Page MenuHome GnuPG

werner (Werner Koch)
EngineeringAdministrator

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Mar 27 2017, 4:48 PM (269 w, 1 d)
Roles
Administrator
Availability
Available

Recent Activity

Today

werner added projects to T5212: Kleopatra: Check if run with elevated privileges and exit in that case: Restricted Project, Feature Request.

Please let us turn this into a fatal error again. I had too many support cases where Kleo was actually run with Admin rights and messed up the permissions. To help with development issues and for the sake of some blockheads introduce an envvar to bypass the error.

Tue, May 24, 4:21 PM · Feature Request, Restricted Project, kleopatra
werner added a parent task for T6005: Problem decrypting inline images came up again: T4161: GpgOL: Attachments might be hidden in some cases.
Tue, May 24, 3:37 PM · Unreleased, Bug Report, gpgol
werner added a subtask for T4161: GpgOL: Attachments might be hidden in some cases: T6005: Problem decrypting inline images came up again.
Tue, May 24, 3:37 PM · Bug Report, gpg4win, gpgol
werner closed T6004: Slow download from www.gnupg.org/ftp as Resolved.

For me it is faster:

Tue, May 24, 3:30 PM · Bug Report

Yesterday

werner closed T6001: Drop compression support in ntbtls as Invalid.

ntbltls does not implement compression:

Mon, May 23, 10:54 PM · ntbtls
werner closed T5999: Provide an ASCII-output-only mode as Wontfix.

Please remember that GnuPG is a Unix tool. You might be interested in GPGME to write your own frontend.

Mon, May 23, 7:17 PM
werner closed T6000: GnuPG considers certain invalid UTF-8 to be valid as Wontfix.

As a Unix tool GnuPG does not touch its output. Diagnostic messages are only filtered for ASCII control characters because that is what command line tools should do. Everything else is up to your terminal emulation.

Mon, May 23, 7:15 PM
werner triaged T5998: Extend gpg-check-patter to return a description as Low priority.
Mon, May 23, 3:02 PM · Feature Request, Restricted Project, gpgagent, gnupg (gpg23)
werner committed rM5ba0e454a37c: tests: Avoid problems with local time across a day boundary. (authored by werner).
tests: Avoid problems with local time across a day boundary.
Mon, May 23, 9:14 AM
werner cancelled E927: Weekly Standup.
Mon, May 23, 8:55 AM
werner added a comment to T5991: gpgme test suite fails when local time differs from UTC time across a day boundary..

Thanks. The solution should thus be easy.

Mon, May 23, 8:21 AM · gpgme, Bug Report
werner triaged T5993: gpg should reject compressed packets outside of messages as Low priority.
Mon, May 23, 8:14 AM · Feature Request, gnupg
werner added a comment to E925: Weekly Standup.

Lot's of new tasks :-)

Mon, May 23, 8:12 AM
werner added a comment to E927: Weekly Standup.

This is a holiday in Germany.

Mon, May 23, 8:08 AM
werner is attending E925: Weekly Standup.
Mon, May 23, 8:07 AM

Sun, May 22

werner added a comment to T5993: gpg should reject compressed packets outside of messages.

This specificiation is a draft which has not even been discussed in the WG. In any case gpg won't implement this because it would break processing of existing data.

Sun, May 22, 11:34 AM · Feature Request, gnupg
werner closed T5992: gpg should reject compressed packets outside of messages as Invalid.
Sun, May 22, 11:31 AM · Duplicate
werner closed T5994: LC_ALL=C gpg should produce ASCII-only output as Wontfix.

Sorry, no. Use cat(1) for such translations.

Sun, May 22, 11:29 AM · gnupg

Fri, May 20

werner triaged T5990: Option to ignore the user trustlist.txt as Normal priority.
Fri, May 20, 9:18 AM · Restricted Project, gnupg (gpg22), S/MIME, gpgagent

Thu, May 19

werner added projects to T2671: "Invalid option" with utf-16 config files (windows): kleopatra, Restricted Project.

It seems that editing a pre-created revocation certificate on Windows with Notepad doesn't let Kleopatra detect this correctly as OpenPGP file and thus refuses to import. Works on the command line but needs more testing.

Thu, May 19, 1:44 PM · Restricted Project, kleopatra, Bug Report

Wed, May 18

werner added a project to T5977: Smartcard PIN stays in clear in memory: libassuan.
Wed, May 18, 9:14 AM · libassuan, pinentry, scd, gnupg (gpg22), Bug Report
werner added a comment to T5977: Smartcard PIN stays in clear in memory.

AFAICS, we need to implement a new Assuan flag and wipe the data passed to the callback after the callback returned.

Wed, May 18, 9:14 AM · libassuan, pinentry, scd, gnupg (gpg22), Bug Report
werner closed T5981: --output-type raw inconsistent output as Resolved.

That is expected. The export re-encrypts the secret parts to comply with the OpenPGP specs and this includes a salt andf IV and thus the output must be different.

Wed, May 18, 8:56 AM · Support, gnupg

Tue, May 17

werner awarded F3647377: gpg-auth2.sh a Cup of Joe token.
Tue, May 17, 1:28 PM
werner moved T5975: Allow signature verification using specific RSA keys <2k in FIPS mode from Backlog to Next on the FIPS board.
Tue, May 17, 11:12 AM · Testing, patch, libgcrypt, FIPS, Feature Request
werner raised the priority of T4873: Enable AES GCM in FIPS mode from Low to Normal.
Tue, May 17, 11:09 AM · FIPS, libgcrypt, Feature Request
werner moved T5964: gnupg should use the KDFs implemented in libgcrypt from Backlog to Next on the FIPS board.
Tue, May 17, 11:07 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request
werner added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

Lets implement it for 2.3

Tue, May 17, 11:06 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request
werner assigned T5964: gnupg should use the KDFs implemented in libgcrypt to gniibe.
Tue, May 17, 11:06 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request

Mon, May 16

werner added projects to T5980: compilation error libgcrypt 1.10.1: libgcrypt, AIX, ppc.
Mon, May 16, 9:59 PM · Testing, backport, ppc, AIX, libgcrypt, Bug Report

Fri, May 13

werner closed T5597: First 8 bytes of cache item left in clear in memory after decryption. as Resolved.
Fri, May 13, 4:10 PM · libgcrypt, symmetric, Bug Report
werner closed T5592: AppImage of Kleopatra as Resolved.

We meanwhile released two versions to our clients and are looking on how we can make it available to the community.

Fri, May 13, 4:09 PM · Restricted Project, kleopatra, Feature Request
werner closed T5598: AppImage of gpg, a subtask of T5592: AppImage of Kleopatra, as Resolved.
Fri, May 13, 4:08 PM · Restricted Project, kleopatra, Feature Request
werner closed T5598: AppImage of gpg as Resolved.

We have everything ready for a GnuPG Desktop Appimage but we first need a business case to maintain it.

Fri, May 13, 4:08 PM · AppImage, gnupg, Restricted Project, Feature Request
werner lowered the priority of T5478: Kleopatra: Performance problems decrypting and encrypting large Archives from High to Normal.

We have a workaround by using a recent version of gpgtar directly. Thus lowering priority.

Fri, May 13, 4:01 PM · Restricted Project, gpgme, kleopatra
werner renamed T5574: Doubled characters in Windows console output from GPG Portable on USB-Stick - Problems with GnuPG 2.2.30 to Doubled characters in Windows console output.
Fri, May 13, 3:58 PM · gnupg, Windows, gpgrt, Bug Report
werner edited projects for T5574: Doubled characters in Windows console output, added: gpgrt, Windows; removed Info Needed.
Fri, May 13, 3:56 PM · gnupg, Windows, gpgrt, Bug Report
werner closed T5616: asn1-parse.y:861:20: error: 'yytoknum' undeclared as Resolved.
Fri, May 13, 3:48 PM · toolchain, libksba, Bug Report
werner triaged T5712: Yubikey 5 NFC only recognized immediately after it is inserted as Normal priority.
Fri, May 13, 3:46 PM · Documentation, Bug Report
werner triaged T5803: outlook restarts on adding a address to a new email as Normal priority.

Please disable all other Add-Ins as well as extra security tools running on that machine to see whether there is some interference with them.

Fri, May 13, 3:45 PM · gpgol, Bug Report, gpg4win
werner triaged T5518: "Direct Action" to E-Mail not stable as Normal priority.
Fri, May 13, 3:42 PM · gpgol, Bug Report, gpg4win
werner renamed T5950: Allow viewing expired certificates more easily from can not encrypt for others to Allow viewing expired certificates more easily.
Fri, May 13, 3:40 PM · Restricted Project, kleopatra, Feature Request
werner triaged T5950: Allow viewing expired certificates more easily as Normal priority.
Fri, May 13, 3:38 PM · Restricted Project, kleopatra, Feature Request
werner added a comment to T5950: Allow viewing expired certificates more easily.

But only with an option - in general showing expired keys is annoying. For revoked keys the situation is different in case of a compromise - but many users revoke old keys anyway and we don't make use of the revocation reason. If we would consider the latter the UI/Support would be more complicated than useful.

Fri, May 13, 2:49 PM · Restricted Project, kleopatra, Feature Request
werner added projects to T3391: cannot import subkey that was once marked to be on a card: scd, gpgagent.
Fri, May 13, 2:43 PM · gpgagent, scd, gnupg, OpenPGP, Bug Report
werner triaged T5977: Smartcard PIN stays in clear in memory as High priority.
Fri, May 13, 2:40 PM · libassuan, pinentry, scd, gnupg (gpg22), Bug Report
werner triaged T5979: SCardListReaders: Conditional jump or move depends on uninitialised value(s) as High priority.

Thanks for opening a ticket.

Fri, May 13, 2:36 PM · Testing, backport, gnupg, scd, patch
werner committed rD8fef33473764: ids: Submitted draft-koch-openpgp-webkey-service-14 (authored by werner).
ids: Submitted draft-koch-openpgp-webkey-service-14
Fri, May 13, 9:45 AM
werner committed rD7c7c49427dcc: ids: Update draft-koch-openpgp-webkey-service (authored by werner).
ids: Update draft-koch-openpgp-webkey-service
Fri, May 13, 9:45 AM
werner committed rDba0fc860c0fe: ids: Prepare draft-koch-openpgp-webkey-service-14 (authored by werner).
ids: Prepare draft-koch-openpgp-webkey-service-14
Fri, May 13, 9:45 AM
werner committed rD18471d838791: swdb: New w3 build for gnupg 2.2 (authored by werner).
swdb: New w3 build for gnupg 2.2
Fri, May 13, 9:45 AM
werner triaged T5973: libgcrypt: Minor test issues reported by coverity as Normal priority.

Thanks. Should be applied.

Fri, May 13, 8:16 AM · patch, libgcrypt, Bug Report
werner added a project to T5976: libgcrypt build failure on HPPA 1.1 (./.libs/libgcrypt.so: undefined reference to `__udiv_qrnnd'): hppa.
Fri, May 13, 8:06 AM · Testing, hppa, libgcrypt, Gentoo, Bug Report
werner triaged T5976: libgcrypt build failure on HPPA 1.1 (./.libs/libgcrypt.so: undefined reference to `__udiv_qrnnd') as Normal priority.
Fri, May 13, 8:06 AM · Testing, hppa, libgcrypt, Gentoo, Bug Report
werner created hppa.
Fri, May 13, 8:05 AM
werner triaged T5975: Allow signature verification using specific RSA keys <2k in FIPS mode as Normal priority.

I can imagine thar there are use cases for this. Thus I see no problems for the first part.

Fri, May 13, 8:00 AM · Testing, patch, libgcrypt, FIPS, Feature Request

Wed, May 11

werner triaged T5972: Can't insert charaters in a magic-wand generated password as Normal priority.
Wed, May 11, 5:18 PM · Testing, Restricted Project, gnupg (gpg22), gpgagent, pinentry
werner added a comment to T5950: Allow viewing expired certificates more easily.

Please check the 2020 certificate by using the details dialog. Has it a valid encryption subkey?

Wed, May 11, 8:59 AM · Restricted Project, kleopatra, Feature Request
werner triaged T5816: gcrypt mailing list is down as High priority.
Wed, May 11, 8:09 AM · gpgweb, Bug Report
werner added a comment to T5816: gcrypt mailing list is down.

it was noted that this also affects other ML hosted there like those of freie-software.org

Wed, May 11, 8:09 AM · gpgweb, Bug Report

Tue, May 10

werner committed rG5e5df82b5f28: scd:openpgp: New card vendor. (authored by werner).
scd:openpgp: New card vendor.
Tue, May 10, 4:21 PM

Mon, May 9

werner added a project to T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406): gnupg (gpg23).
Mon, May 9, 7:18 AM · Testing, gnupg (gpg23), Bug Report

Fri, May 6

werner committed rG3d7d7e8bfd12: scd:p15: Improve the displayed S/N for Technology Nexus cards. (authored by werner).
scd:p15: Improve the displayed S/N for Technology Nexus cards.
Fri, May 6, 11:46 AM
werner committed rG6f612fd5f6d8: scd:p15: Fix the the sanity check of the displayed S/N. (authored by werner).
scd:p15: Fix the the sanity check of the displayed S/N.
Fri, May 6, 11:46 AM
werner committed rG91acbdc93c8a: scd:p15: Improve the displayed S/N for Technology Nexus cards. (authored by werner).
scd:p15: Improve the displayed S/N for Technology Nexus cards.
Fri, May 6, 11:38 AM
werner committed rG8efe738c4a09: scd:p15: Fix the the sanity check of the displayed S/N. (authored by werner).
scd:p15: Fix the the sanity check of the displayed S/N.
Fri, May 6, 11:38 AM
werner added a comment to T5965: gpgme: Inconsistent secret subkey flag when listing keys with different modes.

No sure, you could also consider the is_cardkey flag to mean that a secret key might be available. FWIW, GPA sets it internal secret key flag based on the type of listing done; thus I see no problem if you want to change the behaviour.

Fri, May 6, 8:33 AM · gpgme, Restricted Project

Thu, May 5

werner committed rG36a5509e11c8: gpg: Minor robustness fix. (authored by werner).
gpg: Minor robustness fix.
Thu, May 5, 2:13 PM
werner committed rGd60f930d9b00: scd: New debug flags "card". (authored by werner).
scd: New debug flags "card".
Thu, May 5, 2:13 PM
werner committed rG7f029eef6ce1: scd:p15: Fix reading certificates without length info. (authored by werner).
scd:p15: Fix reading certificates without length info.
Thu, May 5, 2:13 PM
werner committed rGbbcca7357b01: scd:p15: Fix reading certificates without length info. (authored by werner).
scd:p15: Fix reading certificates without length info.
Thu, May 5, 1:46 PM
werner committed rG7dc569392622: scd: New debug flags "card". (authored by werner).
scd: New debug flags "card".
Thu, May 5, 1:46 PM
werner added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

Ours are even newer (5.4.3). Did you the Yubico tools to switch to curve443?
In any case, is it possible that you apply my fix and test again?

Thu, May 5, 10:06 AM · Testing, backport, yubikey, scd, segv, Bug Report
werner committed rG385f4841330e: scd:openpgp: Fix a segv for cards supporting unknown curves. (authored by werner).
scd:openpgp: Fix a segv for cards supporting unknown curves.
Thu, May 5, 9:55 AM
werner added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

Your Yubikey's firmware version is 5.2.7 - let me see what versions we have in stock to test my fix.

Thu, May 5, 9:51 AM · Testing, backport, yubikey, scd, segv, Bug Report
werner triaged T5952: Can't uninstall gpg4win with Ansible as Normal priority.
Thu, May 5, 8:41 AM · Support, gpg4win
werner triaged T5964: gnupg should use the KDFs implemented in libgcrypt as Normal priority.

When we implemented this first, Libgcrypt had no appropriate KDF support. I recall that I considered to change this but it turned out the for 2.2 the changes are too large. For 2.3 we will consider such a change.

Thu, May 5, 8:40 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request

Wed, May 4

werner updated subscribers of T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I am not sure about the crash but the unknown curve is
1.3.6.1.4.1.11591.15.1.2 which seems to be a GNU OID for curve448

Wed, May 4, 2:38 PM · Testing, backport, yubikey, scd, segv, Bug Report
werner added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

What I would do in this case is to stop the gnupg daemon amd anything whiuch might start them and run scdaemon under valgrind.

Wed, May 4, 10:13 AM · Testing, backport, yubikey, scd, segv, Bug Report

Tue, May 3

werner committed rW8d5439e75dca: Update binary version of GnuPG with Authenticode signed builds. (authored by werner).
Update binary version of GnuPG with Authenticode signed builds.
Tue, May 3, 12:18 PM
werner committed rWa7e52329f0e5: Fix quoting in AUTHENTICODE_sign make template (authored by werner).
Fix quoting in AUTHENTICODE_sign make template
Tue, May 3, 12:18 PM
werner committed rW032b1776dc8a: Fix use of osslsigncode along with stow (authored by werner).
Fix use of osslsigncode along with stow
Tue, May 3, 12:18 PM
werner committed rW356765895426: appimage: Micro fix (authored by werner).
appimage: Micro fix
Tue, May 3, 12:18 PM
werner added a project to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime": backport.
Tue, May 3, 11:21 AM · backport, Testing, FIPS, libgcrypt, Bug Report
werner added a project to T5918: Disable RSA PKCS #1.5 encryption in FIPS mode: backport.
Tue, May 3, 11:17 AM · backport, Testing, libgcrypt, FIPS, Bug Report

Mon, May 2

werner added a project to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com: workaround.
Mon, May 2, 10:19 AM · workaround, Testing, gnupg (gpg23), ssh, Bug Report, scd
werner added a comment to rG4fe8859541d0: gpgscm: Fix handling an error for chdir..

FWIW, the original idea with gpgscm was to provide code which does no rely on any gpg stuff so it can be merged back into upstream. I am not sure whether this still makes sense.

Mon, May 2, 9:54 AM

Fri, Apr 29

werner committed rW499a8e7ad93a: appimage: Minor fix (authored by werner).
appimage: Minor fix
Fri, Apr 29, 2:58 PM
werner triaged T5955: pinentry-efl sends warnings to stderr, does not close windows during getpin as Normal priority.
Fri, Apr 29, 9:46 AM · efl, pinentry, Bug Report
werner created efl.
Fri, Apr 29, 9:45 AM

Thu, Apr 28

werner triaged T5575: Supplying more than one passphrase or PIN using passphrase-fd as Low priority.
Thu, Apr 28, 9:12 AM · gnupg, yubikey, Feature Request
werner closed T5513: Outlook download external content crash as Resolved.

Please try a decent version of Gpg4win - we have fixed dozens of bugs in the mean time If the problems persists, please re-open this bug.

Thu, Apr 28, 9:05 AM · Too Old, gpgol, Bug Report, gpg4win
werner triaged T5798: Empty emails in Outlook - conflict between gpgOl & ESET (antivirus add-in) as Low priority.

Conflicts between Add-Ins are often unavoidable. We have a list of known issues at:
https://wiki.gnupg.org/GpgOL/IncompatibleAddons
If you have more information on that ESET thingy please enter it into the above wiki or leave some description here.

Thu, Apr 28, 9:04 AM · Add-In-conflict, gpgol, gpg4win
werner created Add-In-conflict.
Thu, Apr 28, 9:00 AM
werner lowered the priority of T5931: OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token from High to Normal.
Thu, Apr 28, 8:55 AM · Testing, gnupg (gpg23), ssh, gpgagent
werner closed T5801: Kleopatra: Add support for the new dirmngr/ldapserver option to configure X.509 servers as Resolved.
Thu, Apr 28, 8:53 AM · Restricted Project, kleopatra
werner closed T5793: gpgsm: Wrong length when parsing octetstring in constructed encoding + definite length as Resolved.
Thu, Apr 28, 8:52 AM · Testing, S/MIME, gnupg (gpg22)
werner closed T5856: Forcing aead when creating sign & encrypted files creates inconsistent results as Resolved.
Thu, Apr 28, 8:52 AM · gnupg (gpg23), Bug Report
werner closed T5751: Please remove pgp.surf.nl from default dirmngr config as Resolved.
Thu, Apr 28, 8:50 AM · dirmngr, Keyserver
werner closed T5940: crash importing truncated subkeys as Resolved.
Thu, Apr 28, 8:49 AM · Bug Report, gnupg