Page MenuHome GnuPG

S/MIMEProject
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Mon, May 13

werner triaged T7115: gpgsm: support for importing x25519 and ed25519 private keys from .p12 files as Normal priority.
Mon, May 13, 8:32 AM · S/MIME, gnupg26, Feature Request

Sun, May 12

werner edited projects for T7115: gpgsm: support for importing x25519 and ed25519 private keys from .p12 files, added: Feature Request, gnupg26, S/MIME; removed Bug Report.

Yes, I think we should support this. Also X448. Thanks for the report and the samples.

Sun, May 12, 10:42 PM · S/MIME, gnupg26, Feature Request

Tue, May 7

ikloecker moved T6807: Kleo shows 3 certs in a chain while there are only two from Backlog to WiP on the vsd33 board.
Tue, May 7, 10:15 AM · vsd33, Restricted Project, S/MIME, Bug Report, kleopatra
ikloecker added a project to T6807: Kleo shows 3 certs in a chain while there are only two: vsd33.
Tue, May 7, 10:14 AM · vsd33, Restricted Project, S/MIME, Bug Report, kleopatra

Apr 24 2024

werner triaged T7101: Automagically create a PGP key from a X.509 cert as Normal priority.
Apr 24 2024, 3:03 PM · Feature Request, S/MIME, OpenPGP, gnupg

Apr 2 2024

Mnaisoa added a comment to T3907: Internal error when encrypting to cacert certificate.
Apr 2 2024, 9:27 AM · Bug Report, S/MIME, gpg4win

Mar 12 2024

ikloecker placed T7015: gpgsm: Add status messages reporting imported certificates on --learn-card up for grabs.

Right. I think this task inherited the assignee from its parent task.

Mar 12 2024, 10:41 AM · S/MIME, gnupg, Restricted Project
aheinecke added projects to T7015: gpgsm: Add status messages reporting imported certificates on --learn-card: gnupg, S/MIME.
Mar 12 2024, 9:17 AM · S/MIME, gnupg, Restricted Project

Mar 6 2024

lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

I've sent you an email about it. It might have html elements due to markdown-here.

Mar 6 2024, 5:02 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

Sorry, for not following up earlier. Can you please do me a favor and run the last tests again, this time adding -v and --debug 1 to the invocation? Feel free to forward the output to my private address is that is easier (wk at gnupg.org).

Mar 6 2024, 12:19 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Feb 27 2024

werner added a project to T6678: GPGSM: Add support for cert extension 2.5.29.54 Inhibit anyPolicy: gnupg24.
Feb 27 2024, 3:55 PM · gnupg24, S/MIME, Restricted Project
werner added a project to T6677: GPGSM: Add support for cert extension 2.5.29.36 Policy Constraints: gnupg24.
Feb 27 2024, 3:54 PM · gnupg24, S/MIME, Restricted Project

Feb 21 2024

werner closed T3907: Internal error when encrypting to cacert certificate as Wontfix.

Way to old. Does anyone still uses CAcert?

Feb 21 2024, 5:32 PM · Bug Report, S/MIME, gpg4win

Feb 7 2024

lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

The additional debug info are:

gpgsm: DBG: p12_parse:1998: err=0 prk=0x0000000000000000,0x0000000000000000
gpgsm: DBG: p12_parse:2006: err=0 prk=0x0000000000000000,0x0000000000000000
gpgsm: DBG: p12_parse:2021: err=0 prk=0x0000000000000000,0x0000000000000000
gpgsm: DBG: p12_parse:2054: err=0 prk=0x0000000000000000,0x0000000000000000
gpgsm: DBG: p12_parse:2061: err=0 prk=0x0000000000000000,0x0000000000000000
gpgsm: DBG: p12_parse:2069: err=0 prk=0x0000000000000000,0x0000000000000000
gpgsm: DBG: p12_parse:2081: err=0 prk=0x0000000000000000,0x0000000000000000
gpgsm: error parsing or decrypting the PKCS#12 file
gpgsm: total number processed: 4
gpgsm:              unchanged: 4
Feb 7 2024, 6:32 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

Feb 7 2024, 9:09 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Feb 6 2024

lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

Could you write a quick patch file for that? (I don't have a working source build, I am using the Fedora spec file + patches)

Feb 6 2024, 5:18 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

The old debug output is in genral okay but what I would do is to add a couple of log_debug calls like

Feb 6 2024, 5:16 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

@werner I managed to recover the old .p12 that has the error. And this is still replicable. Is there a debug flag that would be useful or can we setup some private live-debugging for this?

Feb 6 2024, 12:18 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Feb 5 2024

werner added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

I would have expected an error message right after

Feb 5 2024, 8:09 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Feb 2 2024

lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

Unfortunately I have deleted the .p12 with the CA chain, and I don't know how I've generated it. It also contained my production certificates so, kinda sensitive to upload here.

Feb 2 2024, 5:49 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

Okay, I push the change for the extended salt size. Regarding the import of CA certificates, I have not seen any problems. In fact it is pretty common. Did you test with with 2.4.4. A test file would be helpful.

Feb 2 2024, 5:33 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

Ok, I have tried again the series of workarounds that I initially posted on the main description, and I managed to fix it by striping the CA certificates. So the current issues here are:

Feb 2 2024, 2:01 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
lecris updated the task description for T6757: gpgsm 2.4 Fails to import P12 certificate/key.
Feb 2 2024, 1:45 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Jan 30 2024

lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

We got a bit further, not sure what debug level you want, guru I've found to be too excessive:

Jan 30 2024, 12:20 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

Can you please try this patch:

Jan 30 2024, 11:50 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner closed T4505: SM, W32: GPGSM hangs up the GnuPG System as Resolved.

That is an old bug report with a couple of fixes introduced over the years. As of now we sometimes see hangs on Windows on our test VMs. The common cause here seems to be USB card reader issues. Let's close this bug and wait for another bug report with current software versions.

Jan 30 2024, 11:09 AM · Restricted Project, gpgol, S/MIME, gpg4win, Windows
lecris reopened T6757: gpgsm 2.4 Fails to import P12 certificate/key as "Open".

@werner I have just tested this, and although it fixed it for one certificate, this one in this issue still fails. Here is the new debug given

Jan 30 2024, 9:17 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
lecris reopened T6757: gpgsm 2.4 Fails to import P12 certificate/key, a subtask of T6752: New minip12 does not import from Firefox anymore, as Open.
Jan 30 2024, 9:17 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Jan 25 2024

zablockil added a comment to T3979: GPGSM: Authenticated encryption.

Openssl since version 3 supports aes-gcm and aria-gcm in cms. CMS has a different wrapper for AEAD. openssl Pull Request. I created test files (nistp384 key, certificates, messages), perhaps it will be useful.

Jan 25 2024, 11:20 PM · S/MIME

Jan 24 2024

ebo moved T6654: gpgsm: p12 passphrase visible in debug output from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 5:08 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), vsd32 (vsd-3.2.0), S/MIME, Restricted Project
ebo closed T6654: gpgsm: p12 passphrase visible in debug output as Resolved.

Hidden for Gpg4win-4.3.0-beta571, too

Jan 24 2024, 5:08 PM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), vsd32 (vsd-3.2.0), S/MIME, Restricted Project
werner closed T6536: Extend P12 parser for ShroudedKeyBag inside a CertBag as Resolved.

Closing because we believe things are fixed and our test suite confirms that. Feel free to -reopen in case your own file does not import with 2.4.4.

Jan 24 2024, 11:42 AM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Bug Report, S/MIME, Restricted Project
werner moved T6536: Extend P12 parser for ShroudedKeyBag inside a CertBag from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 11:41 AM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), Bug Report, S/MIME, Restricted Project
werner moved T6752: New minip12 does not import from Firefox anymore from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 11:40 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner closed T6752: New minip12 does not import from Firefox anymore as Resolved.

The test file is now part of our test suite and passes.

Jan 24 2024, 11:40 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner moved T6559: GPGSM: "always trust like override" or "force" option from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 11:37 AM · gnupg24 (gnupg-2.4.4), gpgme (gpgme 1.23.x), gnupg22 (gnupg-2.2.42), Feature Request, gpgol, S/MIME, kleopatra, Restricted Project
werner moved T6757: gpgsm 2.4 Fails to import P12 certificate/key from QA to gnupg-2.4.4 on the gnupg24 board.
Jan 24 2024, 11:36 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner closed T6757: gpgsm 2.4 Fails to import P12 certificate/key as Resolved.

We meanwhile have a lot of test cases in our test suite and we see no issue. Closing this bug; feel free to re-open if it is not fixed for your case in 2.4.4.

Jan 24 2024, 11:36 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner closed T6757: gpgsm 2.4 Fails to import P12 certificate/key, a subtask of T6752: New minip12 does not import from Firefox anymore, as Resolved.
Jan 24 2024, 11:36 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Jan 16 2024

werner moved T6654: gpgsm: p12 passphrase visible in debug output from WiP to QA on the gnupg24 board.
Jan 16 2024, 10:49 AM · gnupg24 (gnupg-2.4.4), gnupg22 (gnupg-2.2.42), vsd32 (vsd-3.2.0), S/MIME, Restricted Project
werner triaged T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN" as Normal priority.

Interesting. I need to look closer at it. I scheduled it for 2.4 but it won't be in the forthcoming 2.4.4. There are still other interesting things on the short list (e.g. timestamping support) but we may do that only in 2.6.

Jan 16 2024, 10:47 AM · S/MIME, gnupg24, Feature Request

Jan 5 2024

lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

Hope so too. If there was a docker image or something I would gladly test it, otherwise I'll report back as soon as a release is out

Jan 5 2024, 11:46 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report
werner moved T6757: gpgsm 2.4 Fails to import P12 certificate/key from Backlog to QA on the gnupg24 board.

We can't test this but assume that the fix for T6752 is sufficient here.

Jan 5 2024, 11:44 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Jan 4 2024

werner closed T1839: Can't Encrypt with PIV-I Encryption Certificate - Unsupported Certificate as Resolved.

Note that we now have also an option instead of the workaround from 2015

Jan 4 2024, 4:18 PM · gnupg, dirmngr, S/MIME, Feature Request

Dec 16 2023

aheinecke added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

We were hoping before christmas. But it is unlikely due to some other stuff we had to do. Early Jan. Definitely a priority for us right now to get it out.

Dec 16 2023, 3:41 AM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Dec 15 2023

lecris added a comment to T6757: gpgsm 2.4 Fails to import P12 certificate/key.

@werner Any news on when will 2.4.4 will land? I cannot figure out how to build the project from source, and I couldn't adapt the Fedora packaging to build it either. I would like to have a way to finally sign my git commits.

Dec 15 2023, 2:17 PM · gnupg24 (gnupg-2.4.4), S/MIME, Bug Report

Dec 12 2023

aheinecke added a comment to T6859: S/MIME keys are not deleted.

Checking if the key is not otherwise used is unrelated and should be a diifferent Task since this also relates to OpenPGP. For me this Task is about creating a similar API for gpgsm (--delete-secret-key) that we have for OpenPGP.

Dec 12 2023, 7:12 AM · Restricted Project, S/MIME, kleopatra, gnupg

Dec 11 2023

ebo added a comment to T6859: S/MIME keys are not deleted.

As it is so complicated to check all possibilities:

Dec 11 2023, 5:12 PM · Restricted Project, S/MIME, kleopatra, gnupg
werner added a comment to T6859: S/MIME keys are not deleted.

Searching by keygrip is actually fast with keyboxd.

Dec 11 2023, 5:04 PM · Restricted Project, S/MIME, kleopatra, gnupg
aheinecke lowered the priority of T6859: S/MIME keys are not deleted from Normal to Low.

Actually prio is rather low or even Wontfix. Since it has been this way forever and no one really complained. I think deleting secret keys esp. for S/MIME where you can't just create a testing key but need to have it signed by a CA is not really there.

Dec 11 2023, 1:15 PM · Restricted Project, S/MIME, kleopatra, gnupg