Allow retrieving a group with a certain id from the cache
Add helper for checking if a container contains a certain key
Allow suspending the auto-refresh of the key cache
Add helper to get the fingerprints of a bunch of keys
Set group config to use by KeyCache instead of group config filename
Get multiple keys by their fingerprints
Add helper for converting a QStringList to a vector of std::strings
Factor code reading/writing the group configuration out of KeyCache
Tested both with the policies key and with the normal key and with HKLM fallback. Works as expected. There was also an issue where the error handling in case setting the HTML body failed did no longer work, probably since the verification preview changes. This was fixed with 76b43345cdd3e932dae7b677e5c021ca52191f8e
I just wanted to add one more note that i just found out that the tests or gcry_control have no effect in case the is called from constructor.
web: Removed franken.de mirror, which is not longer available.
tests:pkcs1v2: Skip tests with small keys in FIPS mode.
tests:pubkey: Replace RSA key to one of 2k.
tests: Use GPG_ERROR_MT_LIBS for a test with threads.
Laurent Montel <montel@kde.org> committed
rLIBKLEOdb985745c3d6: GIT_SILENT: master is open (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: master is open
I compiled the Appimage with the scripts in Gpg4win and it runs Kleopatra and works :-)
Make compendium compile with latex from bullseye
Also add PCRE checksum in master
Update glib and add PCRE package
Update glib to 2.50 to fix build with gcc 10
libtool: Link without -flat_namespace for macOS.
Fix internal API of functions to match declaration.
libtool: Link without -flat_namespace for macOS.
libtool: Link without -flat_namespace for macOS.
scd: More conservative selection of a card reader.
doc: Fix NEWS entry to refer CVE-2021-40528.
doc: Fix NEWS entry to refer CVE-2021-40528.
libtool: Link without -flat_namespace for macOS.
libtool: Link without -flat_namespace for macOS.
Since there is no problem with libgpg-error 1.43, I applied it to other libraries: npth, libassuan, libksba, and ntbtls.
I'll fix regressions: failures of and .
Yes, keep the internal SHA-3.
drafts,openpgp-webkey-service: Clarify when to use the direct method.
wks: Do not mark key files as executable
wks: Allow access to newly created dirs
wks: Do not mark key files as executable
wks: Allow access to newly created dirs
doc: Minor fix for --http-proxy.
Blowfish is not part of OpenPGP and according to its creator not the best cipher. Sorry to say no. You may nevertheless be interested in the recent discussion threads on PQC on the cryptography ML.
Applied and pushed symmetric algo for .
tests: Explicit FIPS checking for symmetric algorithms.
tests: Benchmark also larger RSA keys in FIPS mode
Let me clean up for current use case, at first.
I decided to use 3.3.0 disabling pthread feature.
Heiko Becker <heiko.becker@kde.org> committed
rLIBKLEO49e32463f364: GIT SILENT Change BRANCH_GROUP to stable-kf5-qt5 (authored by Heiko Becker <heiko.becker@kde.org>).
GIT SILENT Change BRANCH_GROUP to stable-kf5-qt5
Heiko Becker <heiko.becker@kde.org> committed
rKLEOPATRAa7abeea92d99: GIT SILENT Change BRANCH_GROUP to stable-kf5-qt5 (authored by Heiko Becker <heiko.becker@kde.org>).
GIT SILENT Change BRANCH_GROUP to stable-kf5-qt5
Heiko Becker <heiko.becker@kde.org> committed
rKLEOPATRA42c9be0d72a5: GIT_SILENT Upgrade release service version to 22.03.70. (authored by Heiko Becker <heiko.becker@kde.org>).
GIT_SILENT Upgrade release service version to 22.03.70.
Heiko Becker <heiko.becker@kde.org> committed
rKLEOPATRA4c38902471a4: GIT_SILENT Upgrade release service version to 21.11.80. (authored by Heiko Becker <heiko.becker@kde.org>).
GIT_SILENT Upgrade release service version to 21.11.80.
Any news here? Is this issue going to be fixed or not? It's really annoying.
• ikloecker renamed
T5677: Kleopatra: Do not offer deprecated gpg/keyserver option in GnuPG System configuration dialog from
Kleopatra: Do not offer "invisible" options in GnuPG System configuration dialog to
Kleopatra: Do not offer deprecated gpg/keyserver option in GnuPG System configuration dialog.
Thank you for merging the important parts of the patches and implementing similar stuff for DSA. You are right that DSA is supported in the 140-3 specs so it is fine to keep it enabled with the keylength constraints.
Applied parts except part 2.
The part 3 are modified version, so that memory can be released correctly.
dsa: Add checks in FIPS mode.
tests: Add 2k RSA key working in FIPS mode.
tests: Fix basic.c:check_pubkey.
tests: Expect errors from algorithms not supported in FIPS mode.
rsa: Check keylen constraints for key operations.
cipher: Respect the disabled flag of pubkey algorithms
Laurent Montel <montel@kde.org> committed
rLIBKLEOcf27ab5f08d8: GIT_SILENT: prepare 5.19.0beta1 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.19.0beta1
Laurent Montel <montel@kde.org> committed
rKLEOPATRA297ccea15127: GIT_SILENT: prepare 5.19.0beta1 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.19.0beta1
Closing. In case the audit will request more, we can re-open this task.
I think we can close this. In January we will have an external audit (BITV) which hopefully will confirm our tests. They auditor will also provide a list of things to improve (if any).
Implicit indicators mean that we need to go through the all algorithms and verify that they work if they have approved key sizes/parameters and do not work when they do not.
GIT_SILENT: Minor code cleanup
Import certificates from files containing OpenPGP and X.509 certificates
Put ui headers next to corresponding ui cpp files and sort all lists
Skip any config options beyond "invisible" level
Explicitly exclude deprecated gpg/keyserver option from config UI
Do not show empty groups in GnuPG System configuration
Skip any config options beyond expert level
Yes, no, maybe. :-) Thanks for asking!
doc: Reference the new FIPS 140-3
Laurent Montel <montel@kde.org> committed
rLIBKLEO68178cdb09df: GIT_SILENT: prepare 5.19.0 beta1 (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: prepare 5.19.0 beta1
I use instead of , so that a user doesn't need to include <poll.h> when he doesn't use poll/ppoll API.
Don't apply tests/gpg/t-support.h, it's only for testing this patch.
When test, before running 'make check' please do:
Update to include the change of tests.
Also include a change for tests/gpg/t-support.h to run tests under artificial environment.
I have been using pgpdump for a long time, but it is out of date with regards to ECC. I have looked at its source code but would rather spend my time on my own code.
Laurent Montel <montel@kde.org> committed
rLIBKLEO142d0238a2e2: Allow to show header in qtc6 (authored by Laurent Montel <montel@kde.org>).
Allow to show header in qtc6
Please no new levels. And also consider the problems with global config files, conditionals and values taking from the registry. We can't simply do everything in the GUI - it would get too complex and we end up supporting the supportive config dialogs. Maybe a syntax checking editor would eventually be better.
OpenPGP folks now the algo number by heart ;-)
Fixed and tested on Linux. Thanks.