Feed Advanced Search

May 28 2019

werner triaged T4544: More prompts before key deletion as Low priority.
May 28 2019, 6:12 PM · gnupg, Feature Request, patch
werner committed rG6b06fb3cc550: Add changes from 2.2 to NEWS. (authored by werner).
Add changes from 2.2 to NEWS.
May 28 2019, 6:09 PM
werner committed rD47a3a0226003: swdb: GnuPG 2.2.16 (authored by werner).
swdb: GnuPG 2.2.16
May 28 2019, 6:07 PM
werner committed rD51f561f7a043: swdb: Update sqlite to 3.28 (authored by werner).
swdb: Update sqlite to 3.28
May 28 2019, 6:07 PM
werner committed rDb08fa3d7bd77: drafts,openpgp-webkey-service: Publish revision -08. (authored by werner).
drafts,openpgp-webkey-service: Publish revision -08.
May 28 2019, 6:07 PM
werner committed rGf9934dcb57ca: Post release updates (authored by werner).
Post release updates
May 28 2019, 5:40 PM
werner committed rG3f2b7a53ddc4: Release GnuPG 2.2.16 (authored by werner).
Release GnuPG 2.2.16
May 28 2019, 5:40 PM
werner committed rG626e05f07af1: po: Auto-update (authored by werner).
po: Auto-update
May 28 2019, 5:40 PM
werner added a comment to T4542: gpg-agent loses characters when prompting for a GPG passphrase over SSH in Emacs.

Sorry, I forgot to mention it. You need to add -v to the command line.

May 28 2019, 5:14 PM · Emacs, Documentation, pinentry, Bug Report
werner closed T4462: GnuPG: Segfaults trying to encrypt / locate by mbox for specific keys as Resolved.
May 28 2019, 5:08 PM · Bug Report, gnupg
werner updated the task description for T4509: Release GnuPG 2.2.16.
May 28 2019, 5:08 PM · Release Info, gnupg (gpg22)
werner closed T4510: Update our copy of SQLite to 3.28, a subtask of T4509: Release GnuPG 2.2.16, as Resolved.
May 28 2019, 5:04 PM · Release Info, gnupg (gpg22)
werner closed T4510: Update our copy of SQLite to 3.28 as Resolved.
May 28 2019, 5:04 PM · CVE
werner edited projects for T4542: gpg-agent loses characters when prompting for a GPG passphrase over SSH in Emacs, added: pinentry; removed gpgagent.

Which pinentry are you using in in what mode? Please do a sign operation and watch out for a line similar to:

May 28 2019, 4:30 PM · Emacs, Documentation, pinentry, Bug Report
werner added a comment to T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID.

Do you have any test cases? Note that T3966 is due to missing support for SHA-256.

May 28 2019, 12:36 PM · S/MIME, gnupg (gpg22), Bug Report
werner added a project to T4541: C implementation of AES is vulnerable to side-channel attacks: libgcrypt.

Can you please give more details and tell whether this is powerpc specific.

May 28 2019, 12:34 PM · side-channel, libgcrypt, Bug Report
werner closed T3966: Dirmngr: no suitable certificate found to verify the OCSP response as Resolved.
May 28 2019, 12:32 PM · gpg4win, dirmngr, S/MIME
werner committed rG5281ecbe3ae8: dirmngr: Allow for other hash algorithms than SHA-1 in OCSP. (authored by werner).
dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
May 28 2019, 12:32 PM
werner added a commit to T3966: Dirmngr: no suitable certificate found to verify the OCSP response: rG5281ecbe3ae8: dirmngr: Allow for other hash algorithms than SHA-1 in OCSP..
May 28 2019, 12:32 PM · gpg4win, dirmngr, S/MIME
werner committed rG4699e294cc9e: dirmngr: Improve finding OCSP cert. (authored by werner).
dirmngr: Improve finding OCSP cert.
May 28 2019, 12:31 PM
werner added a commit to T3966: Dirmngr: no suitable certificate found to verify the OCSP response: rG405f41007c35: dirmngr: Allow for other hash algorithms than SHA-1 in OCSP..
May 28 2019, 12:31 PM · gpg4win, dirmngr, S/MIME
werner committed rG405f41007c35: dirmngr: Allow for other hash algorithms than SHA-1 in OCSP. (authored by werner).
dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
May 28 2019, 12:31 PM
werner added a commit to T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID: rG4699e294cc9e: dirmngr: Improve finding OCSP cert..
May 28 2019, 12:31 PM · S/MIME, gnupg (gpg22), Bug Report
werner committed rGa2a90717466a: agent: Make an MD encoding function more robust. (authored by werner).
agent: Make an MD encoding function more robust.
May 28 2019, 12:31 PM
werner added a comment to T3966: Dirmngr: no suitable certificate found to verify the OCSP response.

We only supported SHA-1 signed OCSP requests. Fix will go into 2.2.16.

May 28 2019, 12:29 PM · gpg4win, dirmngr, S/MIME

May 27 2019

werner committed rG582dee24185d: Prepare NEWS for the release (authored by werner).
Prepare NEWS for the release
May 27 2019, 8:00 PM
werner committed rEf7559364b1ab: po: Update Polish translation (authored by werner).
po: Update Polish translation
May 27 2019, 6:36 PM
werner added a comment to T4165: Dirmngr: Ipv6 causes network failure if Ipv6 can't be reached.

I doubt that we are going to implement this.

May 27 2019, 6:15 PM · Keyserver, Feature Request, dirmngr
werner committed rG3bf796aa0aec: po: Update Czech translation (authored by petr_p).
po: Update Czech translation
May 27 2019, 5:36 PM
werner committed rGa7a327d026a5: po: Update Polish translation (authored by werner).
po: Update Polish translation
May 27 2019, 5:36 PM
werner triaged T4537: gpgsm support for timestamp signatures as Normal priority.
May 27 2019, 3:58 PM · gnupg (gpg23), S/MIME, Feature Request
werner triaged T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID as Normal priority.
May 27 2019, 3:57 PM · S/MIME, gnupg (gpg22), Bug Report
werner closed T4535: gpgsm --sign prints misleading error message when using default key as Resolved.

Thanks to your very good analysis, this was easy to fix.

May 27 2019, 3:49 PM · gnupg (gpg22), S/MIME, Bug Report
werner committed rG32210e855c46: sm: Avoid confusing diagnostic for the default key. (authored by werner).
sm: Avoid confusing diagnostic for the default key.
May 27 2019, 3:49 PM
werner added a commit to T4535: gpgsm --sign prints misleading error message when using default key: rG32210e855c46: sm: Avoid confusing diagnostic for the default key..
May 27 2019, 3:49 PM · gnupg (gpg22), S/MIME, Bug Report
werner committed rG521e7d4644ed: sm: Avoid confusing diagnostic for the default key. (authored by werner).
sm: Avoid confusing diagnostic for the default key.
May 27 2019, 3:48 PM
werner added a commit to T4535: gpgsm --sign prints misleading error message when using default key: rG521e7d4644ed: sm: Avoid confusing diagnostic for the default key..
May 27 2019, 3:48 PM · gnupg (gpg22), S/MIME, Bug Report
werner triaged T4535: gpgsm --sign prints misleading error message when using default key as Low priority.
May 27 2019, 3:29 PM · gnupg (gpg22), S/MIME, Bug Report
werner closed T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested) as Resolved.

See the man page on how to delete subkeys or just the primary secret key with --delete-key.

May 27 2019, 12:57 PM · patch, Bug Report, gnupg
werner closed T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested), a subtask of T4509: Release GnuPG 2.2.16, as Resolved.
May 27 2019, 12:57 PM · Release Info, gnupg (gpg22)
werner committed rGb6289af9738d: gpg: Fixed i18n markup of some strings. (authored by werner).
gpg: Fixed i18n markup of some strings.
May 27 2019, 12:56 PM
werner committed rG190eeb7cce03: po: Update the German translation (authored by werner).
po: Update the German translation
May 27 2019, 12:55 PM
werner committed rGab5d7142a79e: gpg: Fixed i18n markup of some strings. (authored by werner).
gpg: Fixed i18n markup of some strings.
May 27 2019, 12:54 PM
werner committed rGd9b31d3a20b8: gpg: Allow deletion of subkeys with --delete-[secret-]key. (authored by werner).
gpg: Allow deletion of subkeys with --delete-[secret-]key.
May 27 2019, 12:54 PM
werner added a commit to T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested): rGd9b31d3a20b8: gpg: Allow deletion of subkeys with --delete-[secret-]key..
May 27 2019, 12:54 PM · patch, Bug Report, gnupg
werner committed rGcc6069ac6ecd: gpg: Allow deletion of subkeys with --delete-[secret-]key. (authored by werner).
gpg: Allow deletion of subkeys with --delete-[secret-]key.
May 27 2019, 11:18 AM
werner added a commit to T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested): rGcc6069ac6ecd: gpg: Allow deletion of subkeys with --delete-[secret-]key..
May 27 2019, 11:18 AM · patch, Bug Report, gnupg
werner committed rG9ccdd59e4e1e: agent: Stop scdaemon after reload when disable_scdaemon. (authored by gniibe).
agent: Stop scdaemon after reload when disable_scdaemon.
May 27 2019, 9:24 AM
werner added a commit to T4326: Reloading gpg-agent with disable-scdaemon set does not stop scdaemon.: rG9ccdd59e4e1e: agent: Stop scdaemon after reload when disable_scdaemon..
May 27 2019, 9:24 AM · Bug Report, scd, gpgagent
werner added a comment to E458: Weekly Standup.

Last week:

  • GnuPG bug fixing
  • New I-Ds for WKD and RFC4880bis due to pending expiration.
  • CRL testing
  • Meetings
May 27 2019, 8:41 AM
werner is attending E458: Weekly Standup.
May 27 2019, 8:38 AM

May 25 2019

werner closed T4540: compress tarballs with xz as Wontfix.

No sorry, we won't do that for the regular source. However, the full source for the binary installer is xz compressed. That is because we are legally required to publish the source but in reality the source ist not used and weel, to build you have lots of other requirements with xz being the simplest one.

May 25 2019, 8:44 PM · gnupg, libgcrypt

May 24 2019

werner triaged T4539: libgpg-error on Windows: strerror_s can be used instead of strerror_r as Normal priority.

I guess we can do that. Thanks for the hint.

May 24 2019, 3:19 PM · gpgrt, Feature Request
werner added a comment to T4538: Support PSS signed CRLs.

Interesting tinge: The main CRL of the dgn.de CA uses a nextUpdate in the year 2034 (15 years in the future) which would force dirmngr to cache the CRL until then. However, the CRL of the intermediate certificate has a nextUpdate only one month in the future. There is currently no entry in that second level CRL, so their idea might be that an updated second level CRL will also trigger a reload of the main CRL. I have not checked how we implement that in Dirmngr but I doubt that such a thing will work for us and that it is in any way standard compliant.

May 24 2019, 11:59 AM · dirmngr, S/MIME, libksba
werner added a subtask for T4538: Support PSS signed CRLs: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:10 AM · dirmngr, S/MIME, libksba
werner added a parent task for T4523: Gpg4win: Multiple problems reported 05-2019: T4538: Support PSS signed CRLs.
May 24 2019, 9:10 AM · Release Info
werner removed a parent task for T4538: Support PSS signed CRLs: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:10 AM · dirmngr, S/MIME, libksba
werner removed a subtask for T4523: Gpg4win: Multiple problems reported 05-2019: T4538: Support PSS signed CRLs.
May 24 2019, 9:10 AM · Release Info
werner added a parent task for T4538: Support PSS signed CRLs: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:08 AM · dirmngr, S/MIME, libksba
werner added a subtask for T4523: Gpg4win: Multiple problems reported 05-2019: T4538: Support PSS signed CRLs.
May 24 2019, 9:08 AM · Release Info
werner removed a parent task for T4523: Gpg4win: Multiple problems reported 05-2019: T4118: GpgOL: Mitigate S/MIME Denial of Service due to CRL stalling.
May 24 2019, 9:06 AM · Release Info
werner removed a subtask for T4118: GpgOL: Mitigate S/MIME Denial of Service due to CRL stalling: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:06 AM · gpg4win, gpgol
werner created T4538: Support PSS signed CRLs.
May 24 2019, 8:58 AM · dirmngr, S/MIME, libksba

May 23 2019

werner edited projects for T3287: Improve http proxy support by honoring SRV RRs., added: gnupg (gpg23); removed gnupg (gpg22).
May 23 2019, 9:43 AM · gnupg (gpg23), dirmngr
werner closed T3065: dirmngr: proxy issues with dnslookup causing failure as Wontfix.

I explained why the keyserver access requires access to the DNS. If that is not possible the keyserver code will not work. If you don't allow DNS to work you either have to use Tor (which we use to also tunnel DNS requests) or get your keys from elsewhere. Also note that the keyserver network is current several broken and under DoS and thus it is unlikely that it can be operated in the future.

May 23 2019, 9:42 AM · gnupg (gpg22), dns, dirmngr
werner edited projects for T4422: `repair-keys` does not reorder signatures on non-merge imports, added: gnupg (gpg23); removed gnupg (gpg22).
May 23 2019, 9:31 AM · gnupg (gpg23), Bug Report

May 22 2019

werner closed T4533: Could not decrypt the data: Data is not integrity protected. Decrypting it could be a security problem. (no MDC) as Resolved.

You need to update the public key and convey it to the sender. This will solve the problems. You should also ask the sender to update their software so that an MDC is always used regardless of the flag.

May 22 2019, 7:24 PM · Not A Bug, gpg4win
werner added a comment to T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested).

Actually I have a different approach to fix this bug(let). Please give me a few days.

May 22 2019, 7:21 PM · patch, Bug Report, gnupg

May 21 2019

werner added a comment to T4533: Could not decrypt the data: Data is not integrity protected. Decrypting it could be a security problem. (no MDC).

Do you know which software the sender uses for encryption? That software may simply ignore the preferences or the sender also encrypts to a legacy key using a software which does not force the use of an MDC. Sometimes keys are generated with gpg but used with other software - without updating the preferences of the keys.

May 21 2019, 6:31 PM · Not A Bug, gpg4win
werner added a comment to T4534: gcry_sexp_canon_len() documentation claims that valid S-expressions will never return 0, but it returns 0 if an empty string is found in a valid S-expression.

I don't see why the documentation needs to be fixed. gcry_sexp_canon_len returns 0 for certain and s-expressions, meaning tha the s-expression is not valid. After all the s-expression code in libgcrypt does not claim to be a general purpose parser for s-expression but is targeted towards Libgcrypt needs.

May 21 2019, 6:26 PM · libgcrypt, Bug Report
werner committed rG30f44957ccd1: gpg: Do not bail on an invalid packet in the local keyring. (authored by werner).
gpg: Do not bail on an invalid packet in the local keyring.
May 21 2019, 5:40 PM
werner committed rG4c7d63cd5b02: gpg: Do not bail on an invalid packet in the local keyring. (authored by werner).
gpg: Do not bail on an invalid packet in the local keyring.
May 21 2019, 5:28 PM
werner closed T4534: gcry_sexp_canon_len() documentation claims that valid S-expressions will never return 0, but it returns 0 if an empty string is found in a valid S-expression as Wontfix.
May 21 2019, 4:30 PM · libgcrypt, Bug Report
werner committed rGd32963eeb33f: gpg: Do not allow creation of user ids larger than our parser allows. (authored by werner).
gpg: Do not allow creation of user ids larger than our parser allows.
May 21 2019, 4:29 PM
werner added a commit to T4532: Creating a key with a long userid succeeds, but corrupts the keyring: rGd32963eeb33f: gpg: Do not allow creation of user ids larger than our parser allows..
May 21 2019, 4:29 PM · gnupg (gpg22), Bug Report
werner closed T4532: Creating a key with a long userid succeeds, but corrupts the keyring as Resolved.

Thanks. Fixed in master and 2.2.

May 21 2019, 4:29 PM · gnupg (gpg22), Bug Report
werner committed rG156788a43c20: gpg: Do not allow creation of user ids larger than our parser allows. (authored by werner).
gpg: Do not allow creation of user ids larger than our parser allows.
May 21 2019, 4:28 PM
werner added a commit to T4532: Creating a key with a long userid succeeds, but corrupts the keyring: rG156788a43c20: gpg: Do not allow creation of user ids larger than our parser allows..
May 21 2019, 4:28 PM · gnupg (gpg22), Bug Report
werner committed rG126caa34bbdb: gpg: Unify the the use of the print_pubkey_info functions. (authored by werner).
gpg: Unify the the use of the print_pubkey_info functions.
May 21 2019, 1:04 PM
werner closed T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte as Resolved.

Also fixed for 2.2

May 21 2019, 9:16 AM · gpgagent, ssh
werner committed rG6e39541f4f48: agent: For SSH key, don't put NUL-byte at the end. (authored by gniibe).
agent: For SSH key, don't put NUL-byte at the end.
May 21 2019, 9:16 AM
werner added a commit to T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte: rG6e39541f4f48: agent: For SSH key, don't put NUL-byte at the end..
May 21 2019, 9:16 AM · gpgagent, ssh
werner closed T4273: agent: Request insertion of smartcard when no card present as Resolved.

The behaviour related to ssh key access is due to the way ssh works: After a connection has been established to a server ssh presents to to the server all identities (public keys) it has access to (meaning it has a corresponding private key). Thus we can't tell ssh all the keys we have because that would be an information leak and may also take too long. Because the user may in some cases not want to use the ssh-agent but resort to ssh command line input of the passphrase, we do not insist on using a key known by gpg-agent.

May 21 2019, 9:13 AM · Feature Request, Documentation, gpgagent
werner closed T4273: agent: Request insertion of smartcard when no card present, a subtask of T2291: Smartcard interaction improvement (was: Shadowed private key design (for smartcard)), as Resolved.
May 21 2019, 9:13 AM · Feature Request, gnupg
werner added a parent task for T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested): T4509: Release GnuPG 2.2.16.
May 21 2019, 7:55 AM · patch, Bug Report, gnupg
werner added a subtask for T4509: Release GnuPG 2.2.16: T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested).
May 21 2019, 7:55 AM · Release Info, gnupg (gpg22)
werner claimed T4457: Improve deletion of secret subkeys (don't delete primary key when subkey deletion is requested).
May 21 2019, 7:55 AM · patch, Bug Report, gnupg
werner added subtasks for T4531: PowerPC performance improvements: T4530: libgcrypt: POWER SHA-2 Vector Acceleration, T4529: libgcrypt: POWER AES Vector Acceleration.
May 21 2019, 7:54 AM
werner added a parent task for T4529: libgcrypt: POWER AES Vector Acceleration: T4531: PowerPC performance improvements.
May 21 2019, 7:54 AM · libgcrypt, Feature Request
werner added a parent task for T4530: libgcrypt: POWER SHA-2 Vector Acceleration: T4531: PowerPC performance improvements.
May 21 2019, 7:54 AM · libgcrypt, Feature Request
werner created T4531: PowerPC performance improvements.
May 21 2019, 7:54 AM
werner renamed T4530: libgcrypt: POWER SHA-2 Vector Acceleration from [$] libgcrypt: POWER SHA-2 Vector Acceleration to libgcrypt: POWER SHA-2 Vector Acceleration.
May 21 2019, 7:52 AM · libgcrypt, Feature Request
werner triaged T4529: libgcrypt: POWER AES Vector Acceleration as Normal priority.

Perl would be okay for maintainer mode but not for regular builds. The reason is that perl is already used by autotools but a build shall still be possible w/o perl.

May 21 2019, 7:51 AM · libgcrypt, Feature Request
werner renamed T4529: libgcrypt: POWER AES Vector Acceleration from [$] libgcrypt: POWER AES Vector Acceleration to libgcrypt: POWER AES Vector Acceleration.
May 21 2019, 7:47 AM · libgcrypt, Feature Request
werner triaged T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache as Low priority.
May 21 2019, 7:45 AM · Feature Request, gpgagent

May 20 2019

werner committed rG110a4550179f: gpg: Do not delete any keys if --dry-run is passed. (authored by werner).
gpg: Do not delete any keys if --dry-run is passed.
May 20 2019, 12:57 PM
werner committed rG5c46c5f74540: gpg: Do not delete any keys if --dry-run is passed. (authored by werner).
gpg: Do not delete any keys if --dry-run is passed.
May 20 2019, 12:57 PM
werner triaged T4521: gpg-agent behavior on SIGTERM differs from KILLAGENT handling as Normal priority.
May 20 2019, 9:30 AM · Bug Report, gpgagent
werner added a comment to T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache .

That is on purpose. Exporting of a secret key should in theory not be possible at all via gpg. In practice we need a way to export a key, but that should be the exception and thus we do not want any caches for passphrases to have an effect.

May 20 2019, 9:29 AM · Feature Request, gpgagent
werner added a comment to E457: Weekly Standup.

Last week:

  • GnuPG 2.2 bug fixing
  • Installed Windows 10 and Office 365 :-(
May 20 2019, 9:24 AM