Page MenuHome GnuPG

libksbaProject
ActivePublic

Members

  • This project does not have any members.
  • View All

Recent Activity

Thu, Jun 10

werner closed T5479: Release LibKSBA 1.6.0 as Resolved.
Thu, Jun 10, 2:59 PM · Release Info, libksba
werner updated the task description for T5379: Release Libksba 1.5.1.
Thu, Jun 10, 2:13 PM · libksba, Release Info
werner triaged T5479: Release LibKSBA 1.6.0 as Normal priority.
Thu, Jun 10, 2:11 PM · Release Info, libksba

Wed, May 26

dkg added a comment to T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component.

Another solution to make life easier for gpgme users encountering this stuff would be if gpgme itself knows which uid is a DN and which is not, it could populate the gpgme_user_id_t.address field with content of the 1.2.840.113549.1.9.1 DN component.

Wed, May 26, 9:34 PM · libksba, S/MIME, Bug Report
dkg added a comment to T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component.

fwiw, RFC 2253 is obsoleted by rfc 4514 -- which also doesn't have 1.2.840.113549.1.9.1 associated with "EMAIL", but does provide more detailed guidance for implementers of DN-to-string (and string-to-DN, to the extent that this is possible) conversions. Maybe the code should be updated to refer to the non-obsolete specification at least.

Wed, May 26, 9:03 PM · libksba, S/MIME, Bug Report
werner closed T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component as Resolved.

We translate only those OIDs from RFC-2253 to have a stable set of names in the libksba interface. If you need anything else, you need to do this yourself. For example gpgsm does this in in parse_dn_part, gpa has the code in format-dn.

Wed, May 26, 6:00 PM · libksba, S/MIME, Bug Report
dkg added a comment to T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component.

I'm reporting this because the above message renders poorly in notmuch -- notmuch gets the user ID from gmime's g_mime_certificate_get_user_id, and gmime populates that field from the uids field of a gpgme_key_t object, and gpgme pulls uid information from gpgsm --with-colons.

Wed, May 26, 3:39 AM · libksba, S/MIME, Bug Report
dkg added a comment to T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component.

Attached is a proposed patch.

Wed, May 26, 3:32 AM · libksba, S/MIME, Bug Report
dkg created T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component.
Wed, May 26, 3:25 AM · libksba, S/MIME, Bug Report

Apr 21 2021

gniibe closed T5395: libksba coverity static analysis reports as Resolved.

Thank you for your confirmation. Closing.

Apr 21 2021, 2:46 AM · libksba, Bug Report

Apr 20 2021

Jakuje added a comment to T5395: libksba coverity static analysis reports.

I can't see null pointer de-reference (you claimed) in [4/5].
Could you please elaborate?

Apr 20 2021, 9:16 AM · libksba, Bug Report
gniibe added a comment to T5395: libksba coverity static analysis reports.

I applied 1,2,3, and 5 in rKfbb1f303198b: Fixes for static analysis reports.

Apr 20 2021, 6:32 AM · libksba, Bug Report
gniibe added a comment to T5395: libksba coverity static analysis reports.

I can't see null pointer de-reference (you claimed) in [4/5].
Could you please elaborate?

Apr 20 2021, 4:47 AM · libksba, Bug Report
gniibe claimed T5395: libksba coverity static analysis reports.
Apr 20 2021, 2:39 AM · libksba, Bug Report

Apr 14 2021

werner triaged T5395: libksba coverity static analysis reports as Normal priority.
Apr 14 2021, 8:59 PM · libksba, Bug Report
Jakuje created T5395: libksba coverity static analysis reports.
Apr 14 2021, 10:46 AM · libksba, Bug Report

Apr 6 2021

werner closed T5379: Release Libksba 1.5.1 as Resolved.
Apr 6 2021, 12:09 PM · libksba, Release Info
werner triaged T5379: Release Libksba 1.5.1 as Low priority.
Apr 6 2021, 11:40 AM · libksba, Release Info

Nov 23 2020

werner closed T5146: Release Libksba 1.5.0 as Resolved.

Released on 2020-11-18

Nov 23 2020, 2:17 PM · Release Info, libksba

Nov 18 2020

werner created T5146: Release Libksba 1.5.0.
Nov 18 2020, 4:11 PM · Release Info, libksba

Nov 16 2020

gniibe closed T4104: gpgsm/ksba removes leading zeros from signature byte array as Resolved.
Nov 16 2020, 7:33 AM · Testing, libksba, S/MIME, Bug Report

May 19 2020

werner updated the task description for T4943: Release LibKSBA 1.4.0.
May 19 2020, 4:49 PM · libksba, Release Info
werner closed T4920: Support ECDH in Libksba as Resolved.
May 19 2020, 4:49 PM · libksba, Feature Request, S/MIME
werner updated the task description for T4943: Release LibKSBA 1.4.0.
May 19 2020, 4:47 PM · libksba, Release Info
werner closed T4943: Release LibKSBA 1.4.0 as Resolved.
May 19 2020, 4:28 PM · libksba, Release Info
werner updated the task description for T4943: Release LibKSBA 1.4.0.
May 19 2020, 3:44 PM · libksba, Release Info
werner updated the task description for T4943: Release LibKSBA 1.4.0.
May 19 2020, 3:43 PM · libksba, Release Info
werner updated the task description for T4943: Release LibKSBA 1.4.0.
May 19 2020, 3:42 PM · libksba, Release Info
werner added a comment to T4943: Release LibKSBA 1.4.0.
May 19 2020, 3:41 PM · libksba, Release Info
werner changed the status of T4104: gpgsm/ksba removes leading zeros from signature byte array from Open to Testing.

Seems to be fixed now.

May 19 2020, 3:13 PM · Testing, libksba, S/MIME, Bug Report
werner lowered the priority of T4896: ksba: Ed25519 support from High to Normal.

Parsing and creating of certs does now work. I was not able to find sample CMS objects so this part is not yet finished.

May 19 2020, 3:12 PM · Info Needed, libksba, Feature Request, S/MIME

May 14 2020

werner created T4943: Release LibKSBA 1.4.0.
May 14 2020, 12:36 PM · libksba, Release Info
werner closed T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing as Wontfix.

Won't fix because there is no need for it. ASN.1 modules are the formal description of a protocol and as such not copyrightable.

May 14 2020, 9:45 AM · libksba, Feature Request
werner closed T4801: libksba reproducible builds as Resolved.

Thanks. Applied. Will go into 1.4.0

May 14 2020, 9:38 AM · libksba, Bug Report

May 11 2020

werner claimed T4896: ksba: Ed25519 support.
May 11 2020, 7:50 PM · Info Needed, libksba, Feature Request, S/MIME

May 4 2020

werner changed the status of T4920: Support ECDH in Libksba from Open to Testing.

It works for me(tm).

May 4 2020, 3:05 PM · libksba, Feature Request, S/MIME

Apr 21 2020

werner created T4920: Support ECDH in Libksba.
Apr 21 2020, 2:33 PM · libksba, Feature Request, S/MIME

Apr 14 2020

werner closed T4538: Support PSS signed CRLs as Resolved.

Data (ie.e CMS) signatures do now also work.

Apr 14 2020, 4:26 PM · dirmngr, S/MIME, libksba

Apr 9 2020

werner added a comment to T4538: Support PSS signed CRLs.

Okay certificate and CRL checking does now work with rsaPSS. Need to work on data signatures and check the compliance modes.

Apr 9 2020, 1:09 PM · dirmngr, S/MIME, libksba

Apr 8 2020

werner claimed T4538: Support PSS signed CRLs.

I started to work on it so that I can actually use the certificates on my new D-Trust card. This will be a verify-only implementation.

Apr 8 2020, 8:37 PM · dirmngr, S/MIME, libksba

Mar 31 2020

gniibe added a comment to T4896: ksba: Ed25519 support.

For public key, it's done.

Mar 31 2020, 8:59 AM · Info Needed, libksba, Feature Request, S/MIME

Mar 30 2020

gniibe added a project to T4896: ksba: Ed25519 support: libksba.
Mar 30 2020, 7:55 AM · Info Needed, libksba, Feature Request, S/MIME

Mar 24 2020

gniibe changed the status of T4013: Certificate requests generated from Ed25519 keys are not compliant with draft-ietf-curdle-pkix from Open to Testing.

This should work well with libksba master and gnupg/sm master.

Mar 24 2020, 3:35 AM · Testing, S/MIME, Feature Request, libksba

Mar 5 2020

werner lowered the priority of T4538: Support PSS signed CRLs from Normal to Low.

It is actually questionable whether PSS is a better padding scheme than PKCS#1, see
https://www.metzdowd.com/pipermail/cryptography/2019-November/035449.html . PSS seems indeed be rarely used; quoting Peter from a followup on his writeup: “If I get time over the weekend, and I can find a CMS message signed with RSA-PSS, I'll create a forgery using xor256.”

Mar 5 2020, 10:27 AM · dirmngr, S/MIME, libksba

Mar 4 2020

aheinecke added a comment to T4538: Support PSS signed CRLs.

To summarize: The DGN CRL uses a the RSA-PSS Padding / Signature Scheme. ( https://de.wikipedia.org/wiki/Probabilistic_Signature_Scheme )

Mar 4 2020, 3:17 PM · dirmngr, S/MIME, libksba

Jan 8 2020

hudson added a comment to T4801: libksba reproducible builds.

Sorting the table is a good idea for reproducibility, since otherwise the tree depends on the order of the arguments to asn1-gentables, which are generated with a wildcard expansion that might be shell or file system dependent.

Jan 8 2020, 1:45 PM · libksba, Bug Report
werner triaged T4801: libksba reproducible builds as Normal priority.

Frankly, I am not sure why we sort that table at all. Your patch does not harm, though.

Jan 8 2020, 1:26 PM · libksba, Bug Report

Jun 1 2019

ametzler1 added a comment to T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing.

gniibe wrote:

Jun 1 2019, 6:09 PM · libksba, Feature Request

May 31 2019

gniibe added a comment to T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing.

RFC 5280 only addresses about BCP78 and not about TLP, while RFC 5652, RFC 5755, RFC 5911 and RFC 5912 address explicitly about TLP. In this situation, I wonder if it's better to take the definitions of Extensions, UniqueIdentifier, and GeneralNames from RFC 5280. To be conservative, I don't include them now.

May 31 2019, 7:32 AM · libksba, Feature Request
gniibe added a comment to T4487: libksba: please refresh ASN.1 components from more recent RFCs with BSD licensing.

I pushed more changes to include modules in RFC 5911 and RFC 5912.

May 31 2019, 5:50 AM · libksba, Feature Request