committed rGa230bac33966: Update wk's signing key (authored by werner).
Update wk's signing key
Wed, Jan 1, 7:46 PM
werner committed rGdef1ceccf05b: gpg: Fix output of --with-secret if a pattern is given. (authored by werner).
gpg: Fix output of --with-secret if a pattern is given.
Wed, Jan 1, 7:46 PM
werner committed rG31f1fc3131d4: Update wk's signing key (authored by werner).
Update wk's signing key
Wed, Jan 1, 7:46 PM
werner committed rDb5b67cd4aa4e: Prolong wk's signing key (authored by werner).
Prolong wk's signing key
Wed, Jan 1, 7:18 PM

Mon, Dec 30

werner changed the status of T4797: gpgOL size is about 27 MB from Resolved to Invalid.

Please do not do such changes after you found a solution. I assume this was some kind of error you won't further explain. Better just close it as invalid.

Mon, Dec 30, 2:13 PM
werner renamed T4797: gpgOL size is about 27 MB from * to gpgOL size is about 27 MB.
Mon, Dec 30, 2:11 PM

Sun, Dec 29

werner committed rDfdc4112ec05a: Remove cruft. (authored by werner).
Remove cruft.
Sun, Dec 29, 9:13 PM
werner committed rD280f10cec0c0: tools: Add new option --thumb to the ftp-indexer (authored by werner).
tools: Add new option --thumb to the ftp-indexer
Sun, Dec 29, 9:13 PM

Mon, Dec 23

werner placed T4745: GnuPG, Kleopatra: Remove Name length limitation for new keys up for grabs.

The Name field in GnuPG needs to be at least 5 _bytes_ long. Given that UTF-8 is required for Hangul, a 3 _character_ name is at least 6 bytes long and thus passes gpg check. The Name field is also optional and the whole test can be skipped using --allow-freeform-uid.

Mon, Dec 23, 2:08 PM · kleopatra, gnupg
werner closed T4061: gnupg: --with-colons --with-secret returns wrong results if specific keys are queried as Resolved.

Fixed in master and 2.2

Mon, Dec 23, 1:58 PM · gpgme, Bug Report, gnupg
werner committed rG59d49e4a0ac2: gpg: Fix output of --with-secret if a pattern is given. (authored by werner).
gpg: Fix output of --with-secret if a pattern is given.
Mon, Dec 23, 12:45 PM
werner committed rG8a556c23a297: kbx: Change keyboxd to work only with one database. (authored by werner).
kbx: Change keyboxd to work only with one database.
Mon, Dec 23, 12:45 PM
werner committed rGcc531cc21034: doc: Typ fix in comment (authored by werner).
doc: Typ fix in comment
Mon, Dec 23, 12:45 PM
werner added a comment to E419: Weekly Standup.

We won't be in the office, so let's cancel this event.

Mon, Dec 23, 11:47 AM
werner cancelled E419: Weekly Standup.
Mon, Dec 23, 11:46 AM
werner added a parent task for T4694: manage first-party attestations: T4795: GUI to manage first party attestations.
Mon, Dec 23, 11:23 AM · Feature Request
werner added a subtask for T4795: GUI to manage first party attestations: T4694: manage first-party attestations.
Mon, Dec 23, 11:23 AM · OpenPGP, Feature Request
werner created T4795: GUI to manage first party attestations.
Mon, Dec 23, 11:22 AM · OpenPGP, Feature Request
werner added a parent task for T4793: New GPGME API to support card personalization: Unknown Object (Maniphest Task).
Mon, Dec 23, 11:20 AM · scd, gpgme
werner added a parent task for T4793: New GPGME API to support card personalization: Unknown Object (Maniphest Task).
Mon, Dec 23, 11:17 AM · scd, gpgme
werner created T4793: New GPGME API to support card personalization.
Mon, Dec 23, 11:17 AM · scd, gpgme
werner added a parent task for T4792: Improve X.509 support in Scute: Unknown Object (Maniphest Task).
Mon, Dec 23, 11:13 AM
werner created T4792: Improve X.509 support in Scute.
Mon, Dec 23, 11:12 AM
werner added a parent task for T4791: Switch between PIV and OpenPGP app w/o reentering the PIN: Unknown Object (Maniphest Task).
Mon, Dec 23, 11:09 AM · scd, yubikey
werner created T4791: Switch between PIV and OpenPGP app w/o reentering the PIN.
Mon, Dec 23, 11:09 AM · scd, yubikey
werner added a parent task for T2291: Smartcard interaction improvement (was: Shadowed private key design (for smartcard)): Unknown Object (Maniphest Task).
Mon, Dec 23, 11:03 AM · Testing, gnupg, Feature Request
werner removed a subtask for T4695: Remove SERIALNO as an identifier to select keys: Unknown Object (Maniphest Task).
Mon, Dec 23, 11:02 AM · Testing, Feature Request, gnupg
werner added a parent task for T4694: manage first-party attestations: Unknown Object (Maniphest Task).
Mon, Dec 23, 10:58 AM · Feature Request

Dec 20 2019

werner raised the priority of T4788: System wide configuration of the GnuPG system from Wishlist to High.
Dec 20 2019, 12:24 PM · gnupg (gpg23), Feature Request, gpg4win, g10code

Dec 17 2019

werner added a comment to T4695: Remove SERIALNO as an identifier to select keys.

Many cards have some printed information and I consider them important to avoid testing one by one all the cards from my pocket.
This I am really in favor of beeing asked to insert the respective card. The new text format private key files make it much easier to maintain this info

Dec 17 2019, 4:36 PM · Testing, Feature Request, gnupg
werner added a comment to T4777: Pinentry sometimes mixes languages.

The description comes from gpg/gpgsm while the prompts are from gpg-agent. Thus if the agent has been started with the German local but gpgsm without a local this would explain the behaviour.

Dec 17 2019, 11:39 AM · S/MIME, gpgagent
werner added a project to T4779: GpgSM: "Invalid Object" error when importing .p12 certs with wrong passphrase: gnupg (gpg23).
Dec 17 2019, 11:36 AM · gnupg (gpg23), S/MIME

Dec 16 2019

werner changed the status of T4775: gpg-connect-agent mangles output of scd random command from Invalid to Resolved.

[When changing a bug to a possible FAQ item it should be resolved and not marked as invalid]

Dec 16 2019, 4:31 PM · FAQ
werner closed T4775: gpg-connect-agent mangles output of scd random command as Invalid.

All output of Assuan data lines is percent escaped. That is obvious because it is a line based format. You need to unescape it. Either use command line option

--decode

in-line command

/decode

or use

/datafile NAME

to write to a file.

Dec 16 2019, 1:43 PM · FAQ
werner is attending E595: Weekly Standup.
Dec 16 2019, 10:46 AM

Dec 13 2019

werner committed rM5eeae535ee0d: core: Extend gpgme_user_id_t with uidhash member. (authored by werner).
core: Extend gpgme_user_id_t with uidhash member.
Dec 13 2019, 3:13 PM
nicolaslegland awarded T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent a Love token.
Dec 13 2019, 2:55 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
werner committed rE308574372055: New error codes for SQLite (authored by werner).
New error codes for SQLite
Dec 13 2019, 9:54 AM

Dec 12 2019

werner added a project to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent: gnupg (gpg23).
Dec 12 2019, 1:08 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
werner claimed T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.
Dec 12 2019, 1:07 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Although I don't use the ssh client on Windows I had to integrate the Windows ssh server into our release process (GlobalSign sent us a Windows-only token, for the new cert and so we can't anymore use osslsigncode). The ssh server is really stable and so it makes a lot of sense to better integrate our ssh-agent into Windows.

Dec 12 2019, 1:07 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Dec 10 2019

werner added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

Figuring out the matching user id for a new key signature. Right, --import-options repair-key is the the default and does the same. However, it was also the major cause for the recent trouble with the keyservers because it tried to verify all signatures. repair-keys was made the default (T2236) because it seemed to be nearly for free - which was a false assumption. We should not use this option by default and only consider properly placed signathures as valid. This of course also means that a userid is required.

Dec 10 2019, 8:33 AM · gnupg (gpg23), Feature Request