Fri, Jun 24
I suppose you're right, we might have crossed that bridge a while ago. Simple availability of certificate- or even signature-specific keyserver URIs just make the risks of honor-keyserver-url more obvious than before.
This is a reasonable feature, however it should be noted that this implies a fairly large metadata leak: You are essentially adding a URI to signatures that will be pinged on signature verification.
I don't see why this is a child task of T6020: the features are similar, but they don't actually impact each other in any way.
Thu, Jun 23
What about rejected changes to "Key:"?
Wed, Jun 22
What about rejected changes to "Key:"? Other this command would make it too easy to mess up the actual private key.
Mon, Jun 20
Fri, Jun 17
Thu, Jun 16
I pushed the change needed for GnuPG to t5964 branch.
Added HKDF implementation to master.
Wed, Jun 15
In the branch https://dev.gnupg.org/source/Scute/history/t6002/ , by the commit rS123d617ebefe: Less administration of devices by scute., things has been changed.
Tue, Jun 14
As Werner wrote, this is already possible. The next time please consult the extensive documentation of gpgme before opening a ticket.
Mon, Jun 13
Hmm, why not use:
gpgme_op_sign (ctx, in, out GPGME_SIG_MODE_CLEAR)
I realized that we need to invent a way to represent KEYGRIP (40-byte string) in the scheme of PKCS#11; PKCS#11 uses fixed-size string (space padded) for it's label (32) and serialno (16). Basically, it identifies the device by slot number.
Sun, Jun 12
Patch applied to master with small changes.
Fri, Jun 10
gpg-agent --supervised being deprecated is highly surprising, especially because it works so well with systemd.
Thu, Jun 9
The --supervised option of GnuPG is deprecated and thus it does not make sense to add this to keyboxd or even sdaemon (which is a helper to gpg-agent).
Wed, Jun 8
Now, it also supports a reader with pinpad.
Tue, Jun 7
A use case for this is to allow the use of S/MIME for de-vs mode and for standard mode while clearly indicating compliant certificates. As of now all certificates matching compliant algorithms are indicated as compliant. The new flag could be used to distinguish between them.
The suffix .kgrp has been added as default filter for the import with revision rKLEOPATRA5c4d3a80d5a9: Allow the export of certificate groups.
I can only find this one: https://github.com/patrickfav/singlestep-kdf/wiki/NIST-SP-800-56C-Rev1:-Non-Official-Test-Vectors
Mon, Jun 6
Updated (with T6012):
Fri, Jun 3
Thanks @jukivili , Here is the changelog,
Thanks for updated patch. I'm travelling next week and have time to check it closely only after I'm back. On quick glance, it looks good. What is also needed is the changelog for git commit log.
Thu, Jun 2
nice, that's great news! I'll have to try it out when I get a chance.
See https://github.com/google/xsecurelock/blob/master/helpers/authproto.h
for the interaction between xsecurelock and the helper.