Page MenuHome GnuPG

werner (Werner Koch)
EngineeringAdministrator

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Sunday

  • Clear sailing ahead.

User Details

User Since
Mar 27 2017, 4:48 PM (281 w, 3 d)
Roles
Administrator
Availability
Available

Recent Activity

Today

werner committed rG77b6896f7a85: gpgsm: New option --compatibility-flags. (authored by werner).
gpgsm: New option --compatibility-flags.
Fri, Aug 19, 11:22 AM

Yesterday

werner added a comment to T6137: arch-specific (32 bit) failures in AddExistingSubkeyJobTest::testAddExistingSubkeyWithExpiration.

It will be a lot of work to change this in gpg. Thus ISO dates were only introduced with gpgsm after the former glibc maintainer refused to switch to a 64 bit time_t - which would have been easy enough at that time (about the year 2001).

Thu, Aug 18, 11:47 AM · Restricted Project, qt, gpgme, Bug Report
werner created T6140: F5 does not always work in Kleos smartcard dialog.
Thu, Aug 18, 11:01 AM · Restricted Project, kleopatra, Bug Report

Wed, Aug 17

werner changed the status of T6138: gpgconf: List auto-key-import and include-key-block again from Open to Testing.
Wed, Aug 17, 5:13 PM · gnupg (gpg22), Restricted Project
werner committed rGb356eddf3d7a: gpgconf: Make --auto-key-import and --include-key-block visible again. (authored by werner).
gpgconf: Make --auto-key-import and --include-key-block visible again.
Wed, Aug 17, 5:11 PM
werner edited projects for T6138: gpgconf: List auto-key-import and include-key-block again, added: gnupg (gpg22); removed gnupg.

Yes, I removed them accidentally because they were listed under the keyserver option heading in gpg. They actually belong below the import/export heading.

Wed, Aug 17, 5:07 PM · gnupg (gpg22), Restricted Project
werner added a comment to T6097: SC-HSM 4K Compatibility.

ACS readers simply don't work reliable under Linux.

Wed, Aug 17, 7:36 AM · Bug Report
werner updated the task description for T6097: SC-HSM 4K Compatibility.
Wed, Aug 17, 7:32 AM · Bug Report
werner added a comment to T6137: arch-specific (32 bit) failures in AddExistingSubkeyJobTest::testAddExistingSubkeyWithExpiration.

There is a reason that we switched to ISO Date strings in large parts of GnuPG ;-)

Wed, Aug 17, 7:30 AM · Restricted Project, qt, gpgme, Bug Report

Tue, Aug 16

werner committed rG3591112fdb01: agent: Fix bug introduced earlier today. (authored by werner).
agent: Fix bug introduced earlier today.
Tue, Aug 16, 4:47 PM
werner committed rG891b941bbf54: doc: Prepare NEWS (authored by werner).
doc: Prepare NEWS
Tue, Aug 16, 2:44 PM
werner committed rG914ee7247562: gpg: Fix "generate" command in --card-edit. (authored by werner).
gpg: Fix "generate" command in --card-edit.
Tue, Aug 16, 2:08 PM
werner committed rG2d23a72690b4: gpg: Update shadow-keys with --card-status also for non-openpgp cards. (authored by werner).
gpg: Update shadow-keys with --card-status also for non-openpgp cards.
Tue, Aug 16, 1:02 PM
werner committed rG287597cb2263: gpg: Fix --card-status to handle lowercase APPTYPEs (authored by werner).
gpg: Fix --card-status to handle lowercase APPTYPEs
Tue, Aug 16, 12:34 PM
werner committed rG7046001b0758: doc: Update description of the key format. (authored by werner).
doc: Update description of the key format.
Tue, Aug 16, 12:34 PM
werner committed rG755920d43357: agent: Let READKEY update the display-s/n of the Token entry. (authored by werner).
agent: Let READKEY update the display-s/n of the Token entry.
Tue, Aug 16, 12:04 PM
werner committed rG8e393e259264: gpg: Fix --card-status to handle lowercase APPTYPEs (authored by werner).
gpg: Fix --card-status to handle lowercase APPTYPEs
Tue, Aug 16, 12:04 PM
werner committed rG27ae89db6e69: gpg: Fix detecting OpenPGP card by serialno. (authored by gniibe).
gpg: Fix detecting OpenPGP card by serialno.
Tue, Aug 16, 12:04 PM
werner committed rG12ad9529782d: common: In private key mode write "Key:" always last in name-value. (authored by werner).
common: In private key mode write "Key:" always last in name-value.
Tue, Aug 16, 12:04 PM
werner committed rS56629ad6f449: Add configure option only-marked (authored by werner).
Add configure option only-marked
Tue, Aug 16, 9:05 AM

Mon, Aug 15

werner added a comment to T6135: Agent, P15: Insert Smartcard query uses serial number instead of $DISPSERIALNO.

Here is an example


using this key file:

Mon, Aug 15, 1:07 PM · Restricted Project, scd
werner committed rG706adf669173: common: New function nve_set. (authored by werner).
common: New function nve_set.
Mon, Aug 15, 12:58 PM
werner committed rGdc9b2426288e: agent: Create and use Token entries to track the display s/n. (authored by werner).
agent: Create and use Token entries to track the display s/n.
Mon, Aug 15, 12:58 PM
werner added a comment to T6135: Agent, P15: Insert Smartcard query uses serial number instead of $DISPSERIALNO.

If the stub has been created or updated we will now ask for the card
with the Display-SN. If in addition a Label has been set to the key
that label is also shown. Note that the Display-S/N is associated wit
a card but the Label is associated with a key. For example if the
same key has been stored on two cards, the prompt will ask for one of
those cards but shows the same same Label. It is sufficient to insert
any of the cards with the key because that is what we actually need.

Mon, Aug 15, 12:56 PM · Restricted Project, scd
werner added a comment to T6135: Agent, P15: Insert Smartcard query uses serial number instead of $DISPSERIALNO.

In master we already have Token lines which are created but not yet used. I am going to extend this with the display S/N and drop the idea of a separate Display-SN entry.

Mon, Aug 15, 12:18 PM · Restricted Project, scd
werner is attending E938: Weekly Standup.
Mon, Aug 15, 8:22 AM

Fri, Aug 12

werner added a comment to T6135: Agent, P15: Insert Smartcard query uses serial number instead of $DISPSERIALNO.

I am going to introduce a new DisplaySN: value for 2.2 which might also be useful for master.

Fri, Aug 12, 5:58 PM · Restricted Project, scd
werner added a comment to T6135: Agent, P15: Insert Smartcard query uses serial number instead of $DISPSERIALNO.

We have changes for this in master; I need to see whether it is possible to backport them.

Fri, Aug 12, 1:28 PM · Restricted Project, scd
werner committed rO2ccdc9cfc6f9: po: Minor grammar fix for the German translation (authored by werner).
po: Minor grammar fix for the German translation
Fri, Aug 12, 1:08 PM
werner updated subscribers of Gpg4win or GnuPG VS-Desktop Bug Report.
Fri, Aug 12, 12:22 PM · gpg4win
werner committed rG1908fa8b835c: gpg: Improve --edit-key setpref. (authored by werner).
gpg: Improve --edit-key setpref.
Fri, Aug 12, 11:51 AM
werner added a comment to T6133: Interoperability Issue Between gpg4win - Kleopatra and OpenKeyChain.

Here is an example on how to remove the AEAD preference from a key using GnuPG 2.3:

Fri, Aug 12, 11:31 AM · Bug Report, gpg4win
werner added a comment to T6133: Interoperability Issue Between gpg4win - Kleopatra and OpenKeyChain.

As an alternative you may change the preferences on the key to adjust them to your changed/downgraded version.

Fri, Aug 12, 11:18 AM · Bug Report, gpg4win

Thu, Aug 11

werner added a comment to T5862: authentication with USB token.

While playing with your scripts I figured that it would be useful to enhance the KEYINFO command. With
rG989eae648c8f3d2196517e8fc9cce247b21f9629 we could now

Thu, Aug 11, 11:30 AM · Testing, gpgagent, Feature Request, scd
werner committed rG40f0fcfaa476: common: New function nvc_get_boolean. (authored by werner).
common: New function nvc_get_boolean.
Thu, Aug 11, 11:29 AM
werner committed rG989eae648c8f: agent: New option --need-attr for KEYINFO. (authored by werner).
agent: New option --need-attr for KEYINFO.
Thu, Aug 11, 11:29 AM
werner added a comment to T6130: Appimage: Include man pages.

FWIW, the man pages do not carry all the info we have. However, I plan to chnage this and put everyting into man pages. It turned out that even me uses the man pages more than info(1) or gnupg/doc/*.

Thu, Aug 11, 9:40 AM · Restricted Project, gpg4win

Wed, Aug 10

werner committed rD89f6f4b66547: swdb: gpgme 1.18.0 (authored by werner).
swdb: gpgme 1.18.0
Wed, Aug 10, 4:25 PM
werner closed T6060: segfault (NULL-pointer) when inspecting gpg Context after exception (python) as Resolved.
Wed, Aug 10, 4:01 PM · Python, gpgme, Bug Report
werner closed T6056: Kleopatra: Improve handling of embedded filename as Resolved.
Wed, Aug 10, 4:01 PM · Testing, Restricted Project, kleopatra
werner closed T6128: Release GPGME 1.18.0 as Resolved.
Wed, Aug 10, 4:00 PM · Release Info, gpgme
werner committed rM7e2ef54b9c07: Post release updates (authored by werner).
Post release updates
Wed, Aug 10, 3:33 PM
werner committed rM26ff163bd691: Release 1.18.0 (authored by werner).
Release 1.18.0
Wed, Aug 10, 3:33 PM
werner committed rM9ee74b68e688: tests: Make t-edit-sign more robust. (authored by werner).
tests: Make t-edit-sign more robust.
Wed, Aug 10, 3:33 PM
werner closed T6129: Yubikey 5C 'not available: card error' regression as Resolved.

We are currently investigating another problem with a new feature. Thus things are delayed. Hopefully we get a new release this month (or at least a new gnupg 2.3 version to install on top of gpg4win).

Wed, Aug 10, 2:59 PM · Bug Report, gpg4win
werner updated the task description for T5872: Release GPGME 1.17.1.
Wed, Aug 10, 11:04 AM · Release Info, gpgme
werner triaged T6128: Release GPGME 1.18.0 as Normal priority.
Wed, Aug 10, 11:03 AM · Release Info, gpgme

Tue, Aug 9

werner added a comment to T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF.

Should go into 1.10 too

Tue, Aug 9, 11:12 AM · backport, Testing, libgcrypt, FIPS
werner added a project to T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF: backport.
Tue, Aug 9, 11:11 AM · backport, Testing, libgcrypt, FIPS

Fri, Aug 5

werner added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

Firefox nicely shows the 3 NIST certificates from my Telesec card but not the important Brainpool certificate for eIDAS. It turns out that Firefox does not support Brainpool, despite that a patch has been provided 8 years ago. See https://bugzilla.mozilla.org/show_bug.cgi?id=943639 . Thus there is currently no way to use LibreOffice or Okular to signe PDFs because they rely on NSS.

Fri, Aug 5, 2:06 PM · Feature Request, scute

Thu, Aug 4

werner added a project to T6123: Gpg Encryption and Signing - infinite Loop: Support.
Thu, Aug 4, 9:01 PM · Support, gpgagent, gpg4win, Bug Report
werner awarded T6122: GnuPG: misleading error message keytocard a Cup of Joe token.
Thu, Aug 4, 6:22 PM · Testing, Bug Report, gnupg (gpg22)
werner added a project to T6122: GnuPG: misleading error message keytocard: Testing.
Thu, Aug 4, 12:46 PM · Testing, Bug Report, gnupg (gpg22)
werner committed rGf2a81e374501: gpg: Fix wrong error message for keytocard. (authored by werner).
gpg: Fix wrong error message for keytocard.
Thu, Aug 4, 12:46 PM
werner added a comment to T6122: GnuPG: misleading error message keytocard.

With my patch I see the expected status message:

Thu, Aug 4, 12:43 PM · Testing, Bug Report, gnupg (gpg22)
werner committed rG189102ac17dc: gpg: Fix wrong error message for keytocard. (authored by werner).
gpg: Fix wrong error message for keytocard.
Thu, Aug 4, 12:43 PM
werner added a comment to T6122: GnuPG: misleading error message keytocard.

The problem seems to be that we don't return a status code with the
actual error via the --command-fd interface:

Thu, Aug 4, 12:23 PM · Testing, Bug Report, gnupg (gpg22)
werner triaged T6122: GnuPG: misleading error message keytocard as Normal priority.
Thu, Aug 4, 12:07 PM · Testing, Bug Report, gnupg (gpg22)

Wed, Aug 3

werner committed rG6583abedf3f0: common: Silence warnings from AllowSetForegroundWindow. (authored by werner).
common: Silence warnings from AllowSetForegroundWindow.
Wed, Aug 3, 11:15 AM
werner committed rG94908857e1f5: dirmngr: Fix failed malloc error message. (authored by werner).
dirmngr: Fix failed malloc error message.
Wed, Aug 3, 11:15 AM
werner committed rG4ef8516a79f9: common: Silence warnings from AllowSetForegroundWindow. (authored by werner).
common: Silence warnings from AllowSetForegroundWindow.
Wed, Aug 3, 11:11 AM
werner committed rG5fb2306b9760: gpgconf: Add config file for Windows Registry dumps. (authored by werner).
gpgconf: Add config file for Windows Registry dumps.
Wed, Aug 3, 10:50 AM
werner committed rGb067285d595a: dirmngr: Fix failed malloc error message. (authored by werner).
dirmngr: Fix failed malloc error message.
Wed, Aug 3, 10:50 AM
werner committed rGebb736b2c310: gpgconf: Add config file for Windows Registry dumps. (authored by werner).
gpgconf: Add config file for Windows Registry dumps.
Wed, Aug 3, 9:29 AM

Tue, Aug 2

werner added a project to T6119: GnuPG: Compliance mode status omitted when decrypting combined symmetric and asymmetric data: Testing.

Fixed in 2.2 and master. Did a couple of manual tests using 2.2 on Linux. gpgsplit comes handy to add a couple more tag-3 packets (same algos or one patched to camellia for the negative test)

Tue, Aug 2, 6:55 PM · Testing, gnupg, Restricted Project
werner committed rG171725c9717c: g13: Remove unused variable. (authored by werner).
g13: Remove unused variable.
Tue, Aug 2, 6:46 PM
werner committed rGea7aba6e605d: gpgconf: Improve registry dumping. (authored by werner).
gpgconf: Improve registry dumping.
Tue, Aug 2, 6:46 PM
werner committed rGe542c4af182d: gpg: Make symmetric + pubkey encryption de-vs compliant. (authored by werner).
gpg: Make symmetric + pubkey encryption de-vs compliant.
Tue, Aug 2, 6:46 PM
werner committed rGe8011a7ceca7: gpg: Make symmetric + pubkey encryption de-vs compliant. (authored by werner).
gpg: Make symmetric + pubkey encryption de-vs compliant.
Tue, Aug 2, 6:37 PM
werner added a comment to T6119: GnuPG: Compliance mode status omitted when decrypting combined symmetric and asymmetric data.

This also points out that the cipher algos and modes of the symmetric encrypted session key packets where never checked for compliance. We only checked the compliance of the bulk encryption cipher algo.

Tue, Aug 2, 6:04 PM · Testing, gnupg, Restricted Project
werner committed rE745d333cf7b5: w32: Convert REG_DWORD values to a string. (authored by werner).
w32: Convert REG_DWORD values to a string.
Tue, Aug 2, 3:19 PM
werner committed rG6bc959231802: gpgconf: Improve registry dumping. (authored by werner).
gpgconf: Improve registry dumping.
Tue, Aug 2, 12:27 PM

Mon, Aug 1

werner added projects to T5371: Handle invalid compliance settings: Restricted Project, Feature Request.

Has this been implemented?

Mon, Aug 1, 3:15 PM · Feature Request, Restricted Project, kleopatra
werner edited projects for T5990: Option to ignore the user trustlist.txt, added: Testing; removed backport.
Mon, Aug 1, 3:12 PM · Testing, Restricted Project, gnupg (gpg22), S/MIME, gpgagent
werner committed rG10f42f313ca7: tests: Install links for tpm2daemon (authored by werner).
tests: Install links for tpm2daemon
Mon, Aug 1, 3:11 PM
werner lowered the priority of T6023: Check how GnuPG handles several keys from WKD from High to Normal.

I don't think that we need to fix things here. Important is that the WKD import uses a filter which imports only keys with the requested mail address. However, if a key with the same fingerprint already exists it will be merged.

Mon, Aug 1, 11:33 AM · Documentation, wkd, gnupg (gpg23)
werner closed T6098: Path traversal bug in gpg-wks-server as Resolved.
Mon, Aug 1, 11:20 AM · wkd, gnupg
werner triaged T6114: Support Installable test suites in gpg-crypt as Normal priority.
Mon, Aug 1, 11:18 AM · Tests, dev.gnupg.org, Feature Request
werner committed rG8e63e813c740: common: Add a default OpenPGP ECC mapping. (authored by werner).
common: Add a default OpenPGP ECC mapping.
Mon, Aug 1, 10:35 AM
werner committed rG67e510cbf7b1: scd:opengpg: Minor vendor name fix (authored by werner).
scd:opengpg: Minor vendor name fix
Mon, Aug 1, 10:35 AM

Fri, Jul 29

werner edited projects for T5119: TOFU messages are not completely and correctly localized to German, added: gnupg (gpg23); removed gnupg (gpg22).

It is unlikely that the tofu stuff will get into widespread use in the 2.2 version - if at all.

Fri, Jul 29, 4:23 PM · gnupg (gpg23), i18n, Bug Report
werner closed T5359: Kleopatra: Loop in DeviceInfoWatcher with GnuPG 2.3 on Windows as Resolved.

Fixed quite some time ago.

Fri, Jul 29, 4:19 PM · Testing, scd, Restricted Project, kleopatra
werner moved T5990: Option to ignore the user trustlist.txt from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Fri, Jul 29, 4:17 PM · Testing, Restricted Project, gnupg (gpg22), S/MIME, gpgagent

Thu, Jul 28

werner closed T6063: GnuPG: Ignore invalid hash algorithm preferences when signing & encrypting combined as Resolved.

Fixed with commits
rGeb675fbc4e4db52c3276bc0748b49df8a213fbc4
rG890e616593af5d1e0f2eb932768205ef90928e5e

Thu, Jul 28, 11:31 AM · gnupg, Restricted Project
werner added a comment to rG890e616593af: gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference..

The referenced bug should have been T6063

Thu, Jul 28, 11:28 AM
werner committed rG890e616593af: gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference. (authored by werner).
gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.
Thu, Jul 28, 11:08 AM
werner committed rGeb675fbc4e4d: gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference. (authored by werner).
gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.
Thu, Jul 28, 11:08 AM
werner added a comment to T6063: GnuPG: Ignore invalid hash algorithm preferences when signing & encrypting combined.

In de-vs mode we could change the implict algorithm from SHA-1 to SHA-256. That should solve the problem.

Thu, Jul 28, 10:30 AM · gnupg, Restricted Project
werner committed rG6d9c8a1cbc37: scd:openpgp: New vendor (authored by werner).
scd:openpgp: New vendor
Thu, Jul 28, 9:02 AM

Wed, Jul 27

werner committed rGd0bd91ba73a7: agent: New option --no-user-trustlist and --sys-trustlist-name. (authored by werner).
agent: New option --no-user-trustlist and --sys-trustlist-name.
Wed, Jul 27, 5:24 PM
werner committed rGabe69b2094dd: gpg: Look up user ID to revoke by UID hash (authored by ikloecker).
gpg: Look up user ID to revoke by UID hash
Wed, Jul 27, 5:24 PM
werner changed the status of T5936: gpg: Support specifiying user ID to revoke as UID hash for --quick-revoke-uid from Open to Testing.

Backported for for 2.2.37

Wed, Jul 27, 4:37 PM · gnupg (gpg23), Restricted Project, Feature Request
werner changed the status of T5936: gpg: Support specifiying user ID to revoke as UID hash for --quick-revoke-uid, a subtask of T4087: Kleopatra: Revoke User-ID, from Open to Testing.
Wed, Jul 27, 4:37 PM · Testing, Restricted Project, gpg4win, kleopatra, Feature Request
werner triaged T6109: Kleopatra: Better way to show expired subkeys as Normal priority.
Wed, Jul 27, 3:22 PM · Feature Request, Restricted Project, OpenPGP, kleopatra
werner changed the status of T6098: Path traversal bug in gpg-wks-server from Open to Testing.

Fix will go into 2.2.37 and 2.3.8.

Wed, Jul 27, 12:33 PM · wkd, gnupg
werner committed rG73a98c139691: wkd: Bind the address to the nonce. (authored by werner).
wkd: Bind the address to the nonce.
Wed, Jul 27, 12:31 PM
werner shifted T6098: Path traversal bug in gpg-wks-server from the Restricted Space space to the S1 Public space.
Wed, Jul 27, 11:43 AM · wkd, gnupg
werner committed rG4c8792fa10b6: wkd: Bind the address to the nonce. (authored by werner).
wkd: Bind the address to the nonce.
Wed, Jul 27, 11:43 AM
werner committed rG77090e5260e4: tests: Add missing file for tpm2d tests to the tarball. (authored by werner).
tests: Add missing file for tpm2d tests to the tarball.
Wed, Jul 27, 11:43 AM
werner closed T6107: Completely lost ability to create PGP Keys as Resolved.
Wed, Jul 27, 8:37 AM · Support