KConfig simply reads all sections with the same group name into the same KConfigGroup. I strongly suggest not to use`[$i] on groups. KConfig` will anyway add [$i] to all config entries (and remove it from the group) when the configuration file is saved the next time.

Mar 1 2022, 3:09 PM · kleopatra, Restricted Project

• ikloecker claimed T5866: pinentry-qt: Pressing Enter after entering first password shows password mismatch error.

Mar 1 2022, 1:53 PM · Restricted Project, pinentry, Bug Report

• ikloecker created T5866: pinentry-qt: Pressing Enter after entering first password shows password mismatch error.

Mar 1 2022, 1:52 PM · Restricted Project, pinentry, Bug Report

• aheinecke triaged T5865: Kleopatra: Force usage in advanced settings for newcertificate if key type is forced as Normal priority.

Mar 1 2022, 12:10 PM · Restricted Project, kleopatra, Restricted Project

• aheinecke triaged T5864: Kleopatra: Configure min and max values for validity in Newcertificatewizard as Wishlist priority.

Mar 1 2022, 11:18 AM · kleopatra, Restricted Project

• ikloecker moved T5863: pinentry-qt: Further improve the accessibility from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Mar 1 2022, 9:58 AM · pinentry, Restricted Project

• ikloecker triaged T5863: pinentry-qt: Further improve the accessibility as Normal priority.

Mar 1 2022, 9:58 AM · pinentry, Restricted Project

• gniibe added projects to T5862: authentication with USB token: scd, Feature Request.

It may be simpler if we can enhance scdaemon to have an option for PKAUTH, say, --challenge-response, so that it generates a challenge and verify signature internally.

Mar 1 2022, 8:57 AM · gpgagent, Feature Request, scd

• gniibe added a comment to T5862: authentication with USB token.

Possibly, it could be done with pam_exec http://linux-pam.org/Linux-PAM-html/sag-pam_exec.html
developing a simple executable (or even small shell script).

Mar 1 2022, 8:44 AM · gpgagent, Feature Request, scd

• gniibe triaged T5862: authentication with USB token as Normal priority.

Mar 1 2022, 8:38 AM · gpgagent, Feature Request, scd

• gniibe changed the status of T5853: Decrypting OCB encrypted file fails... from Open to Testing.

Mar 1 2022, 5:04 AM · gnupg (gpg23), Bug Report

• gniibe added a comment to T5860: Reducing memory copy overhead in iobuf and estream to increase OCB speed.

Great. No problem for me.

Mar 1 2022, 4:14 AM · gnupg

• gniibe added a comment to T5852: Use iobuf_copy where instead of manual iobuf_get/iobuf_put or iobuf_read/iobuf_write loops.

No problem. Both patches look good.

Mar 1 2022, 3:14 AM · gnupg (gpg23)

Feb 28 2022

TheParanoidProgrammer added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

do you mean "dirmngr on Windows choses this one"? As in my mental model, dirmngr only loads all certifices from the windows stores on startup, but not during operations when requests come in (I maybe wrong though, I did not inspect the source code on this).

Feb 28 2022, 12:35 PM · gnupg (gpg22), dirmngr

TheParanoidProgrammer added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

But in Windows 10 I get nothing in the certs.log file.

Feb 28 2022, 12:20 PM · gnupg (gpg22), dirmngr

• gniibe added a comment to T5861: ntbtls: AEAD GCM nonce.

In TLS 1.2, it refers RFC5116. In RFC5116, it says:

Feb 28 2022, 11:34 AM · ntbtls

• gniibe lowered the priority of T5861: ntbtls: AEAD GCM nonce from Unbreak Now! to Normal.

Feb 28 2022, 11:21 AM · ntbtls

• gniibe added a comment to T5861: ntbtls: AEAD GCM nonce.

My reading was wrong; Indeed we use memcpy from out_ctr. But it increments in network byte order.
So, for AES-GCM, it works well.

Feb 28 2022, 11:21 AM · ntbtls

• gniibe triaged T5861: ntbtls: AEAD GCM nonce as Unbreak Now! priority.

Feb 28 2022, 2:20 AM · ntbtls

Feb 27 2022

Heiko Becker <heiko.becker@kde.org> committed rKLEOPATRA26d1d4c32be7: GIT_SILENT Update Appstream for new release (authored by Heiko Becker <heiko.becker@kde.org>).

GIT_SILENT Update Appstream for new release

Feb 27 2022, 7:40 PM

Heiko Becker <heiko.becker@kde.org> committed rKLEOPATRAbf18445f4e03: GIT_SILENT Update Appstream for new release (authored by Heiko Becker <heiko.becker@kde.org>).

GIT_SILENT Update Appstream for new release

Feb 27 2022, 7:40 PM

Heiko Becker <heiko.becker@kde.org> committed rKLEOPATRA9aec091c7818: GIT_SILENT Upgrade release service version to 21.12.3. (authored by Heiko Becker <heiko.becker@kde.org>).

GIT_SILENT Upgrade release service version to 21.12.3.

Feb 27 2022, 7:40 PM

jukivili triaged T5860: Reducing memory copy overhead in iobuf and estream to increase OCB speed as Low priority.

Feb 27 2022, 7:12 PM · gnupg

jukivili updated subscribers of T5852: Use iobuf_copy where instead of manual iobuf_get/iobuf_put or iobuf_read/iobuf_write loops.

Does these patches look ok? @gniibe @werner

Feb 27 2022, 5:55 PM · gnupg (gpg23)

jukivili closed T5826: Improve detached signing and verification speed, a subtask of T5828: Improvements for gnupg data operation performance (enc/dec/sign/verify/enarmor/dearmor/etc), as Resolved.

Feb 27 2022, 5:54 PM · gnupg

jukivili closed T5826: Improve detached signing and verification speed as Resolved.

Feb 27 2022, 5:54 PM · gnupg

jukivili committed rG4e27b9defc60: g10/plaintext: do_hash: use iobuf_read for higher performance (authored by jukivili).

g10/plaintext: do_hash: use iobuf_read for higher performance

Feb 27 2022, 5:52 PM

jukivili committed rGf8943ce098f6: g10/sign: sign_file: use iobuf_read for higher detached signing speed (authored by jukivili).

g10/sign: sign_file: use iobuf_read for higher detached signing speed

Feb 27 2022, 5:52 PM

• werner committed rG7c8c6060616a: agent: New flag "qual" for the trustlist.txt. (authored by • werner).

agent: New flag "qual" for the trustlist.txt.

Feb 27 2022, 12:30 PM

• werner committed rGf03c871c9e40: agent: Print the correct daemon name in presence of a --foo-program. (authored by • werner).

agent: Print the correct daemon name in presence of a --foo-program.

Feb 27 2022, 12:30 PM

• werner committed rGb901e63b4d8c: dimngr: Do not check the self-signature of a root CA cert. (authored by • werner).

dimngr: Do not check the self-signature of a root CA cert.

Feb 27 2022, 12:30 PM

• werner committed rG890e9849b58e: dirmngr: Support ECDSA for OCSP. (authored by • werner).

dirmngr: Support ECDSA for OCSP.

Feb 27 2022, 12:30 PM

• werner committed rGde87c8e1ead7: dirmngr: Support ECDSA for CRLs (authored by • werner).

dirmngr: Support ECDSA for CRLs

Feb 27 2022, 12:30 PM

Feb 26 2022

• werner committed rK24992a4a7a61: ocsp: Accept a server not responding with a nonce (authored by • werner).

ocsp: Accept a server not responding with a nonce

Feb 26 2022, 10:37 PM

• werner committed rKc9cde18bc84a: ocsp: Fix detecting the right response item (authored by • werner).

ocsp: Fix detecting the right response item

Feb 26 2022, 10:37 PM

Mass59 added a comment to U8 Gpg4win Dashboard.

Feb 26 2022, 4:04 PM · gpg4win

NoSubstitute added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

In T5639#155478, @werner wrote:
echo BYE | dirmngr -vv --server 2>certs.log
Lists all certificates

Feb 26 2022, 2:41 PM · gnupg (gpg22), dirmngr

Feb 25 2022

• werner added a comment to T5850: Kleopatra: "Show not certified certificates" button shows any not fully valid certificates.

I tend to agree

Feb 25 2022, 4:32 PM · Restricted Project, kleopatra, Bug Report

• werner closed T5823: DNS srv problem with Tor transparent proxy as Resolved.

Feb 25 2022, 9:15 AM · Not A Bug

• werner added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

echo BYE | dirmngr -vv --server 2>certs.log

Feb 25 2022, 9:10 AM · gnupg (gpg22), dirmngr

bernhard added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

@TheParanoidProgrammer this looks like a very good and thorough analysis, thanks again!

Feb 25 2022, 8:57 AM · gnupg (gpg22), dirmngr

bernhard committed rW41c7b331804a: Fix minor typo in get-gpg4win.htm4 (authored by bernhard).

Fix minor typo in get-gpg4win.htm4

Feb 25 2022, 8:40 AM

jukivili added a comment to T5826: Improve detached signing and verification speed.

I used "1<<30" by example of existing code in g10/free-packet.c, which is another place where iobuf_read is reading to NULL.

Feb 25 2022, 7:27 AM · gnupg

• gniibe committed rG335805e1d482: gpg: Clarify a call of ask_for_detached_datafile. (authored by • gniibe).

gpg: Clarify a call of ask_for_detached_datafile.

Feb 25 2022, 4:16 AM

• gniibe added a comment to T5826: Improve detached signing and verification speed.

Patches look good for me.
Please go ahead.

Feb 25 2022, 1:53 AM · gnupg

Feb 24 2022

TheParanoidProgrammer added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

Ok, I managed to find 48504E974C0DAC5B5CD476C8202274B24C8C7172 via Powershell. It was in the CA store of my non-privileged user and since I always checked the certificate store as administrator it did not show up there. After removal of this intermediate certificate I am able to use hkps://keyserver.ubuntu.com.

Feb 24 2022, 10:43 PM · gnupg (gpg22), dirmngr

TheParanoidProgrammer added a comment to T5639: dirmngr uses the wrong Let's encrypt chain.

Ok, so order of loading is not a problem since the cache does not store them by insertion order, but instead indexes them by the first byte of their fingerprint.
So, I think the problem here is that the expired intermediate certificate (48504E974C0DAC5B5CD476C8202274B24C8C7172) is somehow loaded in Windows and since its fingerprint's first byte is less than the server-supplied intermediate (A053375BFE84E8B748782C7CEE15827A6AF5A405) Windows chooses this one. I can see that the expired intermediate certificate is indeed loaded on Windows if I increase verbosity of dirmngr logs. However, I am still unsure where this certificate lives. The log says it comes from the "CA" store, but searching for it visually or by fingerprint search in Windows Certificates Snap-In (MMC) does not let me find it.
I will keep looking, but if you want to reproduce in your VMs, I suppose adding the expired intermediate certificate and the expired root certificate to the system store should make this reproducible.

Feb 24 2022, 10:26 PM · gnupg (gpg22), dirmngr

jukivili closed T5785: libgcrypt-1.9.4 build failure on ppc64le as Resolved.

Feb 24 2022, 6:53 PM · Gentoo, Bug Report

jukivili added a comment to T5785: libgcrypt-1.9.4 build failure on ppc64le.

(note: -O2 is added only for compiling powerpc vector implementation files)

Feb 24 2022, 6:53 PM · Gentoo, Bug Report

jukivili added a comment to T5785: libgcrypt-1.9.4 build failure on ppc64le.

I added check to configure.ac for missing -O flag and tests with -O2. If adding -O2 does not help, then powerpc vector implementations wont be build at all.

Feb 24 2022, 6:53 PM · Gentoo, Bug Report

jukivili committed rC6951e0f591cc: powerpc: check for missing optimization level for vector register usage (authored by jukivili).

powerpc: check for missing optimization level for vector register usage

Feb 24 2022, 6:39 PM

jukivili closed T4486: Add AEAD mode AES-SIV to libgcrypt (RFC 5297) as Resolved.

Feb 24 2022, 6:06 PM · Feature Request, libgcrypt

jukivili closed T5356: gnupg2 test failure on s390x as Resolved.

Feb 24 2022, 6:05 PM · libgcrypt, Bug Report

jukivili closed T5694: poly1305-s390x.S is compiled despite --disable-asm as Resolved.

Feb 24 2022, 6:05 PM · libgcrypt, Bug Report

jukivili closed T5796: libgcrypt-1.9.4 build failure on ARM without NEON as Resolved.

Feb 24 2022, 6:05 PM · arm, libgcrypt, Gentoo, Bug Report

jukivili updated subscribers of T5826: Improve detached signing and verification speed.

Does the patches look ok to push to master? @werner @gniibe

Feb 24 2022, 6:04 PM · gnupg

jukivili added a comment to T5853: Decrypting OCB encrypted file fails....

Thanks. All my tests work now.

Feb 24 2022, 6:01 PM · gnupg (gpg23), Bug Report

• ikloecker changed the status of T5858: Kleopatra: Crash when revoking self signature from Open to Testing.

Feb 24 2022, 4:42 PM · kleopatra, Restricted Project

• ikloecker committed rKLEOPATRAe038551b4f14: Remove command to list the available smart card readers (authored by • ikloecker).

Remove command to list the available smart card readers

Feb 24 2022, 4:38 PM

• ikloecker committed rKLEOPATRA9cd07dc47584: Disable Ok button if no signatures can be revoked (authored by • ikloecker).

Disable Ok button if no signatures can be revoked

Feb 24 2022, 4:25 PM

• ikloecker committed rKLEOPATRA29b3f108d98a: Prevent crash when revoking certifications without certification key (authored by • ikloecker).

Prevent crash when revoking certifications without certification key

Feb 24 2022, 4:25 PM

• aheinecke closed T5857: Kleopatra: Change "List smartcard readers" to "select smartcard reader" as Resolved.

Removing the list seems reasonable to me, we can tell users in support that they should go to settings- > Smartcard to select the reader used.

Feb 24 2022, 3:21 PM · kleopatra, Restricted Project

• ikloecker moved T5858: Kleopatra: Crash when revoking self signature from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Feb 24 2022, 3:02 PM · kleopatra, Restricted Project

• ikloecker added a comment to T5857: Kleopatra: Change "List smartcard readers" to "select smartcard reader".

There is now a dedicated configuration module for smart card related settings. Currently, it's rather empty, but maybe there are more smart card settings you want to see there.

Feb 24 2022, 2:52 PM · kleopatra, Restricted Project

• werner committed rG9116fd1e9a2d: g10: Avoid extra hash contexts when decrypting MDC input (authored by jukivili).

g10: Avoid extra hash contexts when decrypting MDC input

Feb 24 2022, 2:15 PM

• werner closed T5820: Slow symmetric decryption speed as Resolved.

Feb 24 2022, 2:15 PM · gnupg (gpg23), Bug Report

• werner added a comment to T5820: Slow symmetric decryption speed.

Cool. I did some quick tests with 2.2 on my pretty old X220 and it really makes sense to apply the patch there as well.:

Feb 24 2022, 2:07 PM · gnupg (gpg23), Bug Report

• aheinecke committed rW0d147f47802e: MSI: Add INST_GPGOL=inactive feature (authored by • aheinecke).

MSI: Add INST_GPGOL=inactive feature

Feb 24 2022, 1:25 PM

• ikloecker committed rKLEOPATRA7c59b266e17f: Add config module for smart card related settings (authored by • ikloecker).

Add config module for smart card related settings

Feb 24 2022, 1:06 PM

• ikloecker committed rLIBKLEOb32aca3bef27: Extract the reader port combo box from the config entry UI (authored by • ikloecker).

Extract the reader port combo box from the config entry UI

Feb 24 2022, 1:01 PM

• ikloecker committed rLIBKLEO172385cf980d: Set placeholder text instead of an editable default text (authored by • ikloecker).

Set placeholder text instead of an editable default text

Feb 24 2022, 1:01 PM

• ikloecker committed rLIBKLEO6bf6d10f47b5: Bump library version (authored by • ikloecker).

Bump library version

Feb 24 2022, 1:01 PM

• werner edited projects for T5852: Use iobuf_copy where instead of manual iobuf_get/iobuf_put or iobuf_read/iobuf_write loops, added: gnupg (gpg23); removed gnupg.

Feb 24 2022, 12:43 PM · gnupg (gpg23)

• werner added a comment to T5857: Kleopatra: Change "List smartcard readers" to "select smartcard reader".

aheinecke: Good idea

Feb 24 2022, 12:36 PM · kleopatra, Restricted Project

• werner added a comment to T5859: Kleopatra: Revoke own key.

Do you mean revoking the entire key or a user-id, or a subkey? Having a way to revoke a user-id is probably the most interesting use-case. BTW, there is no "revoke a self-signature" - this is actually a revocation of the user-id or subkey.

Feb 24 2022, 12:25 PM · kleopatra, Restricted Project

• aheinecke triaged T5859: Kleopatra: Revoke own key as Wishlist priority.

Feb 24 2022, 11:04 AM · kleopatra, Restricted Project

• aheinecke added a comment to T5858: Kleopatra: Crash when revoking self signature.

Related to this is that I was looking for a way to revoke my own key and I thought that revoking the selfsig might work. So maybe it makes sense not to fix this by forbidding this operation but instead by allowing it with the same key.

Feb 24 2022, 11:01 AM · kleopatra, Restricted Project

• aheinecke triaged T5858: Kleopatra: Crash when revoking self signature as High priority.

Feb 24 2022, 11:00 AM · kleopatra, Restricted Project

• aheinecke closed T5336: Kleopatra: Add expiry for certifications in certify dialog as Resolved.

Feb 24 2022, 10:54 AM · kleopatra, Restricted Project

• werner triaged T5856: Forcing aead when creating sign & encrypted files creates inconsistent results as High priority.

Feb 24 2022, 10:34 AM · gnupg (gpg23), Bug Report

• ikloecker claimed T5857: Kleopatra: Change "List smartcard readers" to "select smartcard reader".

I have an uncommitted SmartCardConfigurationPage. I guess, I'll simply commit this and remove the "List smartcard readers" option.

Feb 24 2022, 10:05 AM · kleopatra, Restricted Project

• aheinecke triaged T5857: Kleopatra: Change "List smartcard readers" to "select smartcard reader" as Wishlist priority.

Feb 24 2022, 9:35 AM · kleopatra, Restricted Project