Page MenuHome GnuPG

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

Related to GnuPG VS-Desktop.

(note that there is also a gpd to indicate GnuPG Desktop)

Recent Activity

Jan 30 2024

werner added a comment to T6808: Libkleo Keyresolver: misleading display/wording in confirmation dialog.

I guess we should put this on the agenda for our next RL meeting.

Jan 30 2024, 11:11 AM · to-be-discussed, vsd33, kleopatra, Restricted Project

Jan 24 2024

TobiasFella moved T6957: Add algo and keygrip columns to Kleo's certificate view from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Jan 24 2024, 4:59 PM · Restricted Project, vsd, kleopatra
werner triaged T6957: Add algo and keygrip columns to Kleo's certificate view as Normal priority.
Jan 24 2024, 2:53 PM · Restricted Project, vsd, kleopatra
werner added a comment to T6708: Allow to inhibit the use of a default PGP keyserver.

Fixes are already in GnuPG 2.4.4 and can't be easily tested. Thus closing also for gnupg24

Jan 24 2024, 2:22 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request
werner moved T6708: Allow to inhibit the use of a default PGP keyserver from WiP to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 2:20 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request

Jan 19 2024

aheinecke closed T6708: Allow to inhibit the use of a default PGP keyserver as Resolved.
Jan 19 2024, 9:39 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request
ikloecker raised the priority of T6808: Libkleo Keyresolver: misleading display/wording in confirmation dialog from Normal to Needs Triage.

I'm putting this back to triage because I cannot act on this ticket. There's way too much text and the outcome what should be done is unclear. Either rewrite the description so that it tells the reader concisely what should be changed and how it should be changed. Or, maybe better, create a new ticket referring to the discussion in this ticket and close this ticket.

Jan 19 2024, 11:49 AM · to-be-discussed, vsd33, kleopatra, Restricted Project
ikloecker added a comment to T6708: Allow to inhibit the use of a default PGP keyserver.

I would also suggest that we show the git last git commit in Kleo's About dialog. That makes it far easier to see what we are testing. The Kleo version numbers are a bit arbitrary.

Jan 19 2024, 9:54 AM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request
werner added a comment to T6708: Allow to inhibit the use of a default PGP keyserver.

I would also suggest that we show the git last git commit in Kleo's About dialog. That makes it far easier to see what we are testing. The Kleo version numbers are a bit arbitrary.

Jan 19 2024, 9:03 AM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request
werner added a comment to T6708: Allow to inhibit the use of a default PGP keyserver.

Sorry, it was my fault building the test installer.

Jan 19 2024, 9:01 AM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request
ikloecker added a comment to T6708: Allow to inhibit the use of a default PGP keyserver.

To be clear: This ticket is only about GnuPG (more precisely dirmngr) and the changes are included in VSD and Gpg4win.

Jan 19 2024, 8:34 AM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request

Jan 18 2024

aheinecke added a comment to T6708: Allow to inhibit the use of a default PGP keyserver.

Hi, ebo I would still think this is resolved. Because it was never meant that the user manually enters the value of "none" because there is no hint for the user that "none" is a reserved word. It should either be administratively configured which does not make much sense for Gpg4win or provided by the distribution. If left empty the default of GnuPG should be used. If we really want users to deactivate keyserver access by using "none" in the dirmngr.conf a much better solution would be a checkbox for this. In that case I would open a new issue.

Jan 18 2024, 3:54 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request
ebo added a comment to T6708: Allow to inhibit the use of a default PGP keyserver.

The fix was not included in the Testbuid...

Jan 18 2024, 3:33 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request
ebo reopened T6708: Allow to inhibit the use of a default PGP keyserver as "Open".
Jan 18 2024, 12:13 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request
ebo moved T6708: Allow to inhibit the use of a default PGP keyserver from QA to WiP on the gnupg24 board.
Jan 18 2024, 12:12 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request
ebo added a comment to T6708: Allow to inhibit the use of a default PGP keyserver.

Does not work in Gpg4win-4.2.1-beta178

Jan 18 2024, 12:11 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Restricted Project, vsd, Feature Request

Dec 22 2023

ebo added a comment to T6744: Kleopatra and key resolver: Use the blue symbol for non-compliant keys.

Note for myself: This is the behavior for key resolving in GpgOL. GpgEX has different code for this and the above examples will not work.
In GpgEX the group is not resolved into its component keys currently.

Dec 22 2023, 2:45 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, kleopatra

Nov 25 2023

aheinecke added a comment to T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST.

The Keyresolver did not allow me to encrypt to an S/MIME cert where the root CA was not in my trustlist.txt that was part of this feature to allow users to encrypt "non vs-nfd compliant" to such untrusted keys, like they would be able to also encrypt to untrusted openpgp keys.

Nov 25 2023, 4:40 AM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol

Nov 20 2023

ebo moved T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST from QA to vsd-3.2.0 on the vsd32 board.
Nov 20 2023, 1:49 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol
ebo added a comment to T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST.

works, VS-Desktop-3.1.90.287-Beta

Nov 20 2023, 1:48 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol
aheinecke moved T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST from WiP to QA on the vsd32 board.
Nov 20 2023, 10:31 AM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol

Nov 14 2023

aheinecke changed the status of T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST from Open to Testing.

Since I did not have a valid signing cert on that dev keyring I only tested with encrypt,...

Nov 14 2023, 1:37 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol

Nov 13 2023

ebo moved T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST from vsd-3.2.0 to WiP on the vsd32 board.
Nov 13 2023, 4:35 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol
ebo reopened T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST as "Open".

Reopened as I noticed that the last testmail had an empty body in my sent folder. And I am sure that I wrote some text. Please check.

Nov 13 2023, 4:34 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol
ebo moved T6744: Kleopatra and key resolver: Use the blue symbol for non-compliant keys from Backlog to vsd-3.2.0 on the vsd32 board.
Nov 13 2023, 3:41 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, kleopatra
ebo closed T6744: Kleopatra and key resolver: Use the blue symbol for non-compliant keys as Resolved.

Ok. With a simple group with one valid and one expired certificate it looks fine:

Nov 13 2023, 3:40 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, kleopatra
ebo moved T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST from QA to vsd-3.2.0 on the vsd32 board.
Nov 13 2023, 1:34 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol
ebo closed T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST as Resolved.

works better than I expected. With VS-Desktop-3.1.90.277-Beta now there is no delay any more, neither after nor before the new message window

Nov 13 2023, 1:33 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol
aheinecke added a comment to T6808: Libkleo Keyresolver: misleading display/wording in confirmation dialog.

Well the checkbox is before this dialog. This dialog only comes up if you have checked sign or if your administration has checked sign for you (which they _should_ only do if they also ensure to give you a certificate). But usually this should not come up this way.

Nov 13 2023, 9:34 AM · to-be-discussed, vsd33, kleopatra, Restricted Project
ikloecker added a comment to T6808: Libkleo Keyresolver: misleading display/wording in confirmation dialog.

I like the explicit check boxes in the file encryption dialog more than this "hidden" combo box entry. (BTW, the file encryption dialog says "sign as" and "prove authenticity (sign)" but in this case there's little potential to confuse "sign" with email signatures. The wording should probably still be unified.)

Nov 13 2023, 9:26 AM · to-be-discussed, vsd33, kleopatra, Restricted Project
aheinecke changed the status of T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST from Open to Testing.
Nov 13 2023, 9:12 AM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol
aheinecke triaged T6808: Libkleo Keyresolver: misleading display/wording in confirmation dialog as Normal priority.
Nov 13 2023, 9:12 AM · to-be-discussed, vsd33, kleopatra, Restricted Project
aheinecke added a comment to T6808: Libkleo Keyresolver: misleading display/wording in confirmation dialog.

I am mostly sure that for the majority of our users "sign" means the "signature" of the email. So the bottom text below an email so I try to avoid that wording as much as possible. It is only visible in the "advanced" sub options of GpgOL which I think should only interest people who actually know what the context "sign" means when clicking the button "sign".

Nov 13 2023, 9:11 AM · to-be-discussed, vsd33, kleopatra, Restricted Project

Nov 10 2023

ikloecker added a comment to T6744: Kleopatra and key resolver: Use the blue symbol for non-compliant keys.

I need the S/MIME group if I shall look into this. Are you sure that all S/MIME keys in the group can be used for encryption? Groups containing sign-only keys (OpenPGP or S/MIME doesn't matter) are never offered for encryption. That's why we wrote T6722: Kleopatra: Forbid adding non-encryption keys to groups.

Nov 10 2023, 6:55 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, kleopatra
aheinecke added a comment to T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST.

That it takes so long the first time is to be expected since we are hitting the dirmngr timeouts. I wonder though why it would be much faster in 3.1.26, if anything i would have expected that the timeouts are now shorter.

Nov 10 2023, 6:04 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol
ebo added a comment to T6744: Kleopatra and key resolver: Use the blue symbol for non-compliant keys.

For an OpenPGP group it looks now like this:


No sending possible.
When I remove the offending key (which could be made more intuitive for the user but thats not in the scope of this ticket):

Sending is possible.
This is both as planned IMHO.

Nov 10 2023, 4:08 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, kleopatra
ebo added a comment to T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST.

When testing with the viktor-gnupg testcertificate I get the new warning message instead of the not very helpful "no name" error in 3.1.26.
But it takes at least 30 seconds to get to that message (the error message in 3.1.26 came up much faster). And when acknowledging the warning it again takes almost as long as before until the message is sent. And in 2 out of 3 tries the Compose Window remained open, so that it looked like the message was not send. Clicking again on Send did not make anything happen, though. And checking the mailbox showed that the mail was sent already.

Nov 10 2023, 3:12 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol
aheinecke moved T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST from Backlog to QA on the vsd32 board.
Nov 10 2023, 1:55 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol
ebo added a project to T6808: Libkleo Keyresolver: misleading display/wording in confirmation dialog: vsd.
Nov 10 2023, 12:31 PM · to-be-discussed, vsd33, kleopatra, Restricted Project
aheinecke added a comment to T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST.

We discussed this at length again. I would not veto a change that would allow users to encrypt to expired S/MIME certificates but the main use case I had in mind here was with regards to "Some error" happening when encrypting ( like T6545 T6398 ) . So that in the keyresolver everything is green but you cannot encrypt. Or that you have an incomplete certificate chain or an untrusted root certificate and it will take your administration some weeks to mark that as trusted. That makes this feature a bit hard to test so ebo mostly tested with expired certificates. (And I know that technically you can't verify if a cert is expired or not if you have an incomplete chain). A better test will be with a fully valid cert that has an unreachable CRL distribution point. I have such a cert and will give it to ebo. So she can test again and if that works as intended -> Key resolver green -> Error -> Allow to encrypt anyway but not vs-nfd compliant. I think we can set this issue to resolved.
The whole question regarding expired / non expired is a different topic on which, as I said, I changed my mind. You can easily explain to users "You cannot encrypt to expired certificates" but you cannot easily explain "you cannot encrypt to support@greenbone.com because they have unsupported cert extensions in their certitifcate"

Nov 10 2023, 12:00 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol
werner reopened T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST as "Open".

I disagree. We already talked about this and we should proceed as planned.

Nov 10 2023, 9:42 AM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol

Nov 9 2023

aheinecke closed T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST as Resolved.

To be honest. While I get that the customer wishes for even more non standard behavior and I somewhat agree in the case of smime that it makes more sense to encrypt to an expired key.

Nov 9 2023, 5:35 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol
ebo added a comment to T6683: GpgOL: Configurable error if sign is selected and prefer_smime .

But I wonder if we should not address https://dev.gnupg.org/T6683#176429, the text there is not changes in this Beta version.

Nov 9 2023, 3:53 PM · vsd32 (vsd-3.2.0), gpgol, Restricted Project, vsd
ebo closed T6683: GpgOL: Configurable error if sign is selected and prefer_smime as Resolved.

In GnuPG-VS-Desktop-3.1.90.267-Beta-Standard it works, aside from T6805:
You do not get the new "no x509" message wrongly any more even when quickly sending a mail after restart of Outlook.
But it correctly appeares if no X509 is available.
And the message is configurable via the registry setting HKLM/HKCU \Software\GNU\GpgOL\smimeNoCertSigErr (although I do not know how to add line breaks there, but that is not important).

Nov 9 2023, 3:47 PM · vsd32 (vsd-3.2.0), gpgol, Restricted Project, vsd
ikloecker added a comment to T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST.

The observed behavior is exactly what was requested in T6743

Update: "can encrypt" should determine if an encryption subkey exists for a key in the keyring associated with the given email address. If that key is expired, it should be displayed appropriately marked and the encryption button greyed out.

Nov 9 2023, 3:02 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol
ebo changed the status of T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST from Testing to Open.
Nov 9 2023, 12:16 PM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol
ebo added a comment to T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST.

with VS-Desktop-3.1.90.267-Beta when trying to send a secured mail to the expired Berta X509 testkey I get the confirmation dialog but now the OK button is greyed out:

Nov 9 2023, 11:58 AM · vsd32 (vsd-3.2.0), vsd, Restricted Project, gpgol

Nov 8 2023

aheinecke added a comment to T6799: Kleopatra configuration files in wrong places.

To be honest, the only backup worthy settings file of kleopatra is the kleopatragroupsrc right now. Most other settings are pretty much only for convenience I would not even bother to back them up. When something important is configured by the administration that should go through the registry. As we recently noticed, through talking to people at froscon and with the BSI the most common case was that our kleopatra settings were actually never updated or only saved by accident.

Nov 8 2023, 5:08 PM · vsd33, kleopatra, Restricted Project
ebo added a comment to T6799: Kleopatra configuration files in wrong places.

So should we at the moment only change our backup/migration recommendations? Add %LOCALAPPDATA%/kleopatra and %LOCALAPPDATA%/*rc to the backup?

Nov 8 2023, 2:44 PM · vsd33, kleopatra, Restricted Project
aheinecke removed a project from T6799: Kleopatra configuration files in wrong places: vsd32.

This will definitely not be changed for 3.2 it will be a very invasive patch with a big regression risk and which does not make real sense to do before we switch to Qt6 since it involves patching Qt.

Nov 8 2023, 10:21 AM · vsd33, kleopatra, Restricted Project