gpgagentProject
ActivePublic

Members

  • This project does not have any members.

Recent Activity

Tue, Jun 4

gniibe closed T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry as Resolved.
Tue, Jun 4, 2:38 AM · Bug Report, gpgagent

Wed, May 29

ideaantenna updated the task description for T4546: make check error on gnupg-2.2.15 and gpgme-1.13.0.
Wed, May 29, 6:55 PM · Not A Bug, gnupg, gpgme, Bug Report
ideaantenna added projects to T4546: make check error on gnupg-2.2.15 and gpgme-1.13.0: gpgme, gnupg.
Wed, May 29, 6:52 PM · Not A Bug, gnupg, gpgme, Bug Report
ideaantenna updated the task description for T4546: make check error on gnupg-2.2.15 and gpgme-1.13.0.
Wed, May 29, 6:39 PM · Not A Bug, gnupg, gpgme, Bug Report
ideaantenna updated the task description for T4546: make check error on gnupg-2.2.15 and gpgme-1.13.0.
Wed, May 29, 6:35 PM · Not A Bug, gnupg, gpgme, Bug Report
ideaantenna created T4546: make check error on gnupg-2.2.15 and gpgme-1.13.0.
Wed, May 29, 6:30 PM · Not A Bug, gnupg, gpgme, Bug Report

Tue, May 28

maiden_taiwan added a comment to T4542: gpg-agent loses characters when prompting for a GPG passphrase over SSH in Emacs.

I also tried adding this to my gpg-agent.conf file:

Tue, May 28, 2:05 PM · Emacs, Documentation, pinentry, Bug Report
maiden_taiwan added a comment to T4542: gpg-agent loses characters when prompting for a GPG passphrase over SSH in Emacs.

Oh, in case it wasn't clear, the idea that another application (GNU emacs) is receiving keystrokes meant for the gpg-agent prompt is probably a security risk....

Tue, May 28, 2:01 PM · Emacs, Documentation, pinentry, Bug Report
maiden_taiwan created T4542: gpg-agent loses characters when prompting for a GPG passphrase over SSH in Emacs.
Tue, May 28, 2:00 PM · Emacs, Documentation, pinentry, Bug Report

Mon, May 27

werner added a commit to T4326: Reloading gpg-agent with disable-scdaemon set does not stop scdaemon.: rG9ccdd59e4e1e: agent: Stop scdaemon after reload when disable_scdaemon..
Mon, May 27, 9:24 AM · Bug Report, scd, gpgagent

Thu, May 23

gniibe closed T4326: Reloading gpg-agent with disable-scdaemon set does not stop scdaemon. as Resolved.

Simply sending "KILLSCD" is implemented.

Thu, May 23, 3:19 AM · Bug Report, scd, gpgagent
gniibe added a commit to T4326: Reloading gpg-agent with disable-scdaemon set does not stop scdaemon.: rG7158a5696dc8: agent: Stop scdaemon after reload when disable_scdaemon..
Thu, May 23, 3:18 AM · Bug Report, scd, gpgagent

Tue, May 21

werner closed T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte as Resolved.

Also fixed for 2.2

Tue, May 21, 9:16 AM · gpgagent, ssh
werner added a commit to T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte: rG6e39541f4f48: agent: For SSH key, don't put NUL-byte at the end..
Tue, May 21, 9:16 AM · gpgagent, ssh
werner closed T4273: agent: Request insertion of smartcard when no card present as Resolved.

The behaviour related to ssh key access is due to the way ssh works: After a connection has been established to a server ssh presents to to the server all identities (public keys) it has access to (meaning it has a corresponding private key). Thus we can't tell ssh all the keys we have because that would be an information leak and may also take too long. Because the user may in some cases not want to use the ssh-agent but resort to ssh command line input of the passphrase, we do not insist on using a key known by gpg-agent.

Tue, May 21, 9:13 AM · Feature Request, Documentation, gpgagent
gniibe added a commit to T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte: rG479f7bf31ce4: agent: For SSH key, don't put NUL-byte at the end..
Tue, May 21, 8:54 AM · gpgagent, ssh
gniibe claimed T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte.

I located the bug in agent/command-ssh.c.
Our practice is two calls of gcry_sexp_sprint; One to determine the length including last NUL byte, and another to actually fills the buffer.
The first call return +1 for NUL byte.
The second call fills NUL at the end, but returns +0 length (length sans last NUL).

Tue, May 21, 8:48 AM · gpgagent, ssh
werner triaged T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache as Low priority.
Tue, May 21, 7:45 AM · Feature Request, gpgagent
ctubbsii added a comment to T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache .

I spent a lot of time trying to figure out how to automate the interface between my preferred password store (gnome-keyring, via libsecret), but with the loopback pinentry mode changes in gpg 2.1, it is much harder (if not impossible) to do. Having passphrase caching is the only thing preventing me from choosing a weaker passphrase on my gpg keyring.

Tue, May 21, 2:03 AM · Feature Request, gpgagent
ctubbsii added a comment to T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache .

Disallowing passphrase caching is likely to have the unintended consequence of users choosing weaker passphrases that are more easily memorized and/or typed. Caching should be permitted, IMO. This puts more decisions about passphrase management into the control of the user.

Tue, May 21, 1:38 AM · Feature Request, gpgagent

Mon, May 20

dkg added a comment to T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache .

And yet, that interface is already being used by the agent-transfer utility in monkeysphere. The interface exists, it is not marked in any way as unusable or deprecated or off-limits, so it is used.

Mon, May 20, 11:38 PM · Feature Request, gpgagent
werner triaged T4521: gpg-agent behavior on SIGTERM differs from KILLAGENT handling as Normal priority.
Mon, May 20, 9:30 AM · Bug Report, gpgagent
werner added a comment to T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache .

That is on purpose. Exporting of a secret key should in theory not be possible at all via gpg. In practice we need a way to export a key, but that should be the exception and thus we do not want any caches for passphrases to have an effect.

Mon, May 20, 9:29 AM · Feature Request, gpgagent
dkg added a comment to T4106: Terminal use case for gpg-agent and gpg-agent for ssh-agent feature.

trigger what command? i'm pretty sure it does not trigger updatestartuptty. And it should not do so, afaict -- if you think it should, i'd be interested in hearing the rationale for it.

Mon, May 20, 5:28 AM · Debian, gpgagent, Bug Report
ageis added a comment to T4106: Terminal use case for gpg-agent and gpg-agent for ssh-agent feature.

Does gpgconf --reload gpg-agent trigger that command? that's the ExecReload setting in the systemd service unit I'm looking at.

Mon, May 20, 1:05 AM · Debian, gpgagent, Bug Report

Sun, May 19

dkg created T4522: gpg-agent's EXPORT_KEY command does not tell its pinentry SETKEYINFO , preventing use of external passphrase cache .
Sun, May 19, 10:43 PM · Feature Request, gpgagent
dkg created T4521: gpg-agent behavior on SIGTERM differs from KILLAGENT handling.
Sun, May 19, 9:17 PM · Bug Report, gpgagent
dkg added a comment to T4106: Terminal use case for gpg-agent and gpg-agent for ssh-agent feature.

This doesn't sound systemd-specific to me, fwiw, though i don't understand how to reproduce the problem from the given description here.

Sun, May 19, 9:05 PM · Debian, gpgagent, Bug Report

May 15 2019

werner merged task T4248: gpg-agent: Rare unresponsiveness after importing a secret S/MIME cert on Windows into T4505: SM, W32: GPGSM hangs up the GnuPG System.
May 15 2019, 9:22 AM · S/MIME, gnupg (gpg22), gpgagent, gpg4win

May 12 2019

werner triaged T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte as Normal priority.

I often put an extra nul byte at the end of binary data so that accidental printing the data (e.g. in gdb) assures that there is a string terminator. But right, it should not go out to a file.

May 12 2019, 8:16 PM · gpgagent, ssh
dkg created T4502: keys added via gpg-agent's ssh-agent interface are stored in private-keys-v1.d/ with a trailing null byte.
May 12 2019, 12:37 AM · gpgagent, ssh

May 8 2019

aheinecke added a comment to T4427: Windows 10 update KB4489899 stops gpg-agent launching.

As this update lists multiple issues and following fixes for them, maybe it was resolved by Microsoft?

May 8 2019, 10:46 AM · Info Needed, Windows, gpgagent, Bug Report
werner triaged T4427: Windows 10 update KB4489899 stops gpg-agent launching as High priority.
May 8 2019, 8:54 AM · Info Needed, Windows, gpgagent, Bug Report

Apr 29 2019

werner closed T4473: The presence of gpg key disables ulimit and coredump in X11 session as Wontfix.

Since 2.1 the standard use of gpg-agent is to have it started on demand by the components which require it. The use of
"gpg-agent --daemon /bin/sh " should be used for debugging only.

Apr 29 2019, 10:12 PM · gpgagent, Bug Report
pmgdeb created T4473: The presence of gpg key disables ulimit and coredump in X11 session.
Apr 29 2019, 5:28 PM · gpgagent, Bug Report
aheinecke added a commit to T4333: Job objects on Windows interfere with automatic start of gpg-agent: rG03df28b18b92: common,w32: Breakaway detached childs when in job.
Apr 29 2019, 9:51 AM · patch, Windows, gpgagent, Bug Report
aheinecke changed the status of T4333: Job objects on Windows interfere with automatic start of gpg-agent from Open to Testing.

I've applied your patch with an additional comment to our master branch. Thanks!

Apr 29 2019, 9:37 AM · patch, Windows, gpgagent, Bug Report

Apr 5 2019

werner closed T4377: gpg-agent does not anymore restart a killed scdaemon as Resolved.

I did lot of tests in the last weeks while working on gpg-card.

Apr 5 2019, 5:07 PM · gnupg (gpg23), gpgagent, scd

Mar 27 2019

aheinecke added a comment to T4333: Job objects on Windows interfere with automatic start of gpg-agent.

Sorry, this did not make it into 3.1.6. But I'll definitely see about it for the next release. If it is an institutional / corporate issue you could also contract us through www.gnupg.com

Mar 27 2019, 1:50 PM · patch, Windows, gpgagent, Bug Report
aheinecke edited subtasks for T4333: Job objects on Windows interfere with automatic start of gpg-agent, added: T4389: Gpg4win 3.1.8; removed: T4264: Gpg4win 3.1.6.
Mar 27 2019, 1:48 PM · patch, Windows, gpgagent, Bug Report

Mar 26 2019

mjb added a comment to T4427: Windows 10 update KB4489899 stops gpg-agent launching.

Can you please run

gpg --debug ipc -vK

which will also start gpg-agent and print some diagnostics. You may want to redact the output. You can also run

Mar 26 2019, 11:04 PM · Info Needed, Windows, gpgagent, Bug Report
jegrp added a comment to T4333: Job objects on Windows interfere with automatic start of gpg-agent.

From: aheinecke (Andre Heinecke)
Sent: Montag, 28. Januar 2019 19:25

fwiw. Your patch is beautiful in which it follows our coding style and
debug output. I'm confident that we will accept it but currently I have
to read up on Job's a bit.

Is there a way I could help you with this? This issue is hampering adoption
of GnuPG 2 here.

--

Jan Echternach

Mar 26 2019, 6:49 PM · patch, Windows, gpgagent, Bug Report
aheinecke added a comment to T4427: Windows 10 update KB4489899 stops gpg-agent launching.

Trying to install the update manually (according to windows update my windows is fully updated) it says "This update is not meant for your computer" and aborts.

Mar 26 2019, 3:41 PM · Info Needed, Windows, gpgagent, Bug Report
werner added a comment to T4427: Windows 10 update KB4489899 stops gpg-agent launching.

Can you please run

gpg --debug ipc -vK

which will also start gpg-agent and print some diagnostics. You may want to redact the output. You can also run

gpg-agent -v --daemon

which should also print some more info.

Mar 26 2019, 7:57 AM · Info Needed, Windows, gpgagent, Bug Report
mjb created T4427: Windows 10 update KB4489899 stops gpg-agent launching.
Mar 26 2019, 1:14 AM · Info Needed, Windows, gpgagent, Bug Report

Mar 18 2019

werner closed T4319: New 2017 MAC permission isues on gpg-agent as Invalid.
Mar 18 2019, 7:27 PM · MacOS, gpgagent, gnupg (gpg22)

Mar 7 2019

werner added a commit to T4340: gpg-agent should support clearing passphrase cache for SSH: rG77a285a0a949: agent: Support --mode=ssh option for CLEAR_PASSPHRASE..
Mar 7 2019, 10:58 AM · gpgagent

Mar 6 2019

werner added a comment to T4377: gpg-agent does not anymore restart a killed scdaemon.

Thanks for fixing that.

Mar 6 2019, 8:05 AM · gnupg (gpg23), gpgagent, scd
gniibe changed the status of T4377: gpg-agent does not anymore restart a killed scdaemon from Open to Testing.
Mar 6 2019, 3:05 AM · gnupg (gpg23), gpgagent, scd
gniibe added a comment to T4377: gpg-agent does not anymore restart a killed scdaemon.

That's my badness. In wait_child_thread, assuan_release may cause thread context switch to agent_reset_scd which accesses scd_local_list; This access should be serialized.
And... in start_scd, calling unlock_scd should be after unlocking start_scd_lock.

Mar 6 2019, 3:05 AM · gnupg (gpg23), gpgagent, scd