Page MenuHome GnuPG
Projects S/MIME

S/MIMEProject
ActivePublic
Watch Project

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity
View All

Wed, Aug 27

werner lowered the priority of T7618: gpgsm: Allow selecting keys by SHA2 fpr from Normal to Wishlist.

The problem here is that we don't have the sha-2 fingerprint in our SQL tables. Thus we would not only need to do a full table search but also parse the actual blob to compute the sha-2 fingerprint.

Wed, Aug 27, 4:14 PM · S/MIME, gnupg26, Feature Request
werner lowered the priority of T6678: GPGSM: Add support for cert extension 2.5.29.54 Inhibit anyPolicy from Normal to Wishlist.
Wed, Aug 27, 4:04 PM · gnupg26, S/MIME, Restricted Project
werner closed T7713: Allow to skip the qualified signature confirmation prompt as Resolved.

I have done testing using my QES certificate with all combinations of the two options.

Wed, Aug 27, 12:02 PM · S/MIME, Feature Request, gnupg26

Jul 25 2025

werner closed T7738: The trustlist's qual flag is not cached correctly by gpgsm as Resolved.

Fixed for gnupg22 and gnupg26

Jul 25 2025, 5:29 PM · S/MIME, gnupg

Jul 24 2025

werner added a comment to T7738: The trustlist's qual flag is not cached correctly by gpgsm.

This does not happen with gnupg24 because the cache has not been implemented there.

Jul 24 2025, 12:33 PM · S/MIME, gnupg
werner triaged T7738: The trustlist's qual flag is not cached correctly by gpgsm as Normal priority.
Jul 24 2025, 12:22 PM · S/MIME, gnupg

Jul 2 2025

werner triaged T7713: Allow to skip the qualified signature confirmation prompt as Normal priority.
Jul 2 2025, 11:41 AM · S/MIME, Feature Request, gnupg26

May 13 2025

werner closed T7171: Allow for empty Subject in X.509 as Resolved.
May 13 2025, 3:21 PM · libksba, Bug Report, gnupg, S/MIME
werner closed T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN", a subtask of T7171: Allow for empty Subject in X.509, as Resolved.
May 13 2025, 3:00 PM · libksba, Bug Report, gnupg, S/MIME
werner closed T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN" as Resolved.

Meanwhile we have some support for an empty subject but gpgsm still prints an error notice. See the T7171 for more.

May 13 2025, 3:00 PM · gnupg26, S/MIME, Feature Request
werner added a subtask for T7171: Allow for empty Subject in X.509: T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN".
May 13 2025, 2:58 PM · libksba, Bug Report, gnupg, S/MIME
werner added a parent task for T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN": T7171: Allow for empty Subject in X.509.
May 13 2025, 2:58 PM · gnupg26, S/MIME, Feature Request

Apr 22 2025

werner triaged T7618: gpgsm: Allow selecting keys by SHA2 fpr as Normal priority.

BTW, fingerprints for X.509 are not well defined because you get a different one when changing the *unsigned" attributes. Not a common case but one should be aware of it.

Apr 22 2025, 9:33 AM · S/MIME, gnupg26, Feature Request

Feb 18 2025

ebo moved T6559: GPGSM: "always trust like override" or "force" option from Backlog to Done on the gpgol board.
Feb 18 2025, 2:46 PM · gnupg24 (gnupg-2.4.4), gpgme (gpgme 1.23.x), gnupg22 (gnupg-2.2.42), Feature Request, gpgol, S/MIME, kleopatra, Restricted Project

Jan 24 2025

werner triaged T7487: libksba/gpgsm: support for RSA-PSS signatures made with a maximum saltLength value as Wishlist priority.

If you encounter real world certificates with these parameters we can bump up the priority.

Jan 24 2025, 11:08 AM · gnupg, S/MIME, Feature Request

Jan 19 2025

zablockil added a comment to T7487: libksba/gpgsm: support for RSA-PSS signatures made with a maximum saltLength value.

I think I can understand you, too much complexity.

Jan 19 2025, 7:56 PM · gnupg, S/MIME, Feature Request

Jan 17 2025

werner added a comment to T7487: libksba/gpgsm: support for RSA-PSS signatures made with a maximum saltLength value.

See this comment which is related to T4538:

Jan 17 2025, 4:29 PM · gnupg, S/MIME, Feature Request
werner added a comment to T4538: Support PSS signed CRLs.
Jan 17 2025, 4:23 PM · dirmngr, S/MIME, libksba
werner added projects to T7487: libksba/gpgsm: support for RSA-PSS signatures made with a maximum saltLength value: S/MIME, gnupg.
Jan 17 2025, 4:17 PM · gnupg, S/MIME, Feature Request

Jan 7 2025

TobiasFella closed T6807: Kleo shows 3 certs in a chain while there are only two as Resolved.
Jan 7 2025, 3:08 PM · vsd33 (vsd-3.3.0), Restricted Project, S/MIME, Bug Report, kleopatra
TobiasFella moved T6807: Kleo shows 3 certs in a chain while there are only two from QA to vsd-3.3.0 on the vsd33 board.
Jan 7 2025, 3:08 PM · vsd33 (vsd-3.3.0), Restricted Project, S/MIME, Bug Report, kleopatra
TobiasFella added a comment to T6807: Kleo shows 3 certs in a chain while there are only two.

Also works in VSD-beta-478

Jan 7 2025, 3:08 PM · vsd33 (vsd-3.3.0), Restricted Project, S/MIME, Bug Report, kleopatra

Dec 19 2024

werner raised the priority of T3979: GPGSM: Authenticated encryption from Wishlist to Normal.
Dec 19 2024, 10:33 AM · gnupg26, S/MIME

Dec 16 2024

ebo moved T6807: Kleo shows 3 certs in a chain while there are only two from WiP to QA on the vsd33 board.
Dec 16 2024, 11:20 AM · vsd33 (vsd-3.3.0), Restricted Project, S/MIME, Bug Report, kleopatra

Dec 11 2024

aheinecke merged T3793: Speed up Keylistings in GPG(SM) into T6206: Kleopatra: Listing certificates initially just takes too long..
Dec 11 2024, 6:58 AM · S/MIME, gnupg, kleopatra

Oct 29 2024

werner edited projects for T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN", added: gnupg26; removed gnupg24.
Oct 29 2024, 1:23 PM · gnupg26, S/MIME, Feature Request
werner edited projects for T6678: GPGSM: Add support for cert extension 2.5.29.54 Inhibit anyPolicy, added: gnupg26; removed gnupg24.
Oct 29 2024, 1:21 PM · gnupg26, S/MIME, Restricted Project

Oct 4 2024

werner added a comment to T7308: Speed up the X.509 key listings.

Test on a dedicated Windows box (T 460, i5-6300U@2.40GHz, harddisk):

VSD Versiongpg versionLoad time
3.1.262.2.411:59
3.2.4 beta-22.2.45 beta 250:46
Oct 4 2024, 3:03 PM · S/MIME, Feature Request, gnupg
werner edited projects for T4537: gpgsm support for timestamp signatures, added: gnupg26; removed gnupg24.
Oct 4 2024, 12:14 PM · gnupg26, S/MIME, Feature Request
werner claimed T7319: gpgsm/dirmngr: Improve forward path-building via http AIA extension in x.509 certificates.
Oct 4 2024, 12:10 PM · S/MIME, gnupg26, Feature Request
werner added a comment to T7308: Speed up the X.509 key listings.

Overall effect of these changes tested on a small Windows VM is only 47 -> 26 seconds. Did also tests with --kbx-buffer-size but that does not make it better than the default, either.

Oct 4 2024, 12:05 PM · S/MIME, Feature Request, gnupg

Oct 1 2024

ebo moved T6807: Kleo shows 3 certs in a chain while there are only two from Restricted Project Column to Restricted Project Column on the Restricted Project board.

works, the Root-CA of the above example is only shown once any more. Gpg4win-Beta-50

Oct 1 2024, 4:38 PM · vsd33 (vsd-3.3.0), Restricted Project, S/MIME, Bug Report, kleopatra
ebo moved T6807: Kleo shows 3 certs in a chain while there are only two from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Oct 1 2024, 3:56 PM · vsd33 (vsd-3.3.0), Restricted Project, S/MIME, Bug Report, kleopatra

Sep 30 2024

werner closed T7308: Speed up the X.509 key listings as Resolved.

Will be available in 2.2.45 and 2.5.2

Sep 30 2024, 7:08 PM · S/MIME, Feature Request, gnupg
werner added a comment to T7308: Speed up the X.509 key listings.

Now we are at 4 seconds. Available in master and 2.2.

Sep 30 2024, 6:49 PM · S/MIME, Feature Request, gnupg

Sep 27 2024

werner added a comment to T7308: Speed up the X.509 key listings.

With that patch we are down to about 6 seconds.

Sep 27 2024, 3:49 PM · S/MIME, Feature Request, gnupg
werner triaged T7308: Speed up the X.509 key listings as High priority.
Sep 27 2024, 3:47 PM · S/MIME, Feature Request, gnupg

Aug 14 2024

ebo moved T7213: PKCS #12 import fails on broken P12 files which MS accepts from QA to gnupg-2.2.44 on the gnupg22 board.
Aug 14 2024, 12:47 PM · gnupg22 (gnupg-2.2.44), S/MIME, Bug Report, Restricted Project
ebo closed T7213: PKCS #12 import fails on broken P12 files which MS accepts as Resolved.

Did a quick manual test import and encryption/decryption with VS-Desktop-3.2.93.1-Beta with the relevant test-X509 certificate.
Works as expected.

Aug 14 2024, 12:47 PM · gnupg22 (gnupg-2.2.44), S/MIME, Bug Report, Restricted Project

Aug 13 2024

zablockil added a comment to T4537: gpgsm support for timestamp signatures.

I made a ticket on bugzilla with ready-made tests for S/MIME, but on close inspection a different structure appears for S/MIME and another for qualified signature (openssl could not verify token extracted from CAdES-BASELINE-T signature). However, these tests can be very useful.

Aug 13 2024, 5:10 PM · gnupg26, S/MIME, Feature Request

Aug 7 2024

werner added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

FWIW, I received that mail but I hope that this bug is at least fixed with today's fix for T7213. Thus not re-opening.

Aug 7 2024, 11:47 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner added a comment to T7213: PKCS #12 import fails on broken P12 files which MS accepts.

This patch has a new fix for T5793 which is now only used where needed.

Aug 7 2024, 11:38 AM · gnupg22 (gnupg-2.2.44), S/MIME, Bug Report, Restricted Project
werner moved T7213: PKCS #12 import fails on broken P12 files which MS accepts from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Aug 7 2024, 11:26 AM · gnupg22 (gnupg-2.2.44), S/MIME, Bug Report, Restricted Project
werner changed the status of T7213: PKCS #12 import fails on broken P12 files which MS accepts from Open to Testing.

I don't think that we can do much manual testing here because we have all test cases anyway in the regression test suite and our local non-public regression tests (which has the p12 files we are not allowed to publish)

Aug 7 2024, 11:26 AM · gnupg22 (gnupg-2.2.44), S/MIME, Bug Report, Restricted Project

Aug 6 2024

werner added a comment to T7213: PKCS #12 import fails on broken P12 files which MS accepts.

Alright. Done for master; backport will come soon.

Aug 6 2024, 5:53 PM · gnupg22 (gnupg-2.2.44), S/MIME, Bug Report, Restricted Project

Jul 31 2024

werner added a comment to T7213: PKCS #12 import fails on broken P12 files which MS accepts.

The garbled data might be due to a bug in dumpasn1 (version 2021-02-12).

Jul 31 2024, 3:51 PM · gnupg22 (gnupg-2.2.44), S/MIME, Bug Report, Restricted Project

Jul 25 2024

werner edited projects for T7213: PKCS #12 import fails on broken P12 files which MS accepts, added: gnupg22, Bug Report, S/MIME; removed gnupg22 (gnupg-2.2.44).
Jul 25 2024, 10:57 AM · gnupg22 (gnupg-2.2.44), S/MIME, Bug Report, Restricted Project

Jun 20 2024

werner renamed T7171: Allow for empty Subject in X.509 from Allow for empty Subject in X.508 to Allow for empty Subject in X.509.
Jun 20 2024, 3:27 PM · libksba, Bug Report, gnupg, S/MIME
werner triaged T7171: Allow for empty Subject in X.509 as Normal priority.
Jun 20 2024, 3:12 PM · libksba, Bug Report, gnupg, S/MIME

Jun 6 2024

werner closed T6757: gpgsm 2.4 Fails to import P12 certificate/key, a subtask of T6752: New minip12 does not import from Firefox anymore, as Resolved.
Jun 6 2024, 12:06 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report