- User Since
- Mar 27 2017, 4:47 PM (120 w, 3 d)
If the use of GnuPG (current implementation) is a condition, I think that you could improve the generation of SKESK packets, so that no other passphrase can not let gpg misunderstand as it may decrypt encrypted packet.
Please let us know what kind of key and how large, like RSA-4096 or ECC Brainpool.
For RSA 2048 or larger, yes, it takes too long.
Merged (with line break in the Makefile.am and formatting of commit message.
I mean, if all SKESK packets should be tried, we need some larger surgery of current implementation.
Is it possible for your application (DOTS), to specify the packet number for SKESKP, not trying all SKESK packets?
^-- with this change, we can decrypt the skesks.asc with --passphrase-repeat=169, and skesks2.asc with --passphrase-repeat=30
Tue, Jul 16
It was rG07250279e7ec: * keyedit.c (keyedit_menu): Invisible alias "passwd" as "password". in 2004, which set default to rfc2440-text behavior.
And in 2007, the commit rGb550330067b6: * gpg.c (main): Disable --rfc2440-text and --force-v3-sigs by default. Enable… changed the default to no-rfc2440-text.
Thanks, fixed in master.
Current situation of *.pc: static linking is not supported (yet).
It has never supported, actually, by *-config.
While I understand incorrectness, the risk in practice is not that high. So, I put this as "normal" priority.
In the current implementation of GnuPG, multiple packets of Symmetric-Key Encrypted Session Key Packet are not handled very well.
Pushed the change to master as well as 2.2 branch.
Mon, Jul 15
- pinentry: T4598: curses: dialog broken with wide characters
- gpg: T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate
- gpg: T4573: Files encrypted on another platform using password based encryption (-c) intermittently fail to decrypt on Kleopatra
- USB suspend
- libgcrypt master: Doesn't work on my chromebook
- libgcrypt: ECC problem: the one like CVE-2018-20187
- just a simple fix
- scdaemon: Multiple card support
- master branch breakage
- possible PC/SC change
Fri, Jul 12
About importing, there are two other works: repairing and trustdb update. We can figure out the difference by the --import-options of no-repair-keys and fast-import (to skip those works).
I think that both can be O(N^2) for number of signatures.
I disabled the dependency rules for the figures (it's only enabled for maintainers).
If I were testing more, I would generate many (say, 1000, or more, for example) encrypted message by the tool (IBM Encryption Facility), to examine by GnuPG and figure out some patterns of failure.
Thu, Jul 11
While I only observed the output of --list-packet, what I see are:
With NTBTLS, it seems it works correctly.
Which SSH client are you using?
gpg-agent side is fixed to relax the error handling.
For the particular problem of --list-key with pubring.gpg, I think we can say it's fixed.
@werner : Yes, the way to go is having something like a server for keys; It can remove all unnecessary search/lookup all together.
Wed, Jul 10
I pushed my change as: rT7b2c4d9dd50b: Support GCM.
I pushed the fix. Thanks for your cooperation.
Thanks for further testing.
I realized that it's not the left border drawing problem in fact, but the newline should be between the description and passphrase line.
I'm going to fix this.
Err... my repo for 2.2 was a week old. Now, I updated, and confirmed it's there.
Thanks having the support!
Tue, Jul 9
I pushed the change to master.
Please consider to backport rG914fa3be22bf: dirmngr: Support the new WKD draft with the openpgpkey subdomain. from master. Cherry-pick mostly works, only dirmngr/server.c needs manual edit (because of resolve_dns_name change).
Allowing WKD service by subdomain (openpgpkey) is good, because it is easier to deploy by separate admin, in some situations.
I pushed my change of rGc51a5685554a: scd: ccid-driver: Initial getting ATR more robustly..
With TTXS, scdaemon correctly recovers from the error.
When the computer is going to suspend, the scdaemon receives a message from USB layer as the interrupt transfer is shutting down, then scdaemon considers it's removal of device/card.
But in case of suspend (and the device does not support USB suspend), USB port is kept with the power.
So, it keeps running actually.
Here are results of my experiment with Intel NUC computer (which supports S4 (and S3)).
Mon, Jul 8
- ntbtls: rT7b2c4d9dd50b: Support GCM.
- gpg: T4561: GPG / GPGSM: Pinentry cancels lead to wrong error codes
- Setup WKD for fsij.org (2019 AGM of FSIJ: 2019-07-13)
- X448 things
No. I intentionally select: Not-backporting this feature.
The feature is added for Yubikey, in the specification.
Use of the feature by Data-Object is not that so useful.
Fri, Jul 5
Wed, Jul 3
Mon, Jul 1
- Please have a look at the change for gpg-pair-tool on a topic branch: https://dev.gnupg.org/source/gnupg/history/gniibe%252Fx25519/
Fri, Jun 28
Let me explain some technical detail for the record.
Because my fix was incomplete, I pushed another change to GnuPG master: rG374a0775546b: agent: Close a dialog cleanly when gpg/ssh is killed for CONFIRM.
I also pushed my changes to pinentry master: rPf6e84ce0a34c: tty: Confirmation is not by line edit mode., rP531b92300c58: tty: Support line editing by system., rPb176a8ac0dcd: Exit the loop on an error with GPG_ERR_FULLY_CANCELED.