Page MenuHome GnuPG
Feed Advanced Search

Mar 3 2023

werner committed rGfde59f9ae638: gpg: Get the signature keyid from the issuer fpr. (authored by werner).
gpg: Get the signature keyid from the issuer fpr.
Mar 3 2023, 10:12 AM
werner committed rG202ed9e281d5: gpg: Support key flags for RENC, TIME, and GROUP. (authored by werner).
gpg: Support key flags for RENC, TIME, and GROUP.
Mar 3 2023, 10:12 AM
werner committed rG6bfb4a8d1202: doc: Typo fixes and new notes in DETAILS (authored by werner).
doc: Typo fixes and new notes in DETAILS
Mar 3 2023, 8:50 AM
werner closed T6390: ECC: Explain GnuPG's CV25519 key and its ECDH (comarison to X25519) as Resolved.

Thanks for the description; this is good for documentation.

Mar 3 2023, 8:25 AM · Support, Documentation, OpenPGP, gnupg

Mar 2 2023

werner added a comment to T6398: Support X.509 nameConstraints.

(my example cert is 0x09BB0EEE)

Mar 2 2023, 3:08 PM · Restricted Project, Feature Request, libksba
werner triaged T6398: Support X.509 nameConstraints as Normal priority.
Mar 2 2023, 3:04 PM · Restricted Project, Feature Request, libksba
werner closed T6381: Option to set default encryption subkey as Resolved.

See T6395 for the new feature. It will be released with 2.4.1 but it will take some time that it can actually be used because the other party needs to have an OpenPG implementation which supports this.

Mar 2 2023, 12:19 PM · gnupg
werner triaged T6394: FIPS requires running PCT tests unconditionally as Normal priority.

Agreed

Mar 2 2023, 11:46 AM · FIPS, libgcrypt, Bug Report
werner triaged T6393: DRBG with SHA384 is no longer allowed in FIPS mode (and looks like impossible to enable anyway) as Normal priority.
Mar 2 2023, 11:44 AM · FIPS, libgcrypt, Bug Report
werner added a comment to T6397: PCT failures inconsistency in regards to the FIPS error state.

I think the patch is okay.

Mar 2 2023, 11:41 AM · libgcrypt, FIPS, Bug Report
werner moved T6395: ADSK Feature from Backlog to WiP on the gnupg24 board.
Mar 2 2023, 11:32 AM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP

Mar 1 2023

werner committed rGef5a48dd5178: gpg: Actually encrypt to ADSKs. (authored by werner).
gpg: Actually encrypt to ADSKs.
Mar 1 2023, 7:28 PM
werner committed rG3a18378a92af: gpg: Allow adding of Additional Decryption Subkeys. (authored by werner).
gpg: Allow adding of Additional Decryption Subkeys.
Mar 1 2023, 5:24 PM
werner triaged T6395: ADSK Feature as Normal priority.
Mar 1 2023, 5:21 PM · gnupg22 (gnupg-2.2.42), gnupg24 (gnupg-2.4.1), OpenPGP
werner committed rG1aaadede76cc: agent: Show "no secret key" instead of "card removed". (authored by werner).
agent: Show "no secret key" instead of "card removed".
Mar 1 2023, 4:51 PM

Feb 28 2023

werner committed rGa5d9be1e282a: gpgconf: Print some standard envvars with -X (authored by werner).
gpgconf: Print some standard envvars with -X
Feb 28 2023, 2:44 PM
werner committed rG523b3e1773f5: gpgconf: Print some standard envvars with -X (authored by werner).
gpgconf: Print some standard envvars with -X
Feb 28 2023, 2:42 PM
werner added a comment to M10: high contrast samples of kleo .

I forgot to restart Kleo after changing the contrast. Thus for the last one, we use a wrong set of icons. After restarting it looks like

Feb 28 2023, 11:09 AM
werner added a comment to T6377: Kleopatra: gpgsk file contains shadowed private key.

FWIW:The assuan keytocard does not move the key - what you see is a side effect from unrelated code.

Feb 28 2023, 10:57 AM · kleopatra
werner created M10: high contrast samples of kleo .
Feb 28 2023, 10:50 AM
werner closed T6391: gpgme's python module has invalid version number for setuptools >=66.0.0 as Invalid.
Feb 28 2023, 9:08 AM · Bug Report
werner added a member for Contributor: svuorela.
Feb 28 2023, 8:52 AM
werner added a comment to rGeae28f1bd4a5: doc: Remove profile and systemd example files..

We don't want to compile one gnupg for each desktop environment to have it hardcoded relative to gnupg but make it configurable depending on the DE used. As a fallback we could just symlink together gpg and the right gpg-agent which is rather cheap.

Feb 28 2023, 7:50 AM

Feb 27 2023

werner added a comment to T6390: ECC: Explain GnuPG's CV25519 key and its ECDH (comarison to X25519).

Thus the public key differs on wether the raw secret key or the masked (bit255 set, bit0..2 clear) has been used. And at what point in the code this was done. Shall we collect a list describing the differences of applications and on whether they have some mitigation for compatibility.

Feb 27 2023, 5:51 PM · Support, Documentation, OpenPGP, gnupg
werner closed T3806: error accessing ldaps key server (TLS vs. STARTTLS) as Resolved.

The code has meanwhile been reworked and the mentioned test server is not anymore available

Feb 27 2023, 5:30 PM · Too Old, LDAP, dirmngr, Bug Report
werner claimed T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

Thanks for the report; the regression happened due to fixing T6135.

Feb 27 2023, 9:25 AM · gnupg22 (gnupg-2.2.42), Bug Report

Feb 26 2023

werner lowered the priority of T6382: keytocard fails to import a nistp384 ECDSA key from High to Normal.
Feb 26 2023, 7:27 PM · yubikey, scd, Bug Report
werner closed T6389: gpgtar --encrypt doesn't accept absolute path to a directory (gpgtar: skipping invalid name) as Wontfix.

Please use

gpgtar -C /home/matt/data ....

instead of using an absolute name. This makes things much easier to implement in a secure way: You don't want to have absolute file names in the tarball and mapping them to relative names is not easy or even impossible in case of, say "/home/foo/x.data /home/bar/x.data". Keep in mind that gpgtar does also not handle symlinks and other special files.

Feb 26 2023, 7:25 PM · gnupg, Bug Report
werner closed T4436: gpgsm refuses to encrypt with failure to check CRL as Resolved.

I guess this is fixed with this commit for 2.2. and 2.4. Given that the report is quite old with not new infos since 2019, I'll close it.

Feb 26 2023, 7:17 PM · gnupg, S/MIME
werner committed rG5d96aab27dcf: gpgsm: Improve cert lookup callback from dirmngr. (authored by werner).
gpgsm: Improve cert lookup callback from dirmngr.
Feb 26 2023, 7:16 PM
werner committed rGffc25228550f: gpgsm: Improve cert lookup callback from dirmngr. (authored by werner).
gpgsm: Improve cert lookup callback from dirmngr.
Feb 26 2023, 7:15 PM
werner committed rG332098a0f717: sm: Fix issuer certificate look error due to legacy error code. (authored by werner).
sm: Fix issuer certificate look error due to legacy error code.
Feb 26 2023, 7:15 PM
werner committed rGd6aa8bcbbbec: scd: Parse "Algorithm Information" data object in scdaemon. (authored by gniibe).
scd: Parse "Algorithm Information" data object in scdaemon.
Feb 26 2023, 7:15 PM
werner added a member for g10code: svuorela.
Feb 26 2023, 12:39 PM

Feb 24 2023

werner committed rG1952a0e5e41c: sm: Fix dirmngr loadcrl for intermediate certs (authored by aheinecke).
sm: Fix dirmngr loadcrl for intermediate certs
Feb 24 2023, 6:24 PM
werner created okular.
Feb 24 2023, 12:03 PM
werner triaged T6384: libgcrypt link error if cipher chacha20 is not included as Normal priority.

Thanks

Feb 24 2023, 9:05 AM · patch, libgcrypt, Bug Report

Feb 23 2023

werner committed rG9de180c6d222: doc: Minor comment fixes. (authored by werner).
doc: Minor comment fixes.
Feb 23 2023, 10:24 AM
werner committed rG23b4c6e7c2f7: dirmngr: New debug flag "keeptmp". (authored by werner).
dirmngr: New debug flag "keeptmp".
Feb 23 2023, 10:22 AM
werner added a comment to T6381: Option to set default encryption subkey.

The reason why gpg does not encrypt to multiple subkeys is that the older subkeys are viewed as deprecated. You could write a tool which does a heuristic to check when the time is reached that no more messages are encrypted to an older subkey (or are used to decrypt archived mails). At that point you can take the private part of the old subkey offline.

Feb 23 2023, 8:57 AM · gnupg

Feb 22 2023

werner added a comment to T6383: GnuPG 2.4.0 not working with Yubikey NEO.

Ooops: You need to put

Feb 22 2023, 5:56 PM · Support
werner closed T6383: GnuPG 2.4.0 not working with Yubikey NEO as Resolved.

You need write access to the usb device (e.g. /dev/bus/usb/001/011) or you install pcscd and put "disable-ccid-driver" into scdaemon.conf.

Feb 22 2023, 8:57 AM · Support

Feb 21 2023

werner added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

Sure that you specific card/implementation of Nitrokey supports this curve? The card application uses a vendor from the test card range - this it is likely that it is some Javacard implementaion or it is an old gnuk firmware on the nitrokey basic.

Feb 21 2023, 4:32 PM · yubikey, scd, Bug Report
werner added a subtask for T6378: keytocard: invalid value: T6382: keytocard fails to import a nistp384 ECDSA key.
Feb 21 2023, 3:09 PM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
werner added a parent task for T6382: keytocard fails to import a nistp384 ECDSA key: T6378: keytocard: invalid value.
Feb 21 2023, 3:09 PM · yubikey, scd, Bug Report
werner added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

There must be some regression in the code which changes the key attributes. Please try
"gpg --card-edit" admin, key-attr
and switch to nistp384.

Feb 21 2023, 3:08 PM · yubikey, scd, Bug Report
werner triaged T6382: keytocard fails to import a nistp384 ECDSA key as High priority.
Feb 21 2023, 2:46 PM · yubikey, scd, Bug Report
werner added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

Looks similar to T6378. Can you provide the output of

Feb 21 2023, 2:45 PM · yubikey, scd, Bug Report
werner committed rG71c11c20f41d: gpg: Prepare to accept shorter OIDs for ed25519 and cv25519. (authored by werner).
gpg: Prepare to accept shorter OIDs for ed25519 and cv25519.
Feb 21 2023, 12:15 PM
werner added a project to T6381: Option to set default encryption subkey: gnupg.

Sorry, I think you have to fix the other tools. The ! suffix has virtually been supported forever and any new option to do the same complicates the code and the documentation.

Feb 21 2023, 8:05 AM · gnupg

Feb 17 2023

werner committed rG1915b95ffd12: scd:p15: Add pre-check for ascii-numeric PINs. (authored by werner).
scd:p15: Add pre-check for ascii-numeric PINs.
Feb 17 2023, 12:19 PM
werner committed rG326f6fa1664d: scd:p15: Use APP_CARD macro at some other places. (authored by werner).
scd:p15: Use APP_CARD macro at some other places.
Feb 17 2023, 12:19 PM
werner committed rGadf387b3f1eb: scd: Improve reading of binary records. (authored by werner).
scd: Improve reading of binary records.
Feb 17 2023, 12:19 PM
werner committed rG88606cc484e4: scd:p15: Handle cards with bad encoded path objects. (authored by werner).
scd:p15: Handle cards with bad encoded path objects.
Feb 17 2023, 12:19 PM
werner triaged T6377: Kleopatra: gpgsk file contains shadowed private key as High priority.
Feb 17 2023, 7:55 AM · kleopatra
werner triaged T6378: keytocard: invalid value as Normal priority.
Feb 17 2023, 7:54 AM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project
werner triaged T6379: Kleopatra: Brainpool key can not be moved to smart card as High priority.
Feb 17 2023, 7:54 AM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, kleopatra
werner added projects to T6378: keytocard: invalid value: gnupg22, Bug Report.
Feb 17 2023, 7:53 AM · gnupg24 (gnupg-2.4.1), gnupg22 (gnupg-2.2.42), Bug Report, Restricted Project

Feb 16 2023

werner triaged T6369: gpgme: add a faster variant of gpgme_get_key() as High priority.
Feb 16 2023, 6:12 PM · gpgme, Feature Request
werner claimed T6375: gpg-agent race-condition with parallel clients.

Thanks. please give a few days.

Feb 16 2023, 6:11 PM · gnupg24, gpgagent, Bug Report
werner committed rG3d094e2bcf6c: gpg: New option --add-desig-revoker (authored by werner).
gpg: New option --add-desig-revoker
Feb 16 2023, 6:10 PM
werner committed rG49fe6a2821f3: doc: Put the Unattended Usage of GPG section also into the man page. (authored by werner).
doc: Put the Unattended Usage of GPG section also into the man page.
Feb 16 2023, 6:10 PM
werner committed rGf118e3b101ca: gpg: --gen-random code cleanup by using es_set_binary. (authored by werner).
gpg: --gen-random code cleanup by using es_set_binary.
Feb 16 2023, 1:46 PM
werner committed rG1d6ed0a1b4e1: gpg: --gen-random code cleanup by using es_set_binary. (authored by werner).
gpg: --gen-random code cleanup by using es_set_binary.
Feb 16 2023, 1:46 PM
werner committed rGaf9a1b5599f9: agent: Do not consider --min-passphrase-len for the magic wand. (authored by werner).
agent: Do not consider --min-passphrase-len for the magic wand.
Feb 16 2023, 1:46 PM
werner committed rG1d8191faee59: gpg: Add level 16 to --gen-random (authored by werner).
gpg: Add level 16 to --gen-random
Feb 16 2023, 1:46 PM
werner added a comment to T6375: gpg-agent race-condition with parallel clients.

Okay, I see. The commands above are a real reproducer and not standalone examples. Then yes, you should get a pinentry only for the first gpg -d (as long as the keys are still in the cache). I am lacking macOS/homebrew stuff to replicate this. What you can do is to put

Feb 16 2023, 11:54 AM · gnupg24, gpgagent, Bug Report
werner triaged T6376: FIPS 140-3: add explicit indicators for md and mac to unblock MD5 in apt as Low priority.
Feb 16 2023, 11:43 AM · libgcrypt, Feature Request, Ubuntu, Debian, FIPS

Feb 15 2023

werner added a comment to T6375: gpg-agent race-condition with parallel clients.

Although gpg-agent launching is protected by a file system lock, there is indeed a small race related to the pinentry. The invocation of the pinentries is serialized but if a second pinentry is requested while the first pinentry has not yet returned and put the passphrase into the cache, the second pinentry will be called anyway. Fixing this not easy and should rarely be a problem. The mitigation is to do a dummy decryption to seed the cache or use a custom pinentry.

Feb 15 2023, 6:54 PM · gnupg24, gpgagent, Bug Report

Feb 14 2023

werner renamed T6370: Print diagnostics to explain certain expiration cases from Impossible to change expiration date for some keys to Print diagnostics to explain certain expiration cases.
Feb 14 2023, 5:20 PM · Feature Request, gnupg
werner added a comment to T6370: Print diagnostics to explain certain expiration cases.

I guess this is the first time such a key was reported. Printing diagnostics would be a bit of work because the code to compute th. expiration time is deep in gpg's guts.

Feb 14 2023, 5:19 PM · Feature Request, gnupg
werner edited projects for T6370: Print diagnostics to explain certain expiration cases, added: gnupg, Not A Bug; removed Bug Report.
Feb 14 2023, 10:10 AM · Feature Request, gnupg
werner added a comment to T6370: Print diagnostics to explain certain expiration cases.

Here is the output of gpg --full-timestrings --check-sigs:

pub   rsa3072 2019-05-09 12:08:21 [C] [expired: 2022-05-05 12:08:21]
      ABC96B3B4BAFB57DC45D81B56A48221A903A158B
sig!         6A48221A903A158B 2019-05-09 12:08:21  [self-signature]
uid           [ expired] Linda Mary Patricia Deborah Barbara Susan Maria Nancy <linda@example.org>
sig!3        6A48221A903A158B 2019-05-09 12:08:21  [self-signature]
sub   rsa3072 2019-05-09 12:08:21 [E] [expired: 2022-05-05 12:08:21]
sig!         6A48221A903A158B 2019-05-09 12:08:21  [self-signature]
sub   rsa3072 2019-05-09 12:08:21 [S] [expired: 2022-05-05 12:08:21]
sig!         6A48221A903A158B 2019-05-09 12:08:21  [self-signature]
Feb 14 2023, 10:09 AM · Feature Request, gnupg
werner added a comment to T6369: gpgme: add a faster variant of gpgme_get_key().

Indeed. The called function dates back to 2004. We really need to rework this and cache the value - it might be required to take the file_name into account.

Feb 14 2023, 8:54 AM · gpgme, Feature Request

Feb 13 2023

werner added a comment to T6369: gpgme: add a faster variant of gpgme_get_key().

I had the same suspicion andIchecked the code. afaics all values are taken from a cache (see dirinfo.c). Thus no real overhead.

Feb 13 2023, 4:49 PM · gpgme, Feature Request
werner added a comment to T6369: gpgme: add a faster variant of gpgme_get_key().

If you got a limited list of, say, fingerprints, you should put them into an array and use gpgme_op_keylist_ext_start tolist only those keys. This will be much faster.

Feb 13 2023, 9:32 AM · gpgme, Feature Request

Feb 12 2023

werner added a project to T6369: gpgme: add a faster variant of gpgme_get_key(): gpgme.
Feb 12 2023, 4:16 PM · gpgme, Feature Request
werner added a comment to T6369: gpgme: add a faster variant of gpgme_get_key().

The context cloning should not be that expensive compared to invoking gpg. Thus let us first see how to speed up this in the common case.

Feb 12 2023, 4:15 PM · gpgme, Feature Request

Feb 10 2023

werner added a comment to T5478: Kleopatra: Performance problems decrypting and encrypting large Archives.

These are USTAR types:

Feb 10 2023, 11:37 AM · Restricted Project, gpgme, kleopatra
werner committed rM9c5506fde701: core: Switch to logging via gpgrt (authored by werner).
core: Switch to logging via gpgrt
Feb 10 2023, 11:25 AM
werner committed rMc0da6f77c66e: core: Update copyright notices (authored by werner).
core: Update copyright notices
Feb 10 2023, 11:25 AM

Feb 9 2023

werner added a comment to T6368: GpgME: gpgme_op_decrypt_verify creates incomplete verification result for not encrypted data.

I have some doubts that signed-only archives are very useful. The only use case is that this allows to sign stuff without saving it first. You would need to do this in my generally preferred detach signature case.

Feb 9 2023, 10:49 AM · Restricted Project, gpgme
werner added a comment to T6365: Help text translation is not applied.

Good catch. The translation of the option descriptions is done as part of the option parser (libgpg-error/src/argparse.c) and thus we need to have gettext support over there. Also for some other error messages.

Feb 9 2023, 8:43 AM · MacOS, i18n, Bug Report, gnupg24

Feb 8 2023

werner triaged T6339: Outlook crashes when selecting a contact (with HTML mails enabled) as Low priority.

Gpg4win 4.1.0 comes a slighly newer gpgol which should be tried before we continue. Set to low prioprity because this seems not to be easily reproducible.

Feb 8 2023, 12:55 PM · gpgol, Bug Report
werner triaged T6365: Help text translation is not applied as Normal priority.

I have no idea about Homebrew - can you figure out the maintainer and point him to here?

Feb 8 2023, 12:50 PM · MacOS, i18n, Bug Report, gnupg24
werner triaged T6360: Kleopatra: focus in certificate list changes when details are viewed as Normal priority.
Feb 8 2023, 12:48 PM · kleopatra, Restricted Project
werner committed rG3ab6538433fd: tools: Return a better error message if sendmail is not usable. (authored by werner).
tools: Return a better error message if sendmail is not usable.
Feb 8 2023, 8:26 AM
werner closed T6321: gpg-wks-server should not build without sendmail as Resolved.

With 2.4.1 you will get a runtime error

sendmail tool '%s' is not correctly installed\n
Feb 8 2023, 8:24 AM · Bug Report, wkd
werner triaged T6366: Allow "interactive" import of keys as Low priority.
Feb 8 2023, 8:04 AM · kleopatra, Feature Request

Feb 7 2023

werner added a project to T6366: Allow "interactive" import of keys: kleopatra.

It does not matter what you have in you keyring. It does not harm to have arbitrary keys there.

Feb 7 2023, 4:58 PM · kleopatra, Feature Request
werner added a comment to T6365: Help text translation is not applied.

No idea what happens. I can't replicate that on a Linux box using GNU gettext and neither in Windows using gnupg's own gettext implementation. It seems that strings without any line feed don't get translated.

Feb 7 2023, 3:09 PM · MacOS, i18n, Bug Report, gnupg24
werner committed rG103acfe9ca6e: gpg: New list-option --show-unusable-sigs. (authored by werner).
gpg: New list-option --show-unusable-sigs.
Feb 7 2023, 3:00 PM
werner added a comment to T6365: Help text translation is not applied.

Thanks. Looks pretty standard. I will have a closer look.

Feb 7 2023, 2:44 PM · MacOS, i18n, Bug Report, gnupg24

Feb 6 2023

werner added a comment to T6365: Help text translation is not applied.

Can you please provide the output of

Feb 6 2023, 11:03 AM · MacOS, i18n, Bug Report, gnupg24
werner added projects to T6365: Help text translation is not applied: gnupg24, Bug Report, i18n.
Feb 6 2023, 9:44 AM · MacOS, i18n, Bug Report, gnupg24

Feb 3 2023

werner added a comment to rGeae28f1bd4a5: doc: Remove profile and systemd example files..

Frankly, I don't understand the problem. Without the pinetry-program option you have a ./configure option to set the name of the pinentry. If you don't use that gpg-agent looks for $bindir/pinentry and if not found for $bindir/pinentry-basic.

Feb 3 2023, 11:39 AM

Feb 2 2023

werner added a comment to rGeae28f1bd4a5: doc: Remove profile and systemd example files..

Use a symlink or the alternatives systems. The --pinentry-program option was introduced for debugging.

Feb 2 2023, 9:46 AM

Feb 1 2023

werner moved T6362: Libkleo, GpgOL: Use global inst-type flag of GPGME from Backlog to QA for next release on the gpgme board.
Feb 1 2023, 5:46 PM · gpgme (gpgme 1.23.x), Restricted Project, gpgol, kleopatra
werner reassigned T6362: Libkleo, GpgOL: Use global inst-type flag of GPGME from werner to aheinecke.

The gpgme part has been done. Some minor changes in Kleopatra regarding the VERSION file checking would be useful.

Feb 1 2023, 5:32 PM · gpgme (gpgme 1.23.x), Restricted Project, gpgol, kleopatra
werner committed rM5ab9c234d6b5: core,w32: More robust detection of GnuPG Desktop dir layout (authored by werner).
core,w32: More robust detection of GnuPG Desktop dir layout
Feb 1 2023, 5:31 PM