Page MenuHome GnuPG
Feed All Stories

Mar 10 2020

pmgdeb created T4873: Enable AES GCM in FIPS mode.
Mar 10 2020, 11:31 AM · FIPS, libgcrypt, Feature Request
Jetersen added a comment to T4871: gpg lock invalid key size due to not running UTF-8 encoding on Windows.

At no point did I mention log files ? So not sure where that is coming from.

Mar 10 2020, 11:27 AM · gnupg, gpg4win
aheinecke added a comment to T4871: gpg lock invalid key size due to not running UTF-8 encoding on Windows.

apologies but I do not understand this issue. Please clarify. Were you having issues with "log" files or "lock" files?
What was your issue?

Mar 10 2020, 10:16 AM · gnupg, gpg4win
wiktor-k added a comment to T4856: GPG: Key Exchange Put public OpenPGP key into signature.

This is a nice idea and although it overlaps with Autocrypt it has other uses too: for example verification of signed files that can be vastly simplified (just get the file and the signature, no key fetching needed, downside: the key attached to the signature could be stale).

Mar 10 2020, 10:04 AM · Feature Request, gpgol, Keyserver, gnupg
gniibe committed rC41ede3b56efd: constant-time-invm: Focus on odd case. (authored by gniibe).
constant-time-invm: Focus on odd case.
Mar 10 2020, 6:27 AM
gniibe committed rC5e6ff3ae9de7: constant-time--invm: Coding style change for libgcrypt. (authored by gniibe).
constant-time--invm: Coding style change for libgcrypt.
Mar 10 2020, 5:48 AM
gniibe committed rC74fd4287a10f: constant-invm: Fix odd_u calculation by our mpih_rshift result. (authored by gniibe).
constant-invm: Fix odd_u calculation by our mpih_rshift result.
Mar 10 2020, 5:09 AM
Thaodan committed rGTOfb1729591042: Add tabbardialog and use it. Card files missing see next commit. (authored by Thaodan).
Add tabbardialog and use it. Card files missing see next commit.
Mar 10 2020, 3:32 AM
gniibe created T4872: Support opaque MPI with gcry_mpi_print.
Mar 10 2020, 2:20 AM · Restricted Project, Feature Request, libgcrypt
dkg added a comment to T4856: GPG: Key Exchange Put public OpenPGP key into signature.

Ah, thanks for pointing out the subpacket option (i guess it could be hashed or unhashed). i don't think any of the subpackets currently defined in RFC4880 supports this use case -- but i guess you could mint a new one, or use a notation.

Mar 10 2020, 1:22 AM · Feature Request, gpgol, Keyserver, gnupg
Albert Astals Cid <aacid@kde.org> committed rKLEOPATRA23e18a6d21ce: Merge remote-tracking branch 'origin/release/19.12' (authored by Albert Astals Cid <aacid@kde.org>).
Merge remote-tracking branch 'origin/release/19.12'
Mar 10 2020, 12:44 AM
Valodim added a comment to T4856: GPG: Key Exchange Put public OpenPGP key into signature.

Werner said that it's possible in OpenPGP to also put the pubkey into the signature. (...) The nice advantage is that this will also work for files.

Mar 10 2020, 12:31 AM · Feature Request, gpgol, Keyserver, gnupg

Mar 9 2020

Jetersen added projects to T4871: gpg lock invalid key size due to not running UTF-8 encoding on Windows: gpg4win, gnupg.
Mar 9 2020, 10:42 PM · gnupg, gpg4win
Laurent Montel <montel@kde.org> committed rKLEOPATRA26e016983326: Autogenerate categories file (authored by Laurent Montel <montel@kde.org>).
Autogenerate categories file
Mar 9 2020, 10:34 PM
Moonchild added a comment to T4249: No connection to Keyserver possible.

I'm using enigmail 1.9.9 because I'm on a mail client that doesn't use WebExtensions, so it's using gnupg for keyserver stuff. In this case that means I've been able to verify it's a gnupg issue (both Kleopatra and enigmail displaying the same issue as CLI).

Mar 9 2020, 9:54 PM · gnupg, dirmngr, Bug Report, gpg4win
dkg added a comment to T4856: GPG: Key Exchange Put public OpenPGP key into signature.

Hi @aheinecke, thanks for thinking about this, and thanks for tagging me here too. I'm definitely interested.

Mar 9 2020, 9:53 PM · Feature Request, gpgol, Keyserver, gnupg
Jetersen created T4871: gpg lock invalid key size due to not running UTF-8 encoding on Windows in the S1 Public space.
Mar 9 2020, 8:55 PM · gnupg, gpg4win
dkg added a comment to T4857: GPGSM: Put encryption key also into signature.

This is an important fix for a sensible S/MIME use case. Thanks for working on it!

Mar 9 2020, 8:40 PM · gnupg, S/MIME
dkg added a comment to T4867: with non-existent homedir, `gpgconf --check-programs` produces surprising output..

Yes, i'd surmised that the ::::: lines are continuation lines of the error message. but why not just percent-escape the newline in the error message too? Where in the documentation of this API does it say to expect continuation lines of error messages? Is gpgconf expected to be used programmatically?

Mar 9 2020, 6:21 PM · gnupg (gpg22), Bug Report
dkg added a comment to T4249: No connection to Keyserver possible.

@Moonchild wrote:

using enigmail with the new version

Mar 9 2020, 6:14 PM · gnupg, dirmngr, Bug Report, gpg4win
gniibe committed rC4d911eadae3c: const-invm: Fix ->nlimbs. (authored by gniibe).
const-invm: Fix ->nlimbs.
Mar 9 2020, 1:15 PM
Simrah added a comment to T4870: Kleopatra - do not change the language from Russian.

Added variable value

set language
LANGUAGE=en_US

I launched the Kleopatra again. I did not notice any changes.

Mar 9 2020, 1:13 PM · Windows 64, Windows, kleopatra, Bug Report
Moonchild added a comment to T4249: No connection to Keyserver possible.

Just registered to report pretty much the same.
I've been using gpg 2 for a long while and it's been doing just fine, up to the point where people started using keys it didn't recognise that require a later version.

Mar 9 2020, 1:03 PM · gnupg, dirmngr, Bug Report, gpg4win
werner added a comment to T4867: with non-existent homedir, `gpgconf --check-programs` produces surprising output..

Well, I misread the output. What you see is what is expected. From the gpgconf man page:

Mar 9 2020, 12:57 PM · gnupg (gpg22), Bug Report
aheinecke triaged T4870: Kleopatra - do not change the language from Russian as Low priority.

Thanks for your report. Yes this is sadly a known issue. Our backend system has it's own localization that uses the system language and does not care about the Kleopatra configuration.

Mar 9 2020, 12:46 PM · Windows 64, Windows, kleopatra, Bug Report
werner added a comment to T4868: Heap buffer overflow in _gcry_mpi_tdiv_qr().

We don't consider this a security problem because the tool you used is a debug helper which we use during development (if at all). All real code needs to verify that it does not request a division by zero. The div-by-zero checks we added 8 years agot to other code paths (e.g. mpi_pow, rC2c54c4da19d3a79e9f749740828026dd41f0521a) are failstop measurements which should never be triggered.

Mar 9 2020, 12:45 PM · Bug Report
Simrah created T4870: Kleopatra - do not change the language from Russian.
Mar 9 2020, 12:29 PM · Windows 64, Windows, kleopatra, Bug Report
aheinecke committed rD25b3f852a8fa: swdb: Add gpg4win-3.1.11 (authored by aheinecke).
swdb: Add gpg4win-3.1.11
Mar 9 2020, 12:29 PM
Research_Team_loginsoft added a comment to T4868: Heap buffer overflow in _gcry_mpi_tdiv_qr().

Thanks for quick response and fixing the issue. We wanted to request for a CVE since libgcrypt is widely used and a patch has been provided. Please let us know if you have any disclosure policy.

Mar 9 2020, 11:53 AM · Bug Report
bernhard committed rM11edc073a3d2: python: fix minor typo in howto (authored by bernhard).
python: fix minor typo in howto
Mar 9 2020, 11:43 AM
bernhard committed rW625734c73821: Localize: tiny http -> https (authored by bernhard).
Localize: tiny http -> https
Mar 9 2020, 10:59 AM
werner committed rCffbc5702ab16: mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr. (authored by werner).
mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr.
Mar 9 2020, 10:45 AM
werner closed T4868: Heap buffer overflow in _gcry_mpi_tdiv_qr() as Resolved.

You are providing invaldid data to this debug helper tools and run into a div-by-zero. I will add the usual test earlier in the code path so that a fatal error is triggered. Thanks for the report.

Mar 9 2020, 10:39 AM · Bug Report
werner committed rCafbab896fa04: mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr. (authored by werner).
mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr.
Mar 9 2020, 10:37 AM
gniibe committed rCcd9c5fdee643: Rough sketch of SCR mpi_invm using Niels Möller algorithm. (authored by gniibe).
Rough sketch of SCR mpi_invm using Niels Möller algorithm.
Mar 9 2020, 9:06 AM
gniibe created T4869: constant-time mpi_invm.
Mar 9 2020, 8:56 AM · libgcrypt
Research_Team_loginsoft updated the task description for T4868: Heap buffer overflow in _gcry_mpi_tdiv_qr().
Mar 9 2020, 8:42 AM · Bug Report
Research_Team_loginsoft updated the task description for T4868: Heap buffer overflow in _gcry_mpi_tdiv_qr().
Mar 9 2020, 8:42 AM · Bug Report
Research_Team_loginsoft created T4868: Heap buffer overflow in _gcry_mpi_tdiv_qr().
Mar 9 2020, 8:40 AM · Bug Report

Mar 6 2020

dkg added a comment to T4867: with non-existent homedir, `gpgconf --check-programs` produces surprising output..

I think you mean "mix", not "fix". right?

Mar 6 2020, 7:06 PM · gnupg (gpg22), Bug Report
werner committed rG9bc3e7ec037e: gpgsm: Re-group the options in the --help output. (authored by werner).
gpgsm: Re-group the options in the --help output.
Mar 6 2020, 5:05 PM
werner committed rG4762367d6649: agent: Fix todays --re-group commit. (authored by werner).
agent: Fix todays --re-group commit.
Mar 6 2020, 5:05 PM
werner committed rG4c43fabbb012: dirmngr: Re-group the options in the --help output. (authored by werner).
dirmngr: Re-group the options in the --help output.
Mar 6 2020, 5:05 PM
werner committed rG41eb5108ce59: gpg: Re-group the options in the --help output. (authored by werner).
gpg: Re-group the options in the --help output.
Mar 6 2020, 3:31 PM
werner committed rGdaf5f4355db7: scd: Re-group the options in the --help output. (authored by werner).
scd: Re-group the options in the --help output.
Mar 6 2020, 3:31 PM
werner committed rGd2425d1495f4: gpgconf: Support reading global options (part 1). (authored by werner).
gpgconf: Support reading global options (part 1).
Mar 6 2020, 3:31 PM
werner committed rGc693b7f4ade9: agent: Re-group the options in the --help output. (authored by werner).
agent: Re-group the options in the --help output.
Mar 6 2020, 3:31 PM
werner committed rG4423e9dcde5e: gpgconf: Support reading global options (part 2). (authored by werner).
gpgconf: Support reading global options (part 2).
Mar 6 2020, 3:31 PM
werner committed rG6fa1808cb763: common: Add xreallocarray function. (authored by werner).
common: Add xreallocarray function.
Mar 6 2020, 3:31 PM
werner committed rG178b3772ff79: gpgconf: Always use xmalloc. (authored by werner).
gpgconf: Always use xmalloc.
Mar 6 2020, 3:31 PM
werner committed rE85b5006d01fc: core: Tweak the printing of headers in the --help output. (authored by werner).
core: Tweak the printing of headers in the --help output.
Mar 6 2020, 3:01 PM
werner committed rEc59bf5824aaf: core: Add features for pretty printing the help (authored by werner).
core: Add features for pretty printing the help
Mar 6 2020, 11:12 AM
werner added a comment to T4867: with non-existent homedir, `gpgconf --check-programs` produces surprising output..

You should not fix stdout with stderr. Granted we could fflush stdout after a line, but rsh is dead and so all software can distinguish between them.

Mar 6 2020, 9:03 AM · gnupg (gpg22), Bug Report
dkg updated the task description for T4867: with non-existent homedir, `gpgconf --check-programs` produces surprising output..
Mar 6 2020, 12:25 AM · gnupg (gpg22), Bug Report

Mar 5 2020

dkg created T4867: with non-existent homedir, `gpgconf --check-programs` produces surprising output..
Mar 5 2020, 11:01 PM · gnupg (gpg22), Bug Report
werner added a comment to T4866: `gpg-agent --gpgconf-list` returns a non-zero error code 2 if $HOME is non-existent, causing `gpgconf` to fail.

I t could print a warning for a non-existant homedir

Mar 5 2020, 8:24 PM · gpgagent, gnupg, Bug Report
aheinecke committed rWd4082ee4da0c: web: Use more https links (authored by aheinecke).
web: Use more https links
Mar 5 2020, 5:25 PM
dkg added a comment to T4866: `gpg-agent --gpgconf-list` returns a non-zero error code 2 if $HOME is non-existent, causing `gpgconf` to fail.

Sure, I personally know that GnuPG requires a homedir to operate.

Mar 5 2020, 3:20 PM · gpgagent, gnupg, Bug Report
werner lowered the priority of T4538: Support PSS signed CRLs from Normal to Low.

It is actually questionable whether PSS is a better padding scheme than PKCS#1, see
https://www.metzdowd.com/pipermail/cryptography/2019-November/035449.html . PSS seems indeed be rarely used; quoting Peter from a followup on his writeup: “If I get time over the weekend, and I can find a CMS message signed with RSA-PSS, I'll create a forgery using xor256.”

Mar 5 2020, 10:27 AM · dirmngr, S/MIME, libksba
werner added a comment to T4866: `gpg-agent --gpgconf-list` returns a non-zero error code 2 if $HOME is non-existent, causing `gpgconf` to fail.

As you surely known GnuPG requires its home directory; in particular when using the gpgconf to manage the config options. Thus I can't see what to do other than error out. gpgconf needs to know the location of the config file; if it is containign diretcory is not existant it will fail anyway.

Mar 5 2020, 10:14 AM · gpgagent, gnupg, Bug Report
werner added a comment to T4863: Yubikey 5Ci for iPhone.

Okay, I recall that I have seen these Yubikeys. Can you tell me which GPG app you intended to use? I am not aware of any GnuPG ports to the iPhone.

Mar 5 2020, 10:10 AM · yubikey, Feature Request

Mar 4 2020

JW-D added a comment to T4863: Yubikey 5Ci for iPhone.

The new Yubikey 5Ci does NOT work with NFC, this is wrong. This Yubikey is delivered with two connectors: A lightning and an USB-C, see: https://www.mtrix.de/shop/yubikey-5ci/. The key can be connected to a laptop and an iPhone by plug-in. So the new Yubikey 5Ci does not require NFC at all. You refer to the Yubikey 5 NFC. This technology is not supported by developers because they do not have experiences there. With the plug and play functionality of a lightning connector it is easier and few application already exist (e.g. Yubico authenticator and several password manager in the professional edition). Hope this information will be useful for you.

Mar 4 2020, 7:04 PM · yubikey, Feature Request
dkg created T4866: `gpg-agent --gpgconf-list` returns a non-zero error code 2 if $HOME is non-existent, causing `gpgconf` to fail.
Mar 4 2020, 4:46 PM · gpgagent, gnupg, Bug Report
aheinecke added a comment to T4538: Support PSS signed CRLs.

To summarize: The DGN CRL uses a the RSA-PSS Padding / Signature Scheme. ( https://de.wikipedia.org/wiki/Probabilistic_Signature_Scheme )

Mar 4 2020, 3:17 PM · dirmngr, S/MIME, libksba
aheinecke created T4865: Kleopatra / GpgOL no support for CRL or pubkey attachments.
Mar 4 2020, 12:56 PM · kleopatra, gpgol
werner added a comment to T4862: pubkeys are imported despite the --no-auto-key-retrieve option.

keyserver-URL needs to be replaced with with a keyserver URL, like

hkps://hkps.pool.sks-keyservers.net
Mar 4 2020, 9:34 AM · Too Old, FAQ, gnupg
werner triaged T4863: Yubikey 5Ci for iPhone as Normal priority.
Mar 4 2020, 9:17 AM · yubikey, Feature Request
werner added a comment to T4863: Yubikey 5Ci for iPhone.

Supporting NFC tokens requires implementing secure messaging for cards. This is on our todo list anyway but has had no priority. I have a couple of Yubikeys but not done any work on NFC.

Mar 4 2020, 9:17 AM · yubikey, Feature Request

Mar 3 2020

werner committed rE969abd302211: core: New function gpgrt_reallocarray. (authored by werner).
core: New function gpgrt_reallocarray.
Mar 3 2020, 3:44 PM
werner committed rE72a15bad8f27: core: Fix allocation bug introduced with last commit. (authored by werner).
core: Fix allocation bug introduced with last commit.
Mar 3 2020, 3:44 PM
werner committed rC8ce47c1f6ef6: doc: Fix description of hash algorithms (authored by Sébastien Helleu <flashcode@flashtux.org>).
doc: Fix description of hash algorithms
Mar 3 2020, 2:02 PM
werner committed rCda8623bd6dbf: doc: Fix description of hash algorithms (authored by Sébastien Helleu <flashcode@flashtux.org>).
doc: Fix description of hash algorithms
Mar 3 2020, 2:02 PM
werner committed rGa94daa6549f3: card: Add yet another vendor. (authored by werner).
card: Add yet another vendor.
Mar 3 2020, 1:37 PM
werner committed rGc8ad567e7c87: Protect error counter against overflow. (authored by werner).
Protect error counter against overflow.
Mar 3 2020, 12:24 PM
werner committed rG3c4ab531eb1a: card: Add new vendor. (authored by werner).
card: Add new vendor.
Mar 3 2020, 12:01 PM
werner committed rG4df1181c07eb: gpg: Add new card vendor (authored by werner).
gpg: Add new card vendor
Mar 3 2020, 12:01 PM
gniibe triaged T4864: New scdaemon command to watch device removal as Normal priority.
Mar 3 2020, 8:26 AM · Restricted Project, Feature Request, scd, Bug Report
gniibe claimed T4864: New scdaemon command to watch device removal.
Mar 3 2020, 8:26 AM · Restricted Project, Feature Request, scd, Bug Report
gniibe created T4864: New scdaemon command to watch device removal.
Mar 3 2020, 8:26 AM · Restricted Project, Feature Request, scd, Bug Report

Mar 2 2020

werner committed rEdb95feab16e3: core: New internal option --dump-option-table for argparser. (authored by werner).
core: New internal option --dump-option-table for argparser.
Mar 2 2020, 5:59 PM
werner committed rEf816797c8734: core: Replace fputs by es_fputs in argparser. (authored by werner).
core: Replace fputs by es_fputs in argparser.
Mar 2 2020, 5:59 PM
werner committed rEd3661d81e9aa: core: Allow returning of attributes from gpgrt_argparser. (authored by werner).
core: Allow returning of attributes from gpgrt_argparser.
Mar 2 2020, 5:59 PM
aheinecke triaged T4842: Kleopatra: Right click menu greyed out as Normal priority.

I don't have a Free BSD. Can you please try out the patch that I have appended to https://bugs.kde.org/show_bug.cgi?id=415168 ?

Mar 2 2020, 1:17 PM · kleopatra, Bug Report

Mar 1 2020

JW-D created T4863: Yubikey 5Ci for iPhone.
Mar 1 2020, 5:17 PM · yubikey, Feature Request
cipherpunks added a comment to T4862: pubkeys are imported despite the --no-auto-key-retrieve option.

In my particular case, I want to find out if an email address has a publickey associated to it that is publically available anywhere. I do not want to import the key automatically. I used to use this command:

Mar 1 2020, 5:00 PM · Too Old, FAQ, gnupg
Christoph Feck <cfeck@kde.org> committed rKLEOPATRA9a82932ce4b0: GIT_SILENT Update Appstream for new release (authored by Christoph Feck <cfeck@kde.org>).
GIT_SILENT Update Appstream for new release
Mar 1 2020, 11:01 AM

Feb 29 2020

werner edited projects for T4862: pubkeys are imported despite the --no-auto-key-retrieve option, added: gnupg, FAQ; removed Bug Report.

--auto-key-retrieves tries to find a key when verifying a signature. --locate-key however does the same as what -r does and locates a key for further use. If you don't what that, don't include a key discovery mechanism in the the auto-key-locate like (wkd in this case, which is anyway the default).

Feb 29 2020, 5:49 PM · Too Old, FAQ, gnupg
cipherpunks created T4862: pubkeys are imported despite the --no-auto-key-retrieve option.
Feb 29 2020, 5:15 PM · Too Old, FAQ, gnupg

Feb 28 2020

dkg added a comment to T4788: System wide configuration of the GnuPG system.

i'd be unlikely to ship anything as /etc/gnupg/gpg.conf or /etc/gnupg/dirmngr.conf just because of the mess that admins have to deal with when shipped config files change.

Feb 28 2020, 11:20 PM · gnupg (gpg23), Feature Request, gpg4win, g10code
kopfuss added a comment to T4861: GPGme 1.13.1 fails at t-json.
In T4861#132936, @dkg wrote:

0005 and 0006 from the debian distribution of gpgme.

Feb 28 2020, 9:06 PM · gpgme, Bug Report
werner changed the status of T4788: System wide configuration of the GnuPG system from Testing to Open.

Arggh, gpgconf uses its own option parser so adding the global config file there will require some extra work.

Feb 28 2020, 2:40 PM · gnupg (gpg23), Feature Request, gpg4win, g10code
aheinecke updated subscribers of T4788: System wide configuration of the GnuPG system.

@dkg You might find this interesting. Debian could do stuff in /etc/gnupg/gpg.conf or /etc/gnupg/dirmngr.conf without patching GnuPG to change some defaults.

Feb 28 2020, 11:31 AM · gnupg (gpg23), Feature Request, gpg4win, g10code
aheinecke added a comment to T4861: GPGme 1.13.1 fails at t-json.

Thanks for the report. Indeed I closed this as a duplicated. Thanks @dkg for pointing out the patches.

Feb 28 2020, 11:28 AM · gpgme, Bug Report
aheinecke merged T4861: GPGme 1.13.1 fails at t-json into T4820: gpgme's json test fails with gpg 2.2.19.
Feb 28 2020, 11:26 AM · gpgme (gpgme 1.23.x), Bug Report
aheinecke merged task T4861: GPGme 1.13.1 fails at t-json into T4820: gpgme's json test fails with gpg 2.2.19.
Feb 28 2020, 11:26 AM · gpgme, Bug Report
gniibe added a project to T4832: card: when KDF is enabled, use of pinpad input should be disabled: Restricted Project.
Feb 28 2020, 8:39 AM · Restricted Project, gnupg (gpg22), scd, Bug Report
gniibe changed the status of T3891: kdf-setup does not set admin and user PIN codes, a subtask of T3152: KDF DO support in OpenPGP card, from Open to Testing.
Feb 28 2020, 8:34 AM · scd
gniibe changed the status of T3891: kdf-setup does not set admin and user PIN codes from Open to Testing.

I pushed the change to master.

Feb 28 2020, 8:34 AM · Restricted Project, scd, Bug Report
gniibe changed the status of T3891: kdf-setup does not set admin and user PIN codes, a subtask of T3823: gpg frontend support to setup KDF DO, from Open to Testing.
Feb 28 2020, 8:34 AM · scd
gniibe committed rG19f70b5072b2: scd: Fix the previous commit. (authored by gniibe).
scd: Fix the previous commit.
Feb 28 2020, 8:26 AM