Page MenuHome GnuPG
Feed All Stories

Today

l10n daemon script <scripty@kde.org> committed rLIBKLEO51a14b8efdd2: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
Sun, Sep 19, 4:35 AM
l10n daemon script <scripty@kde.org> committed rLIBKLEOfb48fe295343: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
Sun, Sep 19, 3:39 AM

Yesterday

swimmerm added a comment to T5593: Gpg4Win displayed 'PATH env variable too big' error during setup.

Because of T3458 and other references to PATH I found in the past (see past references I added into this bug), am I right to assume that under normal conditions (so with no PATH related errors like 'PATH env variable too big' I reported here) after proper end of 'gpg4win-3.1.16.exe' installation only following (unquoted) path string 'C:\Program Files (x86)\Gpg4win\bin;' would have been added at beginning of PATH system environment variable ?

Sat, Sep 18, 6:29 PM · Bug Report, gpg4win
swimmerm added a comment to T5605: After end of v3.1.16 setup Kleopatra desktop icon was created with wrong saved path for own icon.

Woops, I also forgot to say that only Kleopatra icon I found on my desktop as this problem. Original folder path of Kleopatra.lnk shortcut I have on my Desktop is C:\Users\Public\Desktop.
While 'Kleopatra.lnk_' I uploaded after renaming its extension as 'lnk_' was just another copy of it I temporarily put on my own Desktop only for uploading.

Sat, Sep 18, 6:12 PM · Bug Report, gpg4win
swimmerm added a comment to T5605: After end of v3.1.16 setup Kleopatra desktop icon was created with wrong saved path for own icon.

Sat, Sep 18, 6:00 PM · Bug Report, gpg4win
swimmerm created T5605: After end of v3.1.16 setup Kleopatra desktop icon was created with wrong saved path for own icon.
Sat, Sep 18, 5:48 PM · Bug Report, gpg4win

Fri, Sep 17

Jakuje added a comment to T5600: Provide module name/version API for FIPS 140-3.

I have a draft, which results in the following "API" of the name-version:

Fri, Sep 17, 6:13 PM · libgcrypt, FIPS, Bug Report
werner added a comment to T5599: Make gpg use the helpers baked into its AppImage.

The actual patch is rGd4768bb982adb5c8410303334ee8d82ba0d71f3b (our parser in dev.gnupg.org missed to pick up the bug-id due to teh use of scissor lines in the commit message).

Fri, Sep 17, 5:58 PM · gnupg, Restricted Project, Feature Request
werner committed rGd4768bb982ad: common: Support a gpgconf.ctl file under Unix. (authored by werner).
common: Support a gpgconf.ctl file under Unix.
Fri, Sep 17, 5:43 PM
werner committed rG9c272dc24545: common: New function substitute_envvars. (authored by werner).
common: New function substitute_envvars.
Fri, Sep 17, 5:43 PM
Jakuje added a comment to T5244: libgcrypt: Restrict message digest use.

I had in my mind something like this:

Fri, Sep 17, 3:36 PM · FIPS, Testing, libgcrypt
calestyo added a comment to T5594: some possible minor things in the manpage.

The changes do not seem to touch anything I've mentoned in (1)?

Fri, Sep 17, 2:59 PM · Documentation, gnupg, Bug Report
werner committed rDe12aeb7a150b: web: New versions of the AD ldap schemes. (authored by werner).
web: New versions of the AD ldap schemes.
Fri, Sep 17, 2:49 PM
loskiq updated loskiq.
Fri, Sep 17, 2:34 PM
loskiq updated loskiq.
Fri, Sep 17, 2:34 PM
loskiq updated loskiq.
Fri, Sep 17, 2:31 PM
mid-kid added a comment to T5551: gpg-agent: DISPLAY is not set when calling pinentry-qt.

I see, I wasn't aware of this. Thanks for fixing!

Fri, Sep 17, 12:22 PM · qt, pinentry, gnupg
aheinecke committed rKLEOPATRA107abfdb1a41: Hide create openpgp key from card command for <2.3 (authored by aheinecke).
Hide create openpgp key from card command for <2.3
Fri, Sep 17, 11:56 AM
aheinecke committed rKLEOPATRA533c11c5247f: Align the recipient selection at the top (authored by aheinecke).
Align the recipient selection at the top
Fri, Sep 17, 11:52 AM
werner added projects to T5590: OpenPGP: Curve 448, modernize?: gnupg (gpg23), OpenPGP.
Fri, Sep 17, 11:07 AM · OpenPGP, gnupg (gpg23)
werner triaged T5604: Kleopatra clipboard allows to process an empty message as Low priority.
Fri, Sep 17, 10:56 AM · kleopatra
werner added a project to T5603: Kleopatra button "change passphrase" is not disabled for cards.: token.
Fri, Sep 17, 10:52 AM · token, kleopatra
werner created token.
Fri, Sep 17, 10:52 AM
werner triaged T5603: Kleopatra button "change passphrase" is not disabled for cards. as Low priority.
Fri, Sep 17, 10:51 AM · token, kleopatra
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

While data template preparation for RSA-PSS is a bit tricky, it's simple with ECDSA.

Fri, Sep 17, 10:43 AM · FIPS, libgcrypt, Feature Request
luweitest added a comment to T5560: gpg.exe interrupt batch execution in WindowsXp.

Tried and no change -- cmd window still flashes away.

Fri, Sep 17, 8:14 AM · Windows, gnupg (gpg22), Bug Report
werner closed T5551: gpg-agent: DISPLAY is not set when calling pinentry-qt as Resolved.

Thanks for commenting. I close this bug then.

Fri, Sep 17, 8:07 AM · qt, pinentry, gnupg
werner added a comment to T5560: gpg.exe interrupt batch execution in WindowsXp.

Remember to always pass --batch for unattended operations.

Fri, Sep 17, 8:02 AM · Windows, gnupg (gpg22), Bug Report
werner added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Having hash-algo in the s-exp is useful because a hash handle may carry several hashes. This is sometimes useful if you do not know the hash algorithm in advance and you need to make a guess (various PGP compatibility things in gpg). But of course we can simplify this and use the default algo from the hash handle if hash-algo is missing.

Fri, Sep 17, 7:59 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Thanks for your comment.

Fri, Sep 17, 7:26 AM · FIPS, libgcrypt, Feature Request
luweitest closed T5602: GnuPG 2.3.2 cannot decrypt in WinowsXp as Wontfix.
Fri, Sep 17, 6:03 AM
luweitest added a comment to T5589: add context menu for normal operation after installation.

Thanks for the explanation. I understand gnupg-w32 is mainly for installing the command line component, yet adding a context menu for a specific file type is just as simple as importing a reg file like:

Fri, Sep 17, 5:46 AM · Installer, FAQ, gpg4win
luweitest renamed T5560: gpg.exe interrupt batch execution in WindowsXp from gpg.exe changes the properties of command line window and do not quit normally in batch execution to gpg.exe interrupt batch execution in WindowsXp.
Fri, Sep 17, 5:33 AM · Windows, gnupg (gpg22), Bug Report
luweitest added a comment to T5560: gpg.exe interrupt batch execution in WindowsXp.

Thanks to jaclaz@msfn.org, the workaround is to use pipe operation like:
pause|"C:\Program Files\GnuPG\bin\gpg.exe" --verify "%1"
He also confirmed that gpg.exe does interrupt batch processing, regardless what command is followed.
And I have tested in Windows 7, batch processing is not interrupted. Since this bug is WindowsXp specific, "won't fix" should be more proper.

Fri, Sep 17, 5:32 AM · Windows, gnupg (gpg22), Bug Report

Thu, Sep 16

gouttegd added a comment to T5551: gpg-agent: DISPLAY is not set when calling pinentry-qt.

Your proposed fix (in your first comment) has actually already been applied (commit 1305baf0994059f458b1d5ca28a355c12932fab3 in master, backported to the -2.2 branch in 455ba49071dea7588c9de11785b3092e45e4560b). It is part of gnupg-2.2.31 released today. :)

Thu, Sep 16, 11:11 PM · qt, pinentry, gnupg
mid-kid added a comment to T5551: gpg-agent: DISPLAY is not set when calling pinentry-qt.

The Qt upstream bug report has just been rejected. I hope something can be done here...

Thu, Sep 16, 4:31 PM · qt, pinentry, gnupg
Jakuje added a comment to T5393: gnupg coverity static analysis reports.

We ran the coverity again with the new 2.3.1 release and there are couple of new stuff that I probably missed in the initial review.

Thu, Sep 16, 3:36 PM · gnupg (gpg23), Bug Report
werner added a comment to T5519: Release GnuPG 2.2.30.

I introduced a regression in this version; if you run into problems please update to 2.3.31 (T5571)

Thu, Sep 16, 12:32 PM · Release Info, gnupg (gpg22)
werner closed T5571: Release GnuPG 2.2.31 as Resolved.
Thu, Sep 16, 12:31 PM · Release Info, gnupg (gpg22)
werner committed rD5debdcd7a4ad: swdb: GnuPG 2.2.31 (authored by werner).
swdb: GnuPG 2.2.31
Thu, Sep 16, 12:00 PM
werner committed rGecf4c2f61123: Release 2.2.31 (authored by werner).
Release 2.2.31
Thu, Sep 16, 11:56 AM
werner committed rG48dc463adacf: Post release updates (authored by werner).
Post release updates
Thu, Sep 16, 11:56 AM
werner committed rG6eb6304c040a: po: Change German descriptions for password constraints. (authored by werner).
po: Change German descriptions for password constraints.
Thu, Sep 16, 11:56 AM
werner triaged T5601: Release GnuPG 2.2.32 as Low priority.
Thu, Sep 16, 11:53 AM · Release Info, gnupg (gpg22)
Jakuje added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Thank you. On the first sight, it looks reasonable, but I would like to experiment with it a bit to see all use cases are covered.

Thu, Sep 16, 11:52 AM · FIPS, libgcrypt, Feature Request
werner claimed T5599: Make gpg use the helpers baked into its AppImage.
Thu, Sep 16, 11:23 AM · gnupg, Restricted Project, Feature Request
Jakuje added a comment to T5520: Fix tests in FIPS mode.

Thanks. I think we are good here. If we will decide to pursuate the brainpool switch, I will open a new issue.

Thu, Sep 16, 11:07 AM · Testing, FIPS, libgcrypt, Bug Report
werner added a comment to T5598: AppImage of gpg.

Some quick ideas: On Windows we have envvars (and APIs) to determine certain locations. There is also the registry. We use of all them. IT would be best to do this simalar on Unix. We also have a control file on Windows which switches to that portable mode; maybe it is best to do this also on Unix - A text file installed alongside gpg which gpg (common/homedir.c) uses to enable the use of certain envvars to locate the root etc..

Thu, Sep 16, 10:05 AM · gnupg, Restricted Project, Feature Request
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Pushed my initial implementation: rC117f5c3f8028: experiment-pk_hash_sign/verify: Implement pk_hash_sign/verify.

Thu, Sep 16, 8:09 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

I am doing an experiment to implement gcry_pk_hash_sign.

Thu, Sep 16, 7:15 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T5520: Fix tests in FIPS mode.

Two third patches are applied to master. (@werner those parts are typo fix and tests improvement, which we agreed to push.)

Thu, Sep 16, 3:01 AM · Testing, FIPS, libgcrypt, Bug Report
gniibe committed rCfd116968ef2d: tests: Improve FIPS detection in curves test. (authored by Jakuje).
tests: Improve FIPS detection in curves test.
Thu, Sep 16, 2:56 AM
gniibe committed rCf9ae351c954c: tests: Fix typo in comment (authored by Jakuje).
tests: Fix typo in comment
Thu, Sep 16, 2:56 AM

Wed, Sep 15

Laurent Montel <montel@kde.org> committed rLIBKLEOadc7cac5967b: GIT_SILENT: use more camel case include (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: use more camel case include
Wed, Sep 15, 8:15 PM
Laurent Montel <montel@kde.org> committed rKLEOPATRA24dd062def06: GIT_SILENT: use more camel case include (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: use more camel case include
Wed, Sep 15, 8:09 PM
werner triaged T5600: Provide module name/version API for FIPS 140-3 as Normal priority.

We can easily extend the gcry_get_config API. You can give a key or have it to return all infos. For examle
"gpgconf --show-versions" prints this about libgcrypt:

Wed, Sep 15, 5:24 PM · libgcrypt, FIPS, Bug Report
Jakuje created T5600: Provide module name/version API for FIPS 140-3.
Wed, Sep 15, 4:34 PM · libgcrypt, FIPS, Bug Report
ikloecker created T5599: Make gpg use the helpers baked into its AppImage.
Wed, Sep 15, 1:29 PM · gnupg, Restricted Project, Feature Request
aheinecke committed rKLEOPATRAd2338373ab41: Let the readerstatus thread wait on gpg-agent (authored by aheinecke).
Let the readerstatus thread wait on gpg-agent
Wed, Sep 15, 1:28 PM
ikloecker added a comment to T5598: AppImage of gpg.

One challenge of the AppImage is how to make gpg and its helpers use the helpers baked into the AppImage. Currently, everything is built with prefix /build/AppDir/usr. This causes

gpg: failed to start agent '/build/AppDir/usr/bin/gpg-agent': No such file or directory

unless gpg finds an already running agent.

Wed, Sep 15, 1:25 PM · gnupg, Restricted Project, Feature Request
werner added a comment to T5520: Fix tests in FIPS mode.

If a configure switch to disable Brainpool curves will be added, we also need to add a switch to disable NIST curves.

Wed, Sep 15, 11:05 AM · Testing, FIPS, libgcrypt, Bug Report
Jakuje added a comment to T5520: Fix tests in FIPS mode.

Oh, my bad. I probably used wrong git command. Uploaded now the patches themselves:

Wed, Sep 15, 9:51 AM · Testing, FIPS, libgcrypt, Bug Report
ikloecker triaged T5598: AppImage of gpg as High priority.
Wed, Sep 15, 9:29 AM · gnupg, Restricted Project, Feature Request
gniibe added a comment to T5520: Fix tests in FIPS mode.

disable-brainpool.patch is a text of list of patches.
I think the first two could be applied.
@Jakuje Could you please upload them?

Wed, Sep 15, 9:10 AM · Testing, FIPS, libgcrypt, Bug Report
gniibe moved T5520: Fix tests in FIPS mode from Done to Next on the FIPS board.
Wed, Sep 15, 8:36 AM · Testing, FIPS, libgcrypt, Bug Report

Tue, Sep 14

ikloecker committed rPc68d80e23a86: qt: Support building with Qt 5.9 (authored by ikloecker).
qt: Support building with Qt 5.9
Tue, Sep 14, 8:06 PM
ikloecker committed rMab9bca09eb86: qt: Fix build against Qt 5.9 (authored by ikloecker).
qt: Fix build against Qt 5.9
Tue, Sep 14, 6:34 PM
werner closed T5594: some possible minor things in the manpage as Resolved.
Tue, Sep 14, 3:16 PM · Documentation, gnupg, Bug Report
werner committed rG7f8ccb67e337: doc: Clarify some gpg keyring options (authored by werner).
doc: Clarify some gpg keyring options
Tue, Sep 14, 3:16 PM
werner added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Thanks. I meanwhile pushed a fix to 2.3 so that a warning is shown if the low bits are set.

Tue, Sep 14, 3:01 PM · Support, gnupg, OpenPGP
onickolay added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Thanks for the replies, this makes things clear. We'll update RNP to correctly set/unset those bits while saving a generated secret key and a way to fix up previously generated keys.

Tue, Sep 14, 2:18 PM · Support, gnupg, OpenPGP
werner closed T5560: gpg.exe interrupt batch execution in WindowsXp as Invalid.
Tue, Sep 14, 2:03 PM · Windows, gnupg (gpg22), Bug Report
werner closed T4972: GPG: Add Option to force passphrase constraints for symmetric encryption, too as Resolved.

Won't be implemented as a new option because --check-sym-passphrase-pattern and --check-passphrase-pattern (since 2.2.30) can be used to implement the same in a more flexible way.

Tue, Sep 14, 2:02 PM · gnupg (gpg22), Feature Request
werner lowered the priority of T5085: Filter APDUs in log output from Normal to Low.
Tue, Sep 14, 2:00 PM · Feature Request, gnupg (gpg22), scd
werner added a comment to T5120: Incompatible Ed25519 secret key (no-encryption).

gniibe: What's the state of this?

Tue, Sep 14, 1:59 PM · gnupg (gpg22), Bug Report
werner lowered the priority of T5301: Decrypting a message that has multiple SKESK packets sometimes fails from Normal to Wishlist.

Currently I see no need to fix this for 2.2

Tue, Sep 14, 1:58 PM · gnupg (gpg22), Bug Report
werner closed T5322: gpg erroring when the terminal is too small to show the ncurses pinentry dialog as Resolved.
Tue, Sep 14, 1:56 PM · gnupg (gpg22), gpgagent, pinentry, Bug Report
werner closed T5536: Backport the extended gpg-check-pattern to 2.2 as Resolved.

Released with 2.2.30 (T5519)

Tue, Sep 14, 1:52 PM · gnupg (gpg22)
werner committed rG13e4e322eb14: Update release signing keys. (authored by werner).
Update release signing keys.
Tue, Sep 14, 1:51 PM
werner committed rG67e1834ad402: scd: Remove context reference counting from pc/sc (authored by werner).
scd: Remove context reference counting from pc/sc
Tue, Sep 14, 1:44 PM
werner committed rGdbfb7f809b89: gpg: Print a warning when importing a bad cv25519 secret key. (authored by werner).
gpg: Print a warning when importing a bad cv25519 secret key.
Tue, Sep 14, 1:01 PM
mdeslaur added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

Thanks for the clarification!

Tue, Sep 14, 12:41 PM · side-channel, CVE, libgcrypt
werner added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Right, as long as there is only one format in widespread use (based on a long existing 4880bis draft) only this format should go over the wire.
Thus, it is a matter how the key is exported. In cryptography you should never have several options - one clearly defined format is what you want. We have had enough trouble with PGP5 peculiarities but in that case their implementation had more users and thus GnuPG had to work around it. Not good, but there was no standard at all at this time.

Tue, Sep 14, 11:14 AM · Support, gnupg, OpenPGP
werner committed rD8b8811c50311: web: Update signature keys. (authored by werner).
web: Update signature keys.
Tue, Sep 14, 10:39 AM
aheinecke committed rKLEOPATRA9653fd44cd0b: Bump version to 3.1.17 (authored by aheinecke).
Bump version to 3.1.17
Tue, Sep 14, 10:20 AM
werner committed rG18e94c72294a: Update release signing keys. (authored by werner).
Update release signing keys.
Tue, Sep 14, 10:16 AM
gniibe added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

@onickolay No sorry needed. It was me, who cannot answer promptly.

Tue, Sep 14, 9:23 AM · Support, gnupg, OpenPGP
aheinecke closed T5589: add context menu for normal operation after installation as Wontfix.

It is related in the following way:
The Gpg4win installer creates these context menu actions through the component GpgEX.
The Gpg4win installer does not support Windows XP anymore.

Tue, Sep 14, 8:18 AM · Installer, FAQ, gpg4win
gniibe added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

The problem of (2), is local side-channel attacks to ElGamal encryption.
We evaluated the impact, mainly for the use case of GnuPG; ElGamal keys are not that popular any more. When such an attack is possible, easier attacks would be possible.

Tue, Sep 14, 7:52 AM · side-channel, CVE, libgcrypt
gniibe added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

The paper addresses two issues.
(1) https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
(2) https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2

Tue, Sep 14, 7:46 AM · side-channel, CVE, libgcrypt
luweitest reopened T5589: add context menu for normal operation after installation as "Open".

What I need is exactly ikloecker described on Linux. The point is NSIS installer gnupg-w32-2.2.27_20210111.exe (and versions above, I am sure) do not create context menu shortcut. Windows XP is not the point. Same on another Windows 7 machine. Do you need I find another windows 10 machine to test? I think it's easier to check whether the installer has that feature or not.

Tue, Sep 14, 4:26 AM · Installer, FAQ, gpg4win
gniibe committed rCd04b1be9edac: cipher: Fix support of sha512-224 and sha512-256. (authored by gniibe).
cipher: Fix support of sha512-224 and sha512-256.
Tue, Sep 14, 4:19 AM
gniibe committed rC422031a5943f: cipher: Support internal hashing with "prehash" for RSA PKCS#1. (authored by gniibe).
cipher: Support internal hashing with "prehash" for RSA PKCS#1.
Tue, Sep 14, 4:19 AM

Mon, Sep 13

FierzvID added a member for ssh: FierzvID.
Mon, Sep 13, 10:47 PM
werner committed rG117afec01891: common: New envvar GNUPG_EXEC_DEBUG_FLAGS. (authored by werner).
common: New envvar GNUPG_EXEC_DEBUG_FLAGS.
Mon, Sep 13, 5:37 PM
werner committed rGf2b01025c3da: common: New envvar GNUPG_EXEC_DEBUG_FLAGS. (authored by werner).
common: New envvar GNUPG_EXEC_DEBUG_FLAGS.
Mon, Sep 13, 5:37 PM
werner changed the status of T5597: First 8 bytes of cache item left in clear in memory after decryption. from Open to Testing.
Mon, Sep 13, 4:51 PM · libgcrypt, symmetric, Bug Report
werner committed rC792f607c58c0: cipher: Clear AESWRAP scratch area immediately after use (authored by werner).
cipher: Clear AESWRAP scratch area immediately after use
Mon, Sep 13, 4:50 PM
werner committed rC69e2e498f6a1: cipher: Clear AESWRAP scratch area immediately after use (authored by werner).
cipher: Clear AESWRAP scratch area immediately after use
Mon, Sep 13, 4:50 PM
werner committed rCdf4fe02794bb: cipher: Clear AESWRAP scratch area immediately after use (authored by werner).
cipher: Clear AESWRAP scratch area immediately after use
Mon, Sep 13, 4:46 PM