werner (Werner Koch)Administrator
Engineering

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Friday

  • Clear sailing ahead.

User Details

User Since
Mar 27 2017, 4:48 PM (78 w, 1 d)
Roles
Administrator
Availability
Available

Recent Activity

Yesterday

werner added a comment to T4146: GPG Agent fails in parallel: "gpg: decryption failed: No secret key".

Running with -v would really be helpful.

Tue, Sep 25, 11:54 AM · gnupg (gpg22), MacOS, Bug Report

Mon, Sep 24

werner added a comment to T4154: allow setting passphrase from an environment variable.

Maybe not on Linux but the environment is visible from other processes in the same way as the command line. So I don't see why we should add yet more clumsy passphrase workarounds to gpg. We already have PINENTRY_USER_DATA which can fulfill the same task.

Mon, Sep 24, 9:06 AM · Feature Request, gnupg (gpg23)
werner added a comment to E401: Weekly Standup.

Last week:

  • Administrative work
  • Fixed some regression in gpgme's "make check"
  • Simplified libgpg-error header generation
  • gpgme-json work
Mon, Sep 24, 8:56 AM

Sat, Sep 22

werner added a comment to T4153: no dirmngr.log created after previous command 'KS_GET' failed: Operation not permitted.

Please see my comment on T4152.

Sat, Sep 22, 6:45 PM
werner added a comment to T4152: command 'KS_GET' failed: Operation not permitted.

Please check again with a recent upstream release or report to Debian. The release from Debian is pretty old and has a couple of non-standard patches.

Sat, Sep 22, 6:44 PM · Bug Report

Fri, Sep 21

werner committed rEf4f0da74f526: syscfg: Add support for arc-unknown-linux-gnu (authored by werner).
syscfg: Add support for arc-unknown-linux-gnu
Fri, Sep 21, 2:47 PM
werner committed rEb371e3ca906e: core: Make cross building in mkheader more explicit. (authored by werner).
core: Make cross building in mkheader more explicit.
Fri, Sep 21, 2:41 PM
werner committed rE3fc4ce49b23a: core: Simplify calling convention of mkheader. (authored by werner).
core: Simplify calling convention of mkheader.
Fri, Sep 21, 2:41 PM

Thu, Sep 20

werner committed rM6878126b6f53: python: Fix a couple of syntax errors. (authored by werner).
python: Fix a couple of syntax errors.
Thu, Sep 20, 5:55 PM
werner committed rMdcdabf5f2ef8: python: Silence a few warnings. (authored by werner).
python: Silence a few warnings.
Thu, Sep 20, 5:55 PM
werner committed rM9f19b3aaecd2: python: Fix regression in the test suite. (authored by werner).
python: Fix regression in the test suite.
Thu, Sep 20, 12:22 PM
werner committed rMa824f4498ea9: tests: Don't try using keys from a scmartcard. (authored by werner).
tests: Don't try using keys from a scmartcard.
Thu, Sep 20, 12:22 PM

Wed, Sep 19

werner committed rMc569adb5e3e3: json: Remove subkey-algo from createkey command. (authored by werner).
json: Remove subkey-algo from createkey command.
Wed, Sep 19, 12:01 PM

Tue, Sep 18

werner committed rE48c8f8ddfc80: syscfg: Support ARC CPUs and simplify aliasing table. (authored by werner).
syscfg: Support ARC CPUs and simplify aliasing table.
Tue, Sep 18, 3:40 PM
werner closed T4123: Pinentry-qt does not always become active foreground window (especially when requesting pin for authentication) as Invalid.

Andre explained that we don't do that anymore on purpose. Duck and read the discussion related to this if you are intereested. A related thing is that no-grab does not work on all platforms because it was designed for standard X but nowdays toolkits have their own ideas what is right and what is wrong.

Tue, Sep 18, 3:34 PM · pinentry, Bug Report, gpg4win
werner removed a project from T4145: pinentry-gnome3 grabs input partially and ignores grab/no-grab option: Bug Report.

no-grab does only work on certain platforms. Thus this is no bug.

Tue, Sep 18, 3:30 PM · Documentation, pinentry
werner renamed T4144: pinentry-qt prints Gtk warnings on stderr from gpgagent doesn's work with pinentry-qt warnings on stderr to pinentry-qt prints Gtk warnings on stderr.
Tue, Sep 18, 3:28 PM · Bug Report, pinentry
werner removed a project from T4144: pinentry-qt prints Gtk warnings on stderr: gpgagent.

pinentry-qt giving Gtk- warnings? Very strange. Please give an example. You can start pinentry on the command line like

Tue, Sep 18, 3:27 PM · Bug Report, pinentry
werner triaged T4148: pinentry-gnome3 ignores $GTK_THEME as Low priority.

if you start gpg-agent in that deprecated way it sees the envvars. it will even see them if it is as suggested started on-demand by gpg. However, things are different when a gpg-agent is already running; in that case only the listed envvars are conveyed to the pinentry.

Tue, Sep 18, 3:26 PM · Bug Report, pinentry
werner added projects to T4146: GPG Agent fails in parallel: "gpg: decryption failed: No secret key": MacOS, gnupg (gpg22).

We need a way to replicate your problem, a few questions first:

Tue, Sep 18, 9:10 AM · gnupg (gpg22), MacOS, Bug Report
werner removed a project from T4148: pinentry-gnome3 ignores $GTK_THEME: Bug Report.

I would call that a feature because it makes sure that the Pinentry always shows up the same regardless of an application selects a different theme.

Tue, Sep 18, 9:04 AM · Bug Report, pinentry

Mon, Sep 17

werner triaged T4073: gpg-agent not caching the passphrase as Low priority.
Mon, Sep 17, 11:27 AM · Documentation, Bug Report

Wed, Sep 12

werner added a comment to T3464: successful decryption with session key reports failure if public key is unknown.

The background of my earlier comment was that I didn't tested GPGME in this regard.

Wed, Sep 12, 4:19 PM · gnupg (gpg22), gpgme, Bug Report
werner added a comment to T3464: successful decryption with session key reports failure if public key is unknown.

Okay. So for GPGME should we add --no-keyring if --override-session-key is also enabled? I think this would be better than relying on the fact that gpgme ignores the returned error code.

Wed, Sep 12, 12:35 PM · gnupg (gpg22), gpgme, Bug Report

Tue, Sep 11

werner committed rD60d5f90aa33e: web: Added donation results for June to August. (authored by werner).
web: Added donation results for June to August.
Tue, Sep 11, 11:20 AM
werner added a project to T3464: successful decryption with session key reports failure if public key is unknown: Info Needed.

@dkg does --no-keyring solves the problem for you?

Tue, Sep 11, 10:36 AM · gnupg (gpg22), gpgme, Bug Report
werner closed T2968: gpg --search: Connection closed in DNS as Resolved.

We assume that this has meanwhile been fixed.

Tue, Sep 11, 10:34 AM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr

Mon, Sep 10

werner added members for nGPH: JollyRoger, werner, aheinecke, gniibe, BenM.
Mon, Sep 10, 4:30 PM
werner created nGPH.
Mon, Sep 10, 4:29 PM
werner added a comment to T2013: pinentry-curses / pinentry-tty should emit a bell when showing a dialog.

Well, the counterpart in gpg-agent is missing.

Mon, Sep 10, 3:30 PM · pinentry, Feature Request
werner triaged T4137: IPC syntax error when `gpg` starts `gpg-agent` without `$TERM` variable as Low priority.

Actually it fails only when you set TERM to the empty string. Unsetting TERM still works:

Mon, Sep 10, 3:24 PM · gnupg, Bug Report
werner added a comment to T4093: Undefined shift in parse_symkeyenc.

Another address does not help as long as we are forced to use a Google account. That is not subject to discussion. sorry.

Mon, Sep 10, 11:31 AM · Bug Report
werner added a comment to T4136: --recv-keys With Short IDs Is Insecure, Is Actively Being Attacked, And Should Be Removed Entirely.

You may indeed post to gnupg-devel if that helps to raise the attention of the Travis folks. If they need support we would be glad to help.

Mon, Sep 10, 8:04 AM · Bug Report
werner closed T4136: --recv-keys With Short IDs Is Insecure, Is Actively Being Attacked, And Should Be Removed Entirely as Wontfix.

This has always been the case and the worst thing which can happen is that (64 bit keyid clash) you might not be abale to import the "real" key. Keyserver's never promised to deliver the correct (in whatever sense) key, but are merely an anonymous and distributed stoarage systenms. This is why gpg does not trust a key by default but requires you to validate the key by other means (WoT, second channel, Web Key Directory).

Mon, Sep 10, 7:58 AM · Bug Report
werner added a comment to E399: Weekly Standup.

Last week:

  • Adminstrative work
  • VS-NfD vendor meeting in Bonn
  • Minor code work
Mon, Sep 10, 7:41 AM
werner is attending E399: Weekly Standup.
Mon, Sep 10, 7:37 AM
werner added a comment to T4093: Undefined shift in parse_symkeyenc.

@catenacyber thanks fo this bug report.

Mon, Sep 10, 7:36 AM · Bug Report

Sat, Sep 8

werner claimed T3894: re-evaluate default randomness choices during key generation on GNU/Linux platforms.

Thanks for your comments, Stephan.

Sat, Sep 8, 11:13 AM · libgcrypt, gnupg

Fri, Sep 7

werner committed rGbee65edfbc8c: dirmngr: Emit SOURCE status also on NO_DATA. (authored by werner).
dirmngr: Emit SOURCE status also on NO_DATA.
Fri, Sep 7, 11:58 AM

Thu, Sep 6

werner raised the priority of T4134: GnuPG: Changing the trust model once changes the default trust model from Normal to High.
Thu, Sep 6, 10:22 PM · gpg4win, gpgol, Bug Report, gnupg
werner added inline comments to rM879cc1f84fbf: estreams symbols for python bindings.
Thu, Sep 6, 12:33 PM

Wed, Sep 5

werner committed rG512be1d04b98: kbx: Add framework for a public key daemon. (authored by werner).
kbx: Add framework for a public key daemon.
Wed, Sep 5, 5:20 PM
werner committed rGd4489be467e7: common: New function status_printf. (authored by werner).
common: New function status_printf.
Wed, Sep 5, 5:20 PM
werner closed T4119: gpg --symmetric emits a SEIP packet, but no MDC as Invalid.

Which is the correct way to handle this. We merely gave the MDC packet a standard packet structure so to help with debugging. Decryption needs to defer the 22 bytes to be able to detect the MDC packet.

Wed, Sep 5, 12:40 PM · gnupg (gpg22), Bug Report

Thu, Aug 30

werner committed rDbcbb28280216: swdb: gnupg-2.2.10 (authored by werner).
swdb: gnupg-2.2.10
Thu, Aug 30, 4:29 PM
werner closed T4112: GnuPG 2.2.10 release as Resolved.

Release done with these major news:

  • gpg: Refresh expired keys originating from the WKD. [T2917]
  • gpg: Use a 256 KiB limit for a WKD imported key.
  • gpg: New option --known-notation. [T4060]
  • scd: Add support for the Trustica Cryptoucan reader.
  • agent: Speed up starting during on-demand launching. [T3490]
  • dirmngr: Validate SRV records in WKD queries.
Thu, Aug 30, 3:58 PM · Release Info, gnupg
werner committed rG4b5cddeb5891: Post release updates. (authored by werner).
Post release updates.
Thu, Aug 30, 3:43 PM
werner committed rG24697074f44c: Release 2.2.10 (authored by werner).
Release 2.2.10
Thu, Aug 30, 3:43 PM
werner committed rG2f5ba3a6c19b: po: Update Russian translation. (authored by Ineiev <ineiev@gnu.org>).
po: Update Russian translation.
Thu, Aug 30, 10:50 AM
werner committed rG23738c953051: artwork: State license of the logo (authored by werner).
artwork: State license of the logo
Thu, Aug 30, 10:42 AM
werner committed rG39c34a4a850f: po: Update German translation (authored by werner).
po: Update German translation
Thu, Aug 30, 9:54 AM

Wed, Aug 29

werner closed T3194: Export of keys fails (gets mangled) if stdout is redirected to a file on Windows as Invalid.

There is no way for us to fix. It is a shell issue.

Wed, Aug 29, 3:31 PM · gnupg (gpg22), Windows 32, Bug Report
werner closed T4103: Compile with Apple Clang as Wontfix.

We won't fix that. If you want to build for Apple iOS make sure to use

Wed, Aug 29, 3:29 PM · Feature Request
werner closed T3912: generate_keypair() in g10/keygen.c seems unclear as Resolved.

The “this” is used so that we don't have too many strings to translate.
I added a call to print_further_info which will in --verbose mode explain it.

Wed, Aug 29, 3:25 PM · Documentation, gnupg (gpg22)
werner committed rGa9931b3c052e: gpg: Explain error message in key generation with --batch (authored by werner).
gpg: Explain error message in key generation with --batch
Wed, Aug 29, 3:24 PM
werner added a commit to T3912: generate_keypair() in g10/keygen.c seems unclear: rGa9931b3c052e: gpg: Explain error message in key generation with --batch.
Wed, Aug 29, 3:24 PM · Documentation, gnupg (gpg22)
werner committed rG1bfe766bcf39: gpg: Explain error message in key generation with --batch (authored by werner).
gpg: Explain error message in key generation with --batch
Wed, Aug 29, 3:23 PM
werner added a commit to T3912: generate_keypair() in g10/keygen.c seems unclear: rG1bfe766bcf39: gpg: Explain error message in key generation with --batch.
Wed, Aug 29, 3:23 PM · Documentation, gnupg (gpg22)
werner closed T3906: A way to list the supported ECC curves as Resolved.
Wed, Aug 29, 3:15 PM · Documentation, gnupg (gpg22)
werner committed rG2d700f2c6c18: doc: Minor additions to the gpg man page (authored by werner).
doc: Minor additions to the gpg man page
Wed, Aug 29, 3:15 PM
werner added a commit to T3906: A way to list the supported ECC curves: rG2d700f2c6c18: doc: Minor additions to the gpg man page.
Wed, Aug 29, 3:14 PM · Documentation, gnupg (gpg22)
werner committed rG420dc2b49ad8: doc: Minor additions to the gpg man page (authored by werner).
doc: Minor additions to the gpg man page
Wed, Aug 29, 3:13 PM
werner added a commit to T3906: A way to list the supported ECC curves: rG420dc2b49ad8: doc: Minor additions to the gpg man page.
Wed, Aug 29, 3:13 PM · Documentation, gnupg (gpg22)
werner lowered the priority of T3753: Bad self-signatures and missing subkey usage flags when creating ECDSA/Ed25519 keys in batch mode from Normal to Low.
Wed, Aug 29, 2:57 PM · gnupg (gpg22), Bug Report
werner added a project to T2968: gpg --search: Connection closed in DNS: Info Needed.

@elonsatoshi: Were you able to check this with 2.2.9 which has a fix for the resolver?

Wed, Aug 29, 2:53 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr
werner closed T1055: Special characters encoding issue with LDAP keyserver. as Wontfix.

We won't do that. Those with badly encoded user ids should create new keys or meanwhile have done so. The whole charset back and forth encoding adds a lot of complexity for some legacy applications. Frankly I would like to get rid of all code conversions and stick to utf-8.

Wed, Aug 29, 2:50 PM · gnupg (gpg22), Feature Request
werner lowered the priority of T2908: dirmngr can't be build w/o LDAP from Normal to Low.
Wed, Aug 29, 2:44 PM · gnupg (gpg22), dirmngr, Bug Report, gnupg
werner added a comment to T3277: decrypting data symmetrically doesn't reliably convey confidentiality property.

In T3464 is is described how you can do it. Sure, in your case you want to have a home directory so that the agent and pinentry can work. --no-keyring makes sure that a decryption with a private key can't happen. How we have the cache for symmetric encrypted data which you can disable with --no-symkey-cache.

Wed, Aug 29, 2:43 PM · Feature Request, gnupg (gpg22)
werner closed T4101: --verify-files does not provide sufficient information as Resolved.

--verify-files is mostly useful for scripting and and not for manual checking. With scripting etc you always need to use --status-fd and with that you get:

Wed, Aug 29, 1:11 PM · Bug Report
werner closed T3277: decrypting data symmetrically doesn't reliably convey confidentiality property as Invalid.

To use encryption and for both purposes: encryption and authentication.

Wed, Aug 29, 1:01 PM · Feature Request, gnupg (gpg22)
werner added a comment to T3464: successful decryption with session key reports failure if public key is unknown.

I was already implementing a --no-homedir when I figured that we have --no-keyring. Using that with any homedir fulfills the requested purpose.

Wed, Aug 29, 12:49 PM · gnupg (gpg22), gpgme, Bug Report
werner committed rG719fc941b6ec: gpg: Remove unused function get_pubkeys. (authored by werner).
gpg: Remove unused function get_pubkeys.
Wed, Aug 29, 12:31 PM
werner committed rGed8fe21e6612: gpg: Remove unused function get_pubkeys. (authored by werner).
gpg: Remove unused function get_pubkeys.
Wed, Aug 29, 12:06 PM
werner closed T3353: Session env vars and environment variables for gpg as Resolved.

Will be in 2.2.10

Wed, Aug 29, 10:03 AM · gnupg (gpg22), Documentation, Bug Report
werner committed rG3169b5ae3f21: doc: Show how to list envvars send to gpg-agent. (authored by werner).
doc: Show how to list envvars send to gpg-agent.
Wed, Aug 29, 10:02 AM
werner committed rG53bbac086571: doc: Show how to list envvars send to gpg-agent. (authored by werner).
doc: Show how to list envvars send to gpg-agent.
Wed, Aug 29, 10:02 AM
werner closed T4060: Add ability to mark critical notations as "recognized" during signature verification as Resolved.

Will be in 2.2.10

Wed, Aug 29, 9:47 AM · gnupg (gpg22), Feature Request
werner committed rGa59a9962f48f: gpg: New option --known-notation. (authored by werner).
gpg: New option --known-notation.
Wed, Aug 29, 9:47 AM
werner added a commit to T4060: Add ability to mark critical notations as "recognized" during signature verification: rGa59a9962f48f: gpg: New option --known-notation..
Wed, Aug 29, 9:47 AM · gnupg (gpg22), Feature Request
werner committed rG3da835713fb6: gpg: New option --known-notation. (authored by werner).
gpg: New option --known-notation.
Wed, Aug 29, 9:46 AM
werner added a commit to T4060: Add ability to mark critical notations as "recognized" during signature verification: rG3da835713fb6: gpg: New option --known-notation..
Wed, Aug 29, 9:46 AM · gnupg (gpg22), Feature Request

Tue, Aug 28

werner committed rGb02ad56a9041: po: Update Russian translation. (authored by Ineiev <ineiev@gnu.org>).
po: Update Russian translation.
Tue, Aug 28, 5:53 PM
werner added a comment to T4108: Support for verifying OpenPGP standalone and timestamp signatures.

The question is now to model the API for this. For 0x02 it seems to be pretty clear: We assume it is a detached signature on a zero length file and make sure that no signed file is given.

Tue, Aug 28, 5:16 PM · gnupg (gpg23), Feature Request
werner closed T4088: gpg outputs info to the tty despite that it used the Pinentry as Wontfix.

This was actually reported against 2.0.31 which reached EOL 8 months ago.

Tue, Aug 28, 5:09 PM · gnupg (gpg20), Bug Report
werner closed T3490: "gpgconf --launch gpg-agent" should not take a full second if the agent isn't already started as Resolved.

Backport done for 2.2.10

Tue, Aug 28, 5:03 PM · gnupg (gpg22)
werner committed rG38eb7c360bc4: assuan: Fix exponential decay for first second. (authored by werner).
assuan: Fix exponential decay for first second.
Tue, Aug 28, 5:02 PM
werner committed rG1189df2cd7d4: assuan: Use exponential decay for first 1s of spinlock. (authored by dkg).
assuan: Use exponential decay for first 1s of spinlock.
Tue, Aug 28, 5:02 PM
werner added a commit to T3490: "gpgconf --launch gpg-agent" should not take a full second if the agent isn't already started: rG38eb7c360bc4: assuan: Fix exponential decay for first second..
Tue, Aug 28, 5:02 PM · gnupg (gpg22)
werner added a commit to T3490: "gpgconf --launch gpg-agent" should not take a full second if the agent isn't already started: rG1189df2cd7d4: assuan: Use exponential decay for first 1s of spinlock..
Tue, Aug 28, 5:02 PM · gnupg (gpg22)
werner committed rGa22a55b994e0: assuan: Reorganize waiting for socket. (authored by dkg).
assuan: Reorganize waiting for socket.
Tue, Aug 28, 5:02 PM
werner added a commit to T3490: "gpgconf --launch gpg-agent" should not take a full second if the agent isn't already started: rGa22a55b994e0: assuan: Reorganize waiting for socket..
Tue, Aug 28, 5:02 PM · gnupg (gpg22)
werner moved T3490: "gpgconf --launch gpg-agent" should not take a full second if the agent isn't already started from Backlog to For next release on the gnupg (gpg22) board.
Tue, Aug 28, 4:57 PM · gnupg (gpg22)
werner moved T4088: gpg outputs info to the tty despite that it used the Pinentry from Backlog to For next release on the gnupg (gpg22) board.
Tue, Aug 28, 4:19 PM · gnupg (gpg20), Bug Report
werner closed T3252: Track the origin of a key as Resolved.

AFAICS this is now implemented. We have the option --with-key-origin and even support in GPGME.

Tue, Aug 28, 4:16 PM · gnupg (gpg22)
werner claimed T4112: GnuPG 2.2.10 release.
Tue, Aug 28, 3:48 PM · Release Info, gnupg
werner created T4112: GnuPG 2.2.10 release.
Tue, Aug 28, 3:47 PM · Release Info, gnupg
werner closed T2917: --locate-key should re-fetch key via WKD if it is expired as Resolved.

Done. To be released with 2.2.10.

Tue, Aug 28, 3:42 PM · gnupg (gpg22), Bug Report
werner added a comment to T3910: Kleopatra: Direct way to WKD Lookup a key.

FWIW, we record the origin of the keys. So you have the information. Use --with-key-origin in a key listing. GPGME also has the info.

Tue, Aug 28, 3:39 PM · kleopatra
werner committed rG0709f358cd13: gpg: Refresh expired keys originating from the WKD. (authored by werner).
gpg: Refresh expired keys originating from the WKD.
Tue, Aug 28, 3:37 PM
werner added a commit to T2917: --locate-key should re-fetch key via WKD if it is expired: rG0709f358cd13: gpg: Refresh expired keys originating from the WKD..
Tue, Aug 28, 3:37 PM · gnupg (gpg22), Bug Report