Page MenuHome GnuPG

gpgagentProject
ActivePublic

Members

  • This project does not have any members.
  • View All

Recent Activity

Fri, Nov 25

gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Implications are... you won't be possible to use new protocols introduced by newer OpenSSH:

Fri, Nov 25, 12:54 AM · workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Thu, Nov 24

amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Thanks. Adding 'PubkeyAuthentication unbound' to my ~/.ssh/config seems to workaround it for me on openssh-9.1p1-3 (arch). I don't quite follow what the implications of that setting are though.

Thu, Nov 24, 9:01 PM · workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe renamed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) to OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Thu, Nov 24, 2:38 AM · workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

In my cases (tested with 9.1), here are the length of data to be signed by ssh-agent (emulation by gpg-agent).

  • 164 bytes: Both features disabled by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com -o PubkeyAuthentication=unbound
  • 192 bytes: Unbound only by: ssh -o PubkeyAuthentication=unbound
  • 298 bytes: No Post Quantum only by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com
  • 330 bytes: Both features enabled (no options)
Thu, Nov 24, 2:22 AM · workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Tue, Nov 22

gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

I tested with openssh 9.1. When I add -o PubkeyAuthentication=unbound, I can make the length of data smaller.

Tue, Nov 22, 8:12 AM · workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Wed, Nov 9

amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
In T5931#165009, @alexk wrote:

A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:

KexAlgorithms -sntrup761x25519-sha512@openssh.com

For me ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com ... does work as well.

Wed, Nov 9, 7:40 PM · workaround, Documentation, gnupg (gpg23), ssh, gpgagent
alexk added a project to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required): workaround.

A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:

Wed, Nov 9, 10:51 AM · workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Oct 28 2022

werner updated subscribers of T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.
Oct 28 2022, 3:56 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Will go into 2.3.9 and gpg4win 4.0.5

Oct 28 2022, 3:56 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Oct 26 2022

gniibe changed the status of T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent from Open to Testing.
Oct 26 2022, 9:24 AM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Oct 14 2022

gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Pushed to master.

Oct 14 2022, 7:03 AM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Sep 22 2022

werner changed the status of T5862: authentication with USB token from Open to Testing.
Sep 22 2022, 10:56 AM · gpgagent, Feature Request, scd

Sep 20 2022

gniibe added a comment to T5862: authentication with USB token.

Testing gpg-auth : There are two different use cases

  • test with xsecurelock for screen lock
  • test with pam-autoproto for login / gdm / etc.
Sep 20 2022, 9:39 AM · gpgagent, Feature Request, scd
gniibe added a comment to T5862: authentication with USB token.

Here are pam_authproto.c with Makefile, so that you can compile it with libpam:

Sep 20 2022, 6:19 AM · gpgagent, Feature Request, scd

Sep 19 2022

chyen added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I hacked configure.ac of gnupg to force it build with libgpg-error 1.45, and OpenSSH works with the created pipe. Maybe the libgpg-error fix is only necessary in some certain circumstances?

Sep 19 2022, 5:22 AM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Sep 14 2022

ebo removed a project from T5972: Can't insert charaters in a magic-wand generated password : Restricted Project.
Sep 14 2022, 1:16 PM · Restricted Project, gnupg (gpg22), gpgagent, pinentry
ebo closed T5972: Can't insert charaters in a magic-wand generated password as Resolved.

works now

Sep 14 2022, 1:11 PM · Restricted Project, gnupg (gpg22), gpgagent, pinentry

Sep 9 2022

gniibe added a comment to T5862: authentication with USB token.

Here is a PAM module, which interact a spawned process using authproto protocol of xsecurelock.

Sep 9 2022, 9:30 AM · gpgagent, Feature Request, scd

Sep 7 2022

gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

It's not yet pushed, because it requires new release of libgpg-error (for T6112: libgpg-error,w32: bidirectional Pipe support for estream).

Sep 7 2022, 1:56 AM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Sep 6 2022

aheinecke added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I was looking for this when writing the update NEWS for the latest release and noticed that this has not been pushed yet. I really think that it would be nice to have that. Especially for Smartcard use cases.

Sep 6 2022, 11:53 AM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Sep 2 2022

werner closed T6176: Crash in ask_for_card as Resolved.

Thanks for testing. I guess I will do a new release.

Sep 2 2022, 8:51 AM · gpgagent, gnupg (gpg22), Bug Report

Sep 1 2022

cschramm added a comment to T6176: Crash in ask_for_card.

Applies cleanly and fixes the crash. 👍

Sep 1 2022, 6:06 PM · gpgagent, gnupg (gpg22), Bug Report
werner added a comment to T6176: Crash in ask_for_card.

For master (2.3) the fix is not needed due to another way the code works, but having a more robust function is always good.

Sep 1 2022, 5:47 PM · gpgagent, gnupg (gpg22), Bug Report
werner added a comment to T6176: Crash in ask_for_card.

You may try the above commit - if should apply cleanly to 2.2.37.

Sep 1 2022, 5:40 PM · gpgagent, gnupg (gpg22), Bug Report
werner added a comment to T6176: Crash in ask_for_card.

You are right. This due to your old binary private key (stubs). Otherwise you would at least have one item ("Key:"). I need to see what do do about the release. Maybe a tool to update the key files would we a good workaround.

Sep 1 2022, 4:04 PM · gpgagent, gnupg (gpg22), Bug Report
werner claimed T6176: Crash in ask_for_card.
Sep 1 2022, 3:53 PM · gpgagent, gnupg (gpg22), Bug Report

Aug 26 2022

aheinecke closed T5160: Pinentry: Improved generate support as Resolved.

Fully done in my opinion.

Aug 26 2022, 2:21 PM · gpgagent, pinentry
gniibe closed T5984: gpg-agent interaction improvement (smartcard improvement #3) as Resolved.
Aug 26 2022, 7:28 AM · ssh, gpgagent, scd
gniibe removed a parent task for T5995: Better prompt with SETKEYDESC: T5984: gpg-agent interaction improvement (smartcard improvement #3).
Aug 26 2022, 7:28 AM · gnupg (gpg23), ssh, gpgagent, scd
gniibe removed a subtask for T5984: gpg-agent interaction improvement (smartcard improvement #3): T5995: Better prompt with SETKEYDESC.
Aug 26 2022, 7:28 AM · ssh, gpgagent, scd

Aug 24 2022

ikloecker added a comment to T5160: Pinentry: Improved generate support.

Isn't this (mostly?) done? See T5517: Improvements for symmetric encryption.

Aug 24 2022, 9:14 PM · gpgagent, pinentry

Aug 23 2022

werner closed T5990: Option to ignore the user trustlist.txt as Resolved.
Aug 23 2022, 10:36 AM · Restricted Project, Restricted Project, gnupg (gpg22), S/MIME, gpgagent

Aug 19 2022

chyen added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Probably, PIPE_REJECT_REMOTE_CLIENTS mode and lpSecurityAttributes=NULL is OK.

Aug 19 2022, 7:57 AM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Aug 11 2022

werner added a comment to T5862: authentication with USB token.

While playing with your scripts I figured that it would be useful to enhance the KEYINFO command. With
rG989eae648c8f3d2196517e8fc9cce247b21f9629 we could now

Aug 11 2022, 11:30 AM · gpgagent, Feature Request, scd

Aug 4 2022

werner added a project to T6123: Gpg Encryption and Signing - infinite Loop: Support.
Aug 4 2022, 9:01 PM · Support, gpgagent, gpg4win, Bug Report
mariamihaela added a comment to T6123: Gpg Encryption and Signing - infinite Loop.

Please reopen my issue. This is a serious issue that we encounter and do not have any explication.

Aug 4 2022, 1:55 PM · Support, gpgagent, gpg4win, Bug Report
mariamihaela added a comment to T6123: Gpg Encryption and Signing - infinite Loop.

Hi!
No, it's not waiting for the password. This was a 2 times error happening on our server.
We already provided the password but it was hung. We entered different things but it won't make anything.
I can tell you it doesn't wait for anything because we tested the same command on 2 different machines. On one machine it was hung, on another it worked.

Aug 4 2022, 1:54 PM · Support, gpgagent, gpg4win, Bug Report
ikloecker closed T6123: Gpg Encryption and Signing - infinite Loop as Invalid.

gpg was waiting for the passphrase for the signing key to be provided via stdin.

Aug 4 2022, 1:46 PM · Support, gpgagent, gpg4win, Bug Report
mariamihaela created T6123: Gpg Encryption and Signing - infinite Loop.
Aug 4 2022, 1:25 PM · Support, gpgagent, gpg4win, Bug Report

Aug 1 2022

werner edited projects for T5990: Option to ignore the user trustlist.txt, added: Restricted Project; removed backport.
Aug 1 2022, 3:12 PM · Restricted Project, Restricted Project, gnupg (gpg22), S/MIME, gpgagent

Jul 29 2022

werner moved T5990: Option to ignore the user trustlist.txt from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Jul 29 2022, 4:17 PM · Restricted Project, Restricted Project, gnupg (gpg22), S/MIME, gpgagent

Jul 28 2022

gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Probably, PIPE_REJECT_REMOTE_CLIENTS mode and lpSecurityAttributes=NULL is OK.

Jul 28 2022, 9:00 AM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Here is the parser output:

$ python3 sd.py --type=pipe "D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)"
D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)
    Discretionary ACL: P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)
        Flags: P: SE_DACL_PROTECTED (Blocks inheritance of parent's ACEs)
Jul 28 2022, 8:39 AM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I think that the last argument of CreateNamedPipeA can limit the access to the named pipe.

Jul 28 2022, 8:20 AM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request
gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Here is a patch to implement the functionality with --enable-win32-openssh-support.

Jul 28 2022, 6:30 AM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Jul 26 2022

werner added a project to T5990: Option to ignore the user trustlist.txt: backport.
Jul 26 2022, 8:57 PM · Restricted Project, Restricted Project, gnupg (gpg22), S/MIME, gpgagent

Jul 18 2022

gniibe closed T6035: Portability issue: ftruncate as Resolved.
Jul 18 2022, 9:58 AM · backport, gpgagent, gnupg
gniibe edited projects for T6035: Portability issue: ftruncate, added: backport; removed Restricted Project.

It's in 2.3.7 and 2.2.36.

Jul 18 2022, 9:58 AM · backport, gpgagent, gnupg

Jul 12 2022

gniibe closed T5702: Display prompt to user when YubiKey is waiting for touch confirmation, a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 7:10 AM · ssh, gpgagent, scd
gniibe closed T5099: Confirmation dialog for remote access (restricted extra socket), a subtask of T5984: gpg-agent interaction improvement (smartcard improvement #3), as Resolved.
Jul 12 2022, 3:30 AM · ssh, gpgagent, scd