gpgagentProject
ActivePublic

Members

  • This project does not have any members.

Recent Activity

Wed, May 27

gniibe updated the task description for T4956: agent: Disrepancy of handling MPI for the interpretation of signed and unsigned.
Wed, May 27, 3:09 AM · libgcrypt, gpgagent, gnupg
gniibe edited projects for T4956: agent: Disrepancy of handling MPI for the interpretation of signed and unsigned, added: gpgagent, libgcrypt; removed OpenPGP.
Wed, May 27, 3:08 AM · libgcrypt, gpgagent, gnupg

Mar 5 2020

werner added a comment to T4866: `gpg-agent --gpgconf-list` returns a non-zero error code 2 if $HOME is non-existent, causing `gpgconf` to fail.

I t could print a warning for a non-existant homedir

Mar 5 2020, 8:24 PM · gpgagent, gnupg, Bug Report
dkg added a comment to T4866: `gpg-agent --gpgconf-list` returns a non-zero error code 2 if $HOME is non-existent, causing `gpgconf` to fail.

Sure, I personally know that GnuPG requires a homedir to operate.

Mar 5 2020, 3:20 PM · gpgagent, gnupg, Bug Report
werner added a comment to T4866: `gpg-agent --gpgconf-list` returns a non-zero error code 2 if $HOME is non-existent, causing `gpgconf` to fail.

As you surely known GnuPG requires its home directory; in particular when using the gpgconf to manage the config options. Thus I can't see what to do other than error out. gpgconf needs to know the location of the config file; if it is containign diretcory is not existant it will fail anyway.

Mar 5 2020, 10:14 AM · gpgagent, gnupg, Bug Report

Mar 4 2020

dkg created T4866: `gpg-agent --gpgconf-list` returns a non-zero error code 2 if $HOME is non-existent, causing `gpgconf` to fail.
Mar 4 2020, 4:46 PM · gpgagent, gnupg, Bug Report

Jan 13 2020

aheinecke created T4808: gnupg, scd: Status notifications to Applications.
Jan 13 2020, 11:22 AM · kleopatra, scd, gpgagent

Dec 17 2019

werner added a comment to T4777: Pinentry sometimes mixes languages.

The description comes from gpg/gpgsm while the prompts are from gpg-agent. Thus if the agent has been started with the German local but gpgsm without a local this would explain the behaviour.

Dec 17 2019, 11:39 AM · S/MIME, gpgagent
aheinecke created T4777: Pinentry sometimes mixes languages.
Dec 17 2019, 10:19 AM · S/MIME, gpgagent

Dec 12 2019

werner added a project to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent: gnupg (gpg23).
Dec 12 2019, 1:08 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
werner claimed T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.
Dec 12 2019, 1:07 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Although I don't use the ssh client on Windows I had to integrate the Windows ssh server into our release process (GlobalSign sent us a Windows-only token, for the new cert and so we can't anymore use osslsigncode). The ssh server is really stable and so it makes a lot of sense to better integrate our ssh-agent into Windows.

Dec 12 2019, 1:07 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Dec 5 2019

gniibe added a project to T4270: pinentry-curses should ring the terminal bell: gpgagent.
Dec 5 2019, 7:09 AM · gpgagent, Feature Request, pinentry
gniibe added a parent task for T4587: pinentry-gnome3 grabs input (is system modal) despite`--no-global-grab` or `OPTION no-grab`: T4770: pinentry option no-global-grab.
Dec 5 2019, 6:42 AM · gpgagent, pinentry
gniibe added a comment to T4256: gpg-agent: Spurious pinentries for an already unlocked key when decryption OpenPGP in 10 threads.

My analysis is that it's not a race condition but... it's about secure memory.
It is true that we have a race condition between putting an entry to cache after pinentry interaction _and_ next examining cache to invoke pinentry. But for this test case, the gpg process of unlock the key (and cache the passphrase) is finished before running the run-threaded command.

Dec 5 2019, 6:33 AM · gnupg, gpgagent
gniibe closed T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry as Resolved.
Dec 5 2019, 1:57 AM · Bug Report, gpgagent

Dec 4 2019

werner triaged T4769: gnupg:passphrase for new key asked three times as Normal priority.

That is actually a GnuPG thing. We originally did it this way to help people remember their passphrase before they start using the key. I agree it is annoying and I would like to remove it too. At the same time we should really think about making no-passphrase the default and require it only with certain compliance settings.

Dec 4 2019, 7:54 PM · gpgagent, gnupg (gpg23), Bug Report, gpg4win

Sep 27 2019

gniibe renamed T4563: gpg-agent fails to sign request of PKISSH from gpg-agent fails to sign request to gpg-agent fails to sign request of PKISSH.
Sep 27 2019, 1:45 PM · Feature Request, gpgagent
gniibe edited projects for T4563: gpg-agent fails to sign request of PKISSH, added: Feature Request; removed Info Needed, Bug Report.
Sep 27 2019, 10:17 AM · Feature Request, gpgagent
gniibe added a comment to T4563: gpg-agent fails to sign request of PKISSH.

OK, I identify the problem.

Sep 27 2019, 8:23 AM · Feature Request, gpgagent

Sep 9 2019

aheinecke closed T4389: Gpg4win 3.1.8, a subtask of T4333: Job objects on Windows interfere with automatic start of gpg-agent, as Resolved.
Sep 9 2019, 11:27 AM · patch, Windows, gpgagent, Bug Report
aheinecke closed T4333: Job objects on Windows interfere with automatic start of gpg-agent as Resolved.
Sep 9 2019, 11:23 AM · patch, Windows, gpgagent, Bug Report
ikrabbe added a comment to T4563: gpg-agent fails to sign request of PKISSH.

But this problem remains for several versions for some time. I tried to find out the source of this "new option" in the communication, but I could not find anything about "GPG Agent" in the source code of openssh.

Sep 9 2019, 10:18 AM · Feature Request, gpgagent
ikrabbe added a comment to T4563: gpg-agent fails to sign request of PKISSH.

Sorry for the late answer, but I have been busy. Actually this happened against several ssh versions, for some time now.

Sep 9 2019, 9:45 AM · Feature Request, gpgagent

Aug 20 2019

gniibe added a comment to T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry.

It was fixed in GnuPG master by rGc395f8315362: agent: Terminate pinentry process gracefully, by watching socket. and rG374a0775546b: agent: Close a dialog cleanly when gpg/ssh is killed for CONFIRM..
Those will be in GnuPG 2.3.

Aug 20 2019, 3:32 AM · Bug Report, gpgagent
dkg reopened T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry as "Open".
Aug 20 2019, 2:44 AM · Bug Report, gpgagent
dkg added a comment to T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry.

This appears to be https://bugs.debian.org/850946 and it does not appear to be fixed to me.

Aug 20 2019, 2:43 AM · Bug Report, gpgagent

Aug 2 2019

werner triaged T4661: gpg-agent "getinfo cmd_has_option" is frequently wrong as Low priority.
Aug 2 2019, 9:51 AM · Documentation, gpgagent

Jul 31 2019

dkg reopened T4661: gpg-agent "getinfo cmd_has_option" is frequently wrong as "Open".

Please update the documentation for the function in that case.

Jul 31 2019, 4:49 PM · Documentation, gpgagent
werner closed T4661: gpg-agent "getinfo cmd_has_option" is frequently wrong as Invalid.

No, it was not in mind. I introduced this only for backward compatibility. It will be extended iff we have a need for it.

Jul 31 2019, 8:51 AM · Documentation, gpgagent

Jul 30 2019

gniibe added a comment to T4661: gpg-agent "getinfo cmd_has_option" is frequently wrong.

My understanding is: it was introduced by rG370f841a0135: Enhanced last patch. in 2009 to give information to client (for a specific command at that time), possibly in a hope that server side would support the feature for all commands (and client could benefits).

Jul 30 2019, 8:59 AM · Documentation, gpgagent

Jul 29 2019

dkg created T4661: gpg-agent "getinfo cmd_has_option" is frequently wrong.
Jul 29 2019, 8:54 PM · Documentation, gpgagent

Jul 11 2019

gniibe added projects to T4563: gpg-agent fails to sign request of PKISSH: gpgagent, Info Needed.

Which SSH client are you using?

Jul 11 2019, 8:42 AM · Feature Request, gpgagent
gniibe claimed T4587: pinentry-gnome3 grabs input (is system modal) despite`--no-global-grab` or `OPTION no-grab`.

gpg-agent side is fixed to relax the error handling.

Jul 11 2019, 7:57 AM · gpgagent, pinentry

Jul 9 2019

werner closed T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32 as Resolved.
Jul 9 2019, 3:22 PM · gpgagent, gnupg, Bug Report

Jul 1 2019

werner triaged T4588: gpg-agent should guess pinentry's full path (using $PATH) if `pinentry-program` does not supply a full path as Normal priority.
Jul 1 2019, 9:34 PM · libassuan, gpgagent
werner added a comment to T4588: gpg-agent should guess pinentry's full path (using $PATH) if `pinentry-program` does not supply a full path.

As I said we do this with all GnuPG components. Pinentry is a bit of exception because it is an external package.
I have also had bug reports which later turned out that a wrong pinentry was used; I prefer to know eactly which pinentry is used. Regarding your concrete problem I suggested to add a note with the full name of the pinentry or to change the error message to something better understandable.

Jul 1 2019, 9:34 PM · libassuan, gpgagent
dkg added a comment to T4588: gpg-agent should guess pinentry's full path (using $PATH) if `pinentry-program` does not supply a full path.

So this is a defense against an adversary capable of creating a pinentry-wrapper somewhere in $PATH, but not capable of modifying gpg-agent.conf? It sounds to me like this is a defense against a very unusually-constrained attacker, at the expense of regular, common bug reports and user confusion.

Jul 1 2019, 6:24 PM · libassuan, gpgagent
werner removed a project from T4588: gpg-agent should guess pinentry's full path (using $PATH) if `pinentry-program` does not supply a full path: Bug Report.

GnuPG invokes its components always with their absolute file name. We want to mitigate attacks where malware creates a pinentry wrapper somewhere in an improper set PATH.

Jul 1 2019, 10:02 AM · libassuan, gpgagent
gniibe changed the status of T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32 from Open to Testing.
Jul 1 2019, 6:14 AM · gpgagent, gnupg, Bug Report
gniibe added a commit to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32: rG526714806da4: tools: gpgconf: Killing order is children-first..
Jul 1 2019, 6:14 AM · gpgagent, gnupg, Bug Report
gniibe added a commit to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32: rG7c877f942a34: tools: gpgconf: Killing order is children-first..
Jul 1 2019, 6:13 AM · gpgagent, gnupg, Bug Report

Jun 27 2019

dkg created T4588: gpg-agent should guess pinentry's full path (using $PATH) if `pinentry-program` does not supply a full path.
Jun 27 2019, 5:35 PM · libassuan, gpgagent

Jun 25 2019

werner triaged T4580: Update the password checking algorithm as Low priority.
Jun 25 2019, 10:24 AM · gpgagent, Feature Request
dkg added a comment to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

I'm unlikely to put a windows-specific patch into the debian source, as
i have no good way of testing it, and it wouldn't affect any binary that
we ship.

Jun 25 2019, 2:57 AM · gpgagent, gnupg, Bug Report

Jun 24 2019

gniibe added a comment to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

@dkg, for your patch, it can be improved for Windows by using its event mechanism. You can see gnupg/scd/scdaemon.c.

Jun 24 2019, 4:00 AM · gpgagent, gnupg, Bug Report
dkg updated subscribers of T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

Hm, T4521 suggests that the two different cases should not be treated differently. If you think that they *should* cause distinct behavior, please do mention it over there!

Jun 24 2019, 2:24 AM · gpgagent, gnupg, Bug Report
gniibe added a comment to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

There are two different cases: (1) By SIGTERM and (2) By KILLAGENT. It's true that the agent stops accepting on the listening socket for (1), but it's not the case for (2).
This particular problem is for the case (2).

Jun 24 2019, 1:59 AM · gpgagent, gnupg, Bug Report

Jun 21 2019

dkg added a comment to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

@gniibe, thanks for the diagnosis! I agree that restarting or shutting down the backends should be done in the reverse order as a simple workaround.

Jun 21 2019, 6:24 PM · gpgagent, gnupg, Bug Report
gniibe added a comment to T4577: extended-key-format test of openpgp/decrypt-unwrap-verify.scm fails on sparc64 and x32.

Correct solution is to implement KILLAGENT synchronously, but it's somehow harder to implement.
Easier workaround is modifying gpgconf like:

Jun 21 2019, 3:47 AM · gpgagent, gnupg, Bug Report