Page MenuHome GnuPG
Feed All Stories

Jul 8 2021

werner committed rG924c8221fbe5: scd: Silence compiler waring about unused args. (authored by werner).
scd: Silence compiler waring about unused args.
Jul 8 2021, 2:16 PM
werner closed T4505: SM, W32: GPGSM hangs up the GnuPG System as Resolved.
Jul 8 2021, 2:13 PM · Restricted Project, kleopatra, gpgol, S/MIME, gpg4win, Windows
andreasstieger added a comment to T5522: gpgme: qt: t-various.cpp TestVarious::testSignKeyWithExpiration fails on 32 bit.

rM6a79e90dedc19877ae1c520fed875b57089a5425 looks good

Jul 8 2021, 1:44 PM · gpgme, Bug Report
ikloecker committed rMa5662a801fc1: core: Ensure gpg.conf for tests is recreated if necessary (authored by ikloecker).
core: Ensure gpg.conf for tests is recreated if necessary
Jul 8 2021, 12:42 PM
ikloecker committed rM6a79e90dedc1: Make sure expiration time is interpreted as unsigned number (authored by ikloecker).
Make sure expiration time is interpreted as unsigned number
Jul 8 2021, 12:42 PM
ikloecker claimed T5522: gpgme: qt: t-various.cpp TestVarious::testSignKeyWithExpiration fails on 32 bit.
Jul 8 2021, 11:42 AM · gpgme, Bug Report
Jakuje added a comment to T5521: Use of conscious language.

There is no point in questioning whether a couple of words change racism or any other human problems of these days. It will not.

Jul 8 2021, 10:38 AM · Won't Fix, Feature Request, gnupg (gpg23), libgcrypt
Jakuje added a comment to T5520: Fix tests in FIPS mode.

I was so far testing with changes on top of our patches.

Jul 8 2021, 10:26 AM · Testing, FIPS, libgcrypt, Bug Report
Jakuje added a comment to T4873: Enable AES GCM in FIPS mode.

Right. The AES-GCM was not allowed in FIPS mode until recently and I think now it is acceptable only for certain protocols (TLS, SSH), which guarantee that the IV is handled "correctly". As mentioned by gniibe, the requirements is that one should not be able to set IV to any specific value. The IV should be incremented automatically inside of the library (with some mask length + some generator configuration), somehow similarly as it is done with openssl, which would probably requite a new API in libgcrypt.

Jul 8 2021, 10:09 AM · libgcrypt, Feature Request
Laurent Montel <montel@kde.org> committed rLIBKLEO2e86bc416365: GIT_SILENT: Prepare 21.08 beta (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: Prepare 21.08 beta
Jul 8 2021, 7:20 AM
gniibe added a comment to T5520: Fix tests in FIPS mode.

With `/etc/gcrypt/fips_enabled/', make check fails by:

Jul 8 2021, 6:50 AM · Testing, FIPS, libgcrypt, Bug Report
gniibe added a comment to T4873: Enable AES GCM in FIPS mode.

If I understand correctly, to conform FIPS, we need to ensure Key/IV pair uniqueness (See "Implementation Guidance for FIPS 140-3", Annex C. "C.H Key/IV Pair Uniqueness Requirements from SP 800-38D").
Use of the API to set IV by any value may be considered bad.

Jul 8 2021, 3:55 AM · libgcrypt, Feature Request
gniibe added a comment to T5520: Fix tests in FIPS mode.

Update: still ./basic --fips fails (for me), because of GCM (18 errors).
Need to fix T4873: Enable AES GCM in FIPS mode.

Jul 8 2021, 2:58 AM · Testing, FIPS, libgcrypt, Bug Report

Jul 7 2021

andreasstieger created T5522: gpgme: qt: t-various.cpp TestVarious::testSignKeyWithExpiration fails on 32 bit.
Jul 7 2021, 8:56 PM · gpgme, Bug Report
Saturneric added a comment to T5468: About the API of GpgME to revoke key pairs and subkeys..

Thanks for the reply, this source code file and suggestions are very useful. Let gpg execute commands is a solution, but it is not optimal compared to providing a functional interface.
In addition, it is reversible to revoke the subkey by expiring it. But I will use the solutions you provide at this stage, knowing that you have time to provide better solutions. thank you!

Jul 7 2021, 6:26 PM · gpgme, Feature Request
werner triaged T5521: Use of conscious language as Wishlist priority.

Sorry, this is not acceptable to me. <rant>You don't change racism by avoid words which are may be connected to racism. Master is a term used for example to indicate that a person is proficient in her profession. Slave is (in theory) a historic term to describe, well slaves. That is humans who are non-free and are not allowed to control their lives - like the majority of humans these days - they are just called different and the methods of suppression are different than in the past. In fact a Roman slave (but not a medieval bondsman) had well defined and esteemed rights not something the majority of US citizen with a dark skin has in practice. Term abolished, racism abolished, works as good as freeing the US slaves in the 1856, the 1960, or still today. It did not work. Mr. Kings hope has not yet realized itself and is now maybe farther away than we all had hoped in the second half of the last century. Don't cover facts by changing words used in a very different context.</rant>

Jul 7 2021, 5:48 PM · Won't Fix, Feature Request, gnupg (gpg23), libgcrypt
jukivili committed rCb98ca3f798ab: tests/basic: use SHA256 instead of RMD160 for SHAKE extract testing (authored by jukivili).
tests/basic: use SHA256 instead of RMD160 for SHAKE extract testing
Jul 7 2021, 5:29 PM
jukivili added a comment to T5520: Fix tests in FIPS mode.

That crcalgo can be any digest algorithm and SHA256 seems best option to me.

Jul 7 2021, 5:29 PM · Testing, FIPS, libgcrypt, Bug Report
Jakuje created T5521: Use of conscious language.
Jul 7 2021, 5:00 PM · Won't Fix, Feature Request, gnupg (gpg23), libgcrypt
Jakuje added a comment to T5520: Fix tests in FIPS mode.

Thank you for checking and for revised patch. I tested your patch and it works fine for the basic test up until this failure with the crcalgo:

basic: algo 316, crcalgo: 3, gcry_md_open failed: Invalid digest algorithm
basic: algo 317, crcalgo: 3, gcry_md_open failed: Invalid digest algorithm

These are GCRY_MD_SHAKE128 and GCRY_MD_SHAKE256, but the md used here is actually GCRY_MD_RMD160 which is hardcoded and not allowed in FIPS.

Jul 7 2021, 3:15 PM · Testing, FIPS, libgcrypt, Bug Report
werner triaged T5480: Export keys + manual as Low priority.
Jul 7 2021, 2:28 PM · Info Needed, gpg4win, Feature Request
ikloecker added a comment to T5468: About the API of GpgME to revoke key pairs and subkeys..

What do you mean by "exporting revocation certificates"? Once such a certificate is imported you simply export the public key including the revocation signature. Otherwise, simply takes the revocation certificates from ${GNUPGHOME}/openpgp-revocs.d where they are written to, if you generate a key. Kleopatra uses gpg directly to generate a revocation certificate mimicking what gpgme would do: See https://dev.gnupg.org/source/kleo/browse/master/src/commands/genrevokecommand.cpp.

Jul 7 2021, 10:24 AM · gpgme, Feature Request
gniibe committed rCccb076e8aabb: tests: Fix tests/basic.c for FIPS mode. (authored by gniibe).
tests: Fix tests/basic.c for FIPS mode.
Jul 7 2021, 9:32 AM
gniibe committed rC61c87070abc4: tests: Skip unavailable ciphers in FIPS mode. (authored by gniibe).
tests: Skip unavailable ciphers in FIPS mode.
Jul 7 2021, 9:32 AM
werner added a comment to T5520: Fix tests in FIPS mode.

That reminds me that we we should replace libgcrypt's internal debug functions by those from gpgrt. We have a dependency for gpgrt anyway and thus we should avoid code duplication. Sure we will keep the existsing public functions but that is easy given that gpgrt comes with gpgrt_logv since 1.28 which we can make mandatory (currently libgcrypt requires 1.27 (from 2017, with 1.28 is from 2018)

Jul 7 2021, 9:24 AM · Testing, FIPS, libgcrypt, Bug Report
gniibe added a comment to T5520: Fix tests in FIPS mode.

I applied rC297d31294333: tests: Fix messages to STDERR when FIPS mode is enabled.. Please note that your intention to change check_digests is right, but your patch actually didn't; When a MD algo is not supported, gcry_md_test_algo returns != 0 (an error code), and it "continues" to next entry (before the change).

Jul 7 2021, 8:19 AM · Testing, FIPS, libgcrypt, Bug Report
gniibe committed rC297d31294333: tests: Fix messages to STDERR when FIPS mode is enabled. (authored by gniibe).
tests: Fix messages to STDERR when FIPS mode is enabled.
Jul 7 2021, 8:16 AM
gniibe added a comment to T5520: Fix tests in FIPS mode.

Thank you for your report.

Jul 7 2021, 8:07 AM · Testing, FIPS, libgcrypt, Bug Report
Laurent Montel <montel@kde.org> committed rLIBKLEO5f5c2f3b2e2d: GIT_SILENT: add clang support (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: add clang support
Jul 7 2021, 8:04 AM
Laurent Montel <montel@kde.org> committed rKLEOPATRAaed5d582f993: GIT_SILENT: add clang support (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: add clang support
Jul 7 2021, 8:03 AM
gniibe claimed T5520: Fix tests in FIPS mode.
Jul 7 2021, 4:42 AM · Testing, FIPS, libgcrypt, Bug Report

Jul 6 2021

bernhard committed rW4a5ef6c098a5: Add the timezone to the last g10 certificate (authored by bernhard).
Add the timezone to the last g10 certificate
Jul 6 2021, 6:30 PM
werner triaged T5427: Update Italian Version as Normal priority.
Jul 6 2021, 6:18 PM · i18n, gpg4win
werner closed T5414: Input/output error (218136625) as Resolved.

Check that the file exists and that you have permissions to read the file. You may use an editor to try this out.

Jul 6 2021, 6:16 PM · Support, gpg4win
werner lowered the priority of T4884: PKCS #15 support in gpgsm from High to Normal.
Jul 6 2021, 6:12 PM · Feature Request, gnupg, scd, S/MIME
werner triaged T5468: About the API of GpgME to revoke key pairs and subkeys. as Normal priority.
Jul 6 2021, 6:10 PM · gpgme, Feature Request
werner triaged T5460: Migration for ABI change (newer mingw) as Normal priority.
Jul 6 2021, 6:09 PM · gpg4win, Windows
jukivili committed rC69fdcb543323: ec: add zSeries/s390x accelerated scalar multiplication (authored by jukivili).
ec: add zSeries/s390x accelerated scalar multiplication
Jul 6 2021, 6:07 PM
jukivili committed rC4b76fa6a1f92: rinjdael-s390x: fix UBSAN warning on using index beyond end of array (authored by jukivili).
rinjdael-s390x: fix UBSAN warning on using index beyond end of array
Jul 6 2021, 6:07 PM
jukivili closed T5510: libgcrypt: incorrect computation for secp192r1 as Resolved.
Jul 6 2021, 6:02 PM · libgcrypt, Bug Report
werner triaged T5520: Fix tests in FIPS mode as High priority.
Jul 6 2021, 3:33 PM · Testing, FIPS, libgcrypt, Bug Report
werner added a project to T5520: Fix tests in FIPS mode: FIPS.
Jul 6 2021, 1:46 PM · Testing, FIPS, libgcrypt, Bug Report
Jakuje created T5520: Fix tests in FIPS mode.
Jul 6 2021, 12:03 PM · Testing, FIPS, libgcrypt, Bug Report
ikloecker moved T5517: Improvements for symmetric encryption from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Jul 6 2021, 9:11 AM · pinentry, Restricted Project
ikloecker moved T5473: Libkleo build for Windows broken from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Jul 6 2021, 9:11 AM · kleopatra, Restricted Project
gniibe added a comment to T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before.

In agent_write_private_key of agent/findkey.c, when file is available, it returns GPG_ERR_EEXIST error. Thus, private (stub) key will be kept.

Jul 6 2021, 8:45 AM · Info Needed, gnupg
gniibe committed rG044e5a3c3801: scd: Detect external interference when PCSC_SHARED. (authored by gniibe).
scd: Detect external interference when PCSC_SHARED.
Jul 6 2021, 7:57 AM
werner added a comment to T5433: libgcrypt: Do not use SHA1 by default.

With the planned new context aware pubkey functions we technically could do this change w/o an ABI break.

Jul 6 2021, 7:57 AM · FIPS, libgcrypt, Bug Report
gniibe moved T5433: libgcrypt: Do not use SHA1 by default from Backlog to For 1.10 on the libgcrypt board.
Jul 6 2021, 6:33 AM · FIPS, libgcrypt, Bug Report
gniibe moved T5508: Allow hardware optimizations in FIPS from Backlog to For 1.10 on the libgcrypt board.
Jul 6 2021, 6:33 AM · Testing, FIPS, libgcrypt, Bug Report

Jul 5 2021

Heiko Becker <heiko.becker@kde.org> committed rKLEOPATRA9775a38132a2: GIT_SILENT Update Appstream for new release (authored by Heiko Becker <heiko.becker@kde.org>).
GIT_SILENT Update Appstream for new release
Jul 5 2021, 9:22 PM
Heiko Becker <heiko.becker@kde.org> committed rKLEOPATRA22c65cd389f5: GIT_SILENT Update Appstream for new release (authored by Heiko Becker <heiko.becker@kde.org>).
GIT_SILENT Update Appstream for new release
Jul 5 2021, 9:22 PM
ikloecker added a comment to T5473: Libkleo build for Windows broken.

This patch for libkleo fixes the build. Alternatively, updating extra-cmake-modules to 5.80 (where the target-variant of ecm_qt_declare_logging_category was added) fixes the build.

Jul 5 2021, 7:20 PM · kleopatra, Restricted Project
gniibe claimed T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before.
Jul 5 2021, 10:14 AM · Info Needed, gnupg
Laurent Montel <montel@kde.org> committed rLIBKLEO05e5a6f5df26: GIT_SILENT: we depend against c++17 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: we depend against c++17
Jul 5 2021, 9:33 AM
Laurent Montel <montel@kde.org> committed rKLEOPATRAdeeb7d26d7e4: GIT_SILENT: we depend against c++17 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: we depend against c++17
Jul 5 2021, 9:23 AM
gniibe added a comment to T5512: Implement service indicators.

Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program:
https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf

Jul 5 2021, 8:50 AM · Feature Request, FIPS, libgcrypt
werner is attending E876: Weekly Standup.
Jul 5 2021, 7:23 AM
gniibe added a comment to E876: Weekly Standup.

Last week:

  • OpenPGP card tests (finished for Zeitcontrol)

This week:

  • FSIJ AGM (on Saturday)
  • Check libgcrypt patches around (SUSE, Fedora, etc.)
  • Learn about FIPS 140-3
Jul 5 2021, 6:22 AM
gniibe is attending E876: Weekly Standup.
Jul 5 2021, 6:11 AM

Jul 4 2021

noblydev updated noblydev.
Jul 4 2021, 9:22 PM
werner committed rD8cf26a72d9f1: swdb: GnuPG 2.2.29 (authored by werner).
swdb: GnuPG 2.2.29
Jul 4 2021, 5:49 PM
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html on T5498: Release GnuPG 2.2.29.
Jul 4 2021, 5:45 PM · Release Info, gnupg (gpg22)
werner closed T5497: v2.2.28 fails to locate-key from keyserver by email: Invalid user ID as Resolved.
Jul 4 2021, 5:30 PM · Bug Report
werner closed T5487: GnuPG 2.2.28 not working with Yubikey NEO as Resolved.
Jul 4 2021, 5:30 PM · yubikey, gnupg (gpg22), Bug Report
werner committed rG4952ed958413: Post release updates (authored by werner).
Post release updates
Jul 4 2021, 5:29 PM
werner committed rG695a879af81e: Release 2.2.29 (authored by werner).
Release 2.2.29
Jul 4 2021, 5:29 PM
werner committed rG3283cf3a7a5e: Update OpenPGP card vendor list. (authored by werner).
Update OpenPGP card vendor list.
Jul 4 2021, 5:29 PM
werner closed T5498: Release GnuPG 2.2.29 as Resolved.
Jul 4 2021, 5:29 PM · Release Info, gnupg (gpg22)
werner triaged T5519: Release GnuPG 2.2.30 as Low priority.
Jul 4 2021, 5:23 PM · Release Info, gnupg (gpg22)
werner triaged T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient. as Normal priority.
Jul 4 2021, 4:19 PM · gnupg (gpg22), Windows, Bug Report

Jul 2 2021

werner committed rG51310497ef0f: po: Remove removed files. (authored by werner).
po: Remove removed files.
Jul 2 2021, 2:45 PM
bookie added a project to T5518: "Direct Action" to E-Mail not stable: gpgol.
Jul 2 2021, 1:38 PM · gpgol, Bug Report, gpg4win
bookie created T5518: "Direct Action" to E-Mail not stable.
Jul 2 2021, 1:34 PM · gpgol, Bug Report, gpg4win
werner added a comment to T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient..

It is a matter of the used font. 2.2.29 will fix this problem.

Jul 2 2021, 7:52 AM · gnupg (gpg22), Windows, Bug Report
jukivili committed rC3f4a59299134: tests/t-mpi-point: add one more NIST P-256 reduction test-vector (authored by jukivili).
tests/t-mpi-point: add one more NIST P-256 reduction test-vector
Jul 2 2021, 12:49 AM
jukivili added a comment to T5510: libgcrypt: incorrect computation for secp192r1.

Got a new bug with regression range ccfa9f2c1427b40483984198c3df41f8057f69f8:6dfab8cfb94ccb485a15b13df3c499cbb06fddf2

curve=23 secp256r1
point=04555555ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff73a865e2e128733884fb82ce625ade822f7d8a59a4dcc09266966cf1bf082856
bignum=2020ff2020202020202020202020202020202020202020202020202020202020
nettle: 0 045549408909dd3e772d7d669f8fba2248d334b54be3d18833223d944a328948c76198ac3b29712256dcd9ce1a09471f04267684e1edd45910d61d0b7847db2d58
gcrypt: 0 047a6ec0df23082c8ce54c2b536d76b30464f4e1e690bb77665d298f05f0bee6806e7db3377141cc71ee30dcb8ffb7240bc3ecf29132ab5eb4ae03c067cea0d561
Jul 2 2021, 12:43 AM · libgcrypt, Bug Report

Jul 1 2021

catenacyber added a comment to T5510: libgcrypt: incorrect computation for secp192r1.

Got a new bug with regression range ccfa9f2c1427b40483984198c3df41f8057f69f8:6dfab8cfb94ccb485a15b13df3c499cbb06fddf2

Jul 1 2021, 10:19 PM · libgcrypt, Bug Report
Reiner added a comment to T5491: Console output failure with no-unicode font: GnuPG 2.2.28 is not working with »encrypt-to« in gpg.conf without specifying another recipient..

Same error message in Windows 8.1 x64 with the commands:
gpg --local-user 0x12345678 --sign-key 0xABCDEF12 or: gpg --default-key 0x12345678 --sign-key 0xABCDEF12.

Jul 1 2021, 7:24 PM · gnupg (gpg22), Windows, Bug Report
jukivili committed rC9911069388e7: bench-slope: add X25519 and X448 scalar multiplication (authored by jukivili).
bench-slope: add X25519 and X448 scalar multiplication
Jul 1 2021, 5:38 PM
jukivili committed rC2fcac487069f: mpi: optimizations for MPI scanning and printing (authored by jukivili).
mpi: optimizations for MPI scanning and printing
Jul 1 2021, 5:38 PM
jukivili committed rCef676b9c14da: mpi/ec: cache converted field_table MPIs (authored by jukivili).
mpi/ec: cache converted field_table MPIs
Jul 1 2021, 5:38 PM
jukivili committed rC38d80fdfddd0: mpi_ec_get_affine: fast path for Z==1 case (authored by jukivili).
mpi_ec_get_affine: fast path for Z==1 case
Jul 1 2021, 5:38 PM
jukivili committed rC165237776389: tests/t-mpi-point: add reduction test-vectors for secp256k1 (authored by jukivili).
tests/t-mpi-point: add reduction test-vectors for secp256k1
Jul 1 2021, 5:38 PM
werner removed invites for E876: Weekly Standup: cbiedl.
Jul 1 2021, 12:37 PM
werner changed the edit policy for E876: Weekly Standup.
Jul 1 2021, 12:36 PM
werner removed a member for g10code: cbiedl.
Jul 1 2021, 12:36 PM
werner defrocked cbiedl.
Jul 1 2021, 12:35 PM
werner committed rDaf638d166270: web: Removed Stripe logo (authored by werner).
web: Removed Stripe logo
Jul 1 2021, 11:02 AM
ikloecker moved T5473: Libkleo build for Windows broken from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Jul 1 2021, 10:42 AM · kleopatra, Restricted Project
aheinecke added projects to T5517: Improvements for symmetric encryption: Restricted Project, pinentry.
Jul 1 2021, 10:15 AM · pinentry, Restricted Project
aheinecke triaged T5517: Improvements for symmetric encryption as Normal priority.
Jul 1 2021, 10:15 AM · pinentry, Restricted Project
aheinecke added a comment to T5511: Kleopatra: Show "is this your own key" question for Smartcards somehow, too.

Very cool, I like it especially that you avoided a popup and used that action mechanism.

Jul 1 2021, 8:34 AM · kleopatra, Restricted Project
aheinecke awarded T5511: Kleopatra: Show "is this your own key" question for Smartcards somehow, too a Like token.
Jul 1 2021, 8:30 AM · kleopatra, Restricted Project

Jun 30 2021

ikloecker moved T5511: Kleopatra: Show "is this your own key" question for Smartcards somehow, too from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Jun 30 2021, 6:54 PM · kleopatra, Restricted Project
ikloecker changed the status of T5511: Kleopatra: Show "is this your own key" question for Smartcards somehow, too from Open to Testing.

When selecting a certification key without ultimate trust the message "Is this your own key?" is shown.

Jun 30 2021, 6:54 PM · kleopatra, Restricted Project
ikloecker committed rLIBKLEO33b28a9783af: Try hard to keep the currently selected key/item if the model changes (authored by ikloecker).
Try hard to keep the currently selected key/item if the model changes
Jun 30 2021, 6:50 PM
ikloecker committed rLIBKLEO8749864110c6: Avoid emission of detailed model signals if model reset is in progress (authored by ikloecker).
Avoid emission of detailed model signals if model reset is in progress
Jun 30 2021, 6:50 PM
ikloecker committed rKLEOPATRA08d42db60ed5: Allow the user to set owner trust for the certification key (authored by ikloecker).
Allow the user to set owner trust for the certification key
Jun 30 2021, 6:48 PM
jukivili committed rCfc92c609dfdb: ec-nist: fix 'mod p' carry adjustment and output masking (authored by jukivili).
ec-nist: fix 'mod p' carry adjustment and output masking
Jun 30 2021, 5:58 PM