thomas (Thomas Arendsen Hein)
User

Projects

User does not belong to any projects.

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Monday

  • Clear sailing ahead.

User Details

User Since
Mar 27 2017, 4:49 PM (112 w, 4 d)
Availability
Available

Recent Activity

Jun 14 2018

thomas added a comment to T11: test 1 - please ignore.

test after system upgrades

Jun 14 2018, 1:27 PM · Trash, Feature Request

Aug 16 2017

thomas closed T3342: Re-enable wiki.gnupg.org login with local passwords as Resolved.

I have enabled login again and added the following login hint:
"Login via your Roundup account on bugs.gnupg.org has been disabled due to the migration to Phabricator. We apologise for any inconvenience caused. If you have previously used your Roundup account in this wiki, you can request a new password using the link above."

Aug 16 2017, 2:38 PM · Documentation, Feature Request

Jun 22 2017

thomas added a comment to T1291: signatures to OpenPGP keys no longer expire by default if the signed key expires.
  • marcus (Marcus Brinkmann) <noreply@dev.gnupg.org> [20170622 16:41]:
So, the default change 7y ago and the world didn't end. Closing this.
Jun 22 2017, 4:52 PM · gnupg, Feature Request, OpenPGP

Mar 20 2017

thomas added a comment to T2833: gpg-wks-client TLS access to server with wrong SNI name aborts.
  • Werner Koch via BTS <gnupg@bugs.g10code.com> [20170317 12:57]:

Fixed with commit 69c521d.
You can reconfigure your server. Thanks.

Mar 20 2017, 9:31 AM · Unreleased, gnupg, Bug Report, dirmngr

Mar 17 2017

thomas added a comment to T2833: gpg-wks-client TLS access to server with wrong SNI name aborts.
  • Werner Koch via BTS <gnupg@bugs.g10code.com> [20170316 21:12]:

What is this Apache thing ;-). Frankly, I don't have one running and it would
be easier if you can remove it from testkolab.

Mar 17 2017, 8:17 AM · Unreleased, gnupg, Bug Report, dirmngr

Mar 16 2017

thomas added a comment to T2833: gpg-wks-client TLS access to server with wrong SNI name aborts.
  • Werner Koch via BTS <gnupg@bugs.g10code.com> [20170316 14:37]:

Thomas: Is there any way how I can reproduce this now that you changed the
configuration of testkolab?

Mar 16 2017, 4:12 PM · Unreleased, gnupg, Bug Report, dirmngr

Mar 15 2017

thomas closed T2994: Login via Roundup account on wiki.gnupg.org currently not possible as Resolved.
Mar 15 2017, 11:33 AM · Bug Report, gpgweb
thomas added a comment to T2994: Login via Roundup account on wiki.gnupg.org currently not possible.

Thank you.
I have removed the hint about the login problems.

Please give Bernhard and me a head-up (outside this issue) as soon as you know
which authentication method/providers you will support.

Mar 15 2017, 11:33 AM · Bug Report, gpgweb

Mar 14 2017

thomas added a comment to T2994: Login via Roundup account on wiki.gnupg.org currently not possible.

Please assign this issue to _me_ when ...

Mar 14 2017, 4:38 PM · Bug Report, gpgweb
thomas added a project to T2994: Login via Roundup account on wiki.gnupg.org currently not possible: Bug Report.
Mar 14 2017, 4:38 PM · Bug Report, gpgweb
thomas updated subscribers of T2994: Login via Roundup account on wiki.gnupg.org currently not possible.
Mar 14 2017, 4:38 PM · Bug Report, gpgweb

Nov 25 2016

thomas reopened T1448: gpgconf lists options which break gpg1 when gpg2 is also installed as "Open".
Nov 25 2016, 12:18 PM · Not A Bug, Bug Report, gnupg
thomas added a comment to T1448: gpgconf lists options which break gpg1 when gpg2 is also installed.

Werner, you closed this issue with (the now removed) T1448 (wk on Jun 24 2014, 01:42 PM / Roundup) stating:
"You may use --ignore-invalid-option to list options which are only implemented
by gpg2."

This option seems only to be supported in gpg.conf, not on the command line.
(but this is no problem for me)

And it generally works fine (thank you!), just not in this special case here,
becaue gpg1 accepts the option "--debug-level" as valid, but does not allow
any arguments (neither numbers nor e.g. "basic").

The result (with "debug-level basic" in line 42) is:

$ gpg
gpg: /home/thomas/.gnupg/gpg.conf:42: argument not expected

I'm currently using gpg (GnuPG) 1.4.18 from Debian jessie.

As I understand it, "debug-level" is intended to just be a dummy option in
gpg1 to avoid problems with this option appearing in gpg.conf, correct?
So we have two possible solutions:

  • either remove option "debug-level" (and rely on "ignore-invalid-option debug-level")
  • or accept an argument for "debug-level"
Nov 25 2016, 12:18 PM · Not A Bug, Bug Report, gnupg

Nov 15 2016

thomas added a comment to T2832: "Invalid elliptic curve" when specifying wrong algo for gpg --quick-gen-key.

OK, I don't care enough to warrant more discussion/work on this.
"Unknown elliptic curve" is already better than "Invalid elliptic curve".

Nov 15 2016, 8:18 AM · Bug Report, gnupg

Nov 14 2016

thomas closed T2835: "keyid-format none" ignored for --verify and other commands as Resolved.
Nov 14 2016, 4:55 PM · Bug Report, gnupg (gpg21)
thomas added a comment to T2835: "keyid-format none" ignored for --verify and other commands.

ah, misread the 2.1.16 part, so yes, it seems to be fixed.

Where do you take it from that keyid-format none should result in the full
fingerprint being shown?

The man page:
"none" does not show the key ID at all but shows the fingerprint in a separate
line.

Nov 14 2016, 4:55 PM · Bug Report, gnupg (gpg21)
thomas reopened T2835: "keyid-format none" ignored for --verify and other commands as "Open".
Nov 14 2016, 4:53 PM · Bug Report, gnupg (gpg21)
thomas added a comment to T2835: "keyid-format none" ignored for --verify and other commands.

OK, then this is just an issue for interactive usage, but still an issue.

Nov 14 2016, 4:53 PM · Bug Report, gnupg (gpg21)
thomas added a comment to T2832: "Invalid elliptic curve" when specifying wrong algo for gpg --quick-gen-key.

To be clear: I want the

  • less specific and
  • already existing

error message "Unknown algorithm" (instead of "Unknown elliptic curve", which is
not correct in too many situations)

Nov 14 2016, 4:26 PM · Bug Report, gnupg
thomas added a comment to T2820: GPGME: Allow to set the keyring for a context.

Regarding the original issue discussed here:
What about an option in gpg/gpgme to limit all operations to keys contained in a
"whitelist" file?

(accept --recipient keys only if they are contained in the file, --list-keys
shows only keys listed in this file, --refresh-keys only refreshes keys listed
here, etc.)

Nov 14 2016, 4:17 PM · Won't Fix, gpgme, Feature Request
thomas added a comment to T2820: GPGME: Allow to set the keyring for a context.

Reported the problem mentioned here in T2835
("keyid-format none" ignored for --verify and other commands)

Nov 14 2016, 4:14 PM · Won't Fix, gpgme, Feature Request
thomas set Version to 2.1.15 on T2835: "keyid-format none" ignored for --verify and other commands.
Nov 14 2016, 4:13 PM · Bug Report, gnupg (gpg21)
thomas added projects to T2835: "keyid-format none" ignored for --verify and other commands: gnupg (gpg21), Bug Report.
Nov 14 2016, 4:13 PM · Bug Report, gnupg (gpg21)
thomas updated subscribers of T2835: "keyid-format none" ignored for --verify and other commands.
Nov 14 2016, 4:13 PM · Bug Report, gnupg (gpg21)
thomas added a comment to T2820: GPGME: Allow to set the keyring for a context.

(repost, I just noticed that neal is not in the nosy list. I'll unlink the old
entry afterwards)

neal: Interesting idea, this (or for a non-gui version: a signed list of
fingerprints available from a central source and retrieving those keys) would
solve 2 (iterating over all keys) and 3 (regularly update).

For the non-gui variant I wondered about how to use --verify and check that the
file was signed by the authority key (--verify only prints the keyid,
"--keyid-format none" does not allow --verify to print fingerprints in 2.1.15,
I'll file a separate issue). I was a bit disappointed when I saw that gpg sync
just calls the command line with --keyid-format 0xlong and does screen scraping
to verify the verification.

But still, how to solve 1 with gpg itself? Of course I could "manually" verify
in the application that only the intended keys have been used, but as shown with
gpg sync's code above: This is not always easily possible.

Nov 14 2016, 4:01 PM · Won't Fix, gpgme, Feature Request
thomas added a comment to T2820: GPGME: Allow to set the keyring for a context.

Sign the keys and set the signing key to fully trusted.

does not solve 1.:

Encrypt a file to any of those key (but no others!),

(because people may trust other keys)

and it does not solve 2. without keeping a separate list of keys/fingerprints:

Iterate over all keys

additionally _all_ users have to regularly update _all_ these keys, otherwise
things like expired subkeys will lead to failing encryption. (This is no theory:
We've been there and don't want to have this again)

Nov 14 2016, 9:53 AM · Won't Fix, gpgme, Feature Request
thomas added a comment to T2832: "Invalid elliptic curve" when specifying wrong algo for gpg --quick-gen-key.

The string "Unknown algorithm" already exists. Because it is less specific, it
does not indicate that there is a problem regarding support for elliptic curves
here.

Nov 14 2016, 9:34 AM · Bug Report, gnupg

Nov 10 2016

thomas added a comment to T2820: GPGME: Allow to set the keyring for a context.

Please tell me how I should model my workflows in this case:

  • There is a a centrally managed set of public keys (currently in a keyring

file, but I'm open to suggestions)

  • Different users should be able to use this set of keys (and no others) for

certain tasks:

  1. Encrypt a file to any of those key (but no others!), but also decrypt the

file with their secret key (which is not centrally managed)

  1. Iterate over all keys and do something with them (here: publish them in the

WKD after having made changes to the set of keys)

Nov 10 2016, 1:06 PM · Won't Fix, gpgme, Feature Request
thomas added a comment to T2832: "Invalid elliptic curve" when specifying wrong algo for gpg --quick-gen-key.

A little bit better, but that would still confuse me, as I did not intentionally
specify an elliptic curve.
What could help here is:

  1. talking about algo/algorithm (that is shown in the man page as parameter for

--quick-gen-key)

  1. saying which algorithm gpg saw.

If the error message had been "Unkown algo 'user@example.com'" I would
immediately know that I provided an email address where an algorithm was expected.

Nov 10 2016, 12:52 PM · Bug Report, gnupg

Nov 9 2016

thomas added a project to T2833: gpg-wks-client TLS access to server with wrong SNI name aborts: dirmngr.
Nov 9 2016, 11:49 AM · Unreleased, gnupg, Bug Report, dirmngr
thomas removed a project from T2833: gpg-wks-client TLS access to server with wrong SNI name aborts: gnupg.
Nov 9 2016, 11:49 AM · Unreleased, gnupg, Bug Report, dirmngr
thomas added a comment to T2833: gpg-wks-client TLS access to server with wrong SNI name aborts.

Andre said, category dirmngr is better

Nov 9 2016, 11:49 AM · Unreleased, gnupg, Bug Report, dirmngr
thomas set Version to 2.1.16-beta328 on T2833: gpg-wks-client TLS access to server with wrong SNI name aborts.
Nov 9 2016, 11:48 AM · Unreleased, gnupg, Bug Report, dirmngr
thomas updated subscribers of T2833: gpg-wks-client TLS access to server with wrong SNI name aborts.
Nov 9 2016, 11:48 AM · Unreleased, gnupg, Bug Report, dirmngr
thomas added projects to T2833: gpg-wks-client TLS access to server with wrong SNI name aborts: gnupg, Bug Report.
Nov 9 2016, 11:48 AM · Unreleased, gnupg, Bug Report, dirmngr
thomas updated subscribers of T2832: "Invalid elliptic curve" when specifying wrong algo for gpg --quick-gen-key.
Nov 9 2016, 10:08 AM · Bug Report, gnupg
thomas added projects to T2832: "Invalid elliptic curve" when specifying wrong algo for gpg --quick-gen-key: gnupg, Bug Report.
Nov 9 2016, 10:08 AM · Bug Report, gnupg
thomas added a comment to T2820: GPGME: Allow to set the keyring for a context.

Ah, I understand. I currently have two keyrings (the default keyrings and
debian-keyring.gpg) in my user account. So I will export the keys from
debian-keyring.gpg and import them into my regular keyring.

But this is a different topic from the one described here:
This issue is about allowing gpgme to use exactly one different keyring (not an
additional keyring) that is different from the default keyring or other keyrings
configured in the user's gpg.conf.

So it is just about allowing in gpgme what is already possible via the command
line. Or maybe you would prefer to allow passing command line options to gpg via
gpgme to avoid the wrapper script mentioned below?

Nov 9 2016, 9:14 AM · Won't Fix, gpgme, Feature Request

Nov 8 2016

thomas assigned T2820: GPGME: Allow to set the keyring for a context to werner.
Nov 8 2016, 5:29 PM · Won't Fix, gpgme, Feature Request
thomas added a comment to T2820: GPGME: Allow to set the keyring for a context.

Besides the WKD scenario Andre describes, there are already many existing uses
of a separate keyring where having other keyrings configured via
~/.gnupg/gpg.conf already conflicts with the intended use, except when using
--no-options:

  1. /etc/apt/trusted.gpg
  2. /usr/share/keyrings/debian-keyring.gpg
  3. our company's keyring with acceptable keys for encryption of certain

sensitive information

Basically everywhere where multiple users use a single keyring, often with
"--trust-model always", where you do not want additionally configured keyrings
to disturb the result and give a false sense of security.

Please explain why this a Bad Thing[tm] and what the correct workflow would be.

Nov 8 2016, 5:29 PM · Won't Fix, gpgme, Feature Request

Jul 4 2015

thomas added a comment to T2031: GnuPG 2.1 Migration fails badly with (weird) PGP2 key in pubring.

Another small note: The problematic key was in wide-spread use and additionally
it was distributed until few years ago with Apache's KEYS file and still is
listed here: https://people.apache.org/keys/committer/lars.asc

And I would not call my keyring "very large", it contains less than 1700 keys,
mostly fetched using "keyserver-options auto-key-retrieve" when reading mailing
lists.

So it probably does not only affect me.

Jul 4 2015, 8:59 AM · Bug Report, gnupg, gnupg (gpg21)
thomas raised the priority of T2031: GnuPG 2.1 Migration fails badly with (weird) PGP2 key in pubring from High to Unbreak Now!.
Jul 4 2015, 8:43 AM · Bug Report, gnupg, gnupg (gpg21)
thomas added a comment to T2031: GnuPG 2.1 Migration fails badly with (weird) PGP2 key in pubring.

Two more details:

  1. All secret keys become unusable in this situation until you revert to a

backup of the public keyring, therefore I propose status "critical" (data loss)

  1. The duplicates (or even triplicates with my own keyring) of the keys only

have one uid, even if the original has more.

Jul 4 2015, 8:43 AM · Bug Report, gnupg, gnupg (gpg21)

Oct 10 2011

thomas added a comment to T1374: Pinentry: Cannot paste a passphrase into the textfield with middle mouse button..

strange thing is that this works with pinentry-qt

Oct 10 2011, 2:53 PM · Duplicate, Bug Report, pinentry, Not A Bug

Sep 28 2011

thomas added a comment to T1357: pinentry-qt4 appears in the background.

These are the versions in Debian squeeze.
The same happens with gnupg 2.0.17 and pinentry 0.8.0, we have not tested 0.8.1 yet.

Sep 28 2011, 9:45 AM · Bug Report, pinentry
thomas assigned T1357: pinentry-qt4 appears in the background to ludwig.
Sep 28 2011, 9:45 AM · Bug Report, pinentry

Sep 19 2011

thomas added a comment to T1357: pinentry-qt4 appears in the background.

Confirmed with different user accounts and window managers (KDE, stumpwm, ...).
The qt3 version works without problems.

Sep 19 2011, 4:38 PM · Bug Report, pinentry

Jan 28 2011

thomas added a comment to T1203: gpg-agent/pinentry does work on certain ttys (/dev/pts/?).

I did not have a chance to test 2.0.17 or the patch yet, but for the archive:
I just have an instance of gpg-agent, which does not allow ttys matching
"/dev/pts/??", i.e. two digits. On three-digit-ttys it works. Maybe the
behaviour depends on the length of tty when the gpg-agent was started first or
something similar.

Jan 28 2011, 1:03 PM · Too Old, Bug Report, pinentry, gpgagent

Jan 11 2011

thomas added a comment to T1203: gpg-agent/pinentry does work on certain ttys (/dev/pts/?).

From http://gnupg.org/download/cvs_access.en.html:
the stable 2.0 version (currently version 2.0.16) is known as STABLE-BRANCH-2.0;
the stable 1.4 version of GnuPG (1.4.11) is known under as STABLE-BRANCH-2.0.
I guess I should look at the first of the two :)

Jan 11 2011, 9:36 AM · Too Old, Bug Report, pinentry, gpgagent

Jan 10 2011

thomas added a comment to T1203: gpg-agent/pinentry does work on certain ttys (/dev/pts/?).

Sounds good. I'll test it as soon as we have a kk package for the next release.

Jan 10 2011, 3:19 PM · Too Old, Bug Report, pinentry, gpgagent

Oct 21 2010

thomas added a comment to T1291: signatures to OpenPGP keys no longer expire by default if the signed key expires.

Hallo Werner!

Oct 21 2010, 10:01 AM · gnupg, OpenPGP, Feature Request

Oct 15 2010

thomas added projects to T1291: signatures to OpenPGP keys no longer expire by default if the signed key expires: OpenPGP, gnupg, Bug Report.
Oct 15 2010, 4:02 PM · gnupg, OpenPGP, Feature Request
thomas set External Link to http://www.mail-archive.com/gnupg-users@gnupg.org/msg01128.html on T1291: signatures to OpenPGP keys no longer expire by default if the signed key expires.
Oct 15 2010, 4:02 PM · gnupg, OpenPGP, Feature Request
thomas updated subscribers of T1291: signatures to OpenPGP keys no longer expire by default if the signed key expires.
Oct 15 2010, 4:02 PM · gnupg, OpenPGP, Feature Request
thomas set Version to 1.4.9 on T1291: signatures to OpenPGP keys no longer expire by default if the signed key expires.
Oct 15 2010, 4:02 PM · gnupg, Feature Request, OpenPGP

Sep 23 2010

thomas set External Link to https://issues.kolab.org/issue4563 on T1285: gpgconf doesn't restart gpg-agent after running gpgconf with '--change-option --runtime'.
Sep 23 2010, 4:59 PM · Bug Report, gnupg, gpgagent

Sep 13 2010

thomas added a comment to T1203: gpg-agent/pinentry does work on certain ttys (/dev/pts/?).

Today I just had the problem again (/dev/pts/9, still same verisons as in T1203 (thomas on Jul 29 2010, 03:35 PM / Roundup))

Sep 13 2010, 11:51 AM · Too Old, Bug Report, pinentry, gpgagent

Aug 27 2010

thomas added a comment to T1203: gpg-agent/pinentry does work on certain ttys (/dev/pts/?).

Just had the problem on /dev/pts/9 while no problems since 2010-07-29 (because I
usually start mutt in a certain screen window where I made sure that it has a
high-enough tty number)

Aug 27 2010, 4:01 PM · Too Old, Bug Report, pinentry, gpgagent

Jul 29 2010

thomas added a comment to T1203: gpg-agent/pinentry does work on certain ttys (/dev/pts/?).

Still a problem with gnupg-agent 2.0.14-0kk2 and pinentry (or pinentry-qt in
curses mode because of unset $DISPLAY) 0.7.6-0kk1 on Debian lenny:
Does not work on /dev/pts/7, works on /dev/pts/72

Jul 29 2010, 3:35 PM · Too Old, Bug Report, pinentry, gpgagent

May 21 2010

thomas added projects to T1189: p12 import brings up pinentry in a different way (so it does not appear sometimes): gpgagent, pinentry.
May 21 2010, 10:21 AM · Too Old, pinentry, gpgagent, Bug Report, gnupg
thomas added a comment to T1189: p12 import brings up pinentry in a different way (so it does not appear sometimes).

Your logs show /dev/pts/7 and as I wrote in T1203:
other bug reports indicate that any /dev/pts/(single-digit) exposes the problem.

May 21 2010, 10:21 AM · Too Old, pinentry, gpgagent, Bug Report, gnupg

Mar 17 2010

thomas added a comment to T1203: gpg-agent/pinentry does work on certain ttys (/dev/pts/?).
  • Werner Koch via BTS <gnupg@bugs.g10code.com> [20100317 16:00]:

Werner Koch <wk@gnupg.org> added the comment:

What pinentry version are you using (qt or another one)?

Mar 17 2010, 10:47 PM · Too Old, Bug Report, pinentry, gpgagent
thomas added projects to T1203: gpg-agent/pinentry does work on certain ttys (/dev/pts/?): gpgagent, pinentry, Bug Report.
Mar 17 2010, 12:10 PM · Too Old, Bug Report, pinentry, gpgagent
thomas set Version to 2.0.14-0kk1 on T1203: gpg-agent/pinentry does work on certain ttys (/dev/pts/?).
Mar 17 2010, 12:10 PM · Too Old, Bug Report, pinentry, gpgagent
thomas updated subscribers of T1203: gpg-agent/pinentry does work on certain ttys (/dev/pts/?).
Mar 17 2010, 12:10 PM · Too Old, Bug Report, pinentry, gpgagent

Jan 18 2008

thomas added a project to T873: Missing German translations in gpgconf (and one typo): Bug Report.
Jan 18 2008, 12:19 PM · gnupg, Bug Report

Jan 7 2008

thomas removed a project from T866: running gpg-agent unsusable after upgrade: Testing.
Jan 7 2008, 11:01 AM · Bug Report, gpgagent
thomas closed T866: running gpg-agent unsusable after upgrade as Resolved.
Jan 7 2008, 11:01 AM · Bug Report, gpgagent
thomas added a comment to T866: running gpg-agent unsusable after upgrade.

Upgrading from 2.0.7.svn4643-0kk1 and from 2.0.7-1kk2 to 2.0.8-0kk1 worked fine.
(tested on two machines, both having a running gpg-agent and then decrypting
OpenPGP and S/MIME messages)

Jan 7 2008, 11:00 AM · Bug Report, gpgagent

Dec 11 2007

thomas added projects to T866: running gpg-agent unsusable after upgrade: gpgagent, Bug Report.
Dec 11 2007, 2:56 PM · Bug Report, gpgagent