Page MenuHome GnuPG
Feed All Stories

Yesterday

bernhard added a comment to T5250: macOS: gpgconf SIGSEGV when run via gpgme from the GUI application.

Using GPGME is probably the best way, even if gpgme-json might also work for some operations.

Sat, Jul 24, 4:52 PM · gpgme, MacOS, Bug Report

Fri, Jul 23

gniibe triaged T5530: Add "prehash" support to DSA and ECDSA signing as Normal priority.
Fri, Jul 23, 8:18 AM · FIPS, libgcrypt, Feature Request
gniibe committed rC877be1bf9df0: cipher: Support internal hashing for RSA-PSS. (authored by gniibe).
cipher: Support internal hashing for RSA-PSS.
Fri, Jul 23, 8:10 AM
gniibe committed rC285b4cb70df1: cipher: Extend RSA-PSS internal function for verify, too. (authored by gniibe).
cipher: Extend RSA-PSS internal function for verify, too.
Fri, Jul 23, 8:10 AM
gniibe committed rC652e115e10f2: cipher: Check by caller instead, not by callee for RSA-PSS. (authored by gniibe).
cipher: Check by caller instead, not by callee for RSA-PSS.
Fri, Jul 23, 8:10 AM
gniibe committed rC51307b1ceaa7: cipher: Extend RSA-PSS internal function. (authored by gniibe).
cipher: Extend RSA-PSS internal function.
Fri, Jul 23, 8:10 AM
gniibe updated the task description for T5529: Support internal hashing for RSA-PSS.
Fri, Jul 23, 7:36 AM · libgcrypt, Feature Request
gniibe updated the task description for T5529: Support internal hashing for RSA-PSS.
Fri, Jul 23, 7:22 AM · libgcrypt, Feature Request
gniibe triaged T5529: Support internal hashing for RSA-PSS as Normal priority.
Fri, Jul 23, 4:26 AM · libgcrypt, Feature Request
l10n daemon script <scripty@kde.org> committed rLIBKLEO30afaf452071: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
Fri, Jul 23, 3:38 AM

Thu, Jul 22

LRitzdorf added a comment to T4924: pinentry: pinentry-curses doesn't allow to set no password on small terminals.

It's worth noting that this issue is particularly impactful for devices with small screens whose sizes cannot be changed. A Raspberry Pi with an Adafruit touchscreen would almost certainly have issues, for example.
This also applies to mobile devices. For context, I use Termux on my Android phone, and this issue manifests there. I can enter the passphrase for an existing key and decrypt/sign with it, but any attempt to create a new key throws me into the same loop that the OP describes. (Interestingly, this happens whether or not I actually supply a new passphrase.)
Since I am on a mobile device in this scenario, my terminal dimensions are 56x115. I'm not familiar with the implementation details of GPG, but is there any chance we could fall back to a single-line, sudo-style password prompt if pinentry fails (or have pinentry fall back to that internally if the normal mode fails)? That should work on terminals of just about any size.
(As an additional note, I've also tried flipping into landscape orientation, hoping that would increase my screen width sufficiently. However, my keyboard then occupies most of the screen, and I receive the expected error message, gpg: agent_genkey failed: Screen or window too small.)

Thu, Jul 22, 4:24 PM · pinentry, Bug Report
ikloecker closed T5528: pinentry-qt: Pinentry window not shown on Wayland as Resolved.
Thu, Jul 22, 2:52 PM · Restricted Project, pinentry, Bug Report
ikloecker moved T5528: pinentry-qt: Pinentry window not shown on Wayland from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Thu, Jul 22, 2:51 PM · Restricted Project, pinentry, Bug Report
hajekj updated hajekj.
Thu, Jul 22, 1:18 PM
ikloecker committed rP9dd46926f8d5: qt: Fix showing of pinentry window on Wayland (authored by ikloecker).
qt: Fix showing of pinentry window on Wayland
Thu, Jul 22, 11:38 AM
ikloecker moved T5528: pinentry-qt: Pinentry window not shown on Wayland from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Thu, Jul 22, 11:29 AM · Restricted Project, pinentry, Bug Report
ikloecker claimed T5528: pinentry-qt: Pinentry window not shown on Wayland.
Thu, Jul 22, 11:28 AM · Restricted Project, pinentry, Bug Report
ikloecker created T5528: pinentry-qt: Pinentry window not shown on Wayland.
Thu, Jul 22, 11:28 AM · Restricted Project, pinentry, Bug Report
ikloecker added a comment to T4950: pinentry: Add warning when capslock is on.

Implemented for X11 and Windows.

Thu, Jul 22, 10:01 AM · Restricted Project, pinentry
gniibe committed rC7f401b9748c4: doc: Fix a typo. (authored by gniibe).
doc: Fix a typo.
Thu, Jul 22, 9:57 AM
gniibe added projects to T5524: scd: serialize access of ctrl->card_ctx: Testing, gnupg (gpg23).
Thu, Jul 22, 4:38 AM · gnupg (gpg23), Testing, scd
gniibe changed the status of T5524: scd: serialize access of ctrl->card_ctx from Open to Testing.
Thu, Jul 22, 4:38 AM · gnupg (gpg23), Testing, scd
gniibe committed rG5c8124b8b955: scd: Small clean up for card access. (authored by gniibe).
scd: Small clean up for card access.
Thu, Jul 22, 4:23 AM
gniibe committed rG50ad29f9a72f: scd: Fix direct use of card with no ctrl->card_ctx. (authored by gniibe).
scd: Fix direct use of card with no ctrl->card_ctx.
Thu, Jul 22, 2:46 AM

Wed, Jul 21

bernhard closed T5525: Evolution cant work with gnupg as Resolved.
Wed, Jul 21, 6:21 PM · Bug Report
bernhard added a comment to T5525: Evolution cant work with gnupg .

ok i found it just add "trust-model always" in gpg.conf

Wed, Jul 21, 6:21 PM · Bug Report
ikloecker committed rPdeb97f3eb65f: Add support for formatted passphrase options (authored by ikloecker).
Add support for formatted passphrase options
Wed, Jul 21, 5:24 PM
ikloecker committed rPde7024156777: qt: Support passphrase formatting (authored by ikloecker).
qt: Support passphrase formatting
Wed, Jul 21, 5:24 PM
ikloecker committed rP8ad23d6f18ce: qt: Copy passphrase without separators to clipboard (authored by ikloecker).
qt: Copy passphrase without separators to clipboard
Wed, Jul 21, 5:24 PM
ikloecker committed rP85b180f1b014: qt: Show hint if passphrase is shown and formatting is enabled (authored by ikloecker).
qt: Show hint if passphrase is shown and formatting is enabled
Wed, Jul 21, 5:24 PM
ikloecker committed rP5a5a4de1a32e: qt: Select passphrase after generation (authored by ikloecker).
qt: Select passphrase after generation
Wed, Jul 21, 5:24 PM
ikloecker committed rP742462d8a4d1: qt: Enable passphrase generation (authored by ikloecker).
qt: Enable passphrase generation
Wed, Jul 21, 5:24 PM
ikloecker committed rPd875dba1cf87: qt: Keep selection when enabling/disabling passphrase formatting (authored by ikloecker).
qt: Keep selection when enabling/disabling passphrase formatting
Wed, Jul 21, 5:24 PM
ikloecker committed rP64695a5e6f7b: qt: Enable formatted passphrase after generating passphrase (authored by ikloecker).
qt: Enable formatted passphrase after generating passphrase
Wed, Jul 21, 5:24 PM
ikloecker committed rP621500c87258: Fix Assuan commands mentioned in comments (authored by ikloecker).
Fix Assuan commands mentioned in comments
Wed, Jul 21, 5:24 PM
ikloecker committed rP456d81a82da1: doc: Document the passphrase generation (authored by ikloecker).
doc: Document the passphrase generation
Wed, Jul 21, 5:24 PM
ikloecker committed rP78e4284e8d93: qt: Show hint if Caps Lock is on (authored by ikloecker).
qt: Show hint if Caps Lock is on
Wed, Jul 21, 5:24 PM
ikloecker committed rP672260f15bf8: Add support for Caps Lock hint (authored by ikloecker).
Add support for Caps Lock hint
Wed, Jul 21, 5:24 PM
klaus23344 added a comment to T5525: Evolution cant work with gnupg .

ok i found it just add "trust-model always" in gpg.conf

Wed, Jul 21, 4:32 PM · Bug Report
klaus23344 added a comment to T5525: Evolution cant work with gnupg .

now its importing keys but it dosent trust them do you know how to fix this?
gpg2 --verbose --no-secmem-warning --no-greeting --auto-key-retrieve --no-tty --batch --yes --status-fd=2 --encrypt --armor -u <key-id> -r <email> -r <key-id> --output -
gpg: using subkey <sub-key> instead of primary key <primary-key>
[GNUPG:] KEY_CONSIDERED <key-id> 0
gpg: using pgp trust model
gpg: This key belongs to us
gpg: data source: <keyserver>
gpg: armor header: Comment: <key-id>
gpg: armor header: Comment: Name <email>
gpg: pub rsa4096/<key-id> <date> <name> <email>
gpg: key <key-id>: public key "<name> <email>"
imported
[GNUPG:] IMPORTED <key-id> <name> <email>
[GNUPG:] IMPORT_OK 1 <key-id>
gpg: Total number processed: 1
gpg: imported: 1
[GNUPG:] IMPORT_RES 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0
gpg: auto-key-locate found fingerprint <fingerprint>
gpg: using subkey <sub-key> instead of primary key <primary-key>
[GNUPG:] KEY_CONSIDERED <fingerprint> 0
gpg: automatically retrieved '<email>' via keyserver
gpg: <sub-key>: There is no assurance this key belongs to the named user
[GNUPG:] INV_RECP 10 <email>
[GNUPG:] FAILURE encrypt 53
gpg: [stdin]: encryption failed: Unusable public key

Wed, Jul 21, 2:32 PM · Bug Report
ikloecker committed rGb2a6e5b51696: agent: Add translatable text for Caps Lock hint (authored by ikloecker).
agent: Add translatable text for Caps Lock hint
Wed, Jul 21, 12:59 PM
bernhard added a comment to T5525: Evolution cant work with gnupg .

Hmm your log does not seem to indicate that the key is requested by GnuPG,
e.g. something like

rmngr[6077.5]: DBG: chan_5 <- KS_GET -- =bernhard@intevation.de

is missing. If gpg does not ask for it, dirmngr cannot provide it. So the question is: why isn't gpg asking for the key of an email address in your setting.

Wed, Jul 21, 12:38 PM · Bug Report
vinc17 added a comment to T5527: keys.gnupg.net is obsolete.

OK, thanks for the explanation. But I think that the documentation should be slightly changed to say that the mapping is hardcoded. Otherwise, this may surprise users of different machines with different GnuPG versions (or in discussions between different users), who would see different behaviors when the mapping changes.

Wed, Jul 21, 12:11 PM · Bug Report
gniibe committed rGb436fb6766b4: scd: Fix access to list of cards (2/3). (authored by gniibe).
scd: Fix access to list of cards (2/3).
Wed, Jul 21, 10:32 AM
gniibe committed rG0d6b4210cf31: scd: Fix access to list of cards (3/3). (authored by gniibe).
scd: Fix access to list of cards (3/3).
Wed, Jul 21, 10:32 AM
gniibe committed rG216945a80e7b: scd: Fix access to list of cards (1/3). (authored by gniibe).
scd: Fix access to list of cards (1/3).
Wed, Jul 21, 10:32 AM
ikloecker added a comment to T5527: keys.gnupg.net is obsolete.

GnuPG 2.2.29 does not use keys.gnupg.net anymore. What it does is mapping keys.gnupg.net that is read from an (old) keyserver setting in the configuration files to a (hopefully) working keyserver. The documentation of gpg and dirmngr does indeed still mention keys.gnupg.net. The main problem with updating the documentation is that there isn't a good replacement for keys.gnupg.net and since keys.gnupg.net still works (via the aforementioned internal mapping) it is probably the best option for now.

Wed, Jul 21, 9:59 AM · Bug Report
klaus23344 added a comment to T5525: Evolution cant work with gnupg .

For the evolution command i get:
2021-07-21 03:04:06 dirmngr[2421] listening on socket '/run/user/1000/gnupg/S.dirmngr'
2021-07-21 03:04:06 dirmngr[2422.0] permanently loaded certificates: 129
2021-07-21 03:04:06 dirmngr[2422.0] runtime cached certificates: 0
2021-07-21 03:04:06 dirmngr[2422.0] trusted certificates: 129 (128,0,0,1)
2021-07-21 03:04:06 dirmngr[2422.6] handler for fd 6 started
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 -> # Home: /home/<user>/.gnupg
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 -> # Config: /home/<user>/.gnupg/dirmngr.conf
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 -> OK Dirmngr 2.2.27 at your service
2021-07-21 03:04:06 dirmngr[2422.6] connection from process 2419 (1000:1000)
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 <- GETINFO version
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 -> D 2.2.27
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 -> OK
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 <- KEYSERVER --clear hkp://<keyserver>:8080
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 -> OK
2021-07-21 03:04:06 dirmngr[2422.6] DBG: chan_6 <- WKD_GET -- <email>
2021-07-21 03:04:37 dirmngr[2422.6] DBG: chan_6 -> S SOURCE https://<domain> #the domain dosnt has a WKD service
2021-07-21 03:04:37 dirmngr[2422.6] number of system provided CAs: 143
2021-07-21 03:04:47 dirmngr[2422.6] DBG: http.c:request:
2021-07-21 03:04:47 dirmngr[2422.6] DBG: >> GET /.well- known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-part>
HTTP/1.0\r\n
2021-07-21 03:04:47 dirmngr[2422.6] DBG: >> Host: <domain>\r\n
2021-07-21 03:04:47 dirmngr[2422.6] DBG: http.c:request-header:
2021-07-21 03:04:47 dirmngr[2422.6] DBG: >> \r\n
2021-07-21 03:04:47 dirmngr[2422.6] DBG: http.c:response:
2021-07-21 03:04:47 dirmngr[2422.6] DBG: >> HTTP/1.1 302 Found\r\n
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: 'date: Wed, 21 Jul
2021 07:04:45 GMT'
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: 'server: Apache/2.4.41 (Ubuntu)'
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: 'location: https://www.<domain>/.well-known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-part>'
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: 'content-length: 347'
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: 'content-type: text/html; charset=iso-8859-1'
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: 'strict-transport- security: max-age=15768000'
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: 'connection: close'
2021-07-21 03:04:47 dirmngr[2422.6] http.c:RESP: ''
2021-07-21 03:04:47 dirmngr[2422.6] URL 'https://www.<domain>/.well-known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-part>' redirected to 'https://www.<domain>/.well-known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-part>' (302)
2021-07-21 03:04:47 dirmngr[2422.6] redirection changed to 'https://www.<domain>/.well-known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-part>'
2021-07-21 03:04:47 dirmngr[2422.6] DBG: chan_6 -> S WARNING http_redirect_cleanup 0 changed from 'https://<domain>/.well-known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-host>' to 'https://www.<domain>/.well-known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-part>'
2021-07-21 03:04:57 dirmngr[2422.6] DBG: http.c:request:
2021-07-21 03:04:57 dirmngr[2422.6] DBG: >> GET /.well- known/openpgpkey/hu/qhff8o86zx5pf4qa1w59eh6ohtnb8w44?l=<local-part>
HTTP/1.0\r\n
2021-07-21 03:04:57 dirmngr[2422.6] DBG: >> Host: [http://www.<domain>\r\n]www.<domain>\r\n
2021-07-21 03:04:57 dirmngr[2422.6] DBG: http.c:request-header:
2021-07-21 03:04:57 dirmngr[2422.6] DBG: >> \r\n
2021-07-21 03:04:57 dirmngr[2422.6] DBG: chan_6 -> S PROGRESS tick ? 0 0
2021-07-21 03:04:57 dirmngr[2422.6] DBG: http.c:response:
2021-07-21 03:04:57 dirmngr[2422.6] DBG: >> HTTP/1.1 404 Not Found\r\n
2021-07-21 03:04:57 dirmngr[2422.6] http.c:RESP: 'date: Wed, 21 Jul
2021 07:04:55 GMT'
2021-07-21 03:04:57 dirmngr[2422.6] http.c:RESP: 'server: Apache/2.4.41

Wed, Jul 21, 9:22 AM · Bug Report

Tue, Jul 20

bernhard added a comment to T5525: Evolution cant work with gnupg .

i dont have one what shoud i put in it

Tue, Jul 20, 5:33 PM · Bug Report
klaus23344 added a comment to T5525: Evolution cant work with gnupg .

i dont have one what shoud i put in it

Tue, Jul 20, 4:40 PM · Bug Report
vinc17 created T5527: keys.gnupg.net is obsolete.
Tue, Jul 20, 1:49 PM · Bug Report
bernhard added a comment to T5525: Evolution cant work with gnupg .

Tried it myself, getting the pubkey seems to work here.
Debian gnupg Version: 2.2.27-2~bpo10+1

Tue, Jul 20, 11:37 AM · Bug Report
klaus23344 added a comment to T5525: Evolution cant work with gnupg .

Yes same result

Tue, Jul 20, 8:17 AM · Bug Report

Mon, Jul 19

bernhard added a comment to T5525: Evolution cant work with gnupg .

Did you try "--auto-key-retrieve"?

Mon, Jul 19, 4:50 PM · Bug Report
klaus23344 added a comment to T5525: Evolution cant work with gnupg .

The comand that works says:

Mon, Jul 19, 4:14 PM · Bug Report
ikloecker added a comment to T5517: Improvements for symmetric encryption.

For formatting there are four modes: Formatting forced off (the default)/force on/on/off. The latter two modes allow the user to change the option.

Mon, Jul 19, 10:36 AM · pinentry, Restricted Project
ikloecker merged T5526: GPGME: Qt test t-various fails on i386 into T5522: gpgme: qt: t-various.cpp TestVarious::testSignKeyWithExpiration fails on 32 bit.
Mon, Jul 19, 10:25 AM · gpgme, Bug Report
ikloecker merged task T5526: GPGME: Qt test t-various fails on i386 into T5522: gpgme: qt: t-various.cpp TestVarious::testSignKeyWithExpiration fails on 32 bit.
Mon, Jul 19, 10:25 AM · gpgme, Bug Report
ikloecker closed T5526: GPGME: Qt test t-various fails on i386 as Resolved.

This is a duplicate of T5522: gpgme: qt: t-various.cpp TestVarious::testSignKeyWithExpiration fails on 32 bit.

Mon, Jul 19, 10:22 AM · gpgme, Bug Report
gniibe is attending E878: Weekly Standup.
Mon, Jul 19, 10:15 AM

Sun, Jul 18

asv updated asv.
Sun, Jul 18, 1:29 PM

Sat, Jul 17

savoury1 created T5526: GPGME: Qt test t-various fails on i386.
Sat, Jul 17, 10:09 PM · gpgme, Bug Report

Fri, Jul 16

Laurent Montel <montel@kde.org> committed rLIBKLEO50a8271fe573: GIT_SILENT: Prepare 21.08rc (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 21.08rc
Fri, Jul 16, 6:40 PM
bernhard added a comment to T5525: Evolution cant work with gnupg .

Can you show the output of the command that works and the command that does not (and gets called by evolution),
please also add a "-v" to the options.

Fri, Jul 16, 5:17 PM · Bug Report
klaus23344 added a comment to T5525: Evolution cant work with gnupg .

This key server also dosnt work

Fri, Jul 16, 4:13 PM · Bug Report
bernhard added a comment to T5525: Evolution cant work with gnupg .

It could also be a problem of the keyserver (some hagrid instances are known to deliberately break RFC4880), can you try with a different keyserver, e.g. http://keys2.andreas-puls.de/.

Fri, Jul 16, 3:28 PM · Bug Report
klaus23344 created T5525: Evolution cant work with gnupg .
Fri, Jul 16, 10:17 AM · Bug Report
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

And... as long as I read the PCT patches, it is not needed to export those API to users.
It is only needed internally for PCT tests (at most).

Fri, Jul 16, 10:12 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

I am considering API enhancement, for this task.

Fri, Jul 16, 10:01 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T5524: scd: serialize access of ctrl->card_ctx.

This rwlock guarantees access with ctrl->card_ctx is always valid.

Fri, Jul 16, 8:42 AM · gnupg (gpg23), Testing, scd
gniibe created T5524: scd: serialize access of ctrl->card_ctx.
Fri, Jul 16, 8:40 AM · gnupg (gpg23), Testing, scd

Thu, Jul 15

ikloecker committed rPff5c3093639f: doc: Add Qt 5 to the list of available variants of pinentry. (authored by ikloecker).
doc: Add Qt 5 to the list of available variants of pinentry.
Thu, Jul 15, 7:38 PM
ikloecker committed rP51a7a9f63ea7: doc: Fix two typos in HACKING file (authored by ikloecker).
doc: Fix two typos in HACKING file
Thu, Jul 15, 7:38 PM
brent0919 added a comment to U11 Jacob Smith.

[[ URL | foreach ($list as $item) {

work_miracles($item);

} ]]

Thu, Jul 15, 6:55 PM · Keyserver
fmanchon added a comment to T5364: Kleopatra won't start.

Forgot to mention one thing: after changing my user folder directory I lost all my Outlook contacts. I was able to recover them... make sure you have a backup before attempting this!

Thu, Jul 15, 6:41 PM · workaround, gnupg, Windows, kleopatra, Bug Report, gpg4win
ikloecker moved T4950: pinentry: Add warning when capslock is on from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Thu, Jul 15, 4:26 PM · Restricted Project, pinentry
gniibe committed rCdb9f7abb7af7: hmac: Use xfree. (authored by gniibe).
hmac: Use xfree.
Thu, Jul 15, 8:16 AM

Wed, Jul 14

Christophe Giboudeaux <christophe@krop.fr> committed rLIBKLEO9f79f522c77f: Fix typos found by codespell (authored by Christophe Giboudeaux <christophe@krop.fr>).
Fix typos found by codespell
Wed, Jul 14, 12:43 PM
Predrag updated Predrag.
Wed, Jul 14, 12:00 PM
Predrag updated Predrag.
Wed, Jul 14, 11:50 AM

Tue, Jul 13

Jakuje added a comment to T5520: Fix tests in FIPS mode.

I went through the patches above + what I suggested in previous comments, tested everything against both upstream and libgcrypt in Fedora in FIPS mode. There were slight differences, some cases were already fixed in master, some needed to upstream some of our changes, but the result is 10 patches working in both FIPS and non-fips mode, hopefully enough annotated. If not, please, ask for clarifications.

Tue, Jul 13, 11:25 PM · FIPS, libgcrypt, Bug Report
Predrag updated Predrag.
Tue, Jul 13, 11:20 AM

Mon, Jul 12

werner set External Link to https://eprint.iacr.org/2021/923.pdf on T5328: On the (in)security of Elgamal in OpenPGP.
Mon, Jul 12, 6:11 PM · side-channel, CVE, libgcrypt
fmanchon added a comment to T5364: Kleopatra won't start.

I just had the same issue as hurui200320. My user name contains a "ç" and Kleopatra did not start. The Windows event logger reported a crash in libstdc++-6.dll. This was with gpg4win-3.1.16. Installing gnupg 2.3.1 did not change anything.

Mon, Jul 12, 4:21 PM · workaround, gnupg, Windows, kleopatra, Bug Report, gpg4win
Jakuje added a comment to T5512: Implement service indicators.

I went through the OpenSSL drafts. The module boundary in OpenSSL will be separate fips.so object and only non-deprecated functions of OpenSSL 3.0 will be FIPS compliant. There is a global state, that will allow only approved algorithms and modes and there will be API to query the FIPS mode status using OSSL_PARAM_get* functions, but we still have some unknowns so I hope we will know more on the next meeting.

Mon, Jul 12, 3:42 PM · FIPS, libgcrypt, Bug Report
gniibe created T5523: jitter entropy RNG update.
Mon, Jul 12, 11:36 AM · libgcrypt
werner assigned T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation to gniibe.
Mon, Jul 12, 11:20 AM · FIPS, libgcrypt, Feature Request
werner raised the priority of T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation from Normal to High.
Mon, Jul 12, 11:20 AM · FIPS, libgcrypt, Feature Request
aheinecke reassigned T4950: pinentry: Add warning when capslock is on from aheinecke to ikloecker.
Mon, Jul 12, 10:31 AM · Restricted Project, pinentry
ikloecker committed rG5a93acbc7a51: po: Fix typo in German translation. (authored by ikloecker).
po: Fix typo in German translation.
Mon, Jul 12, 9:54 AM
ikloecker is attending E877: Weekly Standup.
Mon, Jul 12, 9:21 AM
gniibe is attending E877: Weekly Standup.
Mon, Jul 12, 7:05 AM
gniibe added a comment to E877: Weekly Standup.

Last week:

  • libgcrypt and its FIPS mode support
  • learn FIPS 140-3
    • confirmed that modern ECC (25519, 448) will be not yet: It's in the draft of FIPS 186-5, though

This week:

  • Gnuk maintenance release
  • Add more curves to OpenPGP card tests: 25519, secp256k1 for Yubikey and Gnuk
Mon, Jul 12, 7:00 AM
gniibe added a comment to T4873: Enable AES GCM in FIPS mode.

(OpenSSL for FIPS support is a bit tricky, which is described in README-FIPS.md in their distribution. It offers OpenSSL FIPS provider as shared library fips.so.)

Mon, Jul 12, 3:38 AM · libgcrypt, Feature Request

Sun, Jul 11

Laurent Montel <montel@kde.org> committed rLIBKLEO1ff85837a7e6: GIT_SILENT: Time to increase version (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Time to increase version
Sun, Jul 11, 8:10 AM
Laurent Montel <montel@kde.org> committed rKLEOPATRAbb92dfd266e0: GIT_SILENT: Time to increase version (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Time to increase version
Sun, Jul 11, 8:08 AM
l10n daemon script <scripty@kde.org> committed rLIBKLEO336fac0f4d5d: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
Sun, Jul 11, 4:12 AM

Sat, Jul 10

Laurent Montel <montel@kde.org> committed rLIBKLEO959202fa857d: GIT_SILENT: master is open (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: master is open
Sat, Jul 10, 9:12 PM
Albert Astals Cid <aacid@kde.org> committed rKLEOPATRA6fcb52f2866f: GIT_SILENT Upgrade release service version to 21.11.70. (authored by Albert Astals Cid <aacid@kde.org>).
GIT_SILENT Upgrade release service version to 21.11.70.
Sat, Jul 10, 8:25 PM
Laurent Montel <montel@kde.org> committed rLIBKLEO1568a3fac3e0: GIT_SILENT: prepare 5.17.80beta (I didn't know that release 21.08 was created... (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.17.80beta (I didn't know that release 21.08 was created...
Sat, Jul 10, 7:12 PM