Page MenuHome GnuPG

S/MIMEProject
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Today

werner triaged T5990: Option to ignore the user trustlist.txt as Normal priority.
Fri, May 20, 9:18 AM · Restricted Project, gnupg (gpg22), S/MIME, gpgagent

Thu, Apr 28

werner closed T5793: gpgsm: Wrong length when parsing octetstring in constructed encoding + definite length as Resolved.
Thu, Apr 28, 8:52 AM · Testing, S/MIME, gnupg (gpg22)

Mar 17 2022

gniibe added a parent task for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present: T5882: Cross signing certificate in X.509 support.
Mar 17 2022, 12:48 AM · S/MIME, Bug Report
gniibe added a parent task for T2972: GPGSM: Chain too long on cross signed certificate: T5882: Cross signing certificate in X.509 support.
Mar 17 2022, 12:48 AM · Bug Report, gnupg, KDE, S/MIME

Mar 9 2022

gniibe added a project to T5793: gpgsm: Wrong length when parsing octetstring in constructed encoding + definite length: Testing.

Fixed in master and 2.2 branch.

Mar 9 2022, 2:58 AM · Testing, S/MIME, gnupg (gpg22)

Mar 8 2022

gniibe added a comment to T5793: gpgsm: Wrong length when parsing octetstring in constructed encoding + definite length.

I located the cause; Current implementation cannot parse the data like:

2611:d=5  hl=4 l=1632 cons:      cont [ 0 ]        
2615:d=6  hl=4 l= 500 prim:       OCTET STRING
3119:d=6  hl=4 l=1124 prim:       OCTET STRING
Mar 8 2022, 5:25 AM · Testing, S/MIME, gnupg (gpg22)
gniibe updated the task description for T5793: gpgsm: Wrong length when parsing octetstring in constructed encoding + definite length.
Mar 8 2022, 1:52 AM · Testing, S/MIME, gnupg (gpg22)

Mar 7 2022

gniibe claimed T5793: gpgsm: Wrong length when parsing octetstring in constructed encoding + definite length.
Mar 7 2022, 11:25 AM · Testing, S/MIME, gnupg (gpg22)

Jan 21 2022

werner triaged T5793: gpgsm: Wrong length when parsing octetstring in constructed encoding + definite length as Normal priority.
Jan 21 2022, 9:42 PM · Testing, S/MIME, gnupg (gpg22)

Jan 17 2022

aheinecke closed T4777: Pinentry sometimes mixes languages as Resolved.

Saw this again and the commit was not in the Stable 2.2 branch. I have cherry picked it. This should resolve this issue.

Jan 17 2022, 9:02 AM · gnupg (gpg23), S/MIME, gpgagent

Nov 13 2021

werner set Due Date to Sat, Apr 30, 12:00 AM on T5684: Allow to categorize X.509 PKIs.
Nov 13 2021, 12:37 PM · Restricted Project, S/MIME, kleopatra, gpgagent
werner triaged T5684: Allow to categorize X.509 PKIs as Normal priority.
Nov 13 2021, 12:35 PM · Restricted Project, S/MIME, kleopatra, gpgagent

Aug 13 2021

werner changed the edit policy for S/MIME.
Aug 13 2021, 11:13 PM

Jul 8 2021

werner closed T4505: SM, W32: GPGSM hangs up the GnuPG System as Resolved.
Jul 8 2021, 2:13 PM · Restricted Project, kleopatra, gpgol, S/MIME, gpg4win, Windows

Jul 6 2021

werner lowered the priority of T4884: PKCS #15 support in gpgsm from High to Normal.
Jul 6 2021, 6:12 PM · Feature Request, gnupg, scd, S/MIME

Jun 25 2021

werner lowered the priority of T4892: gpgsm --gen-key with existing key from "ssh-add" fails from Normal to Low.

Needs to be tested with the current 2.2 version and a gcry_log_debugsxp should be added to the error output.

Jun 25 2021, 11:26 AM · gnupg (gpg22), Bug Report, S/MIME

May 26 2021

dkg added a comment to T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component.

Another solution to make life easier for gpgme users encountering this stuff would be if gpgme itself knows which uid is a DN and which is not, it could populate the gpgme_user_id_t.address field with content of the 1.2.840.113549.1.9.1 DN component. (or maybe gpgme_user_id_t.email, or both? as a user of gpgme, i don't really understand the difference between these fields)

May 26 2021, 9:34 PM · libksba, S/MIME, Bug Report
dkg added a comment to T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component.

fwiw, RFC 2253 is obsoleted by rfc 4514 -- which also doesn't have 1.2.840.113549.1.9.1 associated with "EMAIL", but does provide more detailed guidance for implementers of DN-to-string (and string-to-DN, to the extent that this is possible) conversions. Maybe the code should be updated to refer to the non-obsolete specification at least.

May 26 2021, 9:03 PM · libksba, S/MIME, Bug Report
werner closed T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component as Resolved.

We translate only those OIDs from RFC-2253 to have a stable set of names in the libksba interface. If you need anything else, you need to do this yourself. For example gpgsm does this in in parse_dn_part, gpa has the code in format-dn.

May 26 2021, 6:00 PM · libksba, S/MIME, Bug Report
dkg added a comment to T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component.

I'm reporting this because the above message renders poorly in notmuch -- notmuch gets the user ID from gmime's g_mime_certificate_get_user_id, and gmime populates that field from the uids field of a gpgme_key_t object, and gpgme pulls uid information from gpgsm --with-colons.

May 26 2021, 3:39 AM · libksba, S/MIME, Bug Report
dkg added a comment to T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component.

Attached is a proposed patch.

May 26 2021, 3:32 AM · libksba, S/MIME, Bug Report
dkg created T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component.
May 26 2021, 3:25 AM · libksba, S/MIME, Bug Report
dkg added a comment to T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.

Attached is an even worse PKCS7 blob, that should be validatable given reliance on ca.rsa.crt, but it will be rejected by gpgsm because the PKCS#7 bundle includes ca.rsa.cross2.crt in it.

May 26 2021, 12:07 AM · S/MIME, Bug Report

May 25 2021

dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 25 2021, 11:22 PM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 25 2021, 11:21 PM · S/MIME, Bug Report
dkg added a comment to T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.

OK, i have replicated this successfully with no ed25519 involved. here's the new intermediate cert:

May 25 2021, 11:18 PM · S/MIME, Bug Report
dkg added a comment to T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.

Which NIST test suite are you referring to? It might not cover certificate pathfinding in the face of multiple cross-signed authorities.

May 25 2021, 5:37 PM · S/MIME, Bug Report
werner triaged T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present as Normal priority.

I do not have the time to analyse this in the context of our approved versions and to compare it to the NIST test suite. We also do not yet have support for ed25519 certificates.

May 25 2021, 9:45 AM · S/MIME, Bug Report

May 21 2021

dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:17 AM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:17 AM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:16 AM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:15 AM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:14 AM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:09 AM · S/MIME, Bug Report
dkg renamed T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present from gpgsm fails to find shortest certificate path to valid X.509 root to gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:08 AM · S/MIME, Bug Report
dkg created T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 1:45 AM · S/MIME, Bug Report

Apr 21 2021

werner triaged T5407: gpg fails to import second secret key in .pfx (PKCS12) file as Normal priority.
Apr 21 2021, 9:09 PM · gnupg (gpg23), Feature Request, S/MIME
dkg added a comment to T5407: gpg fails to import second secret key in .pfx (PKCS12) file.

Apparently only one of the secret keys is actually imported: the decryption key, but not the signing key.

Apr 21 2021, 6:20 AM · gnupg (gpg23), Feature Request, S/MIME
dkg created T5407: gpg fails to import second secret key in .pfx (PKCS12) file.
Apr 21 2021, 1:59 AM · gnupg (gpg23), Feature Request, S/MIME

Apr 19 2021

werner edited projects for T4921: Support import of PKCS#12 encoded ECC private keys., added: gnupg (gpg22); removed gnupg (gpg23).
Apr 19 2021, 5:52 PM · gnupg (gpg22), backport, Feature Request, S/MIME

Apr 13 2021

werner added a comment to T4884: PKCS #15 support in gpgsm.

The PKCS#15 support has meanwhile received a major update. Thus we need to test with the other cards again. If there is something special for to do for a certain task, a new subtask should be created.

Apr 13 2021, 6:43 PM · Feature Request, gnupg, scd, S/MIME
werner added a subtask for T4884: PKCS #15 support in gpgsm: Unknown Object (Maniphest Task).
Apr 13 2021, 6:41 PM · Feature Request, gnupg, scd, S/MIME
werner removed a parent task for T4884: PKCS #15 support in gpgsm: Unknown Object (Maniphest Task).
Apr 13 2021, 6:41 PM · Feature Request, gnupg, scd, S/MIME
werner added a parent task for T4884: PKCS #15 support in gpgsm: Unknown Object (Maniphest Task).
Apr 13 2021, 6:40 PM · Feature Request, gnupg, scd, S/MIME

Apr 12 2021

gniibe closed T4888: GpgSM: Support ECC key generation by gpgsm_genkey, a subtask of T4098: GpgSM: Add ECC support, as Resolved.
Apr 12 2021, 12:21 PM · gnupg (gpg23), Feature Request, S/MIME
gniibe closed T4888: GpgSM: Support ECC key generation by gpgsm_genkey as Resolved.
Apr 12 2021, 12:21 PM · Testing, Feature Request, S/MIME

Mar 2 2021

werner changed the status of T4505: SM, W32: GPGSM hangs up the GnuPG System from Open to Testing.
Mar 2 2021, 7:33 PM · Restricted Project, kleopatra, gpgol, S/MIME, gpg4win, Windows
werner added a comment to T4505: SM, W32: GPGSM hangs up the GnuPG System.

Well, this is a pure Windows bug. It easily shows up when running dozens of gpgsm processes each importing a different certificate (e.g. using Kleopatra's current importer, which spawns one process per cert). The only possible fix is to close all files before starting a long running operation *and* before locking the files.

Mar 2 2021, 7:33 PM · Restricted Project, kleopatra, gpgol, S/MIME, gpg4win, Windows

Mar 1 2021

werner updated subscribers of T4505: SM, W32: GPGSM hangs up the GnuPG System.

@rjh reported a problem with keyboxd from the current 2.3 beta on the ML. This is also a locking problem and _might_ be related to this bug.

Mar 1 2021, 10:51 AM · Restricted Project, kleopatra, gpgol, S/MIME, gpg4win, Windows

Feb 26 2021

werner added a comment to T4777: Pinentry sometimes mixes languages.

The show error is due a missing translation. What happened was that the translation was marked fuzzy and this marker was removed not realizing that the string really changed. The change was "...in the GnuPG system" -> "...in the %s system" which had been done to allow for different gpg names.

Feb 26 2021, 1:54 PM · gnupg (gpg23), S/MIME, gpgagent