Page MenuHome GnuPG
Projects OpenPGP

OpenPGPProject
ActivePublic
Watch Project

Members

  • This project does not have any members.
  • View All

Watchers (2)

Recent Activity
View All

Fri, Jan 9

werner removed a project from T6815: PQC encryption for GnuPG: gnupg26.

it does not make sense to have a workboard item for this parent ticket.

Fri, Jan 9, 1:40 PM · OpenPGP, PQC, gnupg
ebo closed T7315: Allow export and import of PQC secret keys., a subtask of T6815: PQC encryption for GnuPG, as Resolved.
Fri, Jan 9, 12:29 PM · OpenPGP, PQC, gnupg
ebo closed T7315: Allow export and import of PQC secret keys. as Resolved.

Tested with Gpg4win-5.0.0-beta479

Fri, Jan 9, 12:29 PM · gnupg26, OpenPGP, PQC, gnupg

Wed, Jan 7

werner added a parent task for T8019: gpg does not print warning about untrusted key when verifying signatures made by expired (and untrusted) keys: T7790: Kleopatra: "no trusted certification" should have precedence over "expired" in signature verification.
Wed, Jan 7, 12:03 PM · Feature Request, S/MIME, OpenPGP, gnupg26
werner triaged T8019: gpg does not print warning about untrusted key when verifying signatures made by expired (and untrusted) keys as Normal priority.

Traditionally we have considered expired and revoked more or less similar. The idea is that an expired key might have been compromised but the owner did not found a way to revoke it. We may want to change this policy because some users don't care too much about expired keys (cf. T7990) .

Wed, Jan 7, 12:03 PM · Feature Request, S/MIME, OpenPGP, gnupg26

Fri, Jan 2

werner changed the status of T7902: OpenPGP Cleartext Signature Framework from Open to Testing.
Fri, Jan 2, 4:35 PM · Not A Bug, OpenPGP, FAQ, gnupg
werner closed T7903: Multiple Plaintext Attack on Detached PGP Signatures in GnuPG as Resolved.
Fri, Jan 2, 4:24 PM · Not A Bug, OpenPGP, gnupg

Mon, Dec 29

werner triaged T7903: Multiple Plaintext Attack on Detached PGP Signatures in GnuPG as Normal priority.

Note using the output of --decrypt directly on the tty is a Bad Idea(tm). You won't cat arbitrary files to your tty for the same reason.

Mon, Dec 29, 3:46 PM · Not A Bug, OpenPGP, gnupg
werner edited projects for T7902: OpenPGP Cleartext Signature Framework, added: FAQ, OpenPGP, Not A Bug; removed g10code, Bug Report.

https://gnupg.org/blog/20251226-cleartext-signatures.html explains why we have cleartext signatures and how you properly use them. The suggestion of the reporters to remove them entirely is a no-go because there are too many systems (open source or in-house) which rely on that format. If properly used (i.e. using --output to get the signed text) there is no problem. Anyway the suggestion has always been to use detached signatures using two files or PGP/MIME).

Mon, Dec 29, 3:37 PM · Not A Bug, OpenPGP, FAQ, gnupg

Dec 12 2025

timegrid edited projects for T7101: Automagically create a PGP key from a X.509 cert, added: gnupg26; removed Restricted Project, gnupg.
Dec 12 2025, 2:56 PM · gnupg26, Feature Request, S/MIME, OpenPGP

Nov 19 2025

werner moved T7315: Allow export and import of PQC secret keys. from WIP to QA on the gnupg26 board.
Nov 19 2025, 5:47 PM · gnupg26, OpenPGP, PQC, gnupg
werner added a comment to T7917: Check for revocation of the ADSK's original subkey .

With the next gpg release (2.5.14) the keyboxd has an extended fingerprint table which carries a flags column. A bit in this column can eventually be used to mark subkeys with the "R" key flag and the search funtion can be enhanced to ignore keys with that flag set. This way we can more easily lookup the actual ADSK key (with the "E" key flag) and check whether this subkey has been revoked.

Nov 19 2025, 11:04 AM · Feature Request, OpenPGP, gnupg26

Nov 16 2025

werner renamed T7290: Handle creation date in private key files for re-use of an existing key. from Handle creation date in private key files for re-use of an existing. to Handle creation date in private key files for re-use of an existing key..
Nov 16 2025, 6:57 PM · gnupg26, OpenPGP, gnupg
werner added a comment to T7290: Handle creation date in private key files for re-use of an existing key..

This is not a composite key specific thing despite that this is an extra challenge. The creation date is used to reconstruct a key if the public key has been lost and only the fingerprint is still available. A solution might be to test the all combinations of stored creation dates to match the fingerprint.

Nov 16 2025, 6:57 PM · gnupg26, OpenPGP, gnupg
werner renamed T7290: Handle creation date in private key files for re-use of an existing key. from Kyber+ECC with smartcards to Handle creation date in private key files for re-use of an existing..
Nov 16 2025, 6:54 PM · gnupg26, OpenPGP, gnupg
werner changed the status of T7315: Allow export and import of PQC secret keys. from Open to Testing.
Nov 16 2025, 6:50 PM · gnupg26, OpenPGP, PQC, gnupg
werner changed the status of T7315: Allow export and import of PQC secret keys., a subtask of T6815: PQC encryption for GnuPG, from Open to Testing.
Nov 16 2025, 6:50 PM · OpenPGP, PQC, gnupg

Nov 15 2025

werner closed T7896: Escape binary data in NOTATION* for status-fd as Resolved.
Nov 15 2025, 4:50 PM · gnupg, OpenPGP, Feature Request
mgorny added a comment to T7896: Escape binary data in NOTATION* for status-fd.

I can confirm that the patch fixes the issue. Thanks!

Nov 15 2025, 9:16 AM · gnupg, OpenPGP, Feature Request

Nov 14 2025

werner moved T7315: Allow export and import of PQC secret keys. from Backlog to WIP on the gnupg26 board.
Nov 14 2025, 4:01 PM · gnupg26, OpenPGP, PQC, gnupg
werner renamed T7315: Allow export and import of PQC secret keys. from Allow exporting of PQC keys. to Allow export and import of PQC secret keys..
Nov 14 2025, 3:56 PM · gnupg26, OpenPGP, PQC, gnupg
werner triaged T7932: Support gpg --passwd for Kyber as Normal priority.
Nov 14 2025, 3:45 PM · OpenPGP, PQC, gnupg
werner triaged T7917: Check for revocation of the ADSK's original subkey as High priority.
Nov 14 2025, 11:03 AM · Feature Request, OpenPGP, gnupg26

Nov 10 2025

werner created T7917: Check for revocation of the ADSK's original subkey .
Nov 10 2025, 11:06 AM · Feature Request, OpenPGP, gnupg26

Nov 6 2025

werner changed the status of T7896: Escape binary data in NOTATION* for status-fd from Open to Testing.
Nov 6 2025, 9:06 AM · gnupg, OpenPGP, Feature Request

Nov 5 2025

werner added a comment to T7896: Escape binary data in NOTATION* for status-fd.

Alright, I change it from for notation data (and name).

[GNUPG:] NOTATION_NAME foo@foo.org
[GNUPG:] NOTATION_FLAGS 0 1
[GNUPG:] NOTATION_DATA bla%20bla%20��%20blub

with change:

[GNUPG:] NOTATION_NAME foo@foo.org
[GNUPG:] NOTATION_FLAGS 0 1
[GNUPG:] NOTATION_DATA bla%20bla%20%81%82%20blub
Nov 5 2025, 4:49 PM · gnupg, OpenPGP, Feature Request
werner added a comment to T7896: Escape binary data in NOTATION* for status-fd.

Since rfc2440 the PGP specs say:

Nov 5 2025, 3:55 PM · gnupg, OpenPGP, Feature Request

Nov 3 2025

mgorny added a comment to T7896: Escape binary data in NOTATION* for status-fd.

That's a good question. Looking at https://datatracker.ietf.org/doc/draft-koch-librepgp/, it doesn't really specify what encoding is used for "human-readable" notation, so I'd personally lean towards encoding it to stay on the safe side. Unless I'm mistaken, status-fd will only be used locally, so escaping overhead should not be a problem.

Nov 3 2025, 5:43 PM · gnupg, OpenPGP, Feature Request
werner edited projects for T7896: Escape binary data in NOTATION* for status-fd, added: Feature Request, OpenPGP, gnupg; removed Bug Report.

The question is who shall correct the wrong encoding of notation data (assuming it is flagged as human readable). Escaping is a solution but needs a lot of extra bytes.

Nov 3 2025, 9:58 AM · gnupg, OpenPGP, Feature Request

Aug 28 2025

alexk added a project to T2380: Auto-refresh key if it is close to its expiration date.: vsd34.

Especially when an LDAP is configured, keys should be automatically refreshed in short intervals (5 days? Configurable?) to notify users about revoked keys or signatures from a trusted key.
Keys that are close to their expiration dates should be prioritized.
Maybe users want to configure for what mail domains a lookup on a configured LDAP should be done.

Aug 28 2025, 2:31 PM · vsd34, gnupg, OpenPGP, Feature Request

Aug 27 2025

werner added a comment to T6465: Store the ECDH parameters in the key file.

@gniibe: Now that we use the KEM API, how do we proceed with this ticket?

Aug 27 2025, 4:16 PM · gnupg26, OpenPGP, scd, Bug Report

Aug 21 2025

werner merged T7787: Support exporting for of Kyber+ECC keys and subkeys into T7315: Allow export and import of PQC secret keys..
Aug 21 2025, 11:19 AM · gnupg26, OpenPGP, PQC, gnupg

Jul 16 2025

werner closed T7083: Show revocation reasons also with a standard -k listing as Resolved.
Jul 16 2025, 12:04 PM · OpenPGP, Feature Request, gnupg26

Jun 18 2025

werner added a subtask for T6465: Store the ECDH parameters in the key file: T5583: Support RSCS dedicated OpenPGP for OID..
Jun 18 2025, 9:39 AM · gnupg26, OpenPGP, scd, Bug Report
werner closed T7014: agent: Enhancement of PKDECRYPT for KEM interface, a subtask of T6815: PQC encryption for GnuPG, as Resolved.
Jun 18 2025, 9:29 AM · OpenPGP, PQC, gnupg

Jun 5 2025

jap added a comment to T7675: a user-id with just an email address (and not a display name) has no angle brackets surrounding the email address.

Thanks for elaborating and the reference to rfc2440 - I now understand where that stray mail (between [RFC2822] and name-addr) in rfc4880 comes from...
Anyway, I'll treat it as if it says RFC 2822 mailbox and will treat angle brackets with bare addresses as optional.

Jun 5 2025, 4:21 PM · OpenPGP, Documentation
werner closed T7675: a user-id with just an email address (and not a display name) has no angle brackets surrounding the email address as Resolved.

I see, I had rfc2440 in mind which says:

By convention, it includes  an RFC 822 mail name, but there are no restrictions on its content.

thus 4880 refined it a bit. But in practice it is not the same because it is utf8 and not punycode or whatever. let's close this bug because they way it is used will work with all mail clients.

Jun 5 2025, 10:17 AM · OpenPGP, Documentation

May 8 2025

werner closed T7547: signatures from revoked or expired keys show up as missing keys, a subtask of T7527: Keyring/keybox denial of service, as Resolved.
May 8 2025, 3:29 PM · OpenPGP, gnupg, Bug Report

Apr 9 2025

werner changed the status of T7547: signatures from revoked or expired keys show up as missing keys, a subtask of T7527: Keyring/keybox denial of service, from Open to Testing.
Apr 9 2025, 1:54 PM · OpenPGP, gnupg, Bug Report

Mar 11 2025

werner changed the status of T7547: signatures from revoked or expired keys show up as missing keys, a subtask of T7527: Keyring/keybox denial of service, from Testing to Open.
Mar 11 2025, 11:00 AM · OpenPGP, gnupg, Bug Report

Mar 6 2025

werner changed the status of T7547: signatures from revoked or expired keys show up as missing keys, a subtask of T7527: Keyring/keybox denial of service, from Open to Testing.
Mar 6 2025, 5:58 PM · OpenPGP, gnupg, Bug Report

Mar 4 2025

werner added a subtask for T7527: Keyring/keybox denial of service: T7547: signatures from revoked or expired keys show up as missing keys.
Mar 4 2025, 10:47 AM · OpenPGP, gnupg, Bug Report

Feb 22 2025

dkg added a comment to T7527: Keyring/keybox denial of service.

Thank you @werner ! I can confirm that the patches that have landed on STABLE-BRANCH-2-4 do clear up the DoS i was seeing for signature verification.

Feb 22 2025, 3:08 AM · OpenPGP, gnupg, Bug Report

Feb 21 2025

werner closed T7527: Keyring/keybox denial of service as Resolved.

Also fixed for 2.4

Feb 21 2025, 12:24 PM · OpenPGP, gnupg, Bug Report
werner lowered the priority of T7527: Keyring/keybox denial of service from High to Normal.

This has been fixed in master with rG48978ccb4e:

Feb 21 2025, 12:18 PM · OpenPGP, gnupg, Bug Report

Feb 20 2025

werner edited projects for T7527: Keyring/keybox denial of service, added: OpenPGP; removed keyboxd.

Well, the different outcome depends on the order of the certificates or the string comparision in keyboxd. So it is not a keyboxd vs. pubring.kbx thing.

Feb 20 2025, 9:30 AM · OpenPGP, gnupg, Bug Report

Dec 5 2024

werner closed T7316: Curve25519/v5 key cannot be exported, a subtask of T7315: Allow export and import of PQC secret keys., as Resolved.
Dec 5 2024, 4:32 PM · gnupg26, OpenPGP, PQC, gnupg
werner closed T7316: Curve25519/v5 key cannot be exported as Resolved.
Dec 5 2024, 4:32 PM · gnupg26, OpenPGP, PQC, gnupg

Dec 3 2024

ebo closed T6109: Kleopatra: Better way to show expired subkeys as Invalid.

Closing this as duplicate of T7405. That ticket has the better task description as it was made after discussing offline how it could best be done.

Dec 3 2024, 11:53 AM · Feature Request, OpenPGP, kleopatra

Nov 22 2024

werner renamed T7425: gpg --assert-pubkey-algo claims that ed25519 is stronger that ed448 from gpg --assert-pubkey-algo cmails that ed25519 is stringer that ed448 to gpg --assert-pubkey-algo claims that ed25519 is stronger that ed448.
Nov 22 2024, 4:58 PM · Bug Report, OpenPGP, gnupg