Page MenuHome GnuPG

gpgagentProject
ActivePublic

Members

  • This project does not have any members.
  • View All

Recent Activity

May 12 2021

lbogdan updated the task description for T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations.
May 12 2021, 12:53 PM · yubikey, gnupg (gpg23), Bug Report
lbogdan created T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations.
May 12 2021, 12:51 PM · yubikey, gnupg (gpg23), Bug Report

May 6 2021

aheinecke triaged T5424: GnuPG w32: Expand environment variables when reading registry paths as Normal priority.
May 6 2021, 12:03 PM · gnupg (gpg22), Restricted Project

Feb 26 2021

werner added a comment to T4777: Pinentry sometimes mixes languages.

The show error is due a missing translation. What happened was that the translation was marked fuzzy and this marker was removed not realizing that the string really changed. The change was "...in the GnuPG system" -> "...in the %s system" which had been done to allow for different gpg names.

Feb 26 2021, 1:54 PM · gnupg (gpg23), S/MIME, gpgagent

Feb 25 2021

aheinecke added a comment to T4777: Pinentry sometimes mixes languages.

Start from scratch on a german system, even when you do a gpg --version it shows it is in german. Then import a PKCS#12 container and the dialog is in english.

Feb 25 2021, 5:16 PM · gnupg (gpg23), S/MIME, gpgagent
werner claimed T4777: Pinentry sometimes mixes languages.

A wild guess is that the different envvar systems we have in use are the culprit. It is anyway time to get this straight.

Feb 25 2021, 5:14 PM · gnupg (gpg23), S/MIME, gpgagent

Feb 24 2021

Aster89 added a comment to T5322: gpg erroring when the terminal is too small to show the ncurses pinentry dialog.

As suggested in the linked question on stackexchange, I think that even if the error comes from the pinentry program, GnuPG could echo a more informative error than gpg: decryption failed: No secret key, such as terminal to little to show the pinetnry program, or something similar.

Feb 24 2021, 2:37 PM · gnupg (gpg22), gpgagent, pinentry, Bug Report

Feb 23 2021

werner triaged T5322: gpg erroring when the terminal is too small to show the ncurses pinentry dialog as Normal priority.

Thanks for the report. Frankly the curses pinentries are not that widely tested.

Feb 23 2021, 5:02 PM · gnupg (gpg22), gpgagent, pinentry, Bug Report

Feb 17 2021

werner closed T5270: gpg-agent crashes during signing: free(): invalid pointer as Resolved.
Feb 17 2021, 8:47 AM · libgcrypt, gpgagent, Bug Report

Feb 10 2021

werner closed T3108: gpgconf lists the wrong extra socket path when a path is explicitly configured in gpg-agent.conf as Wontfix.
Feb 10 2021, 11:39 AM · gnupg (gpg23), gpgagent
werner lowered the priority of T4338: gpg-agent fails to start on Windows if GNUPGHOME is longer than 80 characters from Normal to Low.
Feb 10 2021, 11:32 AM · Windows, gpgagent, Bug Report
werner closed T2964: dirmngr and gpg-agent should work automatically even when GNUPGHOME is larger than sun_path as Resolved.

The now used /var/run thingy solves all these problems nicely. In fact we may eventually remove the use fallback of using sockets in the GNUPGHOMEDIR.

Feb 10 2021, 11:29 AM · Stalled, scd, gpgagent, Bug Report, gnupg, dirmngr

Jan 30 2021

werner triaged T5281: gpg-agent / pinentry: allow to pause/mute passphrase requests for a while as Normal priority.
Jan 30 2021, 12:10 PM · gpgagent, pinentry, Feature Request

Jan 28 2021

gniibe closed T5114: GnuPG fails to import back generated and exported EdDSA secret key. as Resolved.
Jan 28 2021, 2:57 AM · gnupg, Testing, gpgagent, Bug Report
gniibe closed T5116: GnuPG master shows an error when importing Ed25519 keys generated, a subtask of T5114: GnuPG fails to import back generated and exported EdDSA secret key., as Resolved.
Jan 28 2021, 2:55 AM · gnupg, Testing, gpgagent, Bug Report
gniibe changed the status of T5270: gpg-agent crashes during signing: free(): invalid pointer from Open to Testing.
Jan 28 2021, 12:35 AM · libgcrypt, gpgagent, Bug Report
gniibe claimed T5270: gpg-agent crashes during signing: free(): invalid pointer.

See T5267: Ed25519 backward compatible private key support for preceding ZERO(s) for the fix.

Jan 28 2021, 12:34 AM · libgcrypt, gpgagent, Bug Report

Jan 27 2021

J created T5270: gpg-agent crashes during signing: free(): invalid pointer.
Jan 27 2021, 12:09 PM · libgcrypt, gpgagent, Bug Report

Jan 26 2021

gniibe removed a project from T4956: agent: Discrepancy of handling MPI for the interpretation of signed and unsigned: libgcrypt.
Jan 26 2021, 4:51 AM · gpgagent, gnupg
gniibe closed T4964: ecc: Discrepancy of handling MPI for the interpretation of signed and unsigned, a subtask of T4956: agent: Discrepancy of handling MPI for the interpretation of signed and unsigned, as Resolved.
Jan 26 2021, 4:48 AM · gpgagent, gnupg

Jan 8 2021

gniibe added a comment to T4956: agent: Discrepancy of handling MPI for the interpretation of signed and unsigned.

rG47c1c329ed82: agent,ecc: Use of opaque MPI for ECC, fixup 'd'. does the fixup when reading keys.

Jan 8 2021, 4:18 AM · gpgagent, gnupg

Jan 6 2021

rupor-github added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I wrote https://github.com/rupor-github/win-gpg-agent to simplify usage on Windows until this issue is resolved - it handles various edge cases on Windows.

Jan 6 2021, 7:25 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Dec 16 2020

gniibe reopened T4563: gpg-agent fails to sign request of PKISSH as "Open".
Dec 16 2020, 1:43 AM · Feature Request, gpgagent
gniibe closed T4563: gpg-agent fails to sign request of PKISSH as Wontfix.
Dec 16 2020, 1:42 AM · Feature Request, gpgagent
gniibe added a comment to T4563: gpg-agent fails to sign request of PKISSH.

If your problem is the incompatibility between standard OpenSSH (server) and PKIXSSH (client) for use of ssh-agent emulation of gpg-agent with ECDSA key, I'd suggest to apply following patch to your PKIXSSH:

diff --git a/compat.c b/compat.c
index fe71951..0c9b1ef 100644
--- a/compat.c
+++ b/compat.c
@@ -245,7 +245,6 @@ xkey_compatibility(const char *remote_version) {
 {	static sshx_compatibility info[] = {
 		{ 0, "OpenSSH*PKIX[??.*" /* 10.+ first correct */ },
 		{ 0, "OpenSSH*PKIX[X.*" /* developlement */ },
-		{ 1, "OpenSSH*" /* PKIX pre 10.0 */ },
 		{ 1, "SecureNetTerm-3.1" /* same as PKIX pre 10.0 */},
 		{ 0, NULL } };
 	p = xkey_compatibility_find(remote_version, info);
Dec 16 2020, 12:58 AM · Feature Request, gpgagent

Dec 14 2020

gniibe added a comment to T4563: gpg-agent fails to sign request of PKISSH.

Unfortunately and confusingly, PKISSH returns "OpenSSH" when asked by "ssh -V".
Please install real OpenSSH, if this is the case for you.

Dec 14 2020, 10:52 AM · Feature Request, gpgagent
idl0r added a comment to T4563: gpg-agent fails to sign request of PKISSH.

Quote from IRC:
hey, i've some problems with my smartcard since quite some time. i'm not sure whether it's openssh related or gnupg. it's a openpgpcard v2.0 and i have to workaround ssh logins by using "SSH_AUTH_SOCK=0 ssh ...". .gnupg/gpg-agent.conf -

the debug log: esp. "ssh sign request failed: Unknown option <GPG Agent>" and ssh says "sign_and_send_pubkey: signing failed: agent refused operation"
gpg --edit-card and --card-status works fine and sign/encrypt works fine as well. only ssh auth fails
openssh 8.1_p1, gnupg 2.2.20

Dec 14 2020, 10:31 AM · Feature Request, gpgagent
idl0r added a comment to T4563: gpg-agent fails to sign request of PKISSH.

Yeah but it seems to be the same issue / reason. I wasn't aware that PKISSH is something else. I thought it was an extension/protocol or something

Dec 14 2020, 10:26 AM · Feature Request, gpgagent
gniibe added a comment to T4563: gpg-agent fails to sign request of PKISSH.

I added "Feature Request", because this is a request to support:

  • A feature of bug compatibility, which is implemented wrongly in PKISSH
  • for a specific algo of key, which is not considered so useful (== ECDSA)
  • PKISSH, which is variant of OpenSSH
Dec 14 2020, 10:23 AM · Feature Request, gpgagent
gniibe added a comment to T4563: gpg-agent fails to sign request of PKISSH.
In T4563#140184, @idl0r wrote:

I was and I am using OpenSSH on both sides, client and server.

Dec 14 2020, 10:20 AM · Feature Request, gpgagent
idl0r added a comment to T4563: gpg-agent fails to sign request of PKISSH.

I was and I am using OpenSSH on both sides, client and server.

Dec 14 2020, 10:16 AM · Feature Request, gpgagent
werner added a comment to T4563: gpg-agent fails to sign request of PKISSH.

I do not think that we should support a fork of openssh right now. If we would support it we are bound to maintain that for years - this is not a good idea.

Dec 14 2020, 10:09 AM · Feature Request, gpgagent
idl0r added a comment to T4563: gpg-agent fails to sign request of PKISSH.

Well, I have no idea about the technical background to be honest but without this patch it doesn't work at all for me, unless I stop using the agent or workaround it by using SSH_AUTH_SOCK=0. With this patch, I can use the agent again. I don't know how many others are affected by this but it made it usable again, which wasn't the case for months already.

Dec 14 2020, 9:04 AM · Feature Request, gpgagent
gniibe lowered the priority of T4563: gpg-agent fails to sign request of PKISSH from Normal to Low.

In theory, I don't think the patch gnupg.patch works. It just ignore the flag.

Dec 14 2020, 3:19 AM · Feature Request, gpgagent

Dec 9 2020

idl0r added a comment to T4563: gpg-agent fails to sign request of PKISSH.

I am affected by the same bug and the patch seems to work for me. Login via gpg-agent with ssh support is possible again, which wasn't before, since some openssh and/or gnupg update. Not sure.

Dec 9 2020, 12:04 PM · Feature Request, gpgagent

Nov 30 2020

aheinecke created T5160: Pinentry: Improved generate support.
Nov 30 2020, 10:57 AM · gpgagent, pinentry

Nov 27 2020

werner closed T4427: Windows 10 update KB4489899 stops gpg-agent launching as Resolved.

No more problems reported, so I assume like @aheinecke that it has been resolved in Windows.

Nov 27 2020, 6:36 PM · Info Needed, Windows, gpgagent, Bug Report

Nov 23 2020

werner edited projects for T5114: GnuPG fails to import back generated and exported EdDSA secret key., added: gnupg; removed gnupg (gpg22).

Its done for 2.2 thus changing the tag.

Nov 23 2020, 1:43 PM · gnupg, Testing, gpgagent, Bug Report
werner added a comment to T5137: gpg-agent 2.x poor performance / futex errors.

I though about this too but we need to take care about the logging functions of Libgcrypt which are intertwined with nPth (clamp function of libgpg-error).

Nov 23 2020, 9:01 AM · Feature Request, gpgagent

Nov 19 2020

Hafiz added a comment to T5136: Mega888.

{F1982353}

Nov 19 2020, 9:36 PM · gpgagent, Feature Request
gniibe added a comment to T5137: gpg-agent 2.x poor performance / futex errors.

Thanks. I understand the situation. Basically, gpg-agent's computation is done by a single thread (in current implementation), although it accepts many requests simultaneously.

Nov 19 2020, 3:21 AM · Feature Request, gpgagent

Nov 18 2020

andrey.arapov added a comment to T5137: gpg-agent 2.x poor performance / futex errors.

Note that you actually run 30 independent processes with gpg 1.4 but with gpg-agent there is just one process to handle the private key operations (decrypt). To utilize more cores you need to setup several GNUPGHOME with the same private keys.

Nov 18 2020, 2:33 PM · Feature Request, gpgagent
andrey.arapov added a comment to T5137: gpg-agent 2.x poor performance / futex errors.

I think that it is not gpg-agent but pinentry which causes millions of futex syscall errors.
For interactive use case, pinentry may be the point of contention.
I might be wrong if your key is not protected by passphrase.

If possible, please try adding arguments for gpg invocation: --pinentry-mode loopback --passphrase-file YOUR_FILE_FOR_PASSPHRASE
This can avoid the invocation of pinentry entirely.

Nov 18 2020, 2:32 PM · Feature Request, gpgagent

Nov 17 2020

werner triaged T5137: gpg-agent 2.x poor performance / futex errors as Normal priority.

I change this to a feature request: Allow several processes to run public key decryption using the same set of private keys.

Nov 17 2020, 8:35 AM · Feature Request, gpgagent

Nov 16 2020

werner closed T5136: Mega888 as Spite.
Nov 16 2020, 4:10 PM · gpgagent, Feature Request
Hafiz created T5136: Mega888.
Nov 16 2020, 12:39 PM · gpgagent, Feature Request
gniibe renamed T4956: agent: Discrepancy of handling MPI for the interpretation of signed and unsigned from agent: Disrepancy of handling MPI for the interpretation of signed and unsigned to agent: Discrepancy of handling MPI for the interpretation of signed and unsigned.
Nov 16 2020, 8:09 AM · gpgagent, gnupg

Nov 4 2020

gniibe changed the status of T5116: GnuPG master shows an error when importing Ed25519 keys generated, a subtask of T5114: GnuPG fails to import back generated and exported EdDSA secret key., from Open to Testing.
Nov 4 2020, 3:14 AM · gnupg, Testing, gpgagent, Bug Report

Oct 30 2020

gniibe added a comment to T5116: GnuPG master shows an error when importing Ed25519 keys generated.

One bug is fixed in rGdd4fb1c8f668: gpg: Fix first zero-byte case for SOS handling..

Oct 30 2020, 9:03 AM · Testing, gnupg, Bug Report
gniibe changed the status of T5114: GnuPG fails to import back generated and exported EdDSA secret key. from Open to Testing.

Fixed in 2.2 branch.
Also, I found another issue of libgcrypt master, which is fixed in rC361a0588489c: ecc: Handle removed zeros at the beginning for Ed25519..
Further, I found different issue, and created T5116: GnuPG master shows an error when importing Ed25519 keys generated.

Oct 30 2020, 2:23 AM · gnupg, Testing, gpgagent, Bug Report