I am pretty sure we have the same problem in 2.4 - due to different access patterns it might not exhibit itself.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Mar 13 2023
Mar 13 2023
• aheinecke changed the status of T6346: Kleopatra: Run self test only at the first start on windows, a subtask of T6259: Kleopatra: Improve startup performance , from Open to Testing.
• aheinecke changed the status of T6346: Kleopatra: Run self test only at the first start on windows from Open to Testing.
• werner added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.
• werner committed rG6d792ae2eb46: agent: Make --disable-extended-key-format a dummy option. (authored by • werner).
agent: Make --disable-extended-key-format a dummy option.
• ikloecker moved T6373: Kleopatra: Show progress dialog when moving decrypted archive to final destination from Restricted Project Column to Restricted Project Column on the Restricted Project board.
• werner committed rGdb73f17f0c97: gpgconf,w32: Also print a GnuPG Install Directory Registry entry (authored by • werner).
gpgconf,w32: Also print a GnuPG Install Directory Registry entry
• werner edited projects for T6406: gpg-agent: Fail on expiring YubiKey PIN, added: Not A Bug; removed Bug Report.
Smartcard PINs are different from passphrase for on-disk keys. Once a PIN is entered the smartcard is unlocked as long as it is powered up. In theory we could power down and power up the card to lock it. The question here is what is your threat model? If you have malware on your system it could simply brick your token or, more common, peek at your PIN.
l10n daemon script <scripty@kde.org> committed rLIBKLEO148c82f9dddc: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA743e9c995b9a: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rLIBKLEOb65a99aab857: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA83b8d2b49a17: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Mar 12 2023
Mar 12 2023
Pushed to this site. Thanks for noting.
l10n daemon script <scripty@kde.org> committed rLIBKLEO15b6685e38f3: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rLIBKLEOa731d8d9084b: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA1f8b8867ab1d: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
GIT_SILENT: master is open
GIT_SILENT: master is open
GIT_SILENT: prepare 23.04 beta
GIT_SILENT: prepare 23.04 beta
l10n daemon script <scripty@kde.org> committed rLIBKLEO72f744fbc57d: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRAb62e0b97d6a3: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRAfa6c4acf42b7: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
l10n daemon script <scripty@kde.org> committed rLIBKLEO51a36790ac6b: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA505f6dbca9db: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Mar 11 2023
Mar 11 2023
I think this is still missing a tag in git (I don't see it in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=tags)
GIT_SILENT: master is opened
GIT_SILENT: prepare 5.23.0 beta
l10n daemon script <scripty@kde.org> committed rLIBKLEO8a35b23b60f1: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA0b9800a69ca9: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA2debdc4244d0: SVN_SILENT made messages (.desktop file) - always resolve ours (authored by l10n daemon script <scripty@kde.org>).
SVN_SILENT made messages (.desktop file) - always resolve ours
l10n daemon script <scripty@kde.org> committed rLIBKLEO8ebdb98887b9: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA3fb2b73c0ee5: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Mar 10 2023
Mar 10 2023
Albert Astals Cid <aacid@kde.org> committed rKLEOPATRAb1ec928003af: GIT_SILENT Upgrade release service version to 23.07.70. (authored by Albert Astals Cid <aacid@kde.org>).
GIT_SILENT Upgrade release service version to 23.07.70.
Albert Astals Cid <aacid@kde.org> committed rKLEOPATRAb9dd9af8e0eb: GIT_SILENT Upgrade release service version to 23.03.80. (authored by Albert Astals Cid <aacid@kde.org>).
GIT_SILENT Upgrade release service version to 23.03.80.
saper added a comment to T5401: Imported ECC/Ed25519 subkey has unusable key file in private-keys-v1.d.
I've run into a variant of this, too. If I generate they key just using (genkey (ecc (curve "Ed25519"))), it is recognized as an encryption key. One needs to use (genkey (ecc (curve "Ed25519")(flags eddsa))).
works
• ikloecker committed rLIBKLEO563a217a7594: Show indicator for compliance of selected keys (authored by • ikloecker).
Show indicator for compliance of selected keys
• ikloecker committed rLIBKLEOcb700cea92ca: Show status of compliance in tooltip (authored by • ikloecker).
Show status of compliance in tooltip
• ikloecker committed rLIBKLEO1a9f27b6155b: Use neutral icon for non-compliant, valid keys (authored by • ikloecker).
Use neutral icon for non-compliant, valid keys
• ikloecker committed rLIBKLEO4ae176bcd27e: Set status string also for trusted keys (authored by • ikloecker).
Set status string also for trusted keys
dirmngr: Add command "GETINFO stats".
• werner closed T6404: dirmngr/sks-keyservers.netCA.pem is expired and should be removed as Resolved.
Its not used, so it can't harm.
Also recall that Antivirus software needs to search for a competitive advantage over other vendors and in particular over Windows Defender. Thus they need to show some extra positives compared to the Windows Defender. Who care whether this is a false positive - ppl like to get some evidence that their new AV software has a (phoney) advantage.
It effects Yubikeys and ZeitControl cards (version 3.4)
Mar 10 2023, 10:04 AM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, kleopatra
Many thanks for the information. I suspected it also, but wanted your assessment.
We got a user report that the issue did not occur before their update from 3.1.25 to 3.1.26
Well, virus checkers aren't perfect. If 1 out of 65 checkers reports a finding, then the probability that this finding is a false positive is very high. You would better report this to the vendor of NANO-Antivirus, so that they can fix the false positive warning.
pinentry-curses: Handle SETREPEAT.
curses: Add password quality meter.
curses: Add SETREPEATOK and quality bar colors.
bjk committed rP3a7eaa2262f9: curses: Fix line graphics with error string present. (authored by bjk).
curses: Fix line graphics with error string present.
curses: Fix quality bar percentage logic.
bjk committed rGbe77a7ab8a8b: agent: Try to SETREPEATOK if the pinentry supports it. (authored by bjk).
agent: Try to SETREPEATOK if the pinentry supports it.
Mar 9 2023
Mar 9 2023
• werner committed rGb52a0e244ae1: dirmngr: Distinguish between "no crl" and "crl not trusted". (authored by • werner).
dirmngr: Distinguish between "no crl" and "crl not trusted".
Mar 8 2023
Mar 8 2023
• werner committed rG65288fc52f0c: keyboxd: Allow import of v0 certificates. (authored by • werner).
keyboxd: Allow import of v0 certificates.
• werner committed rMc1f6535f144d: core: Also detect legacy X.509 v0 certificates. (authored by • werner).
core: Also detect legacy X.509 v0 certificates.
gpg,gpgsm: New option --log-time
• werner committed rG2d088176b4bd: dirmngr: Minor code cleanup in the CRL cache. (authored by • werner).
dirmngr: Minor code cleanup in the CRL cache.
tests: Add option --binary to run-verify
scd: Fix checking memory allocation.
• werner committed rG37d7ee8b9846: agent: Add translatable text for Caps Lock hint (authored by • ikloecker).
agent: Add translatable text for Caps Lock hint
• werner committed rG2a13f7f9dc75: gpgsm: Strip trailing zeroes from detached signatures. (authored by • werner).
gpgsm: Strip trailing zeroes from detached signatures.
l10n daemon script <scripty@kde.org> committed rKLEOPATRA7a3f33aeb1b8: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
scd: Fix checking memory allocation.
l10n daemon script <scripty@kde.org> committed rKLEOPATRA71827cd52aa1: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
• gniibe moved T6376: FIPS 140-3: add explicit indicators for md and mac to unblock MD5 in apt from Backlog to Next on the FIPS board.
• gniibe changed the status of T6376: FIPS 140-3: add explicit indicators for md and mac to unblock MD5 in apt from Open to Testing.
Thank you.
Applied to both (master and 1.10).
• gniibe committed rCdc4a60e2d70b: fips: Unblock MD5 in fips mode but mark non-approved in indicator. (authored by tobhe).
fips: Unblock MD5 in fips mode but mark non-approved in indicator.
• gniibe committed rCc88672a327f6: fips: Add explicit indicators for md and mac algorithms. (authored by tobhe).
fips: Add explicit indicators for md and mac algorithms.
• gniibe changed the status of T6397: PCT failures inconsistency in regards to the FIPS error state from Open to Testing.
• gniibe changed the status of T6396: the gcry_pk_hash_sign/verify operates in FIPS non-operational mode from Open to Testing.
• gniibe changed the status of T6394: FIPS requires running PCT tests unconditionally from Open to Testing.
• gniibe changed the status of T6393: DRBG with SHA384 is no longer allowed in FIPS mode (and looks like impossible to enable anyway) from Open to Testing.
• gniibe moved T6397: PCT failures inconsistency in regards to the FIPS error state from Next to Ready for release on the FIPS board.
• gniibe moved T6396: the gcry_pk_hash_sign/verify operates in FIPS non-operational mode from Next to Ready for release on the FIPS board.
• gniibe moved T6394: FIPS requires running PCT tests unconditionally from Next to Ready for release on the FIPS board.
Mar 7 2023
Mar 7 2023
This pretty much highlights a general problem of groups: If the distribution groups for the email client are managed independently from the certificate groups then there will inevitably be discrepancies. The obvious solution is the usage of groups managed by a central service for email addresses and certificates. (Or an encrypted mailing list service.)
• gniibe committed rCf5fe94810f30: kdf: Update tests in regards to the allowed parameters in FIPS mode. (authored by Jakuje).
kdf: Update tests in regards to the allowed parameters in FIPS mode.
fips: Check return value from ftell
• gniibe moved T6393: DRBG with SHA384 is no longer allowed in FIPS mode (and looks like impossible to enable anyway) from Backlog to Next on the FIPS board.
• gniibe claimed T6393: DRBG with SHA384 is no longer allowed in FIPS mode (and looks like impossible to enable anyway).
Applied your patch (from gitlab) to both (master and 1.10).
random: Remove unused SHA384 DRBGs.
• gniibe moved T6396: the gcry_pk_hash_sign/verify operates in FIPS non-operational mode from Backlog to Next on the FIPS board.
Applied to both (1.10 and master).
• gniibe committed rC654d0dfa0499: visibility: Check FIPS operational status for MD+Sign operation. (authored by Jakuje).
visibility: Check FIPS operational status for MD+Sign operation.
• gniibe added a comment to T6393: DRBG with SHA384 is no longer allowed in FIPS mode (and looks like impossible to enable anyway).
You are right, there is no way to use DRBG with SHA384 by libgcrypt.
• gniibe moved T6397: PCT failures inconsistency in regards to the FIPS error state from Backlog to Next on the FIPS board.
• gniibe moved T6394: FIPS requires running PCT tests unconditionally from Backlog to Next on the FIPS board.
Applied to both (1.10 and master).
Applied to both (of 1.10 and master).
• gniibe committed rC2ddeec574bc1: ecc: Do not allow skipping tests in FIPS Mode. (authored by Jakuje).
ecc: Do not allow skipping tests in FIPS Mode.