Page MenuHome GnuPG

gnupgProject
ActivePublic

Milestones

Subprojects

Members

  • This project does not have any members.
  • View All

Recent Activity

Yesterday

werner closed T5981: --output-type raw inconsistent output as Resolved.

That is expected. The export re-encrypts the secret parts to comply with the OpenPGP specs and this includes a salt andf IV and thus the output must be different.

Wed, May 18, 8:56 AM · Support, gnupg

Tue, May 17

gniibe added a project to T5979: SCardListReaders: Conditional jump or move depends on uninitialised value(s): Testing.

Possibly, we can use new GCC option: -ftrivial-auto-var-init=0xFEFEFEFE.
https://gcc.gnu.org/gcc-12/changes.html#uninitialized

Tue, May 17, 3:34 AM · Testing, backport, gnupg, scd, patch
gniibe claimed T5979: SCardListReaders: Conditional jump or move depends on uninitialised value(s).

The bug was there when it was initially written. It was in 2003, which introduced PC/SC in rG1bcf8ef9dea1: Cleanups, fixes and PC/SC support

Tue, May 17, 3:29 AM · Testing, backport, gnupg, scd, patch

Fri, May 13

werner closed T5598: AppImage of gpg as Resolved.

We have everything ready for a GnuPG Desktop Appimage but we first need a business case to maintain it.

Fri, May 13, 4:08 PM · AppImage, gnupg, Restricted Project, Feature Request
werner renamed T5574: Doubled characters in Windows console output from GPG Portable on USB-Stick - Problems with GnuPG 2.2.30 to Doubled characters in Windows console output.
Fri, May 13, 3:58 PM · gnupg, Windows, gpgrt, Bug Report
werner added projects to T3391: cannot import subkey that was once marked to be on a card: scd, gpgagent.
Fri, May 13, 2:43 PM · gpgagent, scd, gnupg, OpenPGP, Bug Report
MicroJoe added a comment to T3391: cannot import subkey that was once marked to be on a card.

TL;DR: can reproduce, needs fixing

Fri, May 13, 1:42 PM · gpgagent, scd, gnupg, OpenPGP, Bug Report

Tue, May 10

gniibe removed a project from T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys: Info Needed.
Tue, May 10, 3:50 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I examined all log files you gave us, and I think that scdaemon with PC/SC fails to detect the removal of the USB device.

Tue, May 10, 3:48 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe triaged T5971: Yubikey: Removal of device is not detected by PC/SC as Normal priority.
Tue, May 10, 2:51 AM · Info Needed, yubikey, scd, Bug Report

Mon, May 9

oddlama added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I've applied the linked patch, but still experience the error. Most of the times, I cannot access my yubikey at all and I am not sure what is blocking it.
I've tried to include as much debugging output as I could below. Please let me know if there is anything else I can do to debug this.

Mon, May 9, 12:54 PM · Testing, backport, yubikey, scd, segv, Bug Report
aheinecke closed T5273: Release Gpg4win 4.x.x, a subtask of T4702: Deadline for the GnuPG 2.3.0 release, as Resolved.
Mon, May 9, 9:29 AM · Restricted Project, gpg4win, gnupg
gniibe added a project to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys: backport.
Mon, May 9, 6:52 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a project to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys: Info Needed.

The patch rG054d14887ef8: scd: Add workaround for ECC attribute on Yubikey. fixes a particular problem of Yubikey implementation where it returns bogus octet for its data object of C1, C2, and C3.

Mon, May 9, 4:53 AM · Testing, backport, yubikey, scd, segv, Bug Report

Fri, May 6

oddlama added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

With the patch and after starting a new gpg-agent, gpg --card-status now works immediately.
But when I re-plug the yubikey, gpg reports gpg: OpenPGP card not available: Card error until either gpg-agent is restarted, or pcscd is restarted.
pcsc-lite in debug mode reports no errors, but one log is obviously much shorter as gpg fails early (I've attached both).

Fri, May 6, 1:42 PM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I pushed a workaround.

Fri, May 6, 11:28 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe renamed T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys from scdaemon causes libc segfault and clashes with pcsc-lite despite using disable-ccid to Yubikey: scdaemon causes libc segfault and clashes with ECC keys.
Fri, May 6, 11:26 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a project to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys: yubikey.
Fri, May 6, 10:07 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe claimed T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.
Fri, May 6, 8:56 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

For my environment, it is not PC/SC-specific. It also occurs when CCID driver is used.

Fri, May 6, 8:42 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

For bcdDevice 5.24, I can replicate the symptom, but only once. After second invocation of gpg --card-status, it works well.

Fri, May 6, 8:26 AM · Testing, backport, yubikey, scd, segv, Bug Report

Thu, May 5

oddlama added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I've applied the patch and can confirm that the segfault is fixed, but gpg still has severe problems communicating with the Yubikey.

Thu, May 5, 12:10 PM · Testing, backport, yubikey, scd, segv, Bug Report
werner added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

Ours are even newer (5.4.3). Did you the Yubico tools to switch to curve443?
In any case, is it possible that you apply my fix and test again?

Thu, May 5, 10:06 AM · Testing, backport, yubikey, scd, segv, Bug Report
werner added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

Your Yubikey's firmware version is 5.2.7 - let me see what versions we have in stock to test my fix.

Thu, May 5, 9:51 AM · Testing, backport, yubikey, scd, segv, Bug Report

Wed, May 4

oddlama added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I've taken the liberty to regenerate the valgrind report including libc and gnupg debugsyms. Maybe it'll help.

Wed, May 4, 4:47 PM · Testing, backport, yubikey, scd, segv, Bug Report
Jakuje created T5964: gnupg should use the KDFs implemented in libgcrypt.
Wed, May 4, 3:16 PM · gnupg (gpg23), FIPS, libgcrypt, Feature Request
werner updated subscribers of T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I am not sure about the crash but the unknown curve is
1.3.6.1.4.1.11591.15.1.2 which seems to be a GNU OID for curve448

Wed, May 4, 2:38 PM · Testing, backport, yubikey, scd, segv, Bug Report
oddlama added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

It segfaults on SERIALNO. Here's what valgrind outputs:

Wed, May 4, 12:48 PM · Testing, backport, yubikey, scd, segv, Bug Report
werner added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

What I would do in this case is to stop the gnupg daemon amd anything whiuch might start them and run scdaemon under valgrind.

Wed, May 4, 10:13 AM · Testing, backport, yubikey, scd, segv, Bug Report

Mon, May 2

oddlama created T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.
Mon, May 2, 11:21 PM · Testing, backport, yubikey, scd, segv, Bug Report

Thu, Apr 28

werner triaged T5575: Supplying more than one passphrase or PIN using passphrase-fd as Low priority.
Thu, Apr 28, 9:12 AM · gnupg, yubikey, Feature Request
werner closed T5940: crash importing truncated subkeys as Resolved.
Thu, Apr 28, 8:49 AM · Bug Report, gnupg
gniibe reopened T5120: Incompatible Ed25519 secret key (no-encryption), a subtask of T5114: GnuPG fails to import back generated and exported EdDSA secret key., as Open.
Thu, Apr 28, 4:39 AM · gnupg, Testing, gpgagent, Bug Report

Mon, Apr 25

werner claimed T5940: crash importing truncated subkeys.
Mon, Apr 25, 2:48 PM · Bug Report, gnupg
ikloecker closed T5943: gpg: Report details about failed symmetric decrypt with ERROR status as Resolved.

Works together with the changes for T5939: Kleopatra: Better error for wrong password in symmetric decryption. Tested with symmetric encrypted file and with symmetric+pk encrypted file.

Mon, Apr 25, 12:25 PM · Testing, gnupg, gpgme, Restricted Project
werner added a project to T5943: gpg: Report details about failed symmetric decrypt with ERROR status: Testing.
Mon, Apr 25, 11:44 AM · Testing, gnupg, gpgme, Restricted Project
werner edited projects for T5943: gpg: Report details about failed symmetric decrypt with ERROR status, added: gpgme, gnupg; removed gnupg (gpg23).
Mon, Apr 25, 11:44 AM · Testing, gnupg, gpgme, Restricted Project

Fri, Apr 22

werner triaged T5940: crash importing truncated subkeys as High priority.
Fri, Apr 22, 8:32 PM · Bug Report, gnupg

Apr 14 2022

werner closed T5599: Make gpg use the helpers baked into its AppImage as Resolved.

Seems we can close this bug.

Apr 14 2022, 3:14 PM · gnupg, Restricted Project, Feature Request
werner closed T5599: Make gpg use the helpers baked into its AppImage, a subtask of T5598: AppImage of gpg, as Resolved.
Apr 14 2022, 3:14 PM · AppImage, gnupg, Restricted Project, Feature Request
werner closed T1954: Password too long as Resolved.
Apr 14 2022, 3:05 PM · Info Needed, gnupg (gpg20), Bug Report, gnupg
werner triaged T5927: gpg: quick-gen-key and quick-add-uid require --check-trustdb to make trust in user ids "ultimate" as Low priority.

Printing a note as we do in --edit-key is a good idea.

Apr 14 2022, 1:44 PM · Feature Request, gnupg, Bug Report

Apr 9 2022

werner added a comment to T5927: gpg: quick-gen-key and quick-add-uid require --check-trustdb to make trust in user ids "ultimate".

The reason for this is probably that we expect that several UIDs are added and running a check-trustdb for eachleads to some extra waiting time.

Apr 9 2022, 3:11 PM · Feature Request, gnupg, Bug Report

Apr 8 2022

ikloecker created T5927: gpg: quick-gen-key and quick-add-uid require --check-trustdb to make trust in user ids "ultimate".
Apr 8 2022, 4:50 PM · Feature Request, gnupg, Bug Report

Apr 5 2022

bernhard added a comment to T5910: CVE-2018-25032 for zlib <=1.2.11 (CVSS 8.1 high).

(Werner just told me that I was mistaken and he needs to take a look. There was a mixup because of the 2018 CVE number.)

Apr 5 2022, 11:52 AM · gnupg (gpg22), CVE, gpg4win
werner added a comment to T5910: CVE-2018-25032 for zlib <=1.2.11 (CVSS 8.1 high).

Sorry, that was a misunderstanding. My fault.

Apr 5 2022, 11:43 AM · gnupg (gpg22), CVE, gpg4win
werner reopened T5910: CVE-2018-25032 for zlib <=1.2.11 (CVSS 8.1 high) as "Open".
Apr 5 2022, 11:39 AM · gnupg (gpg22), CVE, gpg4win

Apr 4 2022

werner closed T5886: Mutt PGP Error: "Could not decrypt PGP message" & "Could not copy message" on Ubuntu machine but works on macOS machine as Resolved.

In fact, decent 2.2 versions (>=2.2.21) have the ability to decrypt AEAD packets - this has been implemented exactly for the case that some things get wrong at the user site. But we can't change old versions - we are not the Sirius Computer Corporation. I close this ticket because we can can't do anything if you are not able/willing to update to the latest version of the respective branch. Sorry.

Apr 4 2022, 6:43 AM · gnupg, Support

Apr 2 2022

TonyBarganski added a comment to T5886: Mutt PGP Error: "Could not decrypt PGP message" & "Could not copy message" on Ubuntu machine but works on macOS machine.

@werner
The setpref S9 S8 S7 S2 H10 H9 H8 H11 H2 Z2 Z3 Z1 worked!

Apr 2 2022, 1:26 AM · gnupg, Support

Apr 1 2022

ikloecker added a comment to T5886: Mutt PGP Error: "Could not decrypt PGP message" & "Could not copy message" on Ubuntu machine but works on macOS machine.

S9, etc. are short-hand IDs, for the cipher algorithms, digest algorithms, etc. Use showpref instead of pref to get the preference list in human-readable form (AES256, SHA512, etc.) instead of in expert form (cryptic IDs).

Apr 1 2022, 5:56 PM · gnupg, Support