Page MenuHome GnuPG

gpgagentProject
ActivePublic

Members

  • This project does not have any members.
  • View All

Recent Activity

Aug 30 2023

gniibe changed the status of T6682: agent: agent_kick_the_loop function to unblock the select(2), a subtask of T6692: agent: Clean up check_own_socket to monitor socket takeover, from Open to Testing.
Aug 30 2023, 7:17 AM · gpgagent
gniibe added a subtask for T6692: agent: Clean up check_own_socket to monitor socket takeover: T6682: agent: agent_kick_the_loop function to unblock the select(2).
Aug 30 2023, 6:58 AM · gpgagent
gniibe changed the status of T6692: agent: Clean up check_own_socket to monitor socket takeover from Open to Testing.

Push the code by rG95186ae92f92: agent: Use a thread to monitor socket takeover.

Aug 30 2023, 4:02 AM · gpgagent
gniibe triaged T6692: agent: Clean up check_own_socket to monitor socket takeover as Wishlist priority.
Aug 30 2023, 3:56 AM · gpgagent

May 25 2023

werner added a comment to T6375: gpg-agent race-condition with parallel clients.

FWIW: I have not done any tests but the comment below is about the case I suspected to be the cuase for your problem:

May 25 2023, 3:13 PM · gnupg24, gpgagent, Bug Report

May 8 2023

yescallop added a comment to T5942: scdaemon is blocking system shutdown.

If it were the case, I think that graceful shutdown of the system would need to terminate the client of scdaemon at first.

May 8 2023, 3:13 AM · Support, scd, gpgagent
gniibe added a comment to T5942: scdaemon is blocking system shutdown.

The root cause might be that the "DEVINFO --watch" command causes ...

May 8 2023, 1:55 AM · Support, scd, gpgagent

May 7 2023

yescallop added a comment to T5942: scdaemon is blocking system shutdown.

I also experienced hang on shutdown with GPG 2.4.1 and bisecting reveals that the first bad commit is rG2ccbcfec121f.

May 7 2023, 7:51 PM · Support, scd, gpgagent

Apr 14 2023

gniibe merged task T3391: cannot import subkey that was once marked to be on a card into T3456: GPG does not import secret subkeys from --export-secret-subkeys output if subkey stubs existed before.
Apr 14 2023, 8:05 AM · Restricted Project, gpgagent, scd, gnupg, OpenPGP, Bug Report

Apr 13 2023

ebo added a comment to T3391: cannot import subkey that was once marked to be on a card.

isn't T3456 the same issue?

Apr 13 2023, 2:57 PM · Restricted Project, gpgagent, scd, gnupg, OpenPGP, Bug Report
ebo added a project to T3391: cannot import subkey that was once marked to be on a card: Restricted Project.
Apr 13 2023, 2:50 PM · Restricted Project, gpgagent, scd, gnupg, OpenPGP, Bug Report

Apr 5 2023

ebo moved T5972: Can't insert charaters in a magic-wand generated password from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Apr 5 2023, 2:52 PM · Restricted Project, gnupg (gpg22), gpgagent, pinentry

Mar 15 2023

werner added a comment to T6375: gpg-agent race-condition with parallel clients.

FYI: Quite some more days than a few passed by. I still did not found the time for this, sorry.

Mar 15 2023, 4:10 PM · gnupg24, gpgagent, Bug Report

Mar 14 2023

werner closed T6406: gpg-agent: Fail on expiring YubiKey PIN as Resolved.
Mar 14 2023, 9:31 AM · Not A Bug, yubikey, gpgagent

Mar 13 2023

danisanti added a comment to T6406: gpg-agent: Fail on expiring YubiKey PIN.

I never made a threat model. But definitely *any* cracker, should be out of my system, either from governmental agencies or from a kiddo in Russia.
I know that I have someone that is remote accessing my machine, since I got some tells. And that this cracker have used my Emacs text editor.

Mar 13 2023, 10:00 PM · Not A Bug, yubikey, gpgagent
werner edited projects for T6406: gpg-agent: Fail on expiring YubiKey PIN, added: Not A Bug; removed Bug Report.

Smartcard PINs are different from passphrase for on-disk keys. Once a PIN is entered the smartcard is unlocked as long as it is powered up. In theory we could power down and power up the card to lock it. The question here is what is your threat model? If you have malware on your system it could simply brick your token or, more common, peek at your PIN.

Mar 13 2023, 7:29 AM · Not A Bug, yubikey, gpgagent

Mar 11 2023

danisanti created T6406: gpg-agent: Fail on expiring YubiKey PIN.
Mar 11 2023, 4:50 PM · Not A Bug, yubikey, gpgagent

Feb 16 2023

werner claimed T6375: gpg-agent race-condition with parallel clients.

Thanks. please give a few days.

Feb 16 2023, 6:11 PM · gnupg24, gpgagent, Bug Report
dmlary added a comment to T6375: gpg-agent race-condition with parallel clients.

created ~/.gnupg/gpg-agent.conf containing:

debug ipc,cache
debug-pinentry
log-file socket://
Feb 16 2023, 5:06 PM · gnupg24, gpgagent, Bug Report
werner added a comment to T6375: gpg-agent race-condition with parallel clients.

Okay, I see. The commands above are a real reproducer and not standalone examples. Then yes, you should get a pinentry only for the first gpg -d (as long as the keys are still in the cache). I am lacking macOS/homebrew stuff to replicate this. What you can do is to put

Feb 16 2023, 11:54 AM · gnupg24, gpgagent, Bug Report

Feb 15 2023

dmlary added a comment to T6375: gpg-agent race-condition with parallel clients.

I may be reading your comment wrong, but the problem here is not multiple pinentry prompts, or multiple gpg-agents present.

Feb 15 2023, 7:15 PM · gnupg24, gpgagent, Bug Report
werner added a comment to T6375: gpg-agent race-condition with parallel clients.

Although gpg-agent launching is protected by a file system lock, there is indeed a small race related to the pinentry. The invocation of the pinentries is serialized but if a second pinentry is requested while the first pinentry has not yet returned and put the passphrase into the cache, the second pinentry will be called anyway. Fixing this not easy and should rarely be a problem. The mitigation is to do a dummy decryption to seed the cache or use a custom pinentry.

Feb 15 2023, 6:54 PM · gnupg24, gpgagent, Bug Report
dmlary created T6375: gpg-agent race-condition with parallel clients.
Feb 15 2023, 3:13 PM · gnupg24, gpgagent, Bug Report

Jan 19 2023

werner removed a project from T4588: gpg-agent should guess pinentry's full path (using $PATH) if `pinentry-program` does not supply a full path: gnupg (gpg23).
Jan 19 2023, 4:52 PM · gnupg24, gpgagent
werner removed a project from T5995: Better prompt with SETKEYDESC: gnupg (gpg23).
Jan 19 2023, 4:47 PM · gnupg24, ssh, gpgagent, scd
werner removed a project from T5998: Extend gpg-check-patter to return a description: gnupg (gpg23).
Jan 19 2023, 4:46 PM · gnupg24, Feature Request, Restricted Project, gpgagent

Dec 22 2022

mfilippov added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Thanks all. It is a bug in Win32 OpenSSH. https://github.com/PowerShell/Win32-OpenSSH/issues/1953 it is already fixed. I think the issue will be resolved after the update is shipped. I could use ssh -T git@github.com as a workaround.

Dec 22 2022, 10:05 AM · Not A Bug, workaround, gnupg24, Windows, ssh
gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Well, not our bug... it's a kind of support question and answer:
This might help: https://stackoverflow.com/questions/3844393/what-to-do-about-pty-allocation-request-failed-on-channel-0

Dec 22 2022, 1:00 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Dec 21 2022

werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

This does not look like a problem in GnuPG/gpg4win because gnupg implements the ssh-agent protocol and not the ssh server or client functionality. ssh tells sshd whether it shall allocate a PTY (Pseudo TTY). I don't use ssh with github but it is likely that you may only run commands (which don't require a PTY). Usually you would invoke a "git" command cia ssh.

Dec 21 2022, 12:10 PM · Not A Bug, workaround, gnupg24, Windows, ssh
mfilippov added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Authentication succeed if I pressed enter after:PTY allocation request failed on channel 0

Dec 21 2022, 10:58 AM · Not A Bug, workaround, gnupg24, Windows, ssh
mfilippov added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I try WinGPG 4.1.0, and I receive an error:
ssh git@github.com
PTY allocation request failed on channel 0

Dec 21 2022, 10:53 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Dec 5 2022

ikloecker removed a project from T4808: gnupg, scd: Status notifications to Applications: kleopatra.
Dec 5 2022, 9:23 AM · scd, gpgagent

Nov 25 2022

gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Implications are... you won't be possible to use new protocols introduced by newer OpenSSH:

Nov 25 2022, 12:54 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Nov 24 2022

amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Thanks. Adding 'PubkeyAuthentication unbound' to my ~/.ssh/config seems to workaround it for me on openssh-9.1p1-3 (arch). I don't quite follow what the implications of that setting are though.

Nov 24 2022, 9:01 PM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe renamed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) to OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Nov 24 2022, 2:38 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

In my cases (tested with 9.1), here are the length of data to be signed by ssh-agent (emulation by gpg-agent).

  • 164 bytes: Both features disabled by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com -o PubkeyAuthentication=unbound
  • 192 bytes: Unbound only by: ssh -o PubkeyAuthentication=unbound
  • 298 bytes: No Post Quantum only by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com
  • 330 bytes: Both features enabled (no options)
Nov 24 2022, 2:22 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Nov 22 2022

gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

I tested with openssh 9.1. When I add -o PubkeyAuthentication=unbound, I can make the length of data smaller.

Nov 22 2022, 8:12 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Nov 9 2022

amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
In T5931#165009, @alexk wrote:

A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:

KexAlgorithms -sntrup761x25519-sha512@openssh.com

For me ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com ... does work as well.

Nov 9 2022, 7:40 PM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
alexk added a project to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required): workaround.

A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:

Nov 9 2022, 10:51 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Oct 28 2022

werner updated subscribers of T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.
Oct 28 2022, 3:56 PM · Not A Bug, workaround, gnupg24, Windows, ssh
werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Will go into 2.3.9 and gpg4win 4.0.5

Oct 28 2022, 3:56 PM · Not A Bug, workaround, gnupg24, Windows, ssh

Oct 26 2022

gniibe changed the status of T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent from Open to Testing.
Oct 26 2022, 9:24 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Oct 14 2022

gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Pushed to master.

Oct 14 2022, 7:03 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Sep 22 2022

werner changed the status of T5862: authentication with USB token from Open to Testing.
Sep 22 2022, 10:56 AM · gpgagent, Feature Request, scd

Sep 20 2022

gniibe added a comment to T5862: authentication with USB token.

Testing gpg-auth : There are two different use cases

  • test with xsecurelock for screen lock
  • test with pam-autoproto for login / gdm / etc.
Sep 20 2022, 9:39 AM · gpgagent, Feature Request, scd
gniibe added a comment to T5862: authentication with USB token.

Here are pam_authproto.c with Makefile, so that you can compile it with libpam:

Sep 20 2022, 6:19 AM · gpgagent, Feature Request, scd

Sep 19 2022

chyen added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I hacked configure.ac of gnupg to force it build with libgpg-error 1.45, and OpenSSH works with the created pipe. Maybe the libgpg-error fix is only necessary in some certain circumstances?

Sep 19 2022, 5:22 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Sep 14 2022

ebo removed a project from T5972: Can't insert charaters in a magic-wand generated password : Restricted Project.
Sep 14 2022, 1:16 PM · Restricted Project, gnupg (gpg22), gpgagent, pinentry
ebo closed T5972: Can't insert charaters in a magic-wand generated password as Resolved.

works now

Sep 14 2022, 1:11 PM · Restricted Project, gnupg (gpg22), gpgagent, pinentry

Sep 9 2022

gniibe added a comment to T5862: authentication with USB token.

Here is a PAM module, which interact a spawned process using authproto protocol of xsecurelock.

Sep 9 2022, 9:30 AM · gpgagent, Feature Request, scd