Page MenuHome GnuPG
Projects S/MIME

S/MIMEProject
ActivePublic
Watch Project

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity
View All

Fri, Jan 9

ebo closed T7914: Card s/n number missing in gpgsm as Resolved.

in Gpg4win-5.0.0-beta479

Fri, Jan 9, 12:08 PM · gnupg22 (gnupg-2.2.52), scd, S/MIME, Feature Request, gnupg26
werner moved T7914: Card s/n number missing in gpgsm from WiP to gnupg-2.2.52 on the gnupg22 board.
Fri, Jan 9, 11:17 AM · gnupg22 (gnupg-2.2.52), scd, S/MIME, Feature Request, gnupg26

Wed, Jan 7

werner triaged T8017: Okular: Hang on signature with smime cert and distrusted root as High priority.
Wed, Jan 7, 12:06 PM · Bug Report, S/MIME, gpd5x, okular
werner added a parent task for T8019: gpg does not print warning about untrusted key when verifying signatures made by expired (and untrusted) keys: T7790: Kleopatra: "no trusted certification" should have precedence over "expired" in signature verification.
Wed, Jan 7, 12:03 PM · Feature Request, S/MIME, OpenPGP, gnupg26
werner triaged T8019: gpg does not print warning about untrusted key when verifying signatures made by expired (and untrusted) keys as Normal priority.

Traditionally we have considered expired and revoked more or less similar. The idea is that an expired key might have been compromised but the owner did not found a way to revoke it. We may want to change this policy because some users don't care too much about expired keys (cf. T7990) .

Wed, Jan 7, 12:03 PM · Feature Request, S/MIME, OpenPGP, gnupg26
timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.
>gpgsm -v --sign --local-user "Edward Tester" test.pdf > test.gpg.p7s
gpgsm: enabled compatibility flags:
gpgsm: looking up issuer from the Dirmngr cache
gpgsm: number of matching certificates: 0
gpgsm: dirmngr cache-only key lookup failed: No data
gpgsm: issuer certificate {04A0A7E932B29D43A9B6673139AF52C0A5FC467BF5A64D044D1AC33613ABBB73CA532569F5779999114C0118CD66FDF6E92B1B0EEE2A4D5A815DA7FD892DDDE9C1} not found using authorityKeyIdentifier
gpgsm: looking up issuer from the Dirmngr cache
gpgsm: number of matching certificates: 0
gpgsm: dirmngr cache-only key lookup failed: No data
gpgsm: certificate is good
gpgsm: root certificate is not marked trusted
gpgsm: fingerprint=D4:EC:A6:B4:69:AB:B5:44:08:27:CB:3F:C7:D7:91:08:3C:10:27:DB
gpgsm: DBG: BEGIN Certificate 'issuer':
gpgsm: DBG:      serial: 01
gpgsm: DBG:   notBefore: 2020-03-26 19:41:01
gpgsm: DBG:    notAfter: 2063-04-05 17:00:00
gpgsm: DBG:      issuer: CN=Root-CA 2020,OU=GnuPG.com,O=g10 Code GmbH,C=DE
gpgsm: DBG:     subject: CN=Root-CA 2020,OU=GnuPG.com,O=g10 Code GmbH,C=DE
gpgsm: DBG:   hash algo: 1.2.840.113549.1.1.11
gpgsm: DBG:   SHA1 Fingerprint: D4:EC:A6:B4:69:AB:B5:44:08:27:CB:3F:C7:D7:91:08:3C:10:27:DB
gpgsm: DBG: END Certificate
gpgsm: after checking the fingerprint, you may want to add it manually to the list of trusted certificates.
gpgsm: validation model used: shell
gpgsm: can't sign using 'Edward Tester': Not trusted
[GNUPG:] FAILURE gpgsm-exit 50331649
Wed, Jan 7, 9:33 AM · Bug Report, S/MIME, gpd5x, okular
svuorela added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.

How does gpgsm react if you try to sign with the certificate?

Wed, Jan 7, 9:09 AM · Bug Report, S/MIME, gpd5x, okular

Tue, Jan 6

timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.

Maybe it would be better to just not offer S/MIME certs with distrusted root cert?

Tue, Jan 6, 2:42 PM · Bug Report, S/MIME, gpd5x, okular
timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.

If all processes are killed before okular is opened, i get an error:


gpgsm-error.log102 KBDownload

Tue, Jan 6, 2:15 PM · Bug Report, S/MIME, gpd5x, okular
timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.

gpgsm.log (debug-all, whole process of signing)

gpgsm.log132 KBDownload

Tue, Jan 6, 2:11 PM · Bug Report, S/MIME, gpd5x, okular
timegrid created T8017: Okular: Hang on signature with smime cert and distrusted root.
Tue, Jan 6, 2:03 PM · Bug Report, S/MIME, gpd5x, okular

Dec 12 2025

ebo edited projects for T7015: gpgsm: Add status messages reporting imported certificates on --learn-card, added: gnupg26; removed gnupg, Restricted Project.
Dec 12 2025, 3:41 PM · gnupg26, S/MIME
timegrid edited projects for T7101: Automagically create a PGP key from a X.509 cert, added: gnupg26; removed Restricted Project, gnupg.
Dec 12 2025, 2:56 PM · gnupg26, Feature Request, S/MIME, OpenPGP

Nov 19 2025

werner moved T7914: Card s/n number missing in gpgsm from WIP to QA on the gnupg26 board.
Nov 19 2025, 5:42 PM · gnupg22 (gnupg-2.2.52), scd, S/MIME, Feature Request, gnupg26

Nov 16 2025

werner moved T7914: Card s/n number missing in gpgsm from Backlog to WiP on the gnupg22 board.
Nov 16 2025, 7:12 PM · gnupg22 (gnupg-2.2.52), scd, S/MIME, Feature Request, gnupg26
werner edited projects for T7914: Card s/n number missing in gpgsm, added: gnupg22; removed gnupg.
Nov 16 2025, 7:12 PM · gnupg22 (gnupg-2.2.52), scd, S/MIME, Feature Request, gnupg26
werner changed the status of T7914: Card s/n number missing in gpgsm from Open to Testing.

Fix applied. Thanks.

Nov 16 2025, 7:10 PM · gnupg22 (gnupg-2.2.52), scd, S/MIME, Feature Request, gnupg26

Nov 14 2025

werner triaged T7914: Card s/n number missing in gpgsm as Normal priority.
Nov 14 2025, 12:42 PM · gnupg22 (gnupg-2.2.52), scd, S/MIME, Feature Request, gnupg26

Nov 6 2025

ebo edited projects for T6859: S/MIME keys are not deleted, added: gpd5x; removed Restricted Project.
Nov 6 2025, 11:51 AM · gpd5x, S/MIME, kleopatra, gnupg
timegrid updated the task description for T7836: GpgOL: Both disable and prefer S/MIME does not work.
Nov 6 2025, 9:11 AM · S/MIME, vsd34, vsd, gpgol
timegrid renamed T7836: GpgOL: Both disable and prefer S/MIME does not work from GpgOL: Activate "Prefer S/MIME" does not work to GpgOL: Both disable and prefer S/MIME does not work.
Nov 6 2025, 8:57 AM · S/MIME, vsd34, vsd, gpgol

Oct 9 2025

ebo added a comment to T7836: GpgOL: Both disable and prefer S/MIME does not work.

Might this be related to T4953?

Oct 9 2025, 5:02 PM · S/MIME, vsd34, vsd, gpgol
ebo moved T7837: GpgOL: Saving S/MIME encrypted draft with S/MIME disabled freezes Outlook from Backlog to Done on the gpgol board.
Oct 9 2025, 10:56 AM · S/MIME, vsd34, vsd, gpgol
mmontkowski triaged T7837: GpgOL: Saving S/MIME encrypted draft with S/MIME disabled freezes Outlook as Normal priority.
Oct 9 2025, 10:15 AM · S/MIME, vsd34, vsd, gpgol
mmontkowski changed the status of T7837: GpgOL: Saving S/MIME encrypted draft with S/MIME disabled freezes Outlook from Open to Testing.
Oct 9 2025, 10:14 AM · S/MIME, vsd34, vsd, gpgol
ebo moved T7836: GpgOL: Both disable and prefer S/MIME does not work from Backlog to Triage on the gpgol board.
Oct 9 2025, 9:37 AM · S/MIME, vsd34, vsd, gpgol
ebo renamed T7836: GpgOL: Both disable and prefer S/MIME does not work from GpgOL: Activate/Prefer S/MIME does not work to GpgOL: Activate "Prefer S/MIME" does not work.
Oct 9 2025, 9:36 AM · S/MIME, vsd34, vsd, gpgol
ebo triaged T7841: GpgOL: Concurrent access to S/MIME encrypted mail creates versions as Low priority.
Oct 9 2025, 9:25 AM · S/MIME, vsd34, vsd, gpgol

Oct 6 2025

werner reopened T7837: GpgOL: Saving S/MIME encrypted draft with S/MIME disabled freezes Outlook as "Open".

(auto resolved due to the keyword "resolved" in the commit message)

Oct 6 2025, 3:36 PM · S/MIME, vsd34, vsd, gpgol
mmontkowski closed T7837: GpgOL: Saving S/MIME encrypted draft with S/MIME disabled freezes Outlook as Resolved.

The window was not reenabled on failure see 8d174d5

Oct 6 2025, 2:06 PM · S/MIME, vsd34, vsd, gpgol

Oct 2 2025

timegrid created T7841: GpgOL: Concurrent access to S/MIME encrypted mail creates versions.
Oct 2 2025, 3:13 PM · S/MIME, vsd34, vsd, gpgol
timegrid added a comment to T7836: GpgOL: Both disable and prefer S/MIME does not work.

(removed: wrong statement)

Oct 2 2025, 2:09 PM · S/MIME, vsd34, vsd, gpgol
timegrid added a project to T7836: GpgOL: Both disable and prefer S/MIME does not work: S/MIME.
Oct 2 2025, 1:14 PM · S/MIME, vsd34, vsd, gpgol
timegrid added a comment to T7837: GpgOL: Saving S/MIME encrypted draft with S/MIME disabled freezes Outlook.

Note: I also activated Sign/Encrypt by default, if that matters

Oct 2 2025, 1:14 PM · S/MIME, vsd34, vsd, gpgol
timegrid created T7837: GpgOL: Saving S/MIME encrypted draft with S/MIME disabled freezes Outlook.
Oct 2 2025, 1:12 PM · S/MIME, vsd34, vsd, gpgol

Sep 24 2025

werner triaged T7819: Export of secret S/MIME key with brainpool fails (error converting key parameters) as Wishlist priority.

ECC support for X.509 and in particular pkcs#12 format is limited. That is in general not a problem because such certificates are stored on a token and not on disk.

Sep 24 2025, 6:21 PM · vsd, S/MIME, gnupg22
timegrid created T7819: Export of secret S/MIME key with brainpool fails (error converting key parameters).
Sep 24 2025, 1:17 PM · vsd, S/MIME, gnupg22

Aug 27 2025

werner lowered the priority of T7618: gpgsm: Allow selecting keys by SHA2 fpr from Normal to Wishlist.

The problem here is that we don't have the sha-2 fingerprint in our SQL tables. Thus we would not only need to do a full table search but also parse the actual blob to compute the sha-2 fingerprint.

Aug 27 2025, 4:14 PM · S/MIME, gnupg26, Feature Request
werner lowered the priority of T6678: GPGSM: Add support for cert extension 2.5.29.54 Inhibit anyPolicy from Normal to Wishlist.
Aug 27 2025, 4:04 PM · gnupg26, S/MIME, Restricted Project
werner closed T7713: Allow to skip the qualified signature confirmation prompt as Resolved.

I have done testing using my QES certificate with all combinations of the two options.

Aug 27 2025, 12:02 PM · S/MIME, Feature Request, gnupg26

Jul 25 2025

werner closed T7738: The trustlist's qual flag is not cached correctly by gpgsm as Resolved.

Fixed for gnupg22 and gnupg26

Jul 25 2025, 5:29 PM · S/MIME, gnupg

Jul 24 2025

werner added a comment to T7738: The trustlist's qual flag is not cached correctly by gpgsm.

This does not happen with gnupg24 because the cache has not been implemented there.

Jul 24 2025, 12:33 PM · S/MIME, gnupg
werner triaged T7738: The trustlist's qual flag is not cached correctly by gpgsm as Normal priority.
Jul 24 2025, 12:22 PM · S/MIME, gnupg

Jul 2 2025

werner triaged T7713: Allow to skip the qualified signature confirmation prompt as Normal priority.
Jul 2 2025, 11:41 AM · S/MIME, Feature Request, gnupg26

May 13 2025

werner closed T7171: Allow for empty Subject in X.509 as Resolved.
May 13 2025, 3:21 PM · libksba, Bug Report, gnupg, S/MIME
werner closed T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN", a subtask of T7171: Allow for empty Subject in X.509, as Resolved.
May 13 2025, 3:00 PM · libksba, Bug Report, gnupg, S/MIME
werner closed T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN" as Resolved.

Meanwhile we have some support for an empty subject but gpgsm still prints an error notice. See the T7171 for more.

May 13 2025, 3:00 PM · gnupg26, S/MIME, Feature Request
werner added a subtask for T7171: Allow for empty Subject in X.509: T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN".
May 13 2025, 2:58 PM · libksba, Bug Report, gnupg, S/MIME
werner added a parent task for T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN": T7171: Allow for empty Subject in X.509.
May 13 2025, 2:58 PM · gnupg26, S/MIME, Feature Request

Apr 22 2025

werner triaged T7618: gpgsm: Allow selecting keys by SHA2 fpr as Normal priority.

BTW, fingerprints for X.509 are not well defined because you get a different one when changing the *unsigned" attributes. Not a common case but one should be aware of it.

Apr 22 2025, 9:33 AM · S/MIME, gnupg26, Feature Request