Page MenuHome GnuPG

scuteProject
ActivePublic

Members

  • This project does not have any members.
  • View All

Recent Activity

Oct 26 2022

gniibe changed the status of T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP from Open to Testing.
Oct 26 2022, 9:24 AM · Feature Request, scute

Oct 1 2022

mkjmkj added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.

Does the latest Scute require an instance of gpg-agent and/or scdaemon running to work?

Yes. Scute relies on those to interact with the token.

Oct 1 2022, 2:49 PM · scute, scd, gnupg (gpg23), Bug Report

Sep 30 2022

gouttegd added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.

Does the latest Scute require an instance of gpg-agent and/or scdaemon running to work?

Sep 30 2022, 4:58 PM · scute, scd, gnupg (gpg23), Bug Report

Sep 29 2022

gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

Merged the changes in t6002 branch into master.

Sep 29 2022, 3:16 AM · Feature Request, scute

Sep 28 2022

mkjmkj added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.

That sounds quite cool.

Sep 28 2022, 10:27 AM · scute, scd, gnupg (gpg23), Bug Report
werner added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.

Actually we developed PIV support to allow the use of PIV X.509 certificates and OpenPGP keys with Yubikeys. In fact, GnuPG is able to switch between the Yubikey PIV and OpenPGP applications on-the-fly while keeping their PIN verification states.

Sep 28 2022, 10:22 AM · scute, scd, gnupg (gpg23), Bug Report
mkjmkj added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.

I was indeed using version 1.5.0 for testing, but I wish to clarify the purpose of Scute in my setup before proceeding.

Sep 28 2022, 10:04 AM · scute, scd, gnupg (gpg23), Bug Report

Sep 27 2022

gouttegd added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.

Which version of Scute are you using?

Sep 27 2022, 11:42 PM · scute, scd, gnupg (gpg23), Bug Report
mkjmkj added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.

Using Scute as a drop-in replacement doesn't currently work. Perhaps my config needs more adjustments than just:

module = /usr/lib/x86_64-linux-gnu/scute/scute.so
Sep 27 2022, 9:20 AM · scute, scd, gnupg (gpg23), Bug Report

Sep 26 2022

werner added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.

Yes, I meant to use Scute as pkcsc11 module for pam_pkcs11. Thanks for explaining more verbosely what I meant.

Sep 26 2022, 7:59 PM · scute, scd, gnupg (gpg23), Bug Report
gouttegd added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.

I think Werner may have confused pam_pkcs11 with gnupg-pkcs11-scd. :)

Sep 26 2022, 4:26 PM · scute, scd, gnupg (gpg23), Bug Report
mkjmkj added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.

I'm not sure what you mean with using Scute as PKCS#11 provider instead of pam_pkcs11, as pam_pkcs11 is not a provider but a user of PKCS#11

Sep 26 2022, 10:08 AM · scute, scd, gnupg (gpg23), Bug Report
werner triaged T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors as Normal priority.

There is a reason why pcsc-shared is not the default ;-). Please try using Scute (best the t6002 branch until it has been merged) as pkcs#11 provider instead of pam_pkcs11. And you should of course use the stable version of GnuPG and not the LTS (2.2).

Sep 26 2022, 8:14 AM · scute, scd, gnupg (gpg23), Bug Report

Sep 17 2022

gouttegd closed T4703: Scute > 1.4.0 does not work with MacOS X as Resolved.

A better solution could always be found later

Sep 17 2022, 2:24 PM · MacOS, scute

Aug 26 2022

gniibe closed T6003: card: READCERT with KEYGRIP, a subtask of T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP, as Resolved.
Aug 26 2022, 7:27 AM · Feature Request, scute

Aug 22 2022

gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

I tested with a self-signed one.

Aug 22 2022, 9:38 AM · Feature Request, scute
werner added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

Did you test with a self-signed cert? I ran into the problem that the selection only showed the root certificate, the signing works using the leaf cert, but the root cert was put into the signature. Changing Scute to only return the leaf certificate made it work but verification failed.

Aug 22 2022, 6:57 AM · Feature Request, scute
gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

I can successfully sign with LibreOffice Writer (using Brainpool with Yubikey). I need to do:

  • Tools
    • Optoins
      • LibreOffice - Security - Certificate Path
        • Select the profile of "firefox:default-esr" for NSS certificate directory
Aug 22 2022, 6:47 AM · Feature Request, scute

Aug 5 2022

werner added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

Firefox nicely shows the 3 NIST certificates from my Telesec card but not the important Brainpool certificate for eIDAS. It turns out that Firefox does not support Brainpool, despite that a patch has been provided 8 years ago. See https://bugzilla.mozilla.org/show_bug.cgi?id=943639 . Thus there is currently no way to use LibreOffice or Okular to signe PDFs because they rely on NSS.

Aug 5 2022, 2:06 PM · Feature Request, scute

Jul 22 2022

SpriteOvO added a comment to T6078: File `config.guess` is a little out of date.

@gniibe Thanks!

Jul 22 2022, 6:41 PM · gpgme, pinentry, scute, ntbtls, libksba, libassuan, npth, libgcrypt, gpgrt, gnupg, Bug Report
gniibe closed T6078: File `config.guess` is a little out of date as Resolved.

In the repo, for all related software, it's done.

Jul 22 2022, 3:42 AM · gpgme, pinentry, scute, ntbtls, libksba, libassuan, npth, libgcrypt, gpgrt, gnupg, Bug Report
gniibe added a comment to T6078: File `config.guess` is a little out of date.

Note that versions since 2020-11-07 to 2021-07-03 have major problem with non-POSIX shell, which doesn't support $(..) construct.

Jul 22 2022, 3:40 AM · gpgme, pinentry, scute, ntbtls, libksba, libassuan, npth, libgcrypt, gpgrt, gnupg, Bug Report

Jul 18 2022

gniibe triaged T6078: File `config.guess` is a little out of date as Normal priority.

Thank you.

Jul 18 2022, 10:56 AM · gpgme, pinentry, scute, ntbtls, libksba, libassuan, npth, libgcrypt, gpgrt, gnupg, Bug Report

Jun 30 2022

ikloecker added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

Kleopatra uses SCD READCERT for reading certificates from the PIV app. This is used to import the certificates stored by the PIV app. I'm not sure whether this is really needed. Maybe we could/should use "learn card" for this instead.

Jun 30 2022, 10:23 AM · Feature Request, scute
gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

We could change how device keys are listed. Currently, Scute does KEYINFO --list, then asking gpgsm for each certificate.

Jun 30 2022, 3:57 AM · Feature Request, scute
gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

The change requires "KEYINFO --list" command. This is not available through remote access of gpg-agent (extra socket).

Jun 30 2022, 3:05 AM · Feature Request, scute

Jun 15 2022

gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

I found this page:
https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_tech_notes/nss_tech_note2/index.html

Jun 15 2022, 3:44 AM · Feature Request, scute
gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

In the branch https://dev.gnupg.org/source/Scute/history/t6002/ , by the commit rS123d617ebefe: Less administration of devices by scute., things has been changed.

Jun 15 2022, 3:39 AM · Feature Request, scute

Jun 13 2022

gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

I realized that we need to invent a way to represent KEYGRIP (40-byte string) in the scheme of PKCS#11; PKCS#11 uses fixed-size string (space padded) for it's label (32) and serialno (16). Basically, it identifies the device by slot number.

Jun 13 2022, 7:59 AM · Feature Request, scute

May 24 2022

gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

For testing, I can use these sites for client certificate authentication:
https://stackoverflow.com/questions/38095559/https-test-server-that-checks-client-certificates

May 24 2022, 5:40 AM · Feature Request, scute
gniibe triaged T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP as Normal priority.
May 24 2022, 4:36 AM · Feature Request, scute

Aug 13 2021

werner changed the edit policy for scute.
Aug 13 2021, 11:14 PM

Apr 18 2021

werner added a comment to T5394: scute: Build failure with slibtool.

t-link does not do antthing useful, anyway. I don't think it is justified to add dlopen stuff. Running real test is anyway a manual action; for a full test automation we would need to emulate all supported cards.

Apr 18 2021, 7:40 PM · toolchain, Feature Request, scute

Apr 17 2021

gouttegd added a comment to T5394: scute: Build failure with slibtool.

the t-link test should dlopen scute.so in runtime rather than link against it in build-time.

Apr 17 2021, 4:15 PM · toolchain, Feature Request, scute

Apr 16 2021

midipix added a comment to T5394: scute: Build failure with slibtool.

As of slibtool commit 9c5ba5eb, scute now builds out of the box. I'd still recommend taking the above into consideration, though.

Apr 16 2021, 4:53 PM · toolchain, Feature Request, scute
midipix added a comment to T5394: scute: Build failure with slibtool.

For what it's worth, scute is in violation of gnu libtool's documentation. Building with gnu libtool:

Apr 16 2021, 10:21 AM · toolchain, Feature Request, scute

Apr 13 2021

midipix added a comment to T5394: scute: Build failure with slibtool.

Regarding slibtool: I would actually like to have an easier to maintain tool than libtool (of which we use our own version) for GnuPG related software. However, its requirement "the compiler should support -std=c99" is currently a no-starter for libgcrypt and some other libs.

Apr 13 2021, 9:13 PM · toolchain, Feature Request, scute
werner triaged T5394: scute: Build failure with slibtool as Normal priority.
Apr 13 2021, 8:13 AM · toolchain, Feature Request, scute
orbea added a comment to T5394: scute: Build failure with slibtool.

Regarding your patch, I am personally not opposed to it, but apparently Debian’s policy says the library/module should be called scute while Gentoo’s policy says it should be called libscute… What should an upstream developer do?

Apr 13 2021, 1:49 AM · toolchain, Feature Request, scute

Apr 12 2021

werner added a comment to T5394: scute: Build failure with slibtool.

Regarding slibtool: I would actually like to have an easier to maintain tool than libtool (of which we use our own version) for GnuPG related software. However, its requirement "the compiler should support -std=c99" is currently a no-starter for libgcrypt and some other libs.

Apr 12 2021, 11:25 PM · toolchain, Feature Request, scute
gouttegd added a project to T5394: scute: Build failure with slibtool: scute.
Apr 12 2021, 10:59 PM · toolchain, Feature Request, scute

Mar 31 2021

gouttegd closed T5360: scute: -fcommon needed when building with gcc-10 as Resolved.
Mar 31 2021, 6:53 PM · scute
cbiedl added a comment to T5360: scute: -fcommon needed when building with gcc-10.

Looks good to me: "make && make check" passes.

Mar 31 2021, 4:45 PM · scute
werner added a comment to T5360: scute: -fcommon needed when building with gcc-10.

FWIW, in GnuPG we use

Mar 31 2021, 9:10 AM · scute

Mar 30 2021

gouttegd changed the status of T5360: scute: -fcommon needed when building with gcc-10 from Open to Testing.

It should be fixed with 49ad2b0e05e3fcb8c8c2e23bb1c6063b390dee02, though I don’t have a gcc-10 to check. It does work with gcc-9.3 with -fno-common.

Mar 30 2021, 11:48 PM · scute

Mar 26 2021

gniibe added a comment to T5358: scute: Errors when building 1.7.

It's OK not supporting generation in PostScript format.
Thus, we can remove image_eps support.
Then, convert is not required any more.

Mar 26 2021, 8:25 AM · scute

Mar 25 2021

gouttegd claimed T5360: scute: -fcommon needed when building with gcc-10.
Mar 25 2021, 3:09 PM · scute
cbiedl created T5360: scute: -fcommon needed when building with gcc-10.
Mar 25 2021, 1:35 PM · scute
gouttegd closed T5358: scute: Errors when building 1.7 as Resolved.

Fixed with commit 4d95b7457d62bf785a2157bb2cfa002bde7ff8f5. It turned out the test the convert was already there, but its result was not used to decide whether to build the doc or not.

Mar 25 2021, 11:43 AM · scute

Mar 24 2021

gouttegd triaged T5358: scute: Errors when building 1.7 as Normal priority.
Mar 24 2021, 11:05 PM · scute