Page MenuHome GnuPG

gnupg (gpg23)Milestone
ArchivedPublic

Members

  • This project does not have any members.
  • View All

Recent Activity

Mon, Jan 30

werner closed T3398: fingerprint-based import screener is no defense against malice as Wontfix.

Those "curated keyrings" and keyservers don't work together. The whole idea of automated but curated keyrings is dead end.

Mon, Jan 30, 8:58 AM · gnupg24, gnupg (gpg23), Feature Request

Thu, Jan 19

werner archived gnupg (gpg23).
Thu, Jan 19, 4:48 PM

Tue, Jan 17

aheinecke closed T4823: Test Yubikey's support for ed25519 as Resolved.

I am very sure that this is resolved and we support that in Kleopatra.

Tue, Jan 17, 1:10 PM · gnupg24, gnupg (gpg23), yubikey

Dec 22 2022

mfilippov added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Thanks all. It is a bug in Win32 OpenSSH. https://github.com/PowerShell/Win32-OpenSSH/issues/1953 it is already fixed. I think the issue will be resolved after the update is shipped. I could use ssh -T git@github.com as a workaround.

Dec 22 2022, 10:05 AM · Not A Bug, workaround, gnupg24, Windows, ssh
gniibe added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Well, not our bug... it's a kind of support question and answer:
This might help: https://stackoverflow.com/questions/3844393/what-to-do-about-pty-allocation-request-failed-on-channel-0

Dec 22 2022, 1:00 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Dec 21 2022

werner added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

This does not look like a problem in GnuPG/gpg4win because gnupg implements the ssh-agent protocol and not the ssh server or client functionality. ssh tells sshd whether it shall allocate a PTY (Pseudo TTY). I don't use ssh with github but it is likely that you may only run commands (which don't require a PTY). Usually you would invoke a "git" command cia ssh.

Dec 21 2022, 12:10 PM · Not A Bug, workaround, gnupg24, Windows, ssh
mfilippov added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

Authentication succeed if I pressed enter after:PTY allocation request failed on channel 0

Dec 21 2022, 10:58 AM · Not A Bug, workaround, gnupg24, Windows, ssh
mfilippov added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I try WinGPG 4.1.0, and I receive an error:
ssh git@github.com
PTY allocation request failed on channel 0

Dec 21 2022, 10:53 AM · Not A Bug, workaround, gnupg24, Windows, ssh

Dec 20 2022

werner added a comment to T6303: Release GnuPG 2.4.0.

Note that in-source-tree builds are broken - see T6313

Dec 20 2022, 12:23 PM · gnupg24, Release Info, gnupg (gpg23)
werner closed T6303: Release GnuPG 2.4.0 as Resolved.

Release done

Dec 20 2022, 10:48 AM · gnupg24, Release Info, gnupg (gpg23)

Dec 19 2022

werner added a comment to T6303: Release GnuPG 2.4.0.

To be released tomorrow.

Dec 19 2022, 5:07 PM · gnupg24, Release Info, gnupg (gpg23)

Dec 16 2022

werner updated the task description for T6303: Release GnuPG 2.4.0.
Dec 16 2022, 6:23 PM · gnupg24, Release Info, gnupg (gpg23)
werner closed T6255: --list-keys output truncated and loops repeatedly as Resolved.

@raysatiro: Please re-open if you are able to give us a reproducer

Dec 16 2022, 3:57 PM · gnupg24, Windows, gnupg (gpg23), can't replicate, Bug Report

Dec 15 2022

werner closed T6309: Typo fixes ("outpust" et al) as Resolved.

Thanks. Commited to master.

Dec 15 2022, 3:15 PM · gnupg24, gnupg (gpg23), Bug Report

Dec 14 2022

ametzler1 added a comment to T6309: Typo fixes ("outpust" et al).

Missed some, will post an updated patch.

Dec 14 2022, 6:24 PM · gnupg24, gnupg (gpg23), Bug Report

Dec 13 2022

werner claimed T6303: Release GnuPG 2.4.0.
Dec 13 2022, 11:22 AM · gnupg24, Release Info, gnupg (gpg23)
werner moved T6303: Release GnuPG 2.4.0 from Backlog to WiP on the gnupg24 board.
Dec 13 2022, 11:22 AM · gnupg24, Release Info, gnupg (gpg23)
ametzler1 added a comment to T6309: Typo fixes ("outpust" et al).

Missed some, will post an updated patch.

Dec 13 2022, 6:43 AM · gnupg24, gnupg (gpg23), Bug Report

Dec 12 2022

werner edited projects for T6309: Typo fixes ("outpust" et al), added: gnupg (gpg23); removed gnupg.
Dec 12 2022, 6:49 PM · gnupg24, gnupg (gpg23), Bug Report
werner moved T6023: Check how GnuPG handles several keys from WKD from Backlog to WiP on the g10 board.
Dec 12 2022, 12:17 PM · gnupg24, g10, common, Documentation, wkd
werner moved T6023: Check how GnuPG handles several keys from WKD from Backlog to WiP on the common board.
Dec 12 2022, 12:15 PM · gnupg24, g10, common, Documentation, wkd
werner added projects to T6023: Check how GnuPG handles several keys from WKD: common, g10.
Dec 12 2022, 12:12 PM · gnupg24, g10, common, Documentation, wkd
werner edited projects for T5079: Add compliance flag to trustlist.txt, added: gnupg (gpg23); removed gnupg (gpg22).
Dec 12 2022, 11:58 AM · gnupg24, gnupg (gpg23), Restricted Project, Feature Request

Dec 9 2022

AlynxZhou added a comment to T6218: Using Yubikey with GnuPG+scdaemon and PKCS11 over pcscd errors.

I also reproduced this bug. I am using a PIV configured YubiKey 5C NFC for GNOME Smartcard login, which uses pam_pkcs11, and pam_pkcs11 uses opensc to read it via pcscd.

Dec 9 2022, 9:34 AM · gnupg24, scute, scd, Bug Report

Dec 6 2022

werner updated the task description for T6106: Release GnuPG 2.3.8.
Dec 6 2022, 10:11 AM · Release Info, gnupg (gpg23)
werner triaged T6303: Release GnuPG 2.4.0 as Normal priority.
Dec 6 2022, 10:11 AM · gnupg24, Release Info, gnupg (gpg23)
werner renamed T6106: Release GnuPG 2.3.8 from Release GnuPG 2.2.38 to Release GnuPG 2.3.8.
Dec 6 2022, 10:10 AM · Release Info, gnupg (gpg23)

Dec 1 2022

werner closed T6294: Import of EC448 keys fails as Resolved.
Dec 1 2022, 10:15 AM · gnupg (gpg23), Bug Report
werner added a comment to T6294: Import of EC448 keys fails.

Thanks for reporting. We usually test by moving the <keygrip>.key files around ;-)

Dec 1 2022, 10:14 AM · gnupg (gpg23), Bug Report

Nov 30 2022

Jakuje created T6294: Import of EC448 keys fails.
Nov 30 2022, 5:29 PM · gnupg (gpg23), Bug Report

Nov 29 2022

pmgdeb added a comment to T6291: FIPS: dirmngr CRL hash uses MD5.

Sure, but this will need adaption in FIPS mode as it fails with:

Nov 29 2022, 2:55 PM · libgcrypt, gnupg (gpg23), Bug Report
pmgdeb added a comment to T6291: FIPS: dirmngr CRL hash uses MD5.

Patch using SHA1 instead of MD5.

Nov 29 2022, 2:50 PM · libgcrypt, gnupg (gpg23), Bug Report
werner closed T6291: FIPS: dirmngr CRL hash uses MD5 as Wontfix.

There are other uses of MD5 and thus we can't disable it. For example gpgsm also lists the MD5 fingerprint of certificates because they are still in use at some places.

Nov 29 2022, 2:50 PM · libgcrypt, gnupg (gpg23), Bug Report
pmgdeb created T6291: FIPS: dirmngr CRL hash uses MD5.
Nov 29 2022, 2:13 PM · libgcrypt, gnupg (gpg23), Bug Report

Nov 25 2022

gniibe closed T6290: gpgscm: Windows 64-bit support as Invalid.

Sorry, it looks like no problem.

Nov 25 2022, 6:33 AM · gnupg (gpg23), Bug Report
gniibe updated the task description for T6290: gpgscm: Windows 64-bit support.
Nov 25 2022, 6:12 AM · gnupg (gpg23), Bug Report
gniibe triaged T6290: gpgscm: Windows 64-bit support as Wishlist priority.
Nov 25 2022, 6:05 AM · gnupg (gpg23), Bug Report
gniibe created T6290: gpgscm: Windows 64-bit support.
Nov 25 2022, 6:04 AM · gnupg (gpg23), Bug Report
gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Implications are... you won't be possible to use new protocols introduced by newer OpenSSH:

Nov 25 2022, 12:54 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Nov 24 2022

amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

Thanks. Adding 'PubkeyAuthentication unbound' to my ~/.ssh/config seems to workaround it for me on openssh-9.1p1-3 (arch). I don't quite follow what the implications of that setting are though.

Nov 24 2022, 9:01 PM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe renamed T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) from OpenSSH 8.9 and 9.0 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required) to OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
Nov 24 2022, 2:38 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

In my cases (tested with 9.1), here are the length of data to be signed by ssh-agent (emulation by gpg-agent).

  • 164 bytes: Both features disabled by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com -o PubkeyAuthentication=unbound
  • 192 bytes: Unbound only by: ssh -o PubkeyAuthentication=unbound
  • 298 bytes: No Post Quantum only by: ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com
  • 330 bytes: Both features enabled (no options)
Nov 24 2022, 2:22 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Nov 22 2022

gniibe added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

I tested with openssh 9.1. When I add -o PubkeyAuthentication=unbound, I can make the length of data smaller.

Nov 22 2022, 8:12 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Nov 17 2022

werner closed T6224: Mirror internal LDAP to a WKD as Resolved.
Nov 17 2022, 9:33 AM · Restricted Project, Feature Request, gnupg (gpg23)
werner closed T6047: Dirmngr - LDAP Schema V2 not used when Base DN is specified as Resolved.
Nov 17 2022, 9:33 AM · LDAP, dirmngr, gnupg (gpg23), Feature Request

Nov 9 2022

amalon added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).
In T5931#165009, @alexk wrote:

A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:

KexAlgorithms -sntrup761x25519-sha512@openssh.com

For me ssh -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com ... does work as well.

Nov 9 2022, 7:40 PM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent
alexk added a project to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required): workaround.

A workaround you can add the following line to ~/.ssh/config or /etc/ssh/ssh_config:

Nov 9 2022, 10:51 AM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Nov 2 2022

rkeene added a comment to T5555: Cannot add existing ECDSA key as a signing subkey.

I've got a similar patch, but I'm not sure it's any better -- I'm adding EcDSA support for cards (via gnupg-pkcs11-scd) and with this patch I can sign subkeys and data.

Nov 2 2022, 9:40 PM · gnupg24, gnupg (gpg23), Bug Report
gniibe moved T5964: gnupg should use the KDFs implemented in libgcrypt from Next to Ready for release on the FIPS board.
Nov 2 2022, 9:36 AM · gnupg24, FIPS, libgcrypt, Feature Request

Nov 1 2022

gniibe edited projects for T6250: GPG-Agent doesn't work properly with smart cards and ed25519 keys and SSH Agent, added: Documentation; removed Bug Report.

The problem here is how large the data to be signed is. It is an issue of protocol design. The protocols are explained in openssh/PROTOCOL.certkeys and openssh/PROTOCOL. Unfortunately, it seems that it was designed with not much consideration for smartcard use case, so, data to be signed may be longer (than the capability of smartcard).

Nov 1 2022, 12:59 AM · gnupg24, Documentation, ssh