User Details
- User Since
- Mar 27 2017, 4:47 PM (151 w, 18 m)
- Roles
- Administrator
- Availability
- Available
Today
Fixed in master.
Last week:
- postpone the changes of scdaemon to avoid conflict
- Regexp branch for GnuPG
- create gniibe/regexp branch
- Three implementations of Henry Spencer's
- My choice is: the one in Jim Tcl
This week:
- write gnupg-devel about regexp branch: because it was Damien who put the test case
- scdaemon change
- start tax paper work of 2019 for my business
Fri, Feb 14
Documentation for the regular expression of Jim Tcl: http://jim.tcl.tk/fossil/doc/trunk/Tcl_shipped.html#_jim_built_in_regular_expressions
Thu, Feb 13
Wed, Feb 12
Created gniibe/regexp branch.
RFC4880 (and older version of RFC2440) referes Henry Spenser's REGEXP. There are three implementations: https://garyhouston.github.io/regex/
Mon, Feb 10
Last week:
- AGM
- etc.
- Poldi
- Gnuk Token
This week:
- T3891: kdf-setup does not set admin and user PIN codes
- T4832: card: when KDF is enabled, use of pinpad input should be disabled
- have a look at any issues after release of new libgpg-error
- consider of introducing static linking support just like libgpg-error does: libassuan, libgcrypt, etc.
Sat, Feb 1
I won't join (I will be on the train from Brussels to Düsseldorf).
Thu, Jan 30
Tue, Jan 28
Or, #5 would be:
Mon, Jan 27
@Amaud, I read your code in Python. IIUC, it asks users PW1, Reset Code, and PW3 to setup, just before registering KDF DO (as you describe in https://dev.gnupg.org/T3891#114950).
Last week:
- Supporting ambiguous key specification (like: "gniibe" only) which may result two possible primary keys, but permitting selection with dynamic preference by availability of token:
- I realized that larger surgery of build_sk_list in g10/skclist.c will be needed.
- Easy workaround: Possibly remove the current code to update of stub by --card-status. Keep no corresponding file under .gnupg/private-keys-v1.d/
- Then, for gpg frontend considers that private key is only valid for available token key.
- Gnuk 1.2.15 release
- T4818: libgcrypt build failures on several platforms: investigated possible issues (mostly build configuration issues, because no problem by official distributions (Debian, Cygwin)). Only an issue is:
- mlock requires root on Solaris (errno is not correctly set): T4822: mlock requires privilege
This week:
- Preparation of FST-01SZ
- miniDebCamp
Fri, Jan 24
For Cygwin, I can't find how its libgcrypt package is built.
I found this for MSYS2: https://github.com/msys2/MSYS2-packages/tree/master/libgcrypt
This for Mingw-w64: https://github.com/msys2/MINGW-packages/tree/master/mingw-w64-libgcrypt
I tested on FreeBSD. Same errors (t-secmen and t-sexp) are reproducible when we set:
Thanks for concrete cases. Sorry, not responding earlier. It was an experimental feature, firstly only available in Gnuk Token.
Thu, Jan 23
On Solaris, the test errors are because of:
USAGE
Because of the impact on system resources, the use of mlock() and
munlock() is restricted to users with the {PRIV_PROC_LOCK_MEMORY}
privilege.OK, I identified the problem on OpenIndiana. The inclusion of <unistd.h> causes inclusion of <sys/types.h> before config.h. I'm going to fix this.
Tue, Jan 21
For GNU/Linux or GNU/kFreeBSD system, libgcrypt 1.8 with libgpg-error 1.36 has no problem in Debian build:
https://buildd.debian.org/status/package.php?p=libgcrypt20
In solaris11openindiana-log2, we have two errors: one for ulong, and another for ushort.
I fixed the former. It is because of our mistake of using ulong before it is handled by libgcrypt/src/types.h. In the first place, it is implemented by "unsigned long", so, there is no need to use ulong here.
Mon, Jan 20
Thanks. I see the situation for Solaris 11 Openindiana. In master (will be 1.9.0), it has no problem.
We need to fix in 1.8. I will.
Last week:
- Fix T4810: A key with only "C" capability cannot be selected as default key.
- Fix T4784: Remove referring a key by $AUTHKEYID, $ENCRKEYID, and $SIGNKEYID
- Apply a part of Tianjia Zhang patch to libgcrypt
- Improvement of selecting a private key by gpg (in case of: multiple subkeys and card):
This week:
- consider about more use cases:
- old RSA key on card, another new ECC key on card: want to use on-line card available
- https://bugs.debian.org/346241
Please give us log for Solaris 11 Openindiana.
I think that this ticket and https://bugs.debian.org/346241 handle different things, although both do key selection.
Jan 17 2020
Implemented in master.
It looks good.
Jan 16 2020
With new "KEYINFO" command of scdaemon, finally, we can move on to support better selection of signing key.
(Note: having a private key on multiple cards had already been solved in T4301: Handling multiple subkeys on two SmartCards.)
In master, it has been implemented.
The first "SCD SERIALNO" command let scdaemon re-scan smartcards/tokens.
With new "KEYINFO" command in scdaemon, a list of card keys can be retrieved by:
There is no use cases for $SIGNKEYID.
$ENCRKEYID use case have been removed.
Fixed and backported.
Jan 15 2020
Err.. Just removing the check may be the correct fix; It doesn't make sense to limit capability here.
Jan 14 2020
I think rGe573e6188dad: gpg: Fix --default-key checks. should be fixed as:
diff --git a/g10/getkey.c b/g10/getkey.c index ad5dd8e01..cc908964e 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1860,7 +1860,8 @@ parse_def_secret_key (ctrl_t ctrl) PKT_public_key *pk = node->pkt->pkt.public_key;
$ export GNUPGHOME=<somewhere> # Create a key with "C"-only capability $ gpg --quick-gen-key "test-user <chuji@gniibe.org>" ed25519 cert # Create another key (or get/import it) $ gpg --quick-gen-key "2020-user <chuji2020@gniibe.org>" ed25519 # Sign with the first key to the second key with --default-key $ gpg --default-key 7694AB44DED1154CEB981059B0B36418AF85C918 --lsign 72FF31542DB059A507BAF81BE05523DEB4B018E6
(where 7694AB...85C918 is the first key and 72FF31..B018E6 is the second key)
rGe573e6188dad: gpg: Fix --default-key checks. is suspicious.
Jan 13 2020
Last week:
- gpg: use "SCD KEYINFO --list=auth" for ssh access (1)
- SSH access change
- GETATTR by KEYGRIP
- READKEY by KEYGRIP
This week:
- [DONE] gpg: use "SCD KEYINFO --list=auth" for ssh access (2)
- Don't use $AUTHKEYID anymore
- Check use case of $ENCRKEYID (other than keygen)
- Do same for $SIGNKEYID
- libgcrypt: New ECC curve: Chinese SM2
$AUTHKEYID use cases have been removed.