Tue, Nov 5
Tue, Oct 29
Oct 1 2024
Fixed in master: rGe7891225788a: gpg: Robust error handling for SCD READKEY.
Sep 30 2024
Some would say it is a bug if keys are not shown - even if the algo is not known ;-)
scdaemon in this case was a broken experiment of mine (trying to see if I can get SoftHSM to work as the OpenPGP card). So this was not a normal, released scdaemon code.
Sep 28 2024
Please send an excerpt from the scdaemon debug output to evaluate why you get somewhat strange looking data. Is this an experimental card? 0xa5 is a common test pattern.
Sep 27 2024
It is reproducible bug even with master branch.
Sep 26 2024
I have a look at the log file of gpg-agent.log. I can see that six PKDECRYPT requests are handled simultaneously. I think that it's out of secure memory to decrypt the private key which results pinentry request.
Sep 20 2024
Found another thinko; When there is no clients with DEVINFO --watch, the pipe to be notified is not consumed at all (no read). It eventually results blocked by write(2), when the pipe is filled.
Sep 19 2024
I see. the systemd race of having two gpg-agent processes. The second gpg-agent should eventually go away but than it is already too late.
I mean: two gpg-agent requests simultaneously running DEVINFO --watch.
Single scdaemon, two threads handling DEVINFO --watch simultaneously, by pselect + read.
Two threads waken up, but it was only one thread which can read(2), another was blocked (before the fix).
Sep 18 2024
You mean it is possible that the initialization function is called by several threads - or that two scdaemon's are running before they realize that one of them is in the way?
I realized that I put a bug on POSIX; When multiple clients do DEVINFO --watch, it is possible for scdaemon to hang (waiting pselect and read, read by one, read by another is blocked).
Sep 4 2024
Sep 3 2024
Aug 13 2024
Jul 1 2024
Jun 27 2024
Asking a change of gpgme would need more time... So, I decided to change gpg-agent side.
gpg-agent part was done in: rGb3f1f2cd192b: agent: Handle SCD DEVINFO --watch command in a special way.
Jun 25 2024
scdaemon part was done in: rG36d8cffc6cd2: scd: Finish DEVINFO --watch command on input close.
Jun 24 2024
Maybe we can support this directly in gpgme's assuan API.
Did some experiment and I concluded (for now) that new command for gpg-agent would not be needed.
Instead, it might be better doing following in GPGME.
Jun 17 2024
May 13 2024
I'd also be interested in expanding tilde expressions for dotfiles portability, since I don't use the same username in all my machines
Apr 24 2024
Apr 22 2024
Apr 16 2024
What is the current status of this issue?
Apr 15 2024
Apr 11 2024
I had wrong interpretation about symmetric cipher algorithm identifier in the draft. It specifies symmetric cipher for the following Symmetrically Encrypted Data Packet (I was wrongly interpret as if it were specifying algo for AES keywrap).
Apr 10 2024
I merged the change by Werner to get the value from frontend.
Apr 9 2024
In the current code, just for testing against the test vector in m https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc-02, there are specific value in the key combiner KDF.
Namely, the value 105 for fixedInfo is defined in the draft (and it will be changed).
Apr 5 2024
I created a pubkey (actually a subkey) for your above test keys:
I use this for testing:
Mar 25 2024
On March 11 and 18, the private key file DE1AB1D22899CEC7DBB1A7863F34E6E92BFB7756.key was wrong.
I updated on March 25. Now, the endian is GnuPG (d is big endian).
Mar 23 2024
Thanks, that patch works for me.
Mar 18 2024
I extracted data from https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc-02 and compose x25519 key and MLKEM768 key. Here they are.
x25519 :
MLKEM768 :