werner (Werner Koch)Administrator
Engineering

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Monday

  • Clear sailing ahead.

User Details

User Since
Mar 27 2017, 4:48 PM (181 w, 4 d)
Roles
Administrator
Availability
Available

Recent Activity

Wed, Sep 16

werner added a comment to T5069: Concurrent auto-start of gpg-agent by multiple gpg instances..

We need to figure out why the file locks seem not to work. gpg-agent processes whatch there own socket and terminate if that socket does not belong to them anymore.

Wed, Sep 16, 8:10 AM · gnupg (gpg22), Windows, Bug Report
werner added a comment to T5065: scdaemon doesn't detect card removal after boot/resume (Identiv SPR332v2).

I checked two devices and both have the info below but 332 on the case.

Wed, Sep 16, 7:55 AM · gnupg (gpg22), scd, Bug Report
werner added a comment to T5065: scdaemon doesn't detect card removal after boot/resume (Identiv SPR332v2).

Bus 001 Device 123: ID 04e6:e003 SCM Microsystems, Inc. SPR532 PinPad SmartCard Reader

Wed, Sep 16, 7:48 AM · gnupg (gpg22), scd, Bug Report

Tue, Sep 15

werner triaged T5065: scdaemon doesn't detect card removal after boot/resume (Identiv SPR332v2) as High priority.

Okay, I have the same problem at my office and thus I should be able to figure out the reason. I have ignored the problem until now because the wokraround is easy enough and in most cases I authenticate with my token anyway. But yes, this needs to be fixed.

Tue, Sep 15, 9:35 PM · gnupg (gpg22), scd, Bug Report
werner triaged T5069: Concurrent auto-start of gpg-agent by multiple gpg instances. as Normal priority.

I assume this is the Windows version. gpg uses a locking mechanism to avoid creating several gpg-agent processes. In the worst case this may take quite some time until one of the processes can get the lock. There is an exponential backoff scheme in use and I have not yet found a way to replicate the full deadlock you describe. It would be helpful if you could describe in more detail how you run into this case.

Tue, Sep 15, 9:35 PM · gnupg (gpg22), Windows, Bug Report
werner triaged T5070: Retain the exact name of the archive when extracting/decrypting via gpgtar as Normal priority.

Using a not yet existing directory is a security feature. The directory is created at a time the signature has not yet been verified and thus it would be too easy to trick a user into overwriting important data.

Tue, Sep 15, 9:26 PM · gnupg (gpg23), gpgtar, Feature Request
werner created T5068: LDAP keyserver does not support lookup by fingerprint.
Tue, Sep 15, 2:24 PM · LDAP, dirmngr, gnupg (gpg22)

Mon, Sep 14

werner added projects to T5065: scdaemon doesn't detect card removal after boot/resume (Identiv SPR332v2): scd, gnupg (gpg22).

Thanks for the detailed report. Does the green LED blink fast when it does not work?

Mon, Sep 14, 7:59 AM · gnupg (gpg22), scd, Bug Report

Sun, Sep 13

werner closed T5061: writecert fails for ECC keys on PIV cards as Resolved.
Sun, Sep 13, 4:32 PM

Fri, Sep 11

werner committed rGfbc1b199fdc8: scd:piv: Avoid conflict when writing a cert. (authored by werner).
scd:piv: Avoid conflict when writing a cert.
Fri, Sep 11, 3:52 PM
werner committed rGb6ba6a79ce93: common: New function cmp_canon_sexp. (authored by werner).
common: New function cmp_canon_sexp.
Fri, Sep 11, 3:52 PM
werner added a commit to T5061: writecert fails for ECC keys on PIV cards: rGb6ba6a79ce93: common: New function cmp_canon_sexp..
Fri, Sep 11, 3:52 PM
werner added a commit to T5061: writecert fails for ECC keys on PIV cards: rGfbc1b199fdc8: scd:piv: Avoid conflict when writing a cert..
Fri, Sep 11, 3:52 PM
werner committed rG9a94db1f662a: keyboxd: Implement lookup by short and long keyid. (authored by werner).
keyboxd: Implement lookup by short and long keyid.
Fri, Sep 11, 12:10 PM
werner committed rG616c60d93dfa: keyboxd: Add ephemeral and revoked flag to the sqlite backend. (authored by werner).
keyboxd: Add ephemeral and revoked flag to the sqlite backend.
Fri, Sep 11, 12:10 PM
werner claimed T5061: writecert fails for ECC keys on PIV cards.
Fri, Sep 11, 9:11 AM

Thu, Sep 10

werner added a comment to T5061: writecert fails for ECC keys on PIV cards.

Are you using libgcrypt 1.8 or master (to be 1.9)?

Thu, Sep 10, 5:21 PM
werner committed rG29977e21d181: keyboxd: Add options --openpgp and --x509 to SEARCH. (authored by werner).
keyboxd: Add options --openpgp and --x509 to SEARCH.
Thu, Sep 10, 1:06 PM
werner committed rGc9677d416e6f: keyboxd: Add basic support for X.509. (authored by werner).
keyboxd: Add basic support for X.509.
Thu, Sep 10, 1:06 PM
werner committed rG6fcc263c182f: keyboxd: Use D-lines instead of a separate thread. (authored by werner).
keyboxd: Use D-lines instead of a separate thread.
Thu, Sep 10, 1:06 PM
werner committed rGed6ebb696e40: sm: Implement initial support for keyboxd. (authored by werner).
sm: Implement initial support for keyboxd.
Thu, Sep 10, 1:06 PM
werner committed rG72e04b03b1a7: dirmngr: Fix the pool keyserver case for a single host in the pool. (authored by werner).
dirmngr: Fix the pool keyserver case for a single host in the pool.
Thu, Sep 10, 11:09 AM
werner committed rGa084924d07be: gpg-connect-agent: Catch signals so that SIGPIPE is ignored. (authored by werner).
gpg-connect-agent: Catch signals so that SIGPIPE is ignored.
Thu, Sep 10, 11:09 AM
werner committed rGe4f3b74c9106: dirmngr: Align the gnutls use of CAs with the ntbtls code. (authored by werner).
dirmngr: Align the gnutls use of CAs with the ntbtls code.
Thu, Sep 10, 11:09 AM
werner committed rGfaabc49797df: dirmngr: Align the gnutls use of CAs with the ntbtls code. (authored by werner).
dirmngr: Align the gnutls use of CAs with the ntbtls code.
Thu, Sep 10, 10:51 AM
werner committed rG3cf9bb4d73cf: gpg-connect-agent: Catch signals so that SIGPIPE is ignored. (authored by werner).
gpg-connect-agent: Catch signals so that SIGPIPE is ignored.
Thu, Sep 10, 10:51 AM
werner committed rG5a87011c46b5: dirmngr: Fix the pool keyserver case for a single host in the pool. (authored by werner).
dirmngr: Fix the pool keyserver case for a single host in the pool.
Thu, Sep 10, 10:51 AM
werner closed T2312: GnuPG 2.1 migration fails due to permissions but appears to succeed as Resolved.

It should be possible to apply the patch rG7de9ed521e516879a72ec6ff6400aed4bdce5920
for 2.2 also to older 2.1 or 2.2 versions,

Thu, Sep 10, 7:50 AM · gnupg, Bug Report
werner committed rG7de9ed521e51: agent: Keep some permissions of private-keys-v1.d. (authored by werner).
agent: Keep some permissions of private-keys-v1.d.
Thu, Sep 10, 7:47 AM
werner added a commit to T2312: GnuPG 2.1 migration fails due to permissions but appears to succeed: rG7de9ed521e51: agent: Keep some permissions of private-keys-v1.d..
Thu, Sep 10, 7:47 AM · gnupg, Bug Report

Wed, Sep 9

werner added a comment to T2312: GnuPG 2.1 migration fails due to permissions but appears to succeed.

That keeps the group permissions of an existing directory. Needs to be backported to 2.2

Wed, Sep 9, 8:37 PM · gnupg, Bug Report
werner committed rG8ed85ef3de9c: agent: Keep some permissions of private-keys-v1.d. (authored by werner).
agent: Keep some permissions of private-keys-v1.d.
Wed, Sep 9, 8:36 PM
werner added a commit to T2312: GnuPG 2.1 migration fails due to permissions but appears to succeed: rG8ed85ef3de9c: agent: Keep some permissions of private-keys-v1.d..
Wed, Sep 9, 8:36 PM · gnupg, Bug Report
werner committed rGadec6a84f6ee: kbx: Change X.509 S/N search definition. (authored by werner).
kbx: Change X.509 S/N search definition.
Wed, Sep 9, 8:36 PM
werner reopened T2312: GnuPG 2.1 migration fails due to permissions but appears to succeed as "Open".

The fix we have there has the problem that it forcefully changes the permissions. Consider the case that for example that group access was provided which will currently be reset with each start of gpg-agent.

Wed, Sep 9, 7:41 PM · gnupg, Bug Report
werner committed rG5b6cfef62092: build: Fix recent commit for SOURCE_DATE_EPOCH. (authored by werner).
build: Fix recent commit for SOURCE_DATE_EPOCH.
Wed, Sep 9, 3:41 PM
werner committed rMe4ee706e270c: core: Fully implement the inquire callback for assuan_transact (authored by werner).
core: Fully implement the inquire callback for assuan_transact
Wed, Sep 9, 12:14 PM
werner added a comment to T5059: Could not create key pair: Timeout.

Checkout the taskbar. While creating the key you should get a (blinking) notification for pinentry - the tool to enter the passphrase. Under some circumstances Windows won't pop up that tool and you need to click on its icon in the taskbar.

Wed, Sep 9, 8:49 AM · Bug Report
werner added a comment to T5057: Smartcard's secret key cannot be found for decryption.

@gniibe: Actually I implemented this recently. Support for this is in gpg-card

Wed, Sep 9, 8:47 AM · gnupg (gpg22), Bug Report

Tue, Sep 8

werner added a comment to T5057: Smartcard's secret key cannot be found for decryption.

On an OpenPGP card the key no 1 (OPENPGP.1) is a sign-only key - you can't use it for decryption even if you somehow managed to encrypt to that key. That restriction is enforced by the card.

Tue, Sep 8, 4:54 PM · gnupg (gpg22), Bug Report
werner created T5058: Review --trusted-key.
Tue, Sep 8, 3:27 PM · gnupg (gpg22)
werner added inline comments to rG0db9c83555b4: scd: Add a workaround for Yubikey..
Tue, Sep 8, 8:24 AM
werner added a comment to T5057: Smartcard's secret key cannot be found for decryption.

Your problem seems to be that you don't have a copy of your public key anymore. The uni-mainz keyserver might be configured not to return expired keys (if I read the output above correctly). I was able to to retrieve your key using the standard pool (in particular from the server sks.pod02.fleetstreetops.com). The key is expired but that does hinder you to decrypt. Run "gpg --card-status" once tomake sure a stub file is available.

Tue, Sep 8, 8:22 AM · gnupg (gpg22), Bug Report

Mon, Sep 7

werner triaged T5054: Preservation of modification date upon decryption/extraction. as Normal priority.
Mon, Sep 7, 10:30 AM · gnupg (gpg23), gpgtar, Feature Request
werner added a comment to E772: Weekly Standup.

Last week:

  • Security Fix handling
Mon, Sep 7, 10:01 AM

Sat, Sep 5

werner added projects to T5054: Preservation of modification date upon decryption/extraction.: gpgtar, gnupg (gpg23).

I will consider a -p option for gpgtar.

Sat, Sep 5, 8:02 PM · gnupg (gpg23), gpgtar, Feature Request
werner triaged T5053: More gpg arguments available for use with gpgtar as Normal priority.
Sat, Sep 5, 12:35 PM · gnupg (gpg23), gpgtar, Feature Request

Fri, Sep 4

werner closed T5045: Release GnuPG 2.2.23 as Resolved.

See
https://lists.wald.intevation.org/pipermail/gpg4win-announce/2020-September/000089.html
for the fixed Gpg4win 3.1.13

Fri, Sep 4, 5:23 PM · gnupg, Release Info
werner closed T5050: AEAD preference list overflow in 2.2 as Resolved.

Gpg4win 3.113 has also been released. Thus closing this issue.

Fri, Sep 4, 5:23 PM · gnupg (gpg22), CVE
werner added a comment to T4945: Windows builds use "winepath" when it is available.

Winepath starts calls the full Wine engine just convert file names to DOS format. This is used by libtool but if winepath can't be executed, it doesn't care. So the given solution (using /etc/alternatives/winepath -> /bin/false) can be used.

Fri, Sep 4, 3:18 PM · gpgrt
werner committed rG0e721b635d61: scd: Increase the number of supported readers from 4 to 16. (authored by werner).
scd: Increase the number of supported readers from 4 to 16.
Fri, Sep 4, 12:52 PM
werner committed rG65eb1569809a: gpg: Initialize a parameter to silence valgrind. (authored by werner).
gpg: Initialize a parameter to silence valgrind.
Fri, Sep 4, 11:33 AM
werner committed rGb7f56ba5e3cc: tests: New test run envvar to run gpg under valgrind. (authored by werner).
tests: New test run envvar to run gpg under valgrind.
Fri, Sep 4, 11:33 AM
werner committed rG6ce8fdc4b2a0: gpg: Initialize a parameter to silence valgrind. (authored by werner).
gpg: Initialize a parameter to silence valgrind.
Fri, Sep 4, 11:29 AM
werner committed rG8a2193380c07: tests: New test run envvar to run gpg under valgrind. (authored by werner).
tests: New test run envvar to run gpg under valgrind.
Fri, Sep 4, 11:29 AM
werner added a comment to T5050: AEAD preference list overflow in 2.2.

Small correction: The fixed byte I talked about may have the values 1, 2, 3, or 4.

Fri, Sep 4, 9:06 AM · gnupg (gpg22), CVE
werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Unfortunately you can't pass extra arguments.

Fri, Sep 4, 7:47 AM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
gpguser123 awarded T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent a Mountain of Wealth token.
Fri, Sep 4, 1:00 AM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Thu, Sep 3

werner committed rDb371eb414522: web: Add CVE id. (authored by werner).
web: Add CVE id.
Thu, Sep 3, 10:11 PM
werner updated the task description for T5045: Release GnuPG 2.2.23.
Thu, Sep 3, 9:57 PM · gnupg, Release Info
werner added a comment to T5050: AEAD preference list overflow in 2.2.

This has CVE-2020-25125

Thu, Sep 3, 9:56 PM · gnupg (gpg22), CVE
werner committed rDc36c66a4cba3: web: Announce gnupg 2.2.23 (authored by werner).
web: Announce gnupg 2.2.23
Thu, Sep 3, 6:57 PM
werner added a comment to T5050: AEAD preference list overflow in 2.2.

2.2.23 has been released and announced.

Thu, Sep 3, 6:49 PM · gnupg (gpg22), CVE
werner closed T5039: 2.2.22 regression: Nitrokey Pro 2 is no longer recognized automatically, requires --card-status as Resolved.
Thu, Sep 3, 6:48 PM · Testing, gnupg (gpg22), Bug Report
werner set Version to GnuPG 2.2.23 on T5045: Release GnuPG 2.2.23.
Thu, Sep 3, 6:48 PM · gnupg, Release Info
werner shifted T5050: AEAD preference list overflow in 2.2 from the Restricted Space space to the S1 Public space.
Thu, Sep 3, 6:44 PM · gnupg (gpg22), CVE
werner committed rDc11481827401: swdb: Release 2.2.23 (authored by werner).
swdb: Release 2.2.23
Thu, Sep 3, 6:04 PM
werner committed rG390ae3c3099d: Post release updates (authored by werner).
Post release updates
Thu, Sep 3, 5:54 PM
werner committed rGe234d04c3c91: Release 2.2.23 (authored by werner).
Release 2.2.23
Thu, Sep 3, 5:54 PM
werner committed rGaeb8272ca8aa: gpg: Fix AEAD preference list overflow (authored by werner).
gpg: Fix AEAD preference list overflow
Thu, Sep 3, 5:54 PM
werner committed rG038314665398: po: auto update (authored by werner).
po: auto update
Thu, Sep 3, 5:54 PM
werner committed rG1a4b0fd793aa: po: Update Ukrainian translation (authored by Yuri Chornoivan <yurchor@ukr.net>).
po: Update Ukrainian translation
Thu, Sep 3, 5:54 PM
werner added a commit to T5050: AEAD preference list overflow in 2.2: rGaeb8272ca8aa: gpg: Fix AEAD preference list overflow.
Thu, Sep 3, 5:54 PM · gnupg (gpg22), CVE
werner committed rG93d10403adc6: po: Update Polish translation (authored by Jakub Bogusz <qboosh@pld-linux.org>).
po: Update Polish translation
Thu, Sep 3, 5:54 PM
werner committed rGa8a8105bc756: po: Add key-check.c to the list of translatable sources. (authored by werner).
po: Add key-check.c to the list of translatable sources.
Thu, Sep 3, 5:54 PM
werner committed rGcad9955ac999: po: Update Czech translation. (authored by petr_p).
po: Update Czech translation.
Thu, Sep 3, 5:54 PM
werner created T5052: Release GnuPG 2.2.24.
Thu, Sep 3, 5:48 PM · Release Info, gnupg (gpg22)
werner added a comment to T5050: AEAD preference list overflow in 2.2.

The fix will be in the 2.2.23 release (T5045).

Thu, Sep 3, 5:20 PM · gnupg (gpg22), CVE
werner created T5050: AEAD preference list overflow in 2.2 in the Restricted Space space.
Thu, Sep 3, 3:21 PM · gnupg (gpg22), CVE
werner committed rGa7d006293ec8: sm: Add arg ctrl to keydb_new. (authored by werner).
sm: Add arg ctrl to keydb_new.
Thu, Sep 3, 1:50 PM
werner committed rG046f419f8060: sm: New options to prepare the use of keyboxd. (authored by werner).
sm: New options to prepare the use of keyboxd.
Thu, Sep 3, 1:50 PM
werner added a comment to T5048: Error handling in libassuan.

To implement this it would be best to have an gpg_strerror variant which does not call dgettext.

Thu, Sep 3, 10:01 AM · libassuan
werner added a comment to T5048: Error handling in libassuan.

re 1: Correct utf-8 truncation would be quite some work. In this case the message is in the Assuan interface is a debugging aid. Translation is not necessary so we can try to disable it.

Thu, Sep 3, 9:55 AM · libassuan
werner closed T5047: can not find the runtime library libgcc_s_sjlj-1.dll as Invalid.

You need to get you toolchain correctly installed.

Thu, Sep 3, 8:37 AM · Bug Report, gpg4win

Wed, Sep 2

werner created T5045: Release GnuPG 2.2.23.
Wed, Sep 2, 4:41 PM · gnupg, Release Info
werner added a comment to T5030: Release GnuPG 2.2.22 .

A bug was reported against this version which could happen also to older versions of GnuPG 2.2. In case of a crash please apply the patch over at rG8ec9573e57866dda5efb4677d4454161517484bc or wait for 2.2.23

Wed, Sep 2, 4:16 PM · gnupg (gpg22), Release Info
werner added a task to rG8ec9573e5786: gpg: Fix segv importing certain keys.: T5030: Release GnuPG 2.2.22 .
Wed, Sep 2, 4:14 PM
werner added a commit to T5030: Release GnuPG 2.2.22 : rG8ec9573e5786: gpg: Fix segv importing certain keys..
Wed, Sep 2, 4:14 PM · gnupg (gpg22), Release Info
werner committed rG896c528ba055: gpg: Fix segv importing certain keys. (authored by werner).
gpg: Fix segv importing certain keys.
Wed, Sep 2, 4:12 PM
werner added a comment to rG8ec9573e5786: gpg: Fix segv importing certain keys..

See https://bugzilla.opensuse.org/show_bug.cgi?id=1176034 for the original bug report. I was not able to replicate the crash but the bad reads. The error is pretty obvious: The code expects that all fields are zeroed out.

Wed, Sep 2, 4:10 PM
werner committed rG8ec9573e5786: gpg: Fix segv importing certain keys. (authored by werner).
gpg: Fix segv importing certain keys.
Wed, Sep 2, 4:07 PM
werner committed rG497db0b5bcd6: keyboxd: Restructure client access code. (authored by werner).
keyboxd: Restructure client access code.
Wed, Sep 2, 4:07 PM
werner committed rG4d839f5a8083: keyboxd: Fix user id based queries (authored by werner).
keyboxd: Fix user id based queries
Wed, Sep 2, 4:07 PM
werner committed rG2042f5a4641f: common: New helper function gnupg_close_pipe. (authored by werner).
common: New helper function gnupg_close_pipe.
Wed, Sep 2, 4:07 PM
werner edited projects for T5042: File deletion during encryption, added: Feature Request, gpg4win; removed Bug Report.
Wed, Sep 2, 10:36 AM · gpg4win, Feature Request

Tue, Sep 1

werner committed rG2cd8bae23d73: Use only one copy of the warn_server_mismatch function. (authored by werner).
Use only one copy of the warn_server_mismatch function.
Tue, Sep 1, 8:45 PM
werner added a project to T5041: gpg-agent/scdaemon/gnuk unable to sign ssh certificate (Couldn't certify key … via agent: agent refused operation): ssh.

gpg-agent has only very limited support for ssh certificates which is the reason that your command fails.

Tue, Sep 1, 2:47 PM · Testing, ssh, Bug Report
werner added a comment to T5039: 2.2.22 regression: Nitrokey Pro 2 is no longer recognized automatically, requires --card-status.

I should add a test with Gnuk to my Windows quick test after a release.

Tue, Sep 1, 8:50 AM · Testing, gnupg (gpg22), Bug Report

Mon, Aug 31

avemilia awarded T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent a Love token.
Mon, Aug 31, 5:17 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
werner added a comment to T3362: Prevent Smartcard from caching PIN when cache-ttl is set accordingly.

There is not a lot of demand for this, thus we have not continued to think about it.

Mon, Aug 31, 4:24 PM · Feature Request