werner (Werner Koch)Administrator
Engineering

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Friday

  • Clear sailing ahead.

User Details

User Since
Mar 27 2017, 4:48 PM (158 w, 1 d)
Roles
Administrator
Availability
Available

Recent Activity

Yesterday

werner closed T4909: gpg2: "decryption failed: No secret key" DBG: search.keyring.c.1109, parse.keyring.c.415 as Resolved.

That smells very much like an old and insecure version 3 key. We don't allow them anymore - use gpg 1 to decrypt old material but never use that key to sign stuff or give it to others to encrypt to you. It is just too weak.

Tue, Apr 7, 8:59 PM · FAQ
werner committed rG9ec8d984be46: scd:p15: Show a pretty PIN prompt. (authored by werner).
scd:p15: Show a pretty PIN prompt.
Tue, Apr 7, 8:40 PM
werner committed rGf28795b615c3: scd: Return GPG_ERR_BAD_PIN on 0x63Cn status word. (authored by werner).
scd: Return GPG_ERR_BAD_PIN on 0x63Cn status word.
Tue, Apr 7, 8:40 PM
werner committed rG60d018f6a91c: scd: Factor common PIN status check out. (authored by werner).
scd: Factor common PIN status check out.
Tue, Apr 7, 8:40 PM
werner committed rG42ddcc87f4bc: scd:p15: Fix decrypt followed by sign problem for D-Trust cards. (authored by werner).
scd:p15: Fix decrypt followed by sign problem for D-Trust cards.
Tue, Apr 7, 4:05 PM
werner committed rG5ec1f667930b: doc: Typo fix in code comment. (authored by werner).
doc: Typo fix in code comment.
Tue, Apr 7, 4:05 PM
werner added a comment to T4909: gpg2: "decryption failed: No secret key" DBG: search.keyring.c.1109, parse.keyring.c.415.

Please explain what your problems is. Setting arbitrary debug flags is not helpful for your or us.

Tue, Apr 7, 8:48 AM · FAQ
werner created T4910: Allow to add a no-mail notation to user-ids.
Tue, Apr 7, 8:38 AM · gnupg (gpg23), Feature Request

Mon, Apr 6

werner added a comment to T4908: ECDH with AES-128 decryption failure when fully padded.

EdDSA is sign only - how do you want to encrypt to such a key? Did you mean cv25519 and ECDH?

Mon, Apr 6, 12:21 PM · Testing, gnupg (gpg22), Bug Report
werner added a project to T3763: ECDH - encryption with obfuscated size of the symmetric key: OpenPGP.

I also don't think that key size obfuscation is useful, after all the preferences of the key demand a certain key size.

Mon, Apr 6, 12:19 PM · OpenPGP, gnupg (gpg23)
werner added a comment to T4774: Cross compilation friendly libgpg-error.

Clever idea.

Mon, Apr 6, 9:49 AM · gpgrt
werner added a comment to E618: Weekly Standup.

Last week:

  • Worked on CardOS support. Basically working now with a one bug left. I have no specs except for a way to look into a 15 years old 4.3 manual - we have 5.0, though.
Mon, Apr 6, 9:46 AM

Fri, Apr 3

werner committed rE98d11eff669c: core: Improve the echo and info meta commands of the arg parser (authored by werner).
core: Improve the echo and info meta commands of the arg parser
Fri, Apr 3, 10:51 PM
werner committed rEef07aedc7099: core: Implement meta command [user] also for Windows (authored by werner).
core: Implement meta command [user] also for Windows
Fri, Apr 3, 10:51 PM
werner committed rEd843d260f550: core: Implement meta command [user] for the arg parser. (authored by werner).
core: Implement meta command [user] for the arg parser.
Fri, Apr 3, 10:42 PM
werner committed rK1119068b2e9f: Very minor patch cleanup (authored by werner).
Very minor patch cleanup
Fri, Apr 3, 5:18 PM
werner committed rGaa60645b997d: scd:p15: Emit MANUFACTURER, $ENCRKEYID, $SIGNKEYID. (authored by werner).
scd:p15: Emit MANUFACTURER, $ENCRKEYID, $SIGNKEYID.
Fri, Apr 3, 11:22 AM
werner committed rG541a6a903e79: scd:openpgp: New attribute "MANUFACTURER". (authored by werner).
scd:openpgp: New attribute "MANUFACTURER".
Fri, Apr 3, 11:22 AM
werner committed rG15352b0eac33: gpg,card: Use the new MANUFACTURER attribute. (authored by werner).
gpg,card: Use the new MANUFACTURER attribute.
Fri, Apr 3, 11:22 AM

Thu, Apr 2

werner committed rG61c5b0767fac: scd:p15: Implement do_with_keygrip and capabilities. (authored by werner).
scd:p15: Implement do_with_keygrip and capabilities.
Thu, Apr 2, 2:23 PM
werner committed rG8149742ddfea: scd:p15: Rename some variables and functions for clarity. (authored by werner).
scd:p15: Rename some variables and functions for clarity.
Thu, Apr 2, 2:23 PM
werner closed T4907: Spurious warning: ignoring return value of ‘write’ ... as Spite.

Please stop this and use the mailing list for such ramblings. Usually only one developer reads a bug report and thus you can't participate from the experience of others - use mailing lists - please.

Thu, Apr 2, 12:05 PM · gnupg
werner committed rG5b7b42e2b2b7: scd: Use Gcrypt usage constants for the do_with_keygrip capabilities. (authored by werner).
scd: Use Gcrypt usage constants for the do_with_keygrip capabilities.
Thu, Apr 2, 11:54 AM
werner awarded T4864: New scdaemon command to watch device removal a Cup of Joe token.
Thu, Apr 2, 10:19 AM · Testing, Feature Request, scd, Bug Report

Wed, Apr 1

werner triaged T4900: OS X 10.12 and dyld: Library not loaded: /usr/local/lib/libgcrypt.20.dylib as Normal priority.
Wed, Apr 1, 8:53 PM · MacOS, libgcrypt, Bug Report
werner closed T4905: t-secmem: line 176: gcry_control ((GCRYCTL_INIT_SECMEM, pool_size, 0)) failed: General error as Invalid.
Wed, Apr 1, 8:52 PM · libgcrypt, Bug Report
werner closed T4904: argparse.c:286:22: runtime error: left shift of 1 by 31 places cannot be represented in type 'int' as Spite.

See my comments on the other bugs you posted today.

Wed, Apr 1, 8:51 PM · gpgrt, Bug Report
werner closed T4902: libgpg-error and yat2m: can't open include file './version.texi': No such file or directory as Spite.

Please see my other comments; we need proper bug reports and not just arbitrary snippets.

Wed, Apr 1, 8:50 PM · gpgrt, Bug Report
werner closed T4901: Libgcrypt-error 1.38 is missing from https://gnupg.org/ftp/gcrypt/libgpg-error as Invalid.

That are all development versions and they may require the latest changes from the repo of other libraries.

Wed, Apr 1, 8:49 PM · gnupg, Bug Report
werner added a comment to T4905: t-secmem: line 176: gcry_control ((GCRYCTL_INIT_SECMEM, pool_size, 0)) failed: General error.

Please write proper bug reports and do not just post snippets from some arbitrary build process. In addition master is non-released software and thus it is in general better to ask at gcrypt-devel@gnupg.org for help.

Wed, Apr 1, 8:48 PM · libgcrypt, Bug Report
werner closed T4903: Github sources are difficult to test as Invalid.

Sorry, if you use your own copy of GnuPG on GitHub, it is all up to you. We do not use Github.

Wed, Apr 1, 8:45 PM · gnupg, Bug Report
werner committed rG29f8f52bf816: scd:p15: Cache the PIN. (authored by werner).
scd:p15: Cache the PIN.
Wed, Apr 1, 8:32 PM
werner committed rG132d82c15820: scd:p15: Run a keygrip_from_prkdf before verify_pin (authored by werner).
scd:p15: Run a keygrip_from_prkdf before verify_pin
Wed, Apr 1, 8:32 PM
werner committed rGb95a0bfbba75: scd:p15: Add missing keygrip retrieval for decryption. (authored by werner).
scd:p15: Add missing keygrip retrieval for decryption.
Wed, Apr 1, 5:43 PM
werner committed rGe730444e7b75: scd:p15: Support signing with CardOS 5 cards. (authored by werner).
scd:p15: Support signing with CardOS 5 cards.
Wed, Apr 1, 4:19 PM
werner committed rG4af38ea5e450: scd:p15: Support decryption with CardOS 5 cards. (authored by werner).
scd:p15: Support decryption with CardOS 5 cards.
Wed, Apr 1, 4:19 PM
werner committed rGce9406ca370b: scd:p15: Factor PIN verification out to a new function. (authored by werner).
scd:p15: Factor PIN verification out to a new function.
Wed, Apr 1, 4:19 PM
werner committed rG64142caafe5c: scd: Add function for binary read in extended mode. (authored by werner).
scd: Add function for binary read in extended mode.
Wed, Apr 1, 4:19 PM
werner committed rG368f006a2840: scd:p15: Read certificates in extended mode. (authored by werner).
scd:p15: Read certificates in extended mode.
Wed, Apr 1, 4:19 PM
werner committed rG135af6652558: scd:p15: Improve diagnostics (authored by werner).
scd:p15: Improve diagnostics
Wed, Apr 1, 4:19 PM
werner committed rG60b0aa7e57e7: scd:p15: Detect CardOS 5 cards and print some basic infos. (authored by werner).
scd:p15: Detect CardOS 5 cards and print some basic infos.
Wed, Apr 1, 4:19 PM
werner committed rGca4391399c69: scd:p15: Support decryption with CardOS 5 cards. (authored by werner).
scd:p15: Support decryption with CardOS 5 cards.
Wed, Apr 1, 2:08 PM
werner committed rG375b1454875f: scd:p15: Factor PIN verification out to a new function. (authored by werner).
scd:p15: Factor PIN verification out to a new function.
Wed, Apr 1, 2:08 PM
werner closed T4495: UBsan finding "certdump.c:695:3: runtime error: null pointer passed as argument 2" as Resolved.

Applied the fix also to master with a comment to ebentually replace it with es_fopenmem.

Wed, Apr 1, 10:00 AM · gnupg
werner closed T4899: Undefined behavior in sm/certdump.c as Resolved.
Wed, Apr 1, 9:59 AM · gnupg, Bug Report
werner committed rGc7ff8c59b925: sm: Fix a warning in an es_fopencooie function. (authored by werner).
sm: Fix a warning in an es_fopencooie function.
Wed, Apr 1, 9:59 AM
werner added a commit to T4495: UBsan finding "certdump.c:695:3: runtime error: null pointer passed as argument 2": rGc7ff8c59b925: sm: Fix a warning in an es_fopencooie function..
Wed, Apr 1, 9:59 AM · gnupg

Tue, Mar 31

werner committed rG103c1576b73e: scd:p15: Support signing with CardOS 5 cards. (authored by werner).
scd:p15: Support signing with CardOS 5 cards.
Tue, Mar 31, 7:57 PM
werner committed rG2bdd4fc7b6cf: scd:p15: Read certificates in extended mode. (authored by werner).
scd:p15: Read certificates in extended mode.
Tue, Mar 31, 12:05 PM
werner committed rGc9ad81070a2b: scd: Add function for binary read in extended mode. (authored by werner).
scd: Add function for binary read in extended mode.
Tue, Mar 31, 12:05 PM
werner committed rGc29603fa9a1a: scd:p15: Improve diagnostics (authored by werner).
scd:p15: Improve diagnostics
Tue, Mar 31, 12:05 PM
werner triaged T4898: auto import CA certs with authInfo.caIssuers as Normal priority.
Tue, Mar 31, 12:04 PM · dirmngr, S/MIME, gnupg (gpg23)
werner created T4898: auto import CA certs with authInfo.caIssuers.
Tue, Mar 31, 12:04 PM · dirmngr, S/MIME, gnupg (gpg23)

Mon, Mar 30

werner committed rG8a68d497f1dd: scd:p15: Detect CardOS 5 cards and print some basic infos. (authored by werner).
scd:p15: Detect CardOS 5 cards and print some basic infos.
Mon, Mar 30, 9:20 PM
werner closed T4886: gpg-wks-server fails on openbsd, because sendmail is in /usr/sbin, not /usr/lib as Resolved.

Done; will go into 2.2.21 (T4897).

Mon, Mar 30, 5:42 PM · wkd, gnupg (gpg22), Bug Report
werner committed rG76d2a02dfe8f: wks: Take name of sendmail from configure. (authored by werner).
wks: Take name of sendmail from configure.
Mon, Mar 30, 5:41 PM
werner added a commit to T4886: gpg-wks-server fails on openbsd, because sendmail is in /usr/sbin, not /usr/lib: rG76d2a02dfe8f: wks: Take name of sendmail from configure..
Mon, Mar 30, 5:41 PM · wkd, gnupg (gpg22), Bug Report
werner renamed T4897: Release GnuPG 2.2.21 from Release GnUPG 2.2.21 to Release GnuPG 2.2.21.
Mon, Mar 30, 5:40 PM · gnupg (gpg22), Release Info
werner created T4897: Release GnuPG 2.2.21.
Mon, Mar 30, 5:40 PM · gnupg (gpg22), Release Info
werner closed T4895: segfaults in certreqen.c from logging NULL return from get_parameter as Resolved.

Thanks.

Mon, Mar 30, 5:35 PM · gnupg (gpg22), S/MIME, Bug Report
werner committed rG9c5c7c6f602c: sm: Fix possible NULL deref in error messages of --gen-key. (authored by werner).
sm: Fix possible NULL deref in error messages of --gen-key.
Mon, Mar 30, 5:35 PM
werner committed rGc5c21a064671: agent: Print an error if gpg-protect reads the extended key format. (authored by werner).
agent: Print an error if gpg-protect reads the extended key format.
Mon, Mar 30, 5:35 PM
werner added a commit to T4895: segfaults in certreqen.c from logging NULL return from get_parameter: rG9c5c7c6f602c: sm: Fix possible NULL deref in error messages of --gen-key..
Mon, Mar 30, 5:35 PM · gnupg (gpg22), S/MIME, Bug Report
werner committed rG011a2f5fb77c: agent: Print an error if gpg-protect reads the extended key format. (authored by werner).
agent: Print an error if gpg-protect reads the extended key format.
Mon, Mar 30, 5:35 PM
werner committed rG2b4b0b1223aa: sm: Fix possible NULL deref in error messages of --gen-key. (authored by werner).
sm: Fix possible NULL deref in error messages of --gen-key.
Mon, Mar 30, 5:35 PM
werner added a commit to T4895: segfaults in certreqen.c from logging NULL return from get_parameter: rG2b4b0b1223aa: sm: Fix possible NULL deref in error messages of --gen-key..
Mon, Mar 30, 5:35 PM · gnupg (gpg22), S/MIME, Bug Report
werner added a commit to T4892: gpgsm --gen-key with existing key from "ssh-add" fails: rK1e903fe558bd: Allow optional elements in keyinfo objects..
Mon, Mar 30, 5:32 PM · Bug Report, S/MIME
werner committed rK1e903fe558bd: Allow optional elements in keyinfo objects. (authored by werner).
Allow optional elements in keyinfo objects.
Mon, Mar 30, 5:32 PM
werner added a comment to T4892: gpgsm --gen-key with existing key from "ssh-add" fails.

The problem was the comment field which was not expected in an rsa key. However ist makes sense to allow additional fields and thus I pushed a change to Libksba.

Mon, Mar 30, 5:00 PM · Bug Report, S/MIME
werner added a comment to E617: Weekly Standup.

Last week:

  • Bug fixing
  • Infrastructure
Mon, Mar 30, 8:28 AM

Sun, Mar 29

werner added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

No, we always stated that the user id is a mandatory part of OpenPGP keyblocks and that non-compliant keyblocks are rejected. The only exception we made are for revocation signatures where we allow a standalone packet. That exception is done to allow typing in a printed out revocation signature.

Sun, Mar 29, 6:30 PM · gnupg (gpg23), Feature Request
werner closed T4393: GnuPG should always accept key updates even if the update does not contain UIDs as Wontfix.

With OpenPGP we made user ids mandatory to avoid problems we had with PGP2. I see no reason to revert this.

Sun, Mar 29, 11:25 AM · gnupg (gpg23), Feature Request

Fri, Mar 27

werner committed rG1424c12e4c71: sm: Consider certificates w/o CRL DP as valid. (authored by werner).
sm: Consider certificates w/o CRL DP as valid.
Fri, Mar 27, 9:24 PM
werner committed rG0b583a555e75: sm: Consider certificates w/o CRL DP as valid. (authored by werner).
sm: Consider certificates w/o CRL DP as valid.
Fri, Mar 27, 9:16 PM
werner committed rG4c4999b8185a: scd:openpgp: Allow PKSIGN with keygrip also for OPENPGP.3. (authored by werner).
scd:openpgp: Allow PKSIGN with keygrip also for OPENPGP.3.
Fri, Mar 27, 7:38 PM
werner triaged T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation as Normal priority.

I recall that I talked with Stephan about it but things got lost.

Fri, Mar 27, 7:12 PM · FIPS, libgcrypt, Feature Request
werner set the icon for FIPS to Tag.
Fri, Mar 27, 7:12 PM
werner awarded T4888: GpgSM: Support ECC key generation by gpgsm_genkey a Cup of Joe token.
Fri, Mar 27, 4:18 PM · Testing, Feature Request, S/MIME

Thu, Mar 26

werner closed T4893: "Note: signatures using the MD5 algorithm are rejected" is emitted despite --quiet as Wontfix.

This is an important information to know because it can help to avoid bug reports.

Thu, Mar 26, 7:32 PM · gnupg (gpg22), Bug Report
werner closed T4892: gpgsm --gen-key with existing key from "ssh-add" fails as Wontfix.

Please use the mailing list for help on generating keys. I would also suggest to use GnuPG master for such experiments.

Thu, Mar 26, 10:27 AM · Bug Report, S/MIME

Wed, Mar 25

werner added a comment to T4890: print preview tries to use wrong key for decryption.

FWIW, a log of the decryption process will always show the sender's key because a message is usually also encrypted to that one (--encrypt-to).

Wed, Mar 25, 1:00 PM · gpgol, Bug Report
werner created T4891: Support CBOR content in gpgsm.
Wed, Mar 25, 12:54 PM · Feature Request, gnupg, S/MIME
werner added a comment to T4860: Release GnuPG 2.2.20 .

If you run into build problems on OpenBSD for gpg-wks-server, see T4886 for a required minor fix.

Wed, Mar 25, 8:48 AM · gnupg (gpg22), Release Info

Tue, Mar 24

werner closed T4885: gpg4win-3.1.11.exe installs malwares as Invalid.

No info received; either really malware downloaded from a fraudster site without proper checking on bare coincidence with other updates.

Tue, Mar 24, 10:51 AM · gpg4win
werner closed T4887: GPG is throwing error while doing (encryption+sign) or Decryption as Invalid.

@sarman: Your question is actually a support question and not a bug report. Please read the documentation, use the public help channels (so that other can also learn from the issue), or get in touch with a commercial support provider.

Tue, Mar 24, 10:48 AM · Not A Bug, Solaris, gnupg, Documentation

Fri, Mar 20

werner committed rDceaa09f5e3d3: swdb: GnuPG 2.2.20 (authored by werner).
swdb: GnuPG 2.2.20
Fri, Mar 20, 6:27 PM
werner added a comment to T4885: gpg4win-3.1.11.exe installs malwares.

From where did you downloaded it? Did it show a valid issuer for the software (Intevation GmbH)?

Fri, Mar 20, 6:02 PM · gpg4win
werner closed T4536: dirmngr fails to find OCSP signer certificate when responder is identified with key ID as Resolved.
Fri, Mar 20, 5:59 PM · S/MIME, gnupg (gpg22), Bug Report
werner closed T4810: A key with only "C" capability cannot be selected as default key. as Resolved.
Fri, Mar 20, 5:59 PM · Testing, gnupg (gpg22)
werner closed T4832: card: when KDF is enabled, use of pinpad input should be disabled as Resolved.
Fri, Mar 20, 5:59 PM · Testing, gnupg (gpg22), scd, Bug Report
werner closed T4847: "gpgsm: invalid radix64 character 2d skipped" when trying to import a PEM file with DOS line endings (CR+LF) as Resolved.
Fri, Mar 20, 5:59 PM · gnupg (gpg22), S/MIME, Bug Report
werner closed T4831: gnupg-2.2.19 fails to build on latest Fedora Rawhide as Resolved.
Fri, Mar 20, 5:59 PM · gnupg (gpg22), toolchain, Bug Report
werner closed T4860: Release GnuPG 2.2.20 as Resolved.
Fri, Mar 20, 5:59 PM · gnupg (gpg22), Release Info
werner closed T4850: GnuPG fails to find default key to sign when using a smart card, but recovers once card is removed as Resolved.
Fri, Mar 20, 5:59 PM · Testing, gnupg (gpg22)
werner set External Link to https://lists.gnupg.org/pipermail/gnupg-announce/2020q1/000444.html on T4860: Release GnuPG 2.2.20 .
Fri, Mar 20, 5:57 PM · gnupg (gpg22), Release Info
werner committed rGbc7e56d9dcf5: Post release updates (authored by werner).
Post release updates
Fri, Mar 20, 5:35 PM
werner committed rGdae1e384c4ec: po: Auto-update (authored by werner).
po: Auto-update
Fri, Mar 20, 5:35 PM
werner committed rG5094bb08edd4: Release 2.2.20 (authored by werner).
Release 2.2.20
Fri, Mar 20, 5:35 PM
werner committed rGb27d30df62ac: Copyright notice updates et al. (authored by werner).
Copyright notice updates et al.
Fri, Mar 20, 5:35 PM
werner committed rC3441f4c94c49: tests/basic: add GOST 28147 keymeshing testcase from LibreSSL testsuite (authored by lumag).
tests/basic: add GOST 28147 keymeshing testcase from LibreSSL testsuite
Fri, Mar 20, 1:59 PM