Page MenuHome GnuPG

gnupg (gpg23)Milestone
ActivePublic

Members

  • This project does not have any members.
  • View All

Recent Activity

Tue, May 10

dschulman-repay closed T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406) as Resolved.

Thank you, @gniibe. That's what I was missing: installing libsqlite3-dev made the difference.

Tue, May 10, 7:02 PM · Testing, gnupg (gpg23), Bug Report
gniibe added a project to T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406): Testing.

Pushed the fix.

Tue, May 10, 4:52 AM · Testing, gnupg (gpg23), Bug Report
gniibe claimed T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406).
Tue, May 10, 2:50 AM · Testing, gnupg (gpg23), Bug Report
gniibe added a comment to T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406).

You need to install a package like sqlite-devel or libsqlite3-dev, so that you can have development header files and library (sqlite3*.h and libsqite3.so) and pkgconfig file (pkgconfig/sqlite3.pc).

Tue, May 10, 2:49 AM · Testing, gnupg (gpg23), Bug Report
dschulman-repay added a comment to T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406).

Yes, I saw that in the logs and installed those packages. Now I have sqlite and sqlite3 in /usr/bin, but that doesn't seem to have changed anything.

Tue, May 10, 2:21 AM · Testing, gnupg (gpg23), Bug Report
gniibe added a comment to T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406).

the link's target doesn't exist

Tue, May 10, 1:47 AM · Testing, gnupg (gpg23), Bug Report

Mon, May 9

dschulman-repay added a comment to T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406).

Yes, of course I did that. The error output I included followed the sequence

Mon, May 9, 6:27 PM · Testing, gnupg (gpg23), Bug Report
gniibe added a comment to T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406).

Please do make at first before invoking make check. It creates symbolic links for executables.

Mon, May 9, 9:09 AM · Testing, gnupg (gpg23), Bug Report
werner added a project to T5966: keyboxd issue building gnupg-2.3.6 (almost identical toT5406): gnupg (gpg23).
Mon, May 9, 7:18 AM · Testing, gnupg (gpg23), Bug Report

Fri, May 6

gniibe closed T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1 as Resolved.
Fri, May 6, 2:16 AM · FIPS, gnupg (gpg23), Bug Report

Thu, May 5

werner triaged T5964: gnupg should use the KDFs implemented in libgcrypt as Normal priority.

When we implemented this first, Libgcrypt had no appropriate KDF support. I recall that I considered to change this but it turned out the for 2.2 the changes are too large. For 2.3 we will consider such a change.

Thu, May 5, 8:40 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request

Tue, May 3

gniibe moved T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1 from Next to Done on the FIPS board.
Tue, May 3, 10:58 AM · FIPS, gnupg (gpg23), Bug Report
gniibe removed a project from T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1: Testing.
Tue, May 3, 10:57 AM · FIPS, gnupg (gpg23), Bug Report
gniibe added a comment to T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1.

Fixed in GnuPG 2.3.5.

Tue, May 3, 10:57 AM · FIPS, gnupg (gpg23), Bug Report
gniibe added a project to T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1: Testing.
Tue, May 3, 10:48 AM · FIPS, gnupg (gpg23), Bug Report
gniibe added a comment to T5931: OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token.

Nitrokey Start uses Gnuk as its firmware. You need to upgrade its firmware to version 1.2.16 or newer.
Please note that when upgrading the firmware, your keys will be removed.

Tue, May 3, 10:43 AM · Testing, gnupg (gpg23), ssh, gpgagent

Mon, May 2

amalon added a comment to T5931: OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token.

Its a nitrokey start. I gave it another spin just to make sure, and again when updating to openssh 9.0 and "gpg (GnuPG) 2.3.6-unknown", it fails (again with careful gpgconf --kill gpg-agent etc. Double checked the downloaded source code by arch's makepkg, appears to have that patch applied. Also tried adding -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com to the ssh command, which didn't help.

Mon, May 2, 10:36 PM · Testing, gnupg (gpg23), ssh, gpgagent
werner added a project to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com: workaround.
Mon, May 2, 10:19 AM · workaround, Testing, gnupg (gpg23), ssh, Bug Report, scd
gniibe added a comment to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com.
KexAlgorithms -sntrup761x25519-sha512@openssh.com
Mon, May 2, 10:17 AM · workaround, Testing, gnupg (gpg23), ssh, Bug Report, scd
gniibe added a comment to T5931: OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token.

Please describe what token is used. For my use cases with rGe8fb8e2b3e66: scd: Don't inhibit SSH authentication for larger data if it can., both of Gnuk (>= 1.2.16) and Yubikey (>= 5) work well.

Mon, May 2, 1:53 AM · Testing, gnupg (gpg23), ssh, gpgagent

Fri, Apr 29

dkg added a comment to T5931: OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token.

this looks similar to https://dev.gnupg.org/T5935 and https://bugs.debian.org/1008573

Fri, Apr 29, 6:24 PM · Testing, gnupg (gpg23), ssh, gpgagent
dschulman-repay added a comment to T5406: gnupg-2.3.1: 'make check' on all tests tries to use installed 'keyboxd'.

I'm seeing something just like this when attempting to install gnupg-2.3.6 on Ubuntu 22.04 LTS (running under WSL 2, if it matters).

Fri, Apr 29, 3:58 AM · gnupg (gpg23), Bug Report

Thu, Apr 28

amalon added a comment to T5931: OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token.

FYI, I built 2.3.6 using a modified archlinux PKGBUILD (& disabling patches to avoid conflicts), then did:
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
but ssh still fails as before

Thu, Apr 28, 9:16 AM · Testing, gnupg (gpg23), ssh, gpgagent
werner lowered the priority of T5931: OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token from High to Normal.
Thu, Apr 28, 8:55 AM · Testing, gnupg (gpg23), ssh, gpgagent
werner closed T5856: Forcing aead when creating sign & encrypted files creates inconsistent results as Resolved.
Thu, Apr 28, 8:52 AM · gnupg (gpg23), Bug Report
werner closed T5941: gnupg 2.3.5 hangs on key import as Resolved.
Thu, Apr 28, 8:49 AM · Testing, gnupg (gpg23), Bug Report
werner closed T5821: gpgsm "certificate not found" error handling should use gpg_err_code() instead of -1 as Resolved.
Thu, Apr 28, 8:48 AM · Testing, gnupg (gpg23), Bug Report

Wed, Apr 27

gniibe added a project to T5948: Flaky test (<keyboxd>tests/openpgp/use-exact-key.scm) failure with gnupg 2.3.5, 2.3.6: Testing.
Wed, Apr 27, 6:55 AM · Testing, gnupg (gpg23), Bug Report
gniibe claimed T5948: Flaky test (<keyboxd>tests/openpgp/use-exact-key.scm) failure with gnupg 2.3.5, 2.3.6.
Wed, Apr 27, 6:53 AM · Testing, gnupg (gpg23), Bug Report
gniibe added a comment to T5948: Flaky test (<keyboxd>tests/openpgp/use-exact-key.scm) failure with gnupg 2.3.5, 2.3.6.

I located the problem. The test program use-exact-key invokes two gpg-es connecting by pipe (one gpg to generate a signature, another gpg to verify the signature). Those multiple gpg-es race accessing keyboxd.

Wed, Apr 27, 6:48 AM · Testing, gnupg (gpg23), Bug Report

Tue, Apr 26

ikloecker reassigned T5936: gpg: Support specifiying user ID to revoke as UID hash for --quick-revoke-uid from ikloecker to werner.

@werner Please backport to 2.2.

Tue, Apr 26, 12:01 PM · gnupg (gpg23), Restricted Project, Feature Request
gniibe added a comment to T5948: Flaky test (<keyboxd>tests/openpgp/use-exact-key.scm) failure with gnupg 2.3.5, 2.3.6.

Another test, it took 30 minutes to replicate.

Tue, Apr 26, 9:40 AM · Testing, gnupg (gpg23), Bug Report
werner triaged T5948: Flaky test (<keyboxd>tests/openpgp/use-exact-key.scm) failure with gnupg 2.3.5, 2.3.6 as Normal priority.
Tue, Apr 26, 8:38 AM · Testing, gnupg (gpg23), Bug Report
gniibe added a comment to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com.

My Yubikey (Yubico.com Yubikey 4/5 OTP+U2F+CCID) works fine with OpenSSH using kex of sntrup761x25519-sha512@openssh.com.

Tue, Apr 26, 7:44 AM · workaround, Testing, gnupg (gpg23), ssh, Bug Report, scd
gniibe added a comment to T5948: Flaky test (<keyboxd>tests/openpgp/use-exact-key.scm) failure with gnupg 2.3.5, 2.3.6.

Thank you. I can replicate the issue.

Tue, Apr 26, 5:58 AM · Testing, gnupg (gpg23), Bug Report

Mon, Apr 25

werner added a project to T5948: Flaky test (<keyboxd>tests/openpgp/use-exact-key.scm) failure with gnupg 2.3.5, 2.3.6: gnupg (gpg23).
Mon, Apr 25, 7:10 PM · Testing, gnupg (gpg23), Bug Report
werner updated the task description for T5937: Release GnuPG 2.3.6.
Mon, Apr 25, 4:37 PM · Release Info, gnupg (gpg23)
werner triaged T5947: Release GnuPG 2.3.7 as Low priority.
Mon, Apr 25, 4:35 PM · Release Info, gnupg (gpg23)
werner added a project to T5941: gnupg 2.3.5 hangs on key import: Testing.
Mon, Apr 25, 2:32 PM · Testing, gnupg (gpg23), Bug Report
werner added projects to T5821: gpgsm "certificate not found" error handling should use gpg_err_code() instead of -1: gnupg (gpg23), Testing.
Mon, Apr 25, 12:11 PM · Testing, gnupg (gpg23), Bug Report
ikloecker claimed T5936: gpg: Support specifiying user ID to revoke as UID hash for --quick-revoke-uid.
Mon, Apr 25, 11:10 AM · gnupg (gpg23), Restricted Project, Feature Request
gniibe added a comment to T5941: gnupg 2.3.5 hangs on key import.

I pushed the change above. I also pushed another change with IOBUF_INPUT_TEMP.

Mon, Apr 25, 10:41 AM · Testing, gnupg (gpg23), Bug Report
gniibe added a comment to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com.

Sorry, I was confused. For RSA-4096, data is hashed by gpg-agent and hashed data is signed by a card.

Mon, Apr 25, 9:51 AM · workaround, Testing, gnupg (gpg23), ssh, Bug Report, scd
ikloecker triaged T5943: gpg: Report details about failed symmetric decrypt with ERROR status as Normal priority.
Mon, Apr 25, 9:23 AM · Testing, gnupg, gpgme, Restricted Project
werner added a comment to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com.

We are using rsa-4096 on smartcard for quite some time; so I wonder what's the problem here. Is that that we don't use our Assuan hack for large key material with OpenPGP.3?

Mon, Apr 25, 8:07 AM · workaround, Testing, gnupg (gpg23), ssh, Bug Report, scd
gniibe added a comment to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com.

There is another case: RSA-4096 key. scdaemon rejects data by Invalid value. Unfortunately, there is no fix for this, as it's really too large. Even if scdaemon allows larger data, the card implementation rejects, when it conforms to PKCS #1 standard (data should not be larger than 40% of the modulus).

Mon, Apr 25, 4:35 AM · workaround, Testing, gnupg (gpg23), ssh, Bug Report, scd
gniibe triaged T5941: gnupg 2.3.5 hangs on key import as High priority.

Thank you for the bug report.

Mon, Apr 25, 3:14 AM · Testing, gnupg (gpg23), Bug Report

Fri, Apr 22

werner triaged T5936: gpg: Support specifiying user ID to revoke as UID hash for --quick-revoke-uid as High priority.

Should also go into 2.2

Fri, Apr 22, 6:46 PM · gnupg (gpg23), Restricted Project, Feature Request
werner accepted D552: gpg: Support specifiying user ID to revoke as UID hash for --quick-revoke-uid.

The rest of the code looks fine.

Fri, Apr 22, 6:45 PM · gnupg (gpg23)
werner added a comment to T5743: Release GnuPG 2.3.5.

The links for the Windows installer as given in the mail was wrong. The corrected links are

Fri, Apr 22, 8:52 AM · Release Info, gnupg (gpg23)