Page MenuHome GnuPG
Feed All Stories

Mon, Jun 7

werner is attending E868: Weekly Standup.
Mon, Jun 7, 8:17 AM
gniibe added a comment to E868: Weekly Standup.

Last week:

This week:

Mon, Jun 7, 7:40 AM
gniibe added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

@dkg
If we support native X25519 format, multiple representations are possible (there are 32 ways, at least) for a single secret key, because it's the feature of X25519.

Mon, Jun 7, 7:21 AM · gnupg (gpg22), Bug Report
gniibe changed the status of T5469: GnuPG 2.3 regression: keydb_search failed: Invalid argument from Open to Testing.
Mon, Jun 7, 7:10 AM · gnupg (gpg23)
gniibe is attending E868: Weekly Standup.
Mon, Jun 7, 6:57 AM
gniibe edited projects for T5442: Serial number detection of Yubikey 5 (Yubikey 5 doesn't work after updating to GnuPG 2.3.1), added: gnupg (gpg23); removed gnupg, MacOS.

In 2.3, the logic to identify Yubikey has been changed (to support PIV application).

Mon, Jun 7, 5:28 AM · gnupg (gpg23), yubikey
gniibe committed rGee5b6af370fb: scd: Fix READER-PORT option handling for PC/SC. (authored by gniibe).
scd: Fix READER-PORT option handling for PC/SC.
Mon, Jun 7, 4:46 AM
gniibe added a comment to T5442: Serial number detection of Yubikey 5 (Yubikey 5 doesn't work after updating to GnuPG 2.3.1).

In your log, it says:

usb_claim_interface failed: -3
Mon, Jun 7, 4:46 AM · gnupg (gpg23), yubikey
gniibe added a comment to T5442: Serial number detection of Yubikey 5 (Yubikey 5 doesn't work after updating to GnuPG 2.3.1).

Sorry, I was wrong.

Mon, Jun 7, 4:43 AM · gnupg (gpg23), yubikey
gniibe added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

@werner
My patch is for the case if it's better to accept such a key of OpenPGP.
I don't know if it's better or not (yet). The purpose of this patch is to show the point where OpenPGP secret part translates into libgcrypt secret key, concretely.

Mon, Jun 7, 2:57 AM · gnupg (gpg22), Bug Report

Sun, Jun 6

Laurent Montel <montel@kde.org> committed rLIBKLEO44ad0191d827: GIT_SILENT: add cmake test support + add more build support (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: add cmake test support + add more build support
Sun, Jun 6, 9:38 AM
Laurent Montel <montel@kde.org> committed rKLEOPATRA7aee9857eaf7: GIT_SILENT: add cmake test support + add more build support (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: add cmake test support + add more build support
Sun, Jun 6, 9:35 AM

Sat, Jun 5

Heiko Becker <heiko.becker@kde.org> committed rKLEOPATRA91786ba7696a: GIT_SILENT Update Appstream for new release (authored by Heiko Becker <heiko.becker@kde.org>).
GIT_SILENT Update Appstream for new release
Sat, Jun 5, 11:22 PM
Heiko Becker <heiko.becker@kde.org> committed rKLEOPATRA1b55167dece0: GIT_SILENT Update Appstream for new release (authored by Heiko Becker <heiko.becker@kde.org>).
GIT_SILENT Update Appstream for new release
Sat, Jun 5, 11:22 PM
ikloecker committed rLIBKLEO55aa004b8091: Add Boost::headers to link libraries (authored by Allen Winter <winter@kde.org>).
Add Boost::headers to link libraries
Sat, Jun 5, 11:23 AM

Fri, Jun 4

dkg added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Do we want to encourage multiple cleartext wire-format representations of the same secret key?

Fri, Jun 4, 3:56 PM · gnupg (gpg22), Bug Report
aheinecke triaged T5473: Libkleo build for Windows broken as High priority.
Fri, Jun 4, 2:33 PM · kleopatra, Restricted Project
aheinecke created P13 (An Untitled Masterwork).
Fri, Jun 4, 1:12 PM
jarregui created T5472: Kleopatra not storing decrypted files.
Fri, Jun 4, 12:52 PM · Bug Report
werner added a comment to T5442: Serial number detection of Yubikey 5 (Yubikey 5 doesn't work after updating to GnuPG 2.3.1).

I need to see how we can pass the check permission notice up to gpg. This is a too common problem and thus serves some special treatment.

Fri, Jun 4, 12:22 PM · gnupg (gpg23), yubikey
Suertzz added a comment to T5442: Serial number detection of Yubikey 5 (Yubikey 5 doesn't work after updating to GnuPG 2.3.1).

GPG Version :

Fri, Jun 4, 11:58 AM · gnupg (gpg23), yubikey
Alexander Lohnau <alexander.lohnau@gmx.de> committed rKLEOPATRAe12eb5d0a832: Install service menus in ${KDE_INSTALL_KSERVICES5DIR}/ServiceMenus (authored by Alexander Lohnau <alexander.lohnau@gmx.de>).
Install service menus in ${KDE_INSTALL_KSERVICES5DIR}/ServiceMenus
Fri, Jun 4, 11:17 AM
onickolay added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

JFYI: Original curve25519-donna (as well as Botan library, and OpenSSL) tweaks bits inside of the exponentiation function, so secret keys with or without tweaked bits would be equivalent and produce the same public key.

Fri, Jun 4, 10:57 AM · gnupg (gpg22), Bug Report
ikloecker committed rLIBKLEO405b06ff36db: add Boost::headers to link libraries (authored by ikloecker).
add Boost::headers to link libraries
Fri, Jun 4, 10:12 AM
aheinecke closed T5424: GnuPG w32: Expand environment variables when reading registry paths as Resolved.

Works. My initial tests also failed because on Windows 64 the registry value has to be placed in the WOW6432NODE

Fri, Jun 4, 10:09 AM · gnupg (gpg22), Restricted Project
aheinecke changed the status of T5424: GnuPG w32: Expand environment variables when reading registry paths from Open to Testing.

Apologies,.. I used ctags on read_w32_registry_string and that jumped me to build-aux/speedo/w32/g4wihelp.c which has a read_w32_registry_string that does not expand....
Now I found the w32-reg.c in common which looks completely fine.

Fri, Jun 4, 9:39 AM · gnupg (gpg22), Restricted Project
werner lowered the priority of T5328: On the (in)security of Elgamal in OpenPGP from High to Normal.
Fri, Jun 4, 7:52 AM · side-channel, CVE, libgcrypt
werner changed the visibility for T5328: On the (in)security of Elgamal in OpenPGP.
Fri, Jun 4, 7:52 AM · side-channel, CVE, libgcrypt
werner committed rG8bd5172539e1: dirmngr: Remove useless code. (authored by werner).
dirmngr: Remove useless code.
Fri, Jun 4, 7:49 AM
werner added inline comments to rG2b4cddf9086f: dirmngr: Allow for non-URL specified ldap keyservers..
Fri, Jun 4, 7:45 AM
werner added a comment to rGff17aee5d10c: dirmngr: New option --ldapserver.

Alright, we can keep just the colon delimited format for --ldapservers et al. Because we support ldap URLs in CrlDistributionPoints in X.509 certificates we need to handle them internally. But there is indeed no need to support them in the config files.

Fri, Jun 4, 7:40 AM
werner added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

gniibe: Can you explain why an import shall modify the secret key? Form my understanding it is an invalid secret key and thus it can't be used. An import operation is different than the key generation.

Fri, Jun 4, 7:33 AM · gnupg (gpg22), Bug Report
gniibe added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

For an implementation of Curve25519 routine, it is needed to tweak those bits.

Fri, Jun 4, 6:52 AM · gnupg (gpg22), Bug Report
gniibe committed rG21ef425e222d: agent: Appropriate error code for importing key with no passwd. (authored by gniibe).
agent: Appropriate error code for importing key with no passwd.
Fri, Jun 4, 6:49 AM
gniibe added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Better to have

diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index 53c88154b..b1d43227a 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -159,7 +159,21 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey,
                EdDSA flag.  */
             format = "(private-key(ecc(curve %s)(flags eddsa)(q%m)(d%m)))";
           else if (!strcmp (curve, "Curve25519"))
-            format = "(private-key(ecc(curve %s)(flags djb-tweak)(q%m)(d%m)))";
+            {
+              unsigned int nbits;
+              unsigned char *buffer = gcry_mpi_get_opaque (skey[1], &nbits);
+              unsigned char d[32];
+
+              if (nbits != 256)
+                return gpg_error (GPG_ERR_BAD_SECKEY);
+
+              memcpy (d, buffer, 32);
+              d[0] = (d[0] & 0x7f) | 0x40;
+              d[31] &= 0xf8;
+              gcry_mpi_release (skey[1]);
+              skey[1] = gcry_mpi_set_opaque_copy (NULL, d, 256);
+              format = "(private-key(ecc(curve %s)(flags djb-tweak)(q%m)(d%m)))";
+            }
           else
             format = "(private-key(ecc(curve %s)(q%m)(d%m)))";
Fri, Jun 4, 6:00 AM · gnupg (gpg22), Bug Report
gniibe added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

"Curve25519" in libgcrypt was implemented before the standardization of X25519. There are two problems here: endianess and tweaking-bits.

Fri, Jun 4, 5:59 AM · gnupg (gpg22), Bug Report
Suertzz added a comment to T5442: Serial number detection of Yubikey 5 (Yubikey 5 doesn't work after updating to GnuPG 2.3.1).

I see your situation

Could you please help me to analyze what's going on?
Please add following lines to your scdaemon.conf to see CCID driver's debug output:

debug-ccid-driver
verbose
verbose
verbose

And share the debug output.

Fri, Jun 4, 2:08 AM · gnupg (gpg23), yubikey
gniibe added a comment to T5442: Serial number detection of Yubikey 5 (Yubikey 5 doesn't work after updating to GnuPG 2.3.1).

Ah, I think that your problem was fixed in rG53bdc6288f9b: scd: Recover the partial match for PORTSTR for PC/SC. (to be 2.3.2).

Fri, Jun 4, 2:02 AM · gnupg (gpg23), yubikey
gniibe triaged T5442: Serial number detection of Yubikey 5 (Yubikey 5 doesn't work after updating to GnuPG 2.3.1) as High priority.
Fri, Jun 4, 1:58 AM · gnupg (gpg23), yubikey
gniibe claimed T5442: Serial number detection of Yubikey 5 (Yubikey 5 doesn't work after updating to GnuPG 2.3.1).
Fri, Jun 4, 1:57 AM · gnupg (gpg23), yubikey
gniibe reopened T5442: Serial number detection of Yubikey 5 (Yubikey 5 doesn't work after updating to GnuPG 2.3.1) as "Open".

I see your situation

Fri, Jun 4, 1:57 AM · gnupg (gpg23), yubikey
Suertzz added a comment to T5442: Serial number detection of Yubikey 5 (Yubikey 5 doesn't work after updating to GnuPG 2.3.1).

If possible, please let us know how you configure the permission to access CCID device with 2.2 (and with 2.3)?

Fri, Jun 4, 1:40 AM · gnupg (gpg23), yubikey
gniibe added a comment to T5442: Serial number detection of Yubikey 5 (Yubikey 5 doesn't work after updating to GnuPG 2.3.1).

If possible, please let us know how you configure the permission to access CCID device with 2.2 (and with 2.3)?

Fri, Jun 4, 1:32 AM · gnupg (gpg23), yubikey

Thu, Jun 3

Suertzz added a comment to T5415: YubiKey no longer recognized in GnuPG 2.3.1 on macOS 10.15.7.

Please excuse my late reply. I was busy with other things over the last few weeks.

Yes, putting disable-ccid into ~/.gnupg/scdaemon.conf works for me with GnuPG 2.3.1 under macOS Catalina (10.15).

I still don't understand what the problem is/was, so I cannot judge whether it's better to recommend this manual configuration for Mac users or to disable CCID by default on macOS.

Thu, Jun 3, 11:20 PM · MacOS, yubikey, Bug Report
Allen Winter <winter@kde.org> committed rLIBKLEO522010b01dcd: add Boost::headers to link libraries (authored by Allen Winter <winter@kde.org>).
add Boost::headers to link libraries
Thu, Jun 3, 9:44 PM
Saturneric added a comment to T5470: T5454 Continue Gpgme still shows secret flag even when the secret key content is missing.

I tried again after cloning the master branch, and I finally figured it out. Sorry for the trouble caused by this irrelevant question just submitted. thanks again.

Thu, Jun 3, 9:36 PM · Bug Report
werner added a comment to T5470: T5454 Continue Gpgme still shows secret flag even when the secret key content is missing.

Please read T5454 again. To get the listing I showed you need to use the latest gpgme from Git master.

Thu, Jun 3, 9:24 PM · Bug Report
werner merged T5470: T5454 Continue Gpgme still shows secret flag even when the secret key content is missing into T5454: Failed to sign with subkey with a signature function using gpgme_op_keysign.
Thu, Jun 3, 9:23 PM · FAQ, Support, gpgme
werner merged task T5470: T5454 Continue Gpgme still shows secret flag even when the secret key content is missing into T5454: Failed to sign with subkey with a signature function using gpgme_op_keysign.
Thu, Jun 3, 9:23 PM · Bug Report
Allen Winter <winter@kde.org> committed rLIBKLEO18331f8ca050: add Boost::headers to link libraries (authored by Allen Winter <winter@kde.org>).
add Boost::headers to link libraries
Thu, Jun 3, 8:42 PM
Saturneric created T5470: T5454 Continue Gpgme still shows secret flag even when the secret key content is missing.
Thu, Jun 3, 8:19 PM · Bug Report
gniibe committed rC3462280f2e23: cipher: Fix ElGamal encryption for other implementations. (authored by gniibe).
cipher: Fix ElGamal encryption for other implementations.
Thu, Jun 3, 7:09 PM
gniibe committed rC7ba5d831d573: build: _DARWIN_C_SOURCE should be 1. (authored by gniibe).
build: _DARWIN_C_SOURCE should be 1.
Thu, Jun 3, 7:09 PM
gniibe committed rC71a07704ad98: build: Don't use /dev/srandom on OpenBSD. (authored by Jeremie Courreges-Anglas <jca@wxcvbn.org>).
build: Don't use /dev/srandom on OpenBSD.
Thu, Jun 3, 7:09 PM
gniibe committed rC334e1a1cfc8f: tests: Add HAVE_MMAP check for MinGW. (authored by gniibe).
tests: Add HAVE_MMAP check for MinGW.
Thu, Jun 3, 7:09 PM
werner committed rC59df8d629542: sexp: Avoid a fatal error in case of ENOMEM in called functions. (authored by werner).
sexp: Avoid a fatal error in case of ENOMEM in called functions.
Thu, Jun 3, 7:09 PM
gniibe committed rCda127f7505ff: Fix secmem test for machine with larger page. (authored by gniibe).
Fix secmem test for machine with larger page.
Thu, Jun 3, 7:09 PM
werner committed rCf4582f8c429f: api: Add auto expand secmem feature (authored by werner).
api: Add auto expand secmem feature
Thu, Jun 3, 7:09 PM
werner committed rC32577d5b91f8: Post release updates (authored by werner).
Post release updates
Thu, Jun 3, 7:09 PM
werner committed rCeb84e429950b: Release 1.8.2 (authored by werner).
Release 1.8.2
Thu, Jun 3, 7:09 PM
werner committed rC0a391b259adc: Fix incorrect counter overflow handling for GCM (authored by jukivili).
Fix incorrect counter overflow handling for GCM
Thu, Jun 3, 7:09 PM
werner committed rCc114ffd6da83: doc: fix double "See" in front of reference (authored by jukivili).
doc: fix double "See" in front of reference
Thu, Jun 3, 7:09 PM
werner committed rC4e11e9d98818: Improve constant-time buffer compare (authored by jukivili).
Improve constant-time buffer compare
Thu, Jun 3, 7:09 PM
werner committed rC0da4a237661c: random: Protect another use of jent_rng_collector. (authored by gniibe).
random: Protect another use of jent_rng_collector.
Thu, Jun 3, 7:09 PM
werner committed rC1900853f2aee: doc: Clarify the value range of the use-rsa-e parameter. (authored by werner).
doc: Clarify the value range of the use-rsa-e parameter.
Thu, Jun 3, 7:09 PM
werner committed rCe1695a8f6ca1: random: Don't assume that _WIN64 implies x86_64 (authored by Martin Storsjö <martin@martin.st>).
random: Don't assume that _WIN64 implies x86_64
Thu, Jun 3, 7:09 PM
werner committed rC06fdc074eb29: hmac: Use xtrymalloc. (authored by gniibe).
hmac: Use xtrymalloc.
Thu, Jun 3, 7:09 PM
werner committed rCa0e016e29409: mpi: Fix for buidling for MIPS64 with Clang (authored by werner).
mpi: Fix for buidling for MIPS64 with Clang
Thu, Jun 3, 7:09 PM
werner committed rCbbf88f0e9d48: AES-KW: fix in-place encryption (authored by smueller_chronox.de).
AES-KW: fix in-place encryption
Thu, Jun 3, 7:09 PM
werner committed rC22db6237de00: Make BMI2 inline assembly check more robust (authored by jukivili).
Make BMI2 inline assembly check more robust
Thu, Jun 3, 7:09 PM
werner committed rC1a0289daa408: build: Convince gcc not to delete NULL ptr checks. (authored by werner).
build: Convince gcc not to delete NULL ptr checks.
Thu, Jun 3, 7:09 PM
werner committed rCc5bed9df9633: prime: Avoid rare assertion failure in gcry_prime_check. (authored by werner).
prime: Avoid rare assertion failure in gcry_prime_check.
Thu, Jun 3, 7:09 PM
werner committed rC846f8fe8b3be: ecc: Improve gcry_mpi_ec_curve_point (authored by werner).
ecc: Improve gcry_mpi_ec_curve_point
Thu, Jun 3, 7:09 PM
werner committed rC5600d2d6b236: Release 1.8.3 (authored by werner).
Release 1.8.3
Thu, Jun 3, 7:09 PM
gniibe committed rC20c034865f2d: random: Fix hang of _gcry_rndjent_get_version. (authored by dtzWill).
random: Fix hang of _gcry_rndjent_get_version.
Thu, Jun 3, 7:09 PM
werner committed rC6ca6344429e5: Post release updates (authored by werner).
Post release updates
Thu, Jun 3, 7:09 PM
werner committed rC54620a27f450: mpi: New internal function _gcry_mpi_cmpabs. (authored by werner).
mpi: New internal function _gcry_mpi_cmpabs.
Thu, Jun 3, 7:09 PM
gniibe committed rC9be06c6b2e5c: ecc: Add blinding for ECDSA. (authored by gniibe).
ecc: Add blinding for ECDSA.
Thu, Jun 3, 7:09 PM
werner committed rCbe68b3ee4fd1: ecc: Fix potential unintended freeing of an internal param. (authored by werner).
ecc: Fix potential unintended freeing of an internal param.
Thu, Jun 3, 7:09 PM
werner committed rC8cc7cac82ec2: sexp: Fix uninitialized use of a var in the error case. (authored by werner).
sexp: Fix uninitialized use of a var in the error case.
Thu, Jun 3, 7:09 PM
werner committed rC347987d4cf29: ecc: Fix possible memory leakage in parameter check of eddsa. (authored by werner).
ecc: Fix possible memory leakage in parameter check of eddsa.
Thu, Jun 3, 7:08 PM
werner committed rC7f4de8bab991: doc: Fix example for gcry_sexp_extract_param (authored by werner).
doc: Fix example for gcry_sexp_extract_param
Thu, Jun 3, 7:08 PM
werner committed rCabd267bf2393: Fix memory leak in secmem in out of core conditions. (authored by werner).
Fix memory leak in secmem in out of core conditions.
Thu, Jun 3, 7:08 PM
werner committed rC4e044b80b296: doc: Update yat2m.c from upstream (libgpg-error) (authored by werner).
doc: Update yat2m.c from upstream (libgpg-error)
Thu, Jun 3, 7:08 PM
werner committed rC60224352f4de: ecc: Fix memory leak in the error case of ecc_encrypt_raw (authored by werner).
ecc: Fix memory leak in the error case of ecc_encrypt_raw
Thu, Jun 3, 7:08 PM
werner committed rC60885655756d: random: Make sure to re-open /dev/random after a fork (authored by werner).
random: Make sure to re-open /dev/random after a fork
Thu, Jun 3, 7:08 PM
werner committed rC99a5babfd1e7: build: Add release make target (authored by werner).
build: Add release make target
Thu, Jun 3, 7:08 PM
werner committed rC5b1d022293c5: primes: Avoid leaking bits of the prime test to pageable memory. (authored by werner).
primes: Avoid leaking bits of the prime test to pageable memory.
Thu, Jun 3, 7:08 PM
gniibe committed rC813b002eaf30: libgrypt.pc: Provide pkg-config file. (authored by gniibe).
libgrypt.pc: Provide pkg-config file.
Thu, Jun 3, 7:08 PM
werner committed rC0973c3f9ee7a: random: use getrandom() on Linux where available (authored by dkg).
random: use getrandom() on Linux where available
Thu, Jun 3, 7:08 PM
werner committed rCb3f4e39b2a29: Post release updates (authored by werner).
Post release updates
Thu, Jun 3, 7:08 PM
werner committed rC93775172713c: Release 1.8.4 (authored by werner).
Release 1.8.4
Thu, Jun 3, 7:08 PM
werner committed rC6faeca72b455: doc: Fix library initialization examples (authored by ametzler).
doc: Fix library initialization examples
Thu, Jun 3, 7:08 PM
gniibe committed rC0216418ab23a: libgcrypt.m4: Update from master. (authored by gniibe).
libgcrypt.m4: Update from master.
Thu, Jun 3, 7:08 PM
werner committed rC35e002d4b842: random: Initialize variable as requested by valgrind (authored by werner).
random: Initialize variable as requested by valgrind
Thu, Jun 3, 7:08 PM
gniibe committed rC4141caabe76a: libgcrypt.m4: Update from master. (authored by gniibe).
libgcrypt.m4: Update from master.
Thu, Jun 3, 7:08 PM
gniibe committed rC0147a5e69e49: tests: t-mpi-point: Remove implementation dependent checks. (authored by gniibe).
tests: t-mpi-point: Remove implementation dependent checks.
Thu, Jun 3, 7:08 PM
werner committed rCbc05e16bb494: doc: Minor typo fix (authored by werner).
doc: Minor typo fix
Thu, Jun 3, 7:08 PM
gniibe committed rC5ad654a33085: dsa,ecdsa: Allocate secure memory for RFC6979 generation. (authored by gniibe).
dsa,ecdsa: Allocate secure memory for RFC6979 generation.
Thu, Jun 3, 7:08 PM
gniibe committed rC1862f402d363: ecdsa: Fix unblinding too early. (authored by gniibe).
ecdsa: Fix unblinding too early.
Thu, Jun 3, 7:08 PM