Page MenuHome GnuPG
Feed Advanced Search

Oct 28 2022

werner closed T4938: Support Signature Card V2.0 (NKS15) as Resolved.
Oct 28 2022, 3:33 PM · eIDAS, scd, Feature Request, S/MIME
werner closed T6252: Support ECC for Netkey cards also in 2.2 as Resolved.
Oct 28 2022, 3:32 PM · gnupg (gpg22), scd, Restricted Project
werner closed T6252: Support ECC for Netkey cards also in 2.2, a subtask of T4938: Support Signature Card V2.0 (NKS15), as Resolved.
Oct 28 2022, 3:32 PM · eIDAS, scd, Feature Request, S/MIME
werner closed T6252: Support ECC for Netkey cards also in 2.2, a subtask of T6253: GpgSM: Backport ECC support to 2.2, as Resolved.
Oct 28 2022, 3:32 PM · gnupg22 (gnupg-2.2.42), Restricted Project, Feature Request, S/MIME
werner changed the status of T6253: GpgSM: Backport ECC support to 2.2, a subtask of T4098: GpgSM: Add ECC support, from Open to Testing.
Oct 28 2022, 3:32 PM · gnupg (gpg23), Feature Request, S/MIME
werner changed the status of T6253: GpgSM: Backport ECC support to 2.2 from Open to Testing.
Oct 28 2022, 3:32 PM · gnupg22 (gnupg-2.2.42), Restricted Project, Feature Request, S/MIME
werner committed rGb71a14238dd2: gpgsm: Also announce AES256-CBC in signatures. (authored by werner).
gpgsm: Also announce AES256-CBC in signatures.
Oct 28 2022, 3:24 PM
werner committed rG28467f3735f7: sm: Support encryption using ECDH keys. (authored by werner).
sm: Support encryption using ECDH keys.
Oct 28 2022, 3:22 PM
werner committed rGfd0ddf26990d: gpgsm: New compatibility flag "allow-ecc-encr". (authored by werner).
gpgsm: New compatibility flag "allow-ecc-encr".
Oct 28 2022, 3:22 PM
werner committed rGaa397fdcdb21: gpgsm: Also announce AES256-CBC in signatures. (authored by werner).
gpgsm: Also announce AES256-CBC in signatures.
Oct 28 2022, 3:22 PM
werner committed rGd770715e1574: gpgsm: Allow ECC encryption keys with just keyAgreement specified. (authored by werner).
gpgsm: Allow ECC encryption keys with just keyAgreement specified.
Oct 28 2022, 12:18 PM
werner committed rG1cdb67d41a41: gpgsm: Use macro constants for cert_usage_p. (authored by werner).
gpgsm: Use macro constants for cert_usage_p.
Oct 28 2022, 12:18 PM
werner committed rG934bbe67c2c0: scd: Use APP_LEARN_FLAG_KEYPAIRINFO with more apps. (authored by werner).
scd: Use APP_LEARN_FLAG_KEYPAIRINFO with more apps.
Oct 28 2022, 12:18 PM
werner committed rG7ed523ca1332: scd:nks: Support non-ESIGN signing with the Signature Card v2 (authored by werner).
scd:nks: Support non-ESIGN signing with the Signature Card v2
Oct 28 2022, 12:18 PM
werner committed rG12d3b16729b7: scd: Use app_get_slot at more places. (authored by werner).
scd: Use app_get_slot at more places.
Oct 28 2022, 12:18 PM
werner committed rG6fa4143284ef: doc: Make uploading of 2.2 manuals easier (authored by werner).
doc: Make uploading of 2.2 manuals easier
Oct 28 2022, 12:18 PM
werner added a comment to T6238: regexp for trust signature domain restriction does not work if key only has an e-mail address.

Fixed for master but not yet tested.

Oct 28 2022, 11:21 AM · backport, gnupg (gpg22), Bug Report, Restricted Project
werner committed rG0ef54e644f19: gpg: Fix trusted introducer for user-ids with only the mbox. (authored by werner).
gpg: Fix trusted introducer for user-ids with only the mbox.
Oct 28 2022, 11:21 AM
werner added a comment to T5542: w32: Values under HKLM ignored if HKCU entry for GnuPG exists.

Is this still an issue or is the new gpgconf -X feature sufficient to detect this case?

Oct 28 2022, 10:00 AM · Windows, gnupg, Restricted Project
werner added a comment to T5778: Wish to add a generic comment or hint to encrypted data.

An outer signature or even a new packet to sign the list of encrypted session keys might also be an option which does not disturb older implementations.

Oct 28 2022, 9:54 AM · gnupg, Restricted Project
werner added a comment to T6081: MSI: Check for GnuPT on installation.

Is that still required wit the new gpgme global flag "inst-type"?

Oct 28 2022, 9:50 AM · Restricted Project, gpg4win
werner moved T6238: regexp for trust signature domain restriction does not work if key only has an e-mail address from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Oct 28 2022, 9:48 AM · backport, gnupg (gpg22), Bug Report, Restricted Project
werner moved T6252: Support ECC for Netkey cards also in 2.2 from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Oct 28 2022, 9:48 AM · gnupg (gpg22), scd, Restricted Project
werner moved T6253: GpgSM: Backport ECC support to 2.2 from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Oct 28 2022, 9:48 AM · gnupg22 (gnupg-2.2.42), Restricted Project, Feature Request, S/MIME
werner moved T1235: adding automatic refresh-key from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Oct 28 2022, 9:48 AM · gnupg24, gnupg22, Restricted Project, Feature Request
werner raised the priority of T1235: adding automatic refresh-key from Normal to High.
Oct 28 2022, 9:48 AM · gnupg24, gnupg22, Restricted Project, Feature Request
werner committed rG7aaedfb10767: gpg: Import stray revocation certificates. (authored by werner).
gpg: Import stray revocation certificates.
Oct 28 2022, 9:31 AM
werner lowered the priority of T4612: Add spare space to the keybox to always allow the import of revocations. from Normal to Low.
Oct 28 2022, 9:19 AM · gnupg24, gnupg (gpg23), Bug Report

Oct 27 2022

werner awarded T6242: libgcrypt: optimize ECB? (as it may be used to estimate library crypto performance) a Cup of Joe token.
Oct 27 2022, 8:46 AM · libgcrypt, Feature Request
werner added a comment to T6249: gpgrt: spawn functions.

I general I agree.

Oct 27 2022, 8:44 AM · gnupg, libassuan, gpgrt
werner triaged T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent as Normal priority.
Oct 27 2022, 8:27 AM · gnupg, Documentation, ssh
werner triaged T6255: --list-keys output truncated and loops repeatedly as Low priority.

There is a utility named kbxutil which can be sued to dump the pubring.kbx file without any post-processing by gpg. I would check whether there are any other keys after the VideoLAN key. iirc, kbxutil ist not commonly installed; you may need to build the software yourself or copy the pubring.kbx to Linux and check it here.

Oct 27 2022, 8:26 AM · gnupg24, Windows, gnupg (gpg23), can't replicate, Bug Report

Oct 26 2022

werner committed rM1c9694f8d50b: core: New global flags "inst-type". (authored by werner).
core: New global flags "inst-type".
Oct 26 2022, 12:12 PM

Oct 25 2022

werner committed rO6a92c8b0f356: Post release updates (authored by werner).
Post release updates
Oct 25 2022, 2:59 PM
werner committed rO9f54866ab768: Release 2.5.5 (authored by werner).
Release 2.5.5
Oct 25 2022, 2:59 PM
werner committed rG9c4691c73e9e: card: New commands "gpg" and "gpgsm". (authored by werner).
card: New commands "gpg" and "gpgsm".
Oct 25 2022, 2:13 PM
werner committed rG8361e13ef212: scd:nks: Support non-ESIGN signing with the Signature Card v2 (authored by werner).
scd:nks: Support non-ESIGN signing with the Signature Card v2
Oct 25 2022, 12:03 PM
werner committed rG50efcf2eb0d1: gpgsm: Use macro constants for cert_usage_p. (authored by werner).
gpgsm: Use macro constants for cert_usage_p.
Oct 25 2022, 12:03 PM
werner committed rGf3198f9d705a: card: Also show fingerprints of known X.509 certificates (authored by werner).
card: Also show fingerprints of known X.509 certificates
Oct 25 2022, 12:03 PM
werner committed rG6bd0dd762c0d: gpgsm: Allow ECC encryption keys with just keyAgreement specified. (authored by werner).
gpgsm: Allow ECC encryption keys with just keyAgreement specified.
Oct 25 2022, 12:03 PM
werner added a comment to T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent.

@gniibe: Thanks for looking into it.

Oct 25 2022, 10:23 AM · gnupg, Documentation, ssh

Oct 24 2022

werner placed T6258: IMAP-Fix not integrated in 3.1.25-Codebase and GnuPG VS Desktop 3.1.25 up for grabs.
Oct 24 2022, 8:08 PM · Restricted Project
werner closed T6258: IMAP-Fix not integrated in 3.1.25-Codebase and GnuPG VS Desktop 3.1.25 as Resolved.

This will go into the next release.

Oct 24 2022, 8:08 PM · Restricted Project
werner committed rM830e017e5d5f: core: Protect against a theoretical integer overflow in parsetlv.c (authored by werner).
core: Protect against a theoretical integer overflow in parsetlv.c
Oct 24 2022, 1:53 PM
werner closed T6203: GpgOL (Gpg4Win 3.1.24) / Error in parsing mail-headers (empty mail-body without correct decoded encryption-scheme) when using gpgol.dll 2.5.4 (gpgol.dll 2.5.0 from 3.1.16 works) as Resolved.

Please note that gpg4win 3.1 is not anymore maintained. Gpg4win 4.0.4 is the currrent release and comes with the IMAP fix. We do not have a single GnuPG VS-Desktop customer using IMAP and thus having the fix only in the next VSD version seems to be okay.

Oct 24 2022, 1:22 PM · Restricted Project, gpgol
werner triaged T6235: Problem editing Expiration Time as Normal priority.
Oct 24 2022, 7:19 AM · gnupg24, Feature Request
werner triaged T6242: libgcrypt: optimize ECB? (as it may be used to estimate library crypto performance) as Low priority.

Go ahead if you want to do that.

Oct 24 2022, 7:19 AM · libgcrypt, Feature Request
werner added a comment to T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent.

Surely not. We just take the key from those certificates. Note that ssh-add merely imports a key permanently into gpg-agent's key store.

Oct 24 2022, 7:18 AM · gnupg, Documentation, ssh
werner closed T6256: Version > 4.0.0 DLL not found as Resolved.
Oct 24 2022, 7:16 AM · gpg4win, Support

Oct 21 2022

werner edited projects for T6256: Version > 4.0.0 DLL not found, added: Support, gpg4win; removed Bug Report.

An old version is still installed and the libgpg-error-0.dll could not be replaced. Make sure that you deinstalled old gpg4win versions and other gnupg versions. The file version of the DLL shall be 1.46.x.x.

Oct 21 2022, 11:46 AM · gpg4win, Support
werner added a comment to T6255: --list-keys output truncated and loops repeatedly.

Are you using the keyboxd ? ("use-keyboxd" in common.conf) or is this using the default pubring.kbx.

Oct 21 2022, 6:25 AM · gnupg24, Windows, gnupg (gpg23), can't replicate, Bug Report

Oct 20 2022

werner triaged T6254: Warn in --recv-keys verbose output that no keys have been imported as Normal priority.
Oct 20 2022, 10:14 PM · gnupg24, Keyserver, Bug Report
werner added projects to T6254: Warn in --recv-keys verbose output that no keys have been imported: gnupg (gpg23), Keyserver.

Oh yes, the usual import statistics should be shown here.

Oct 20 2022, 10:14 PM · gnupg24, Keyserver, Bug Report
werner edited projects for T6235: Problem editing Expiration Time, added: Feature Request, gnupg (gpg23); removed Bug Report.
Oct 20 2022, 10:10 PM · gnupg24, Feature Request
werner committed rGed62b74a175e: gpgsm: Create ECC certificates with AKI and SKI by default. (authored by werner).
gpgsm: Create ECC certificates with AKI and SKI by default.
Oct 20 2022, 5:34 PM
werner committed rG9f1181e1a7ed: gpgsm: Print the key types as standard key algorithm strings. (authored by werner).
gpgsm: Print the key types as standard key algorithm strings.
Oct 20 2022, 5:34 PM
werner committed rG5ae2632002c0: gpgsm: Support decryption of ECDH data (authored by werner).
gpgsm: Support decryption of ECDH data
Oct 20 2022, 5:34 PM
werner committed rG8b2c55d3c5da: gpgsm: Remove restriction of key generation (only RSA). (authored by gniibe).
gpgsm: Remove restriction of key generation (only RSA).
Oct 20 2022, 5:34 PM
werner committed rG37a853d808f0: gpgsm: Support key generation with ECC. (authored by gniibe).
gpgsm: Support key generation with ECC.
Oct 20 2022, 5:34 PM
werner added a parent task for T6252: Support ECC for Netkey cards also in 2.2: T6253: GpgSM: Backport ECC support to 2.2.
Oct 20 2022, 2:33 PM · gnupg (gpg22), scd, Restricted Project
werner added a subtask for T6253: GpgSM: Backport ECC support to 2.2: T6252: Support ECC for Netkey cards also in 2.2.
Oct 20 2022, 2:33 PM · gnupg22 (gnupg-2.2.42), Restricted Project, Feature Request, S/MIME
werner triaged T6253: GpgSM: Backport ECC support to 2.2 as High priority.
Oct 20 2022, 2:32 PM · gnupg22 (gnupg-2.2.42), Restricted Project, Feature Request, S/MIME
werner changed the status of T6252: Support ECC for Netkey cards also in 2.2, a subtask of T4938: Support Signature Card V2.0 (NKS15), from Open to Testing.
Oct 20 2022, 2:12 PM · eIDAS, scd, Feature Request, S/MIME
werner changed the status of T6252: Support ECC for Netkey cards also in 2.2 from Open to Testing.
Oct 20 2022, 2:12 PM · gnupg (gpg22), scd, Restricted Project
werner added a parent task for T6252: Support ECC for Netkey cards also in 2.2: T4938: Support Signature Card V2.0 (NKS15).
Oct 20 2022, 2:11 PM · gnupg (gpg22), scd, Restricted Project
werner added a subtask for T4938: Support Signature Card V2.0 (NKS15): T6252: Support ECC for Netkey cards also in 2.2.
Oct 20 2022, 2:11 PM · eIDAS, scd, Feature Request, S/MIME
werner added a comment to T6249: gpgrt: spawn functions.

without this list we don't have an option to keep file descriptors open; its not just stderr but for example log files and descriptors which pare passed by other meands than libassuan functions.

Oct 20 2022, 1:52 PM · gnupg, libassuan, gpgrt
werner committed rG1e69676981ac: scd:nks: Don't flag the ESIGN keypair EF as encryption capable. (authored by werner).
scd:nks: Don't flag the ESIGN keypair EF as encryption capable.
Oct 20 2022, 12:23 PM
werner committed rGf24904ee3540: scd:nks: Some code cleanup. (authored by werner).
scd:nks: Some code cleanup.
Oct 20 2022, 12:23 PM
werner committed rG5cd25f4ca485: scd:nks: Support the Telesec ESIGN application. (authored by werner).
scd:nks: Support the Telesec ESIGN application.
Oct 20 2022, 12:23 PM
werner committed rGb19958278931: scd:nks: Return USAGE information for KEYINFO command. (authored by gniibe).
scd:nks: Return USAGE information for KEYINFO command.
Oct 20 2022, 12:23 PM
werner committed rG8bccd95b38f2: scd:nks: Add support for signing plain SHA-2 digests. (authored by ikloecker).
scd:nks: Add support for signing plain SHA-2 digests.
Oct 20 2022, 12:23 PM
werner committed rG77b008d1e74b: scd:nks: Handle APP_READKEY_FLAG_INFO. (authored by werner).
scd:nks: Handle APP_READKEY_FLAG_INFO.
Oct 20 2022, 12:23 PM
werner committed rG3c1acb7b9fa4: scd:nks: Support READKEY with keygrip and for "NKS-IDLM" keyref. (authored by gniibe).
scd:nks: Support READKEY with keygrip and for "NKS-IDLM" keyref.
Oct 20 2022, 12:23 PM
werner committed rG1f2823e0beee: scd:nks: Add support of KEYGRIP for do_readcert. (authored by gniibe).
scd:nks: Add support of KEYGRIP for do_readcert.
Oct 20 2022, 12:23 PM
werner committed rG0979ae349131: scd:nks: Factor out pubkey retrieval from keygrip handling. (authored by gniibe).
scd:nks: Factor out pubkey retrieval from keygrip handling.
Oct 20 2022, 12:23 PM
werner committed rGea7234d2f591: scd:nks: Factor out iteration over filelist. (authored by gniibe).
scd:nks: Factor out iteration over filelist.
Oct 20 2022, 12:23 PM
werner committed rGc9eb4c063231: scd:nks: Fix caching keygrip (more). (authored by gniibe).
scd:nks: Fix caching keygrip (more).
Oct 20 2022, 12:23 PM
werner committed rGcf5f6896f810: scd:nks: Minor additions to the basic IDLM application support. (authored by werner).
scd:nks: Minor additions to the basic IDLM application support.
Oct 20 2022, 12:23 PM
werner committed rGf1bd7369a754: scd,nks: Fix caching keygrip. (authored by gniibe).
scd,nks: Fix caching keygrip.
Oct 20 2022, 12:23 PM
werner committed rGc1c3331cf965: scd:nks: Emit the algo string with KEYPAIRINFO (authored by werner).
scd:nks: Emit the algo string with KEYPAIRINFO
Oct 20 2022, 12:23 PM
werner committed rGc99870f790c6: scd:nks: Fix certificate read problem with TCOS signature card v2. (authored by werner).
scd:nks: Fix certificate read problem with TCOS signature card v2.
Oct 20 2022, 12:23 PM
werner committed rGfe698586b5d4: scd:nks: Implement writecert for the Signature card v2. (authored by werner).
scd:nks: Implement writecert for the Signature card v2.
Oct 20 2022, 12:23 PM
werner committed rG60ba61e78ea3: scd:nks: Add framework to support IDKey cards. (authored by werner).
scd:nks: Add framework to support IDKey cards.
Oct 20 2022, 12:23 PM
werner committed rGa974d8aefab1: scd:nks: Fix remaining tries warning in --reset mode. (authored by werner).
scd:nks: Fix remaining tries warning in --reset mode.
Oct 20 2022, 12:23 PM
werner committed rGbbef2d17902b: scd:nks: Support decryption using ECDH. (authored by werner).
scd:nks: Support decryption using ECDH.
Oct 20 2022, 12:23 PM
werner committed rGa83281176c2b: scd:nks: Get the PIN prompts right for the Signature Card (authored by werner).
scd:nks: Get the PIN prompts right for the Signature Card
Oct 20 2022, 12:23 PM
werner committed rGf5e0469d6e74: scd:nks: Add do_with_keygrip and implement a cache. (authored by werner).
scd:nks: Add do_with_keygrip and implement a cache.
Oct 20 2022, 12:23 PM
werner committed rG471e610fcd63: scd:nks: Allow retrieving certificates from a Signature Card v.20 (authored by werner).
scd:nks: Allow retrieving certificates from a Signature Card v.20
Oct 20 2022, 12:23 PM
werner triaged T6252: Support ECC for Netkey cards also in 2.2 as High priority.
Oct 20 2022, 10:56 AM · gnupg (gpg22), scd, Restricted Project
werner added a comment to T6238: regexp for trust signature domain restriction does not work if key only has an e-mail address.

The latter. Detecting mail addresses with regexp is anyway a kludge and we have more stringent code to detect mail addresses in a user-id.

Oct 20 2022, 7:50 AM · backport, gnupg (gpg22), Bug Report, Restricted Project
werner added a comment to T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent.

I am using this many years now without any problems. Also my collegues and many other folks I know. Thus the question is how your system differs from commonly used systems.

Oct 20 2022, 7:48 AM · gnupg, Documentation, ssh

Oct 19 2022

werner added a comment to T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent.

We do not support OpenSSH certificates but ignore such requests. However, the keys from the certificates will be imported correctly. You should use the stable version of GnuPG (2.3.8) and not the LTS version 2.,2.

Oct 19 2022, 7:36 PM · gnupg, Documentation, ssh
werner committed rD34eed1bd03f3: web: Fix last commit (authored by werner).
web: Fix last commit
Oct 19 2022, 4:10 PM
werner committed rD2ab884d58ee0: web: Add download links for GnuPG Desktop 2.3.8 (authored by werner).
web: Add download links for GnuPG Desktop 2.3.8
Oct 19 2022, 3:40 PM
werner added a comment to T6243: SMIME on Outlook not working, if GPG-Plugin installed.

This is the first report we have on such a problem despite of hundred thousands of users. "Triage" means that we need to look at a report to check its priority.

Oct 19 2022, 1:53 PM · gpgol, Bug Report
werner raised the priority of T6243: SMIME on Outlook not working, if GPG-Plugin installed from High to Needs Triage.
Oct 19 2022, 12:09 PM · gpgol, Bug Report
werner triaged T6248: FIPS compliant RSA OAEP encryption as Normal priority.

So, this is only for OAEP but not for ECDH? FWIW, GnUPG uses OAEP only for S/MIME.

Oct 19 2022, 7:54 AM · libgcrypt, FIPS, Feature Request

Oct 18 2022

werner added a comment to T6228: TOFU data are not updated when creating an encrypted message.

FWIW: I am not anymore very convinced of our tofu code. it leaks too many information because it tracks and stored all signature verification. The model is further way too complicated and the SQL used will eventually lead to a resource problem. Maybe doing Tofu stuff in the frontend is a better idea and get rid of all the history processing which works only for fresh mails and not for data verification.

Oct 18 2022, 5:55 PM · gpgme, TOFU
werner added a comment to T6238: regexp for trust signature domain restriction does not work if key only has an e-mail address.

We already detect mail addresses for different purposes and thus it will be easy to enclose them in angle brackets just for comparision.. Almost all trust signatures out there are created by gpg and used to restrict the mail domain. No need for different regexp. See also the comments in the code related to the history.

Oct 18 2022, 8:03 AM · backport, gnupg (gpg22), Bug Report, Restricted Project