Page MenuHome GnuPG

gpgagentProject
ActivePublic

Members

  • This project does not have any members.
  • View All

Recent Activity

Tue, Nov 5

yescallop added a comment to T5942: scdaemon is blocking system shutdown.

This seems to have been resolved in 2.4.6 by T7151 or T7160. I don't really remember the details, but at least I don't see anything blocking system shutdown now.

Tue, Nov 5, 5:45 AM · Support, scd, gpgagent

Tue, Oct 29

werner moved T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close from Backlog to QA on the gnupg24 board.
Tue, Oct 29, 1:39 PM · gpgagent, scd, gnupg24, Bug Report

Oct 1 2024

gniibe changed the status of T7309: gpg should not proceed with the key import from the smartcard if no valid SCD READKEY information is received from Open to Testing.

Fixed in master: rGe7891225788a: gpg: Robust error handling for SCD READKEY.

Oct 1 2024, 3:58 AM · Info Needed, scd, gpgagent, Bug Report

Sep 30 2024

werner triaged T7309: gpg should not proceed with the key import from the smartcard if no valid SCD READKEY information is received as Normal priority.

Some would say it is a bug if keys are not shown - even if the algo is not known ;-)

Sep 30 2024, 4:06 PM · Info Needed, scd, gpgagent, Bug Report
saper renamed T7309: gpg should not proceed with the key import from the smartcard if no valid SCD READKEY information is received from gpg should notice if scdaemon crashes to gpg should not proceed with the key import from the smartcard if no valid SCD READKEY information is received.
Sep 30 2024, 11:54 AM · Info Needed, scd, gpgagent, Bug Report
saper added a comment to T7309: gpg should not proceed with the key import from the smartcard if no valid SCD READKEY information is received.

scdaemon in this case was a broken experiment of mine (trying to see if I can get SoftHSM to work as the OpenPGP card). So this was not a normal, released scdaemon code.

Sep 30 2024, 10:46 AM · Info Needed, scd, gpgagent, Bug Report
gniibe claimed T7309: gpg should not proceed with the key import from the smartcard if no valid SCD READKEY information is received.
Sep 30 2024, 3:49 AM · Info Needed, scd, gpgagent, Bug Report

Sep 28 2024

werner added a comment to T7309: gpg should not proceed with the key import from the smartcard if no valid SCD READKEY information is received.

Please send an excerpt from the scdaemon debug output to evaluate why you get somewhat strange looking data. Is this an experimental card? 0xa5 is a common test pattern.

Sep 28 2024, 7:38 PM · Info Needed, scd, gpgagent, Bug Report
saper created T7309: gpg should not proceed with the key import from the smartcard if no valid SCD READKEY information is received.
Sep 28 2024, 3:10 AM · Info Needed, scd, gpgagent, Bug Report

Sep 27 2024

gniibe added a comment to T6375: gpg-agent race-condition with parallel clients.

It is reproducible bug even with master branch.

Sep 27 2024, 4:22 AM · gnupg24, gpgagent, Bug Report

Sep 26 2024

gniibe added a comment to T6375: gpg-agent race-condition with parallel clients.

I have a look at the log file of gpg-agent.log. I can see that six PKDECRYPT requests are handled simultaneously. I think that it's out of secure memory to decrypt the private key which results pinentry request.

Sep 26 2024, 10:35 AM · gnupg24, gpgagent, Bug Report

Sep 20 2024

gniibe added a comment to T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close.

Found another thinko; When there is no clients with DEVINFO --watch, the pipe to be notified is not consumed at all (no read). It eventually results blocked by write(2), when the pipe is filled.

Sep 20 2024, 3:51 AM · gpgagent, scd, gnupg24, Bug Report

Sep 19 2024

werner added a comment to T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close.

I see. the systemd race of having two gpg-agent processes. The second gpg-agent should eventually go away but than it is already too late.

Sep 19 2024, 8:56 AM · gpgagent, scd, gnupg24, Bug Report
gniibe added a comment to T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close.

I mean: two gpg-agent requests simultaneously running DEVINFO --watch.
Single scdaemon, two threads handling DEVINFO --watch simultaneously, by pselect + read.
Two threads waken up, but it was only one thread which can read(2), another was blocked (before the fix).

Sep 19 2024, 1:43 AM · gpgagent, scd, gnupg24, Bug Report

Sep 18 2024

werner added a comment to T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close.

You mean it is possible that the initialization function is called by several threads - or that two scdaemon's are running before they realize that one of them is in the way?

Sep 18 2024, 6:30 PM · gpgagent, scd, gnupg24, Bug Report
gniibe added a comment to T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close.

Fixed in rGfc30f7059650: scd: Fix DEVINFO to allow multiple clients.

Sep 18 2024, 6:52 AM · gpgagent, scd, gnupg24, Bug Report
gniibe added a comment to T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close.

I realized that I put a bug on POSIX; When multiple clients do DEVINFO --watch, it is possible for scdaemon to hang (waiting pselect and read, read by one, read by another is blocked).

Sep 18 2024, 4:57 AM · gpgagent, scd, gnupg24, Bug Report

Sep 4 2024

gniibe changed the status of T7283: Odd "gpg: KEYTOCARD failed: Invalid time" error when using `--pinentry-mode=loopback` from Open to Testing.
Sep 4 2024, 1:34 AM · gpgagent, Bug Report

Sep 3 2024

rubensayshi added a comment to T7283: Odd "gpg: KEYTOCARD failed: Invalid time" error when using `--pinentry-mode=loopback`.

I can replicate the problem.

The cause of this is that when it's comes with loopback mode, gpg-agent inquires back to the frontend and the buffer overwritten, which results parsing the line wrong.
I'm going to fix.

Sep 3 2024, 11:10 AM · gpgagent, Bug Report
rubensayshi added a comment to T7283: Odd "gpg: KEYTOCARD failed: Invalid time" error when using `--pinentry-mode=loopback`.

y38k problems with some frontends are known for some 32 bit platforms.

Please write a proper bug report and don't expect us to read a reddit thread.

Sep 3 2024, 11:09 AM · gpgagent, Bug Report
werner edited projects for T7283: Odd "gpg: KEYTOCARD failed: Invalid time" error when using `--pinentry-mode=loopback`, added: gpgagent; removed Info Needed.
Sep 3 2024, 11:07 AM · gpgagent, Bug Report

Aug 13 2024

ebo moved T7003: 2.2 gpg-agent doesn't allow KEYINFO when restricted (was: gpgme-1.23.2 test failure (t-json)) from QA to gnupg-2.2.43 on the gnupg22 board.
Aug 13 2024, 10:41 AM · gnupg22 (gnupg-2.2.43), gpgagent, gpgme, Gentoo, Bug Report

Jul 1 2024

gniibe changed the status of T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close from Open to Testing.
Jul 1 2024, 4:25 AM · gpgagent, scd, gnupg24, Bug Report
gniibe changed the status of T7160: scd: pipe server shutdown, a subtask of T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close, from Open to Testing.
Jul 1 2024, 4:25 AM · gpgagent, scd, gnupg24, Bug Report
gniibe changed the status of T7160: scd: pipe server shutdown from Open to Testing.

Fixed in rG01fa318be0f8: scd: Fix how scdaemon pipe server finishes.

Jul 1 2024, 4:25 AM · scd, gpgagent, Bug Report

Jun 27 2024

gniibe added a comment to T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close.

Asking a change of gpgme would need more time... So, I decided to change gpg-agent side.
gpg-agent part was done in: rGb3f1f2cd192b: agent: Handle SCD DEVINFO --watch command in a special way.

Jun 27 2024, 8:38 AM · gpgagent, scd, gnupg24, Bug Report

Jun 25 2024

gniibe added a comment to T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close.

scdaemon part was done in: rG36d8cffc6cd2: scd: Finish DEVINFO --watch command on input close.

Jun 25 2024, 10:56 AM · gpgagent, scd, gnupg24, Bug Report

Jun 24 2024

werner added a comment to T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close.

Maybe we can support this directly in gpgme's assuan API.

Jun 24 2024, 9:05 AM · gpgagent, scd, gnupg24, Bug Report
gniibe added a comment to T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close.

Did some experiment and I concluded (for now) that new command for gpg-agent would not be needed.
Instead, it might be better doing following in GPGME.

Jun 24 2024, 4:24 AM · gpgagent, scd, gnupg24, Bug Report

Jun 17 2024

gniibe added projects to T7151: graceful shutdown: DEVINFO should be a gpg-agent command: also watching input close: scd, gpgagent.
Jun 17 2024, 4:49 AM · gpgagent, scd, gnupg24, Bug Report
gniibe triaged T7160: scd: pipe server shutdown as Normal priority.
Jun 17 2024, 4:48 AM · scd, gpgagent, Bug Report

May 13 2024

perrin4869 added a comment to T4588: gpg-agent should guess pinentry's full path (using $PATH) if `pinentry-program` does not supply a full path.

I'd also be interested in expanding tilde expressions for dotfiles portability, since I don't use the same username in all my machines

May 13 2024, 5:38 AM · gnupg24, gpgagent

Apr 24 2024

werner moved T6681: agent: Clean up main loop and better cache handling of expiration (was: Adding agent_timer API for monitoring something and passphrase cache) from Backlog to QA on the gnupg26 board.
Apr 24 2024, 10:05 AM · keyboxd, gpgagent, gnupg26
werner moved T6682: agent: agent_kick_the_loop function to unblock the select(2) from Backlog to QA on the gnupg26 board.
Apr 24 2024, 10:05 AM · keyboxd, gpgagent, gnupg26
werner moved T6692: agent: Clean up check_own_socket to monitor socket takeover from Backlog to QA on the gnupg26 board.
Apr 24 2024, 10:05 AM · keyboxd, gnupg26, gpgagent
werner moved T6693: agent: Have a thread monitoring parent PID and homedir from Backlog to QA on the gnupg26 board.
Apr 24 2024, 10:05 AM · keyboxd, gpgagent, gnupg26
werner moved T7014: agent: Enhancement of PKDECRYPT for KEM interface from Backlog to WIP on the gnupg26 board.
Apr 24 2024, 10:04 AM · gnupg26, gpgagent, Feature Request

Apr 22 2024

gniibe triaged T7097: Support a key on smartcard for PQC as Wishlist priority.
Apr 22 2024, 8:12 AM · gnupg26, gpgagent, Feature Request

Apr 16 2024

matheusmoreira added a comment to T5783: All s2k hardenings silently ignored when exporting private keys.

What is the current status of this issue?

Apr 16 2024, 2:46 PM · Not A Bug, gpgagent, OpenPGP, gpg4win, gnupg

Apr 15 2024

gniibe changed the status of T7014: agent: Enhancement of PKDECRYPT for KEM interface from Open to Testing.
Apr 15 2024, 3:19 AM · gnupg26, gpgagent, Feature Request

Apr 11 2024

gniibe added a comment to T7014: agent: Enhancement of PKDECRYPT for KEM interface.

I had wrong interpretation about symmetric cipher algorithm identifier in the draft. It specifies symmetric cipher for the following Symmetrically Encrypted Data Packet (I was wrongly interpret as if it were specifying algo for AES keywrap).

Apr 11 2024, 8:21 AM · gnupg26, gpgagent, Feature Request

Apr 10 2024

gniibe added a comment to T7014: agent: Enhancement of PKDECRYPT for KEM interface.

I merged the change by Werner to get the value from frontend.

Apr 10 2024, 5:57 AM · gnupg26, gpgagent, Feature Request

Apr 9 2024

gniibe added a comment to T7014: agent: Enhancement of PKDECRYPT for KEM interface.

In the current code, just for testing against the test vector in m https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc-02, there are specific value in the key combiner KDF.
Namely, the value 105 for fixedInfo is defined in the draft (and it will be changed).

Apr 9 2024, 7:21 AM · gnupg26, gpgagent, Feature Request

Apr 5 2024

werner added a comment to T7014: agent: Enhancement of PKDECRYPT for KEM interface.

I created a pubkey (actually a subkey) for your above test keys:

Apr 5 2024, 4:09 PM · gnupg26, gpgagent, Feature Request
gniibe added a comment to T7014: agent: Enhancement of PKDECRYPT for KEM interface.

I use this for testing:

Apr 5 2024, 8:22 AM · gnupg26, gpgagent, Feature Request

Mar 25 2024

gniibe added a comment to T7014: agent: Enhancement of PKDECRYPT for KEM interface.

On March 11 and 18, the private key file DE1AB1D22899CEC7DBB1A7863F34E6E92BFB7756.key was wrong.
I updated on March 25. Now, the endian is GnuPG (d is big endian).

Mar 25 2024, 8:04 AM · gnupg26, gpgagent, Feature Request

Mar 23 2024

werner closed T7003: 2.2 gpg-agent doesn't allow KEYINFO when restricted (was: gpgme-1.23.2 test failure (t-json)) as Resolved.
Mar 23 2024, 1:29 PM · gnupg22 (gnupg-2.2.43), gpgagent, gpgme, Gentoo, Bug Report
thesamesam added a comment to T7003: 2.2 gpg-agent doesn't allow KEYINFO when restricted (was: gpgme-1.23.2 test failure (t-json)).

Thanks, that patch works for me.

Mar 23 2024, 12:24 PM · gnupg22 (gnupg-2.2.43), gpgagent, gpgme, Gentoo, Bug Report

Mar 18 2024

werner moved T7003: 2.2 gpg-agent doesn't allow KEYINFO when restricted (was: gpgme-1.23.2 test failure (t-json)) from Backlog to QA on the gnupg22 board.
Mar 18 2024, 4:24 PM · gnupg22 (gnupg-2.2.43), gpgagent, gpgme, Gentoo, Bug Report
gniibe added a comment to T7014: agent: Enhancement of PKDECRYPT for KEM interface.

I extracted data from https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc-02 and compose x25519 key and MLKEM768 key. Here they are.
x25519 :


MLKEM768 :

Mar 18 2024, 7:21 AM · gnupg26, gpgagent, Feature Request