Nitrokey Start uses Gnuk as its firmware. You need to upgrade its firmware to version 1.2.16 or newer.
Please note that when upgrading the firmware, your keys will be removed.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
May 3 2022
May 3 2022
• gniibe added a project to T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance: Restricted Project.
• gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
• ikloecker committed rLIBKLEO343b5bb4046a: GIT_SILENT Clear list of words to ignore by codespell (again) (authored by • ikloecker).
GIT_SILENT Clear list of words to ignore by codespell (again)
• ikloecker committed rKLEOPATRAe94a4f7e1876: GIT_SILENT Clear list of words to ignore by codespell (again) (authored by • ikloecker).
GIT_SILENT Clear list of words to ignore by codespell (again)
Laurent Montel <montel@kde.org> committed rLIBKLEO5b8c1d5bfec8: GIT_SILENT: exclude .xml file (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: exclude .xml file
Laurent Montel <montel@kde.org> committed rLIBKLEO744dcc2eb7eb: GIT_SILENT: compile fine without deprecated kf5.94 method (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: compile fine without deprecated kf5.94 method
Laurent Montel <montel@kde.org> committed rKLEOPATRA5d7ef9b1dbd4: GIT_SILENT: compile fine without deprecated kf5.94 method (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: compile fine without deprecated kf5.94 method
Laurent Montel <montel@kde.org> committed rKLEOPATRA86eb466e36f2: GIT_SILENT: exclude .xml file (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: exclude .xml file
May 2 2022
May 2 2022
amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Its a nitrokey start. I gave it another spin just to make sure, and again when updating to openssh 9.0 and "gpg (GnuPG) 2.3.6-unknown", it fails (again with careful gpgconf --kill gpg-agent etc. Double checked the downloaded source code by arch's makepkg, appears to have that patch applied. Also tried adding -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com to the ssh command, which didn't help.
Looks like somebody is writing to the shared config after it has been destroyed already. Probably some global object that is destroyed by the runtime on shutdown.
dkg added a comment to T5954: Building for windows requires gpgrt (libgpg-error) 1.45, but configure.ac claims 1.27.
Debian requires all builds to use software that we have local copies of in the archive, which appears to rule out the use of speedo (it fetches source over the internet during build). So i've modified debian packaging to annotate that the Windows builds need a different version of libgpg-error than that defined in configure.ac.
• ikloecker committed rLIBKLEOa732f7990ad6: Return null subkey if there are no subkeys with the given key grip (authored by • ikloecker).
Return null subkey if there are no subkeys with the given key grip
• ikloecker committed rKLEOPATRA9e2dc6246e20: Add possibility to refresh an individual certificate (authored by • ikloecker).
Add possibility to refresh an individual certificate
qt: Use GpgME::Locate alias
qt: Apply compiler hint
• ikloecker committed rMe12861f18c6b: qt: Add job for refreshing OpenPGP keys (authored by • ikloecker).
qt: Add job for refreshing OpenPGP keys
qt,doc: Fix some API documentation
• ikloecker committed rM0c304beeaab5: qt: Factor out helper for getting the fingerprints of some keys (authored by • ikloecker).
qt: Factor out helper for getting the fingerprints of some keys
• ikloecker committed rM34786132fed0: cpp: Add RAII class for saving/restoring the key list mode (authored by • ikloecker).
cpp: Add RAII class for saving/restoring the key list mode
• ikloecker committed rM99fd565889f3: qt: Add debug helper for Result classes with output stream operator (authored by • ikloecker).
qt: Add debug helper for Result classes with output stream operator
Add EN version of privacy policy
• aheinecke committed rW8053494b5a51: msi: Add installers target to prepare unsigned msi (authored by • aheinecke).
msi: Add installers target to prepare unsigned msi
• aheinecke raised the priority of T5962: Kleopatra: Crash when quitting Application on Windows from Normal to High.
• aheinecke triaged T5962: Kleopatra: Crash when quitting Application on Windows as Normal priority.
• gniibe added a comment to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com.
KexAlgorithms -sntrup761x25519-sha512@openssh.com
• ikloecker committed rM54c4fd16d183: qt: Fix connection to readyReadStandardOutput signal (authored by • ikloecker).
qt: Fix connection to readyReadStandardOutput signal
• ikloecker committed rM9686258bd167: qt: Add test runner for refresh job (authored by • ikloecker).
qt: Add test runner for refresh job
• ikloecker committed rMf4c356092571: qt: Make RefreshKeysJob result compatible with standard job result (authored by • ikloecker).
qt: Make RefreshKeysJob result compatible with standard job result
qt: Minor refactoring
• ikloecker committed rMfd97cbaa44b8: qt: Allow refreshing a list of keys (authored by • ikloecker).
qt: Allow refreshing a list of keys
• ikloecker committed rMf47bc992ae6c: qt: Rename QGpgMERefreshKeysJob to QGpgMERefreshSMIMEKeysJob (authored by • ikloecker).
qt: Rename QGpgMERefreshKeysJob to QGpgMERefreshSMIMEKeysJob
• ikloecker committed rM359906c8bcde: cpp,tests: Verify that requested keylist mode is used (authored by • ikloecker).
cpp,tests: Verify that requested keylist mode is used
Background: I encountered a problem error message shows irrelevant; While it should say 'No such file or directly', it says 'Unknown Packet'.
FWIW, the original idea with gpgscm was to provide code which does no rely on any gpg stuff so it can be merged back into upstream. I am not sure whether this still makes sense.
gpgscm: Fix handling an error for chdir.
• gniibe committed rG792374edb676: tests: Fix plain invocation of "make check". (authored by • gniibe).
tests: Fix plain invocation of "make check".
• gniibe committed rG06e82e997a56: tests: Add a test for Ed25519 keys for non-protected secret. (authored by • gniibe).
tests: Add a test for Ed25519 keys for non-protected secret.
• gniibe committed rG602c37ac0678: tests: Add a test for Ed25519 keys for non-protected secret. (authored by • gniibe).
tests: Add a test for Ed25519 keys for non-protected secret.
• gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Please describe what token is used. For my use cases with rGe8fb8e2b3e66: scd: Don't inhibit SSH authentication for larger data if it can., both of Gnuk (>= 1.2.16) and Yubikey (>= 5) work well.
May 1 2022
May 1 2022
l10n daemon script <scripty@kde.org> committed rLIBKLEO7bce371453c3: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
l10n daemon script <scripty@kde.org> committed rLIBKLEO628b00f20593: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
Apr 30 2022
Apr 30 2022
Alexander Lohnau <alexander.lohnau@gmx.de> committed rKLEOPATRA6020c349d539: Remove ServiceTypes from context menu services (authored by Nicolas Fella <nicolas.fella@gmx.de>).
Remove ServiceTypes from context menu services
Nicolas Fella <nicolas.fella@gmx.de> committed rKLEOPATRA3a4acbad14dc: Remove ServiceTypes from context menu services (authored by Nicolas Fella <nicolas.fella@gmx.de>).
Remove ServiceTypes from context menu services
jukivili committed rC9ba1f0091ff4: tests/basic: add testing for partial bulk processing code paths (authored by jukivili).
tests/basic: add testing for partial bulk processing code paths
sm4: add XTS bulk processing
jukivili committed rCe239738b4af2: sm4-aesni-avx2: add generic 1 to 16 block bulk processing function (authored by jukivili).
sm4-aesni-avx2: add generic 1 to 16 block bulk processing function
jukivili committed rC32b18cdb87b7: camellia-avx2: add bulk processing for XTS mode (authored by jukivili).
camellia-avx2: add bulk processing for XTS mode
Add SM4 x86-64/GFNI/AVX2 implementation
jukivili committed rCe1c5f950838b: sm4: deduplicate bulk processing function selection (authored by jukivili).
sm4: deduplicate bulk processing function selection
jukivili committed rC9388279803ff: Move bulk OCB L pointer array setup code to common header (authored by jukivili).
Move bulk OCB L pointer array setup code to common header
jukivili committed rC754055ccd043: cipher/bulkhelp: add functions for CTR/CBC/CFB/OCB bulk processing (authored by jukivili).
cipher/bulkhelp: add functions for CTR/CBC/CFB/OCB bulk processing
jukivili committed rCbacdc1de3f4f: camellia-avx2: add partial parallel block processing (authored by jukivili).
camellia-avx2: add partial parallel block processing
jukivili committed rC3410d40996d8: Add detection for HW feature "intel-gfni" (authored by jukivili).
Add detection for HW feature "intel-gfni"
Add GFNI/AVX2 implementation of Camellia
it would be useful to add a test
Apr 29 2022
Apr 29 2022
dkg added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
this looks similar to https://dev.gnupg.org/T5935 and https://bugs.debian.org/1008573
Post relase version bump
• aheinecke committed rW98c550d0b1d4: Update NEWS and READMEs for todays release (authored by • aheinecke).
Update NEWS and READMEs for todays release
appimage: Minor fix
• aheinecke triaged T5961: Kleopatra: S/MIME Details cannot be copied multiline on Windows as Normal priority.
• aheinecke triaged T5960: Kleopatra: Encoding problems with GnuPG output on Windows as Normal priority.
• aheinecke triaged T5959: Kleopatra: Show key source in details widget if it is not unkown as Wishlist priority.
• aheinecke triaged T5958: Kleopatra: Change passphrase is enabled even when it is impossible as Normal priority.
• aheinecke closed T5939: Kleopatra: Better error for wrong password in symmetric decryption as Resolved.
Tested
Update Kleopatra to latest master
• aheinecke committed rKLEOPATRAff3c40d505e9: Do not always enable action after error (authored by • aheinecke).
Do not always enable action after error
• aheinecke committed rKLEOPATRA1db344e1287e: Do not always enable crypt in notepad for de-vs (authored by • aheinecke).
Do not always enable crypt in notepad for de-vs
• aheinecke added a comment to rKLEOPATRA96928c1e4501: Enable encrypt/sign button if GnuPG is compliant.
Uhm. This enabled the button always in VS-NfD mode. Fixing.
• werner triaged T5955: pinentry-efl sends warnings to stderr, does not close windows during getpin as Normal priority.
Prepare NEWS for 3.1.22
Yuri Chornoivan <yurchor@ukr.net> committed rKLEOPATRA54358942931f: Fix minor typo (authored by Yuri Chornoivan <yurchor@ukr.net>).
Fix minor typo
dschulman-repay added a comment to T5406: gnupg-2.3.1: 'make check' on all tests tries to use installed 'keyboxd'.
I'm seeing something just like this when attempting to install gnupg-2.3.6 on Ubuntu 22.04 LTS (running under WSL 2, if it matters).
Apr 28 2022
Apr 28 2022
Thanks for working on this, @gniibe! Maybe it would be useful to add a test to the test suite that tries to import and use a secret key of this particular structure.
Update libkleo to latest master
• aheinecke committed rLIBKLEOcf0130036f91: Fix findSubkeyByKeygrip for unknwon protocol (authored by • aheinecke).
Fix findSubkeyByKeygrip for unknwon protocol
• aheinecke committed rW75e96164c51f: Update kleopatra to latest snapshot (authored by • aheinecke).
Update kleopatra to latest snapshot
• aheinecke committed rKLEOPATRAa365ef17e97e: Always start gpg-agent on startup (authored by • aheinecke).
Always start gpg-agent on startup
FWIW, your comments about the autostart script do not match with the running processes. Obviously, the autostart script starts gpg-agent with different command line options than the running process. My conclusion is that the autostart script isn't used. Or maybe it is started, but gpg-agent immediately terminates because it notices that another instance is already running.
swdb: Update Gpg4win to 4.0.2
If you add an autostart script then you may have to add a corresponding shutdown script as well, e.g. a script running gpgconf --kill all. You cannot expect that daemons, that you start via an autostart script, magically know when they should terminate.
• aheinecke committed rWf2ffd559f892: Update kleopatra to latest snapshot (authored by • aheinecke).
Update kleopatra to latest snapshot
• aheinecke committed rKLEOPATRA3fd2d2c6fa4d: Move AutoLoadP15Certs to Smartcard group (authored by • aheinecke).
Move AutoLoadP15Certs to Smartcard group
• aheinecke committed rW695d0b20b69b: Update kleopatra to latest snapshot (authored by • aheinecke).
Update kleopatra to latest snapshot
• aheinecke committed rKLEOPATRA06912808c6c7: p15: Change load CMS certs btn to automatic (authored by • aheinecke).
p15: Change load CMS certs btn to automatic
• aheinecke committed rKLEOPATRA13b8d0bec62f: Make setShowsOutputWindow public for GnuPG CMD (authored by • aheinecke).
Make setShowsOutputWindow public for GnuPG CMD
amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
FYI, I built 2.3.6 using a modified archlinux PKGBUILD (& disabling patches to avoid conflicts), then did:
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
but ssh still fails as before
• werner triaged T5575: Supplying more than one passphrase or PIN using passphrase-fd as Low priority.
Please try a decent version of Gpg4win - we have fixed dozens of bugs in the mean time If the problems persists, please re-open this bug.
• werner triaged T5798: Empty emails in Outlook - conflict between gpgOl & ESET (antivirus add-in) as Low priority.
Conflicts between Add-Ins are often unavoidable. We have a list of known issues at:
https://wiki.gnupg.org/GpgOL/IncompatibleAddons
If you have more information on that ESET thingy please enter it into the above wiki or leave some description here.
• werner lowered the priority of T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) from High to Normal.