Page MenuHome GnuPG

gnupg22Project
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Wed, Mar 29

ebo added a comment to T6378: keytocard: invalid value.

works in 3.1.27.0-beta44

Wed, Mar 29, 10:43 AM · gnupg24, Bug Report, gnupg22, Restricted Project

Tue, Mar 28

werner triaged T6421: Improve error message if no reset code (PUK) is set as Normal priority.
Tue, Mar 28, 5:08 PM · Feature Request, gnupg22, gnupg24, gpgrt

Mon, Mar 27

ebo changed the status of T6093: gpg: Continues export of secret key if first passphrase dialog was canceled from Testing to Open.
Mon, Mar 27, 9:43 AM · gnupg22, Bug Report, gnupg24, Restricted Project
werner added a project to T6093: gpg: Continues export of secret key if first passphrase dialog was canceled: gnupg22.
Mon, Mar 27, 9:15 AM · gnupg22, Bug Report, gnupg24, Restricted Project

Tue, Mar 21

werner set External Link to https://gnupg.org/blog/20230321-adsk.html on T6395: ADSK Feature .
Tue, Mar 21, 6:23 PM · OpenPGP, gnupg22, gnupg24
werner claimed T3054: dirmngr only using cAcertificate attr type when querying LDAP directory.

We need to extend dirmngr_ldap.c to take a list of attributes to return. We already have the --multi option which returns all attributes for latter filtering by the caller but the specified attr is also used and thus dirmngr's start_cacert_fetch_ldap() retruns only the requested caCertificate.

Tue, Mar 21, 4:52 PM · gnupg22, gnupg24, Active Directory, dirmngr
werner placed T6395: ADSK Feature up for grabs.
Tue, Mar 21, 4:36 PM · OpenPGP, gnupg22, gnupg24
werner changed the status of T6395: ADSK Feature from Open to Testing.

Things for 2.4 are all done.

Tue, Mar 21, 4:36 PM · OpenPGP, gnupg22, gnupg24
werner moved T6395: ADSK Feature from Backlog to QA on the gnupg22 board.

For 2.2 we will for now only implement the encryption.

Tue, Mar 21, 4:35 PM · OpenPGP, gnupg22, gnupg24

Thu, Mar 16

ikloecker placed T6355: gpgtar: Does not allow decryption from stdin up for grabs.
Thu, Mar 16, 10:24 AM · gnupg22, gnupg24, Restricted Project

Wed, Mar 15

werner placed T6378: keytocard: invalid value up for grabs.
Wed, Mar 15, 11:43 AM · gnupg24, Bug Report, gnupg22, Restricted Project
werner moved T6363: Add progress status output to gpgtar from Backlog to WiP on the gnupg22 board.
Wed, Mar 15, 11:29 AM · gnupg24 (gnupg-2.4.1), gpgme, gnupg22, Feature Request
werner moved T6378: keytocard: invalid value from Backlog to QA on the gnupg24 board.
Wed, Mar 15, 9:43 AM · gnupg24, Bug Report, gnupg22, Restricted Project

Tue, Mar 14

werner closed T6382: keytocard fails to import a nistp384 ECDSA key, a subtask of T6378: keytocard: invalid value, as Resolved.
Tue, Mar 14, 4:20 PM · gnupg24, Bug Report, gnupg22, Restricted Project
werner moved T6378: keytocard: invalid value from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Tue, Mar 14, 4:18 PM · gnupg24, Bug Report, gnupg22, Restricted Project
werner changed the status of T6378: keytocard: invalid value from Open to Testing.

Fixed in 2.2 need to check 2.4

Tue, Mar 14, 4:18 PM · gnupg24, Bug Report, gnupg22, Restricted Project
werner added a comment to T6378: keytocard: invalid value.

Ooops. We do not have the automatic chnage of key type in the WRITEKEY command of scdaemon. This is only done when generating a key.

Tue, Mar 14, 11:47 AM · gnupg24, Bug Report, gnupg22, Restricted Project
ikloecker added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

I agree. Something called READ... shouldn't change existing data. (Updating existing data to a new format that doesn't alter the semantics of the existing data is okay.)

Tue, Mar 14, 10:59 AM · gnupg22, Bug Report
werner claimed T6378: keytocard: invalid value.
Tue, Mar 14, 10:53 AM · gnupg24, Bug Report, gnupg22, Restricted Project
werner moved T6378: keytocard: invalid value from Backlog to WiP on the gnupg22 board.
Tue, Mar 14, 10:49 AM · gnupg24, Bug Report, gnupg22, Restricted Project
werner changed the status of T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key from Open to Testing.
Tue, Mar 14, 10:26 AM · gnupg22, Bug Report
werner moved T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key from Backlog to QA on the gnupg22 board.

Ignoring the error seems to be the best choice. I also think that --force should not overwrite a shadow key file. It seems safer to explicitly delete the key first. A --force option for READKEY does not sound right.

Tue, Mar 14, 10:26 AM · gnupg22, Bug Report
werner added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

I did some reworking and the outcome of the READKEY command is now (agent log):

Tue, Mar 14, 10:01 AM · gnupg22, Bug Report

Mon, Mar 13

werner added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

I am pretty sure we have the same problem in 2.4 - due to different access patterns it might not exhibit itself.

Mon, Mar 13, 9:34 AM · gnupg22, Bug Report

Sun, Mar 12

werner added a comment to T6280: Release GnuPG 2.2.41.

Pushed to this site. Thanks for noting.

Sun, Mar 12, 8:08 PM · gnupg22, Release Info

Sat, Mar 11

lazka added a comment to T6280: Release GnuPG 2.2.41.

I think this is still missing a tag in git (I don't see it in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=tags)

Sat, Mar 11, 9:27 PM · gnupg22, Release Info

Fri, Mar 10

saper added a comment to T5401: Imported ECC/Ed25519 subkey has unusable key file in private-keys-v1.d.

I've run into a variant of this, too. If I generate they key just using (genkey (ecc (curve "Ed25519"))). One needs to use (genkey (ecc (curve "Ed25519")(flags eddsa)))

Fri, Mar 10, 4:54 PM · gnupg22, Bug Report

Mon, Mar 6

ikloecker added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

If agent_write_shadow_key does now also check for an existing private key file, then I'd replace following code in cmd_readkey:

if (agent_key_available (grip))
  {
    /* Shadow-key is not available in our key storage.  */
    rc = agent_write_shadow_key (0, grip, serialno, keyid, pkbuf, 0,
                                 dispserialno);
  }
else
  {
    /* Shadow-key is available in our key storage but ne check
     * whether we need to update it with a new display-s/n or
     * whatever.  */
    rc = agent_write_shadow_key (1, grip, serialno, keyid, pkbuf, 0,
                                 dispserialno);
  }

with a simple call of agent_write_shadow_key (removing the maybe_update flag) and let agent_write_shadow_key do all checking for an already existing private key file and whether it's a stub file that needs updating.

Mon, Mar 6, 9:17 AM · gnupg22, Bug Report
werner added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

I think we should make it explicit - this will be safer. As of now agent_write_shadow_key will do a check only in its special update mode which should be okay for now.

Mon, Mar 6, 8:28 AM · gnupg22, Bug Report
werner added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

I can't see any explicit thing there.

Mon, Mar 6, 8:20 AM · gnupg22, Bug Report

Fri, Mar 3

ikloecker added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

Make sure that the fix doesn't break "gpg --edit-key; keytocard; save" which explicitly does replace the private key with a stub file.

Fri, Mar 3, 4:17 PM · gnupg22, Bug Report
werner added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

I doubt that the bug is only in 2.2. The code in 2.4 is different but it may happen there anyway. It depends on the usage pattern.

Fri, Mar 3, 3:57 PM · gnupg22, Bug Report
werner triaged T6399: Missing trustdb check on import of certificate as Normal priority.
Fri, Mar 3, 10:17 AM · OpenPGP, gnupg22, Restricted Project

Thu, Mar 2

werner moved T6395: ADSK Feature from Backlog to WiP on the gnupg24 board.
Thu, Mar 2, 11:32 AM · OpenPGP, gnupg22, gnupg24

Mar 1 2023

werner triaged T6395: ADSK Feature as Normal priority.
Mar 1 2023, 5:21 PM · OpenPGP, gnupg22, gnupg24

Feb 28 2023

werner added a comment to T6377: Kleopatra: gpgsk file contains shadowed private key.

FWIW:The assuan keytocard does not move the key - what you see is a side effect from unrelated code.

Feb 28 2023, 10:57 AM · gnupg22, Restricted Project, kleopatra
aheinecke triaged T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key as High priority.

Since I have closed T6377 which had high priority I am assigning this issue the same prio. Which I also think is appropriate.

Feb 28 2023, 9:45 AM · gnupg22, Bug Report
aheinecke added a comment to T6377: Kleopatra: gpgsk file contains shadowed private key.

I thought about this related to T6386 and I now agree with @ikloecker KEYTOCARD in SCD may not "move" the key. Otherwise it would be impossible to easily transfer a key to multiple smartcards. Since werner agreed in T6486 that this is a Bug and Unintended it can be closed as a duplicate as we do not need to further discuss this.

Feb 28 2023, 9:43 AM · gnupg22, Restricted Project, kleopatra
aheinecke merged task T6377: Kleopatra: gpgsk file contains shadowed private key into T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.
Feb 28 2023, 9:41 AM · gnupg22, Restricted Project, kleopatra
aheinecke merged T6377: Kleopatra: gpgsk file contains shadowed private key into T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.
Feb 28 2023, 9:41 AM · gnupg22, Bug Report

Feb 27 2023

werner claimed T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

Thanks for the report; the regression happened due to fixing T6135.

Feb 27 2023, 9:25 AM · gnupg22, Bug Report

Feb 24 2023

ikloecker added a comment to T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.

I should probably add that Kleopatra calls this command when reading a smart card to create the key stubs if necessary. Kleopatra does this since gpg4win-3.1.24 (according to the tags) and the KDE Gear 22.04 release (see T5782: Kleopatra: Smartcard unusable secret key until used via command line).

Feb 24 2023, 11:58 AM · gnupg22, Bug Report
ikloecker added a comment to T6377: Kleopatra: gpgsk file contains shadowed private key.

I have analyzed the problem. It is caused by a serious regression in gpg 2.2: https://dev.gnupg.org/T6386

Feb 24 2023, 11:38 AM · gnupg22, Restricted Project, kleopatra
ikloecker created T6386: gpg-agent 2.2: Command "READKEY --card --no-data -- OPENPGP.1" overwrites protected-private-key with shadowed-private-key.
Feb 24 2023, 11:34 AM · gnupg22, Bug Report

Feb 22 2023

aheinecke added a comment to T6377: Kleopatra: gpgsk file contains shadowed private key.

Well it makes sense to me in that KEYTOCARD explicitly is not documented but the semantics between keytocard in edit key and KEYTOCARD in agent should be the same IMO. As you can imagine I am also not a fan of the fact that GnuPG changed behavior here, but the "keep / delete" is even with GnuPG 2.3 not really an option as GnuPG might replace the real key with the stub depending on how it is called anyhow. So this is dangerous for us to "suggest" from the UI that the key will be kept and then it might be removed without actions by Kleopatra. So this must be changed.

Feb 22 2023, 3:32 PM · gnupg22, Restricted Project, kleopatra
ikloecker added a comment to T6377: Kleopatra: gpgsk file contains shadowed private key.

Arguing with the documentation of a functionality Kleopatra doesn't make use of makes no sense. Kleopatra uses gpg-agent's "KEYTOCARD" command which, unfortunately, lacks a good documentation.

Feb 22 2023, 3:20 PM · gnupg22, Restricted Project, kleopatra
aheinecke added a comment to T6377: Kleopatra: gpgsk file contains shadowed private key.

So as I understand this:

Feb 22 2023, 1:09 PM · gnupg22, Restricted Project, kleopatra

Feb 21 2023

werner added a subtask for T6378: keytocard: invalid value: T6382: keytocard fails to import a nistp384 ECDSA key.
Feb 21 2023, 3:09 PM · gnupg24, Bug Report, gnupg22, Restricted Project

Feb 17 2023

werner triaged T6377: Kleopatra: gpgsk file contains shadowed private key as High priority.
Feb 17 2023, 7:55 AM · gnupg22, Restricted Project, kleopatra
werner triaged T6378: keytocard: invalid value as Normal priority.
Feb 17 2023, 7:54 AM · gnupg24, Bug Report, gnupg22, Restricted Project