In a discussion we decided that we need a deadline for GnuPG 2.3.0 so that we finally release it.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Dec 20 2020
Dec 20 2020
Hi, I have applied both patch and appears Yubikey is now working correct. I have uploaded the log here.
Dec 19 2020
Dec 19 2020
Laurent Montel <montel@kde.org> committed rLIBKLEOf929e2d1307f: GIT_SILENT: time to increase qt version as kf5-5.77 will depend against it. (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: time to increase qt version as kf5-5.77 will depend against it.
Laurent Montel <montel@kde.org> committed rKLEOPATRA6c72e5839fcd: GIT_SILENT: time to increase qt version as kf5-5.77 will depend against it. (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: time to increase qt version as kf5-5.77 will depend against it.
Dec 18 2020
Dec 18 2020
Add s390x/zSeries acceleration for SHA3
jukivili committed rC45f0ec0c4e3b: Add s390x/zSeries acceleration for SHA512 (authored by jukivili).
Add s390x/zSeries acceleration for SHA512
jukivili committed rC0b555c3cc7c2: Add s390x/zSeries acceleration for SHA256 (authored by jukivili).
Add s390x/zSeries acceleration for SHA256
jukivili committed rC5aeb091f9113: Add bulk AES-GCM acceleration for s390x/zSeries (authored by jukivili).
Add bulk AES-GCM acceleration for s390x/zSeries
Add s390x/zSeries acceleration for SHA1
Add bulk function interface for GCM mode
Add s390x/zSeries acceleration for AES
Add bulk function interface for OFB mode
jukivili committed rC128054767d5f: hwf: add detection of s390x/zSeries hardware features (authored by jukivili).
hwf: add detection of s390x/zSeries hardware features
jukivili committed rC0e37bb32e215: tests/bench-slope: use same benchmarking for XTS as for other modes (authored by jukivili).
tests/bench-slope: use same benchmarking for XTS as for other modes
jukivili committed rCc59b5b03a063: aarch64: mpi/longlong.h: fix operand size mismatch (authored by jukivili).
aarch64: mpi/longlong.h: fix operand size mismatch
jukivili committed rC8352b0ece523: aarch64: use configure check for assembly ELF directives support (authored by jukivili).
aarch64: use configure check for assembly ELF directives support
• werner committed rE4b09c8c2023d: core: Fix the "ignore" meta command of the argparser. (authored by • werner).
core: Fix the "ignore" meta command of the argparser.
• werner committed rG8a2e5025eb0f: gpg: Fix --trusted-key with fingerprint arg. (authored by • werner).
gpg: Fix --trusted-key with fingerprint arg.
• aheinecke committed rW5a556906750a: Readd gpgwrap as non-console wrapper (authored by • aheinecke).
Readd gpgwrap as non-console wrapper
Post release version bump
• ikloecker closed T5188: gpg-card: "Unblock and set new a PIN" asks for Admin PIN instead of Reset Code as Invalid.
Ahh, there's a separate unblock command for the non-admin.
• werner added a comment to T5188: gpg-card: "Unblock and set new a PIN" asks for Admin PIN instead of Reset Code.
"unblock and set a new PIN" might not be the best description given that we have an "unblock" command to let the user unblock the own PIN using hist reset code. But yes, it is expected that it asks for the Admin PIN.
• ikloecker changed the status of T5138: Change Reset Code not working in Kleopatra from Open to Testing.
Werner, please retest. If "Change Reset Code" still doesn't work for you, then please answer the questions in the first comment.
Note: Officially, Kleopatra does not support OpenPGP v1 cards. At least, according to the text that is displayed if no card is found.
• werner committed rG15bfd189c07e: dirmngr: Do not block threads in LDAP keyserver calls. (authored by • werner).
dirmngr: Do not block threads in LDAP keyserver calls.
• werner committed rG355e2992c043: dirmngr: Do not block threads in LDAP keyserver calls. (authored by • werner).
dirmngr: Do not block threads in LDAP keyserver calls.
• werner committed rG9e8d299e183d: Merge branch 'wk/stable-2.2-global-options' into STABLE-BRANCH-2-2 (authored by • werner).
Merge branch 'wk/stable-2.2-global-options' into STABLE-BRANCH-2-2
• werner committed rG9b886adba4f8: dirmngr: Fix backport of the new option parser from 2.3 (authored by • werner).
dirmngr: Fix backport of the new option parser from 2.3
• ikloecker committed rKLEOPATRA7b3bc5596af7: Add support for unblocking the PIN/card with the reset code (authored by • ikloecker).
Add support for unblocking the PIN/card with the reset code
• ikloecker committed rKLEOPATRA1020fcd76506: Fix typo and copy&paste bug, and improve tooltips (authored by • ikloecker).
Fix typo and copy&paste bug, and improve tooltips
• ikloecker committed rKLEOPATRA4bb358ec2931: Add explicit reset mode for changing a PIN (authored by • ikloecker).
Add explicit reset mode for changing a PIN
"Change Reset Code" should work in Kleopatra. At least for OpenPGP v2+ cards. Kleopatra simply does "SCD PASSWD --reset OPENPGP.2", i.e. the same as gpg-card. I have verified that it works with a Yubikey.
• werner edited projects for T5187: i am not able to key pair, added: Support; removed Bug Report, gpg4win.
For support please use one of the community resources (see gpg4win.org) and read the manula (compedium) or one of the hundreds of HOWTO floating in the net.
Yes, makes sense. Although, you should use datalen = indatalen; in the last line (to prevent typos in the numbers).
IIUC, for completeness, it would be good to add the lines like:
Laurent Montel <montel@kde.org> committed rLIBKLEO21335d07f825: GIT_SILENT: prepare 5.16.1 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.16.1
Reorganize self-tests for HMAC.
Laurent Montel <montel@kde.org> committed rKLEOPATRA2958bbdb019e: GIT_SILENT: prepare 5.16.1 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.16.1
Dec 17 2020
Dec 17 2020
gpg: New AKL method "ntds"
• werner committed rG1194e4f7e2df: dirmngr: Support "ldap:///" for the current AD user. (authored by • werner).
dirmngr: Support "ldap:///" for the current AD user.
gpg: New AKL method "ntds"
• werner committed rG776bef74c778: dirmngr: Support "ldap:///" for the current AD user. (authored by • werner).
dirmngr: Support "ldap:///" for the current AD user.
• ikloecker committed rKLEOPATRA5e480a78c3e0: Allow creation of CSRs for card keys of NetKey cards (authored by • ikloecker).
Allow creation of CSRs for card keys of NetKey cards
• ikloecker committed rKLEOPATRA8932a36c13e6: Trigger a full update of the card status after the NullPIN was set (authored by • ikloecker).
Trigger a full update of the card status after the NullPIN was set
• ikloecker committed rKLEOPATRA66c0a62e2045: Use ChangePinCommand for changing PINs of NetKey cards (authored by • ikloecker).
Use ChangePinCommand for changing PINs of NetKey cards
• ikloecker committed rKLEOPATRA9abbbddba509: Make sure that status information is updated after UI setup (authored by • ikloecker).
Make sure that status information is updated after UI setup
• werner committed rGc75fd7553290: dirmngr: Allow LDAP searches via fingerprint. (authored by • werner).
dirmngr: Allow LDAP searches via fingerprint.
• werner committed rGc28cb5282b14: dirmngr: Store all version 2 schema attributes. (authored by • werner).
dirmngr: Store all version 2 schema attributes.
• werner committed rGac8ece92662d: dirmngr: Support the new Active Directory schema (authored by • werner).
dirmngr: Support the new Active Directory schema
• werner committed rG0e88c73bc94f: dirmngr: Do not store the useless pgpSignerID in the LDAP. (authored by • werner).
dirmngr: Do not store the useless pgpSignerID in the LDAP.
• werner committed rGe47de8538200: dirmngr: Fix adding keys to an LDAP server. (authored by • werner).
dirmngr: Fix adding keys to an LDAP server.
• werner committed rG2cadcce3e877: dirmngr: Allow LDAP searches via fingerprint. (authored by • werner).
dirmngr: Allow LDAP searches via fingerprint.
• werner committed rG2b06afbf260f: dirmngr: Finalize Active Directory LDAP Schema (authored by • werner).
dirmngr: Finalize Active Directory LDAP Schema
Dec 16 2020
Dec 16 2020
• ikloecker changed the status of T5183: Kleopatra: Generate S/MIME CSR for OpenPGP card key from Open to Testing.
Ready for testing.
• ikloecker changed the status of T5183: Kleopatra: Generate S/MIME CSR for OpenPGP card key, a subtask of T5123: Kleopatra: Generate OpenPGP pubkey S/MIME CSR from existing card, from Open to Testing.
• ikloecker committed rKLEOPATRA0b12d7705e81: Allow creation of CSRs for card keys of OpenPGP cards (authored by • ikloecker).
Allow creation of CSRs for card keys of OpenPGP cards
• ikloecker committed rKLEOPATRA6106b1f87514: Refactor OpenPGPCard and PGPCardWidget (authored by • ikloecker).
Refactor OpenPGPCard and PGPCardWidget
I cannot find good test vectors for PBKDF2 with HMAC-SHA-2.
In T5167#140229, @gbschenkel wrote:Nice, I gonna apply the patch and see if resolves for me!
Nice, I gonna apply the patch and see if resolves for me!
• gniibe committed rG3c55e15cee4b: scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup. (authored by • gniibe).
scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup.
• gniibe committed rG585cfca0a60b: scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR. (authored by • gniibe).
scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR.
If your problem is the incompatibility between standard OpenSSH (server) and PKIXSSH (client) for use of ssh-agent emulation of gpg-agent with ECDSA key, I'd suggest to apply following patch to your PKIXSSH:
diff --git a/compat.c b/compat.c index fe71951..0c9b1ef 100644 --- a/compat.c +++ b/compat.c @@ -245,7 +245,6 @@ xkey_compatibility(const char *remote_version) { { static sshx_compatibility info[] = { { 0, "OpenSSH*PKIX[??.*" /* 10.+ first correct */ }, { 0, "OpenSSH*PKIX[X.*" /* developlement */ }, - { 1, "OpenSSH*" /* PKIX pre 10.0 */ }, { 1, "SecureNetTerm-3.1" /* same as PKIX pre 10.0 */}, { 0, NULL } }; p = xkey_compatibility_find(remote_version, info);
• ikloecker committed rLIBKLEO1f76573e275f: Merge branch 'work/static-analysis' into 'master' (authored by • ikloecker).
Merge branch 'work/static-analysis' into 'master'
Dec 15 2020
Dec 15 2020
• ikloecker changed the status of T5127: Kleopatra: Generate S/MIME CSR for PIV card key from Open to Testing.
Ready for testing
• ikloecker changed the status of T5127: Kleopatra: Generate S/MIME CSR for PIV card key, a subtask of T5123: Kleopatra: Generate OpenPGP pubkey S/MIME CSR from existing card, from Open to Testing.
• ikloecker committed rKLEOPATRAfb1ef2181f59: Improve/simplify layout of PIV card widget (authored by • ikloecker).
Improve/simplify layout of PIV card widget
• ikloecker committed rKLEOPATRA86b349a947e8: Improve usability of CSR creation (authored by • ikloecker).
Improve usability of CSR creation
• ikloecker committed rKLEOPATRA4385c4db475e: Connect signals after UI setup is complete to prevent a crash (authored by • ikloecker).
Connect signals after UI setup is complete to prevent a crash
• ikloecker committed rKLEOPATRA9dfd273c9bae: After creating the CSR write it to disk asking the user for a location (authored by • ikloecker).
After creating the CSR write it to disk asking the user for a location
• werner committed rG2c6bb03cfb56: dirmngr: Remove superfluous attribute from the LDAP schema. (authored by • werner).
dirmngr: Remove superfluous attribute from the LDAP schema.
• werner committed rGa2434ccabdd1: dirmngr: Store all version 2 schema attributes. (authored by • werner).
dirmngr: Store all version 2 schema attributes.
Laurent Montel <montel@kde.org> committed rLIBKLEOf29bb83638fd: GIT_SILENT: Fix typo (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Fix typo
Laurent Montel <montel@kde.org> committed rKLEOPATRA40b9a421b964: GIT_SILENT: Fix typo (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Fix typo
Laurent Montel <montel@kde.org> committed rKLEOPATRAe0236c45a948: Allow to use UNITY build see https://cmake. (authored by Laurent Montel <montel@kde.org>).
Allow to use UNITY build see https://cmake.
Laurent Montel <montel@kde.org> committed rLIBKLEO17042deb161a: Allow to use UNITY build see https://cmake. (authored by Laurent Montel <montel@kde.org>).
Allow to use UNITY build see https://cmake.
• gniibe renamed T5182: libgcrypt self tests for FIPS 140 from libgcrypt tests for FIPS 140 to libgcrypt self tests for FIPS 140.
Our tests are now in tests/basic.c.
For CMAC tests, we would need to use newer test vectors.
Dec 14 2020
Dec 14 2020
• werner committed rGe9ddd61fe979: dirmngr: Support the new Active Directory schema (authored by • werner).
dirmngr: Support the new Active Directory schema
• werner committed rGcc056eb534c1: dirmngr: Do not store the useless pgpSignerID in the LDAP. (authored by • werner).
dirmngr: Do not store the useless pgpSignerID in the LDAP.
• werner committed rG37a899d0e4fd: dirmngr: Fix adding keys to an LDAP server. (authored by • werner).
dirmngr: Fix adding keys to an LDAP server.
Unfortunately and confusingly, PKISSH returns "OpenSSH" when asked by "ssh -V".
Please install real OpenSSH, if this is the case for you.
Quote from IRC:
hey, i've some problems with my smartcard since quite some time. i'm not sure whether it's openssh related or gnupg. it's a openpgpcard v2.0 and i have to workaround ssh logins by using "SSH_AUTH_SOCK=0 ssh ...". .gnupg/gpg-agent.conf -
gpg-agent.conf158 BDownload
the debug log: debug.log2 KBDownload
esp. "ssh sign request failed: Unknown option <GPG Agent>" and ssh says "sign_and_send_pubkey: signing failed: agent refused operation"gpg --edit-card and --card-status works fine and sign/encrypt works fine as well. only ssh auth fails
openssh 8.1_p1, gnupg 2.2.20