Page MenuHome GnuPG

Feature RequestExperimental
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers (1)

Recent Activity

Fri, Sep 17

werner added a comment to T5599: Make gpg use the helpers baked into its AppImage.

The actual patch is rGd4768bb982adb5c8410303334ee8d82ba0d71f3b (our parser in dev.gnupg.org missed to pick up the bug-id due to teh use of scissor lines in the commit message).

Fri, Sep 17, 5:58 PM · gnupg, Restricted Project, Feature Request
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

While data template preparation for RSA-PSS is a bit tricky, it's simple with ECDSA.

Fri, Sep 17, 10:43 AM · FIPS, libgcrypt, Feature Request
werner added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Having hash-algo in the s-exp is useful because a hash handle may carry several hashes. This is sometimes useful if you do not know the hash algorithm in advance and you need to make a guess (various PGP compatibility things in gpg). But of course we can simplify this and use the default algo from the hash handle if hash-algo is missing.

Fri, Sep 17, 7:59 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Thanks for your comment.

Fri, Sep 17, 7:26 AM · FIPS, libgcrypt, Feature Request

Thu, Sep 16

Jakuje added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Thank you. On the first sight, it looks reasonable, but I would like to experiment with it a bit to see all use cases are covered.

Thu, Sep 16, 11:52 AM · FIPS, libgcrypt, Feature Request
werner claimed T5599: Make gpg use the helpers baked into its AppImage.
Thu, Sep 16, 11:23 AM · gnupg, Restricted Project, Feature Request
werner added a comment to T5598: AppImage of gpg.

Some quick ideas: On Windows we have envvars (and APIs) to determine certain locations. There is also the registry. We use of all them. IT would be best to do this simalar on Unix. We also have a control file on Windows which switches to that portable mode; maybe it is best to do this also on Unix - A text file installed alongside gpg which gpg (common/homedir.c) uses to enable the use of certain envvars to locate the root etc..

Thu, Sep 16, 10:05 AM · gnupg, Restricted Project, Feature Request
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Pushed my initial implementation: rC117f5c3f8028: experiment-pk_hash_sign/verify: Implement pk_hash_sign/verify.

Thu, Sep 16, 8:09 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

I am doing an experiment to implement gcry_pk_hash_sign.

Thu, Sep 16, 7:15 AM · FIPS, libgcrypt, Feature Request

Wed, Sep 15

ikloecker created T5599: Make gpg use the helpers baked into its AppImage.
Wed, Sep 15, 1:29 PM · gnupg, Restricted Project, Feature Request
ikloecker added a comment to T5598: AppImage of gpg.

One challenge of the AppImage is how to make gpg and its helpers use the helpers baked into the AppImage. Currently, everything is built with prefix /build/AppDir/usr. This causes

gpg: failed to start agent '/build/AppDir/usr/bin/gpg-agent': No such file or directory

unless gpg finds an already running agent.

Wed, Sep 15, 1:25 PM · gnupg, Restricted Project, Feature Request
ikloecker triaged T5598: AppImage of gpg as High priority.
Wed, Sep 15, 9:29 AM · gnupg, Restricted Project, Feature Request

Tue, Sep 14

werner closed T4972: GPG: Add Option to force passphrase constraints for symmetric encryption, too as Resolved.

Won't be implemented as a new option because --check-sym-passphrase-pattern and --check-passphrase-pattern (since 2.2.30) can be used to implement the same in a more flexible way.

Tue, Sep 14, 2:02 PM · gnupg (gpg22), Feature Request
werner lowered the priority of T5085: Filter APDUs in log output from Normal to Low.
Tue, Sep 14, 2:00 PM · Feature Request, gnupg (gpg22), scd

Mon, Sep 13

werner moved T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation from Backlog to Next on the FIPS board.
Mon, Sep 13, 11:16 AM · FIPS, libgcrypt, Feature Request
werner added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

My suggestion for a combined function is a simple:

Mon, Sep 13, 9:53 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T5576: New set of API for public key cryptography.

2021-09-13 Update:

  • Signature operation tested: RSA-PSS, RSA-PKCS#1-v1.5, RSA-X9.31, ECDSA by NIST Curves, DSA (against CAVS test vectors in FIPS 186-4)
Mon, Sep 13, 9:17 AM · FIPS, libgcrypt, Feature Request

Sun, Sep 12

sjlongland added a comment to T1621: Support multiple cards (not just readers).

GnuPG stable (i.e. 2.3.2) has full support for several readers and tokens. This won't be backported to the LTS versions (2.2), though. Better switch.

Sun, Sep 12, 4:24 AM · gnupg, Feature Request

Sat, Sep 11

werner added a comment to T1621: Support multiple cards (not just readers).

GnuPG stable (i.e. 2.3.2) has full support for several readers and tokens. This won't be backported to the LTS versions (2.2), though. Better switch.

Sat, Sep 11, 11:16 AM · gnupg, Feature Request
sjlongland added a comment to T1621: Support multiple cards (not just readers).

I've recently acquired two Yubikeys: one Yubikey 5 NFC from my workplace, and shortly after, I bought a Yubikey 5C for my own personal keys… both security tokens have _different_ keys on them. (There are some questions being asked regarding the use of the same GnuPG key duplicated on separate smartcards; this is a different case).

Sat, Sep 11, 1:35 AM · gnupg, Feature Request

Thu, Sep 9

werner lowered the priority of T5079: Add compliance flag to trustlist.txt from High to Normal.
Thu, Sep 9, 3:08 PM · Feature Request, gnupg (gpg22)
werner added a project to T5494: gpg-agent doesn't support security-key (sk) key types: gnupg (gpg23).

Interesting idea.

Thu, Sep 9, 1:03 PM · gnupg (gpg23), Feature Request, ssh
rhansen added a comment to T5494: gpg-agent doesn't support security-key (sk) key types.

How difficult would it be to teach gpg-agent to fall back to another SSH agent if given an unsupported key?

Thu, Sep 9, 11:13 AM · gnupg (gpg23), Feature Request, ssh

Wed, Sep 8

ikloecker claimed T5592: AppImage of Kleopatra.
Wed, Sep 8, 10:49 AM · Restricted Project, kleopatra, Feature Request
ikloecker created T5592: AppImage of Kleopatra.
Wed, Sep 8, 10:48 AM · Restricted Project, kleopatra, Feature Request
ikloecker added a comment to T5589: add context menu for normal operation after installation.

Which product do you refer to? Kleopatra? gpg4win? Something else?
Which operating system are you using? Windows? Linux? Something else?

Wed, Sep 8, 10:29 AM · Installer, FAQ, gpg4win

Tue, Sep 7

luweitest created T5589: add context menu for normal operation after installation.
Tue, Sep 7, 5:22 PM · Installer, FAQ, gpg4win
werner added a comment to T5576: New set of API for public key cryptography.

I see.

Tue, Sep 7, 10:37 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T5576: New set of API for public key cryptography.

BTW, the reason of the name "pkey" is that because gcry_pk_ctl is already occupied.
It will be changed, if needed.

Tue, Sep 7, 9:52 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T5576: New set of API for public key cryptography.

Today, I pushed an example for RSA-PSS.

Tue, Sep 7, 9:50 AM · FIPS, libgcrypt, Feature Request

Mon, Sep 6

Jakuje added a comment to T5576: New set of API for public key cryptography.

I added couple of minor comments. I hope they went into somewhere.

Mon, Sep 6, 2:58 PM · FIPS, libgcrypt, Feature Request
werner moved T5576: New set of API for public key cryptography from Backlog to Next on the FIPS board.
Mon, Sep 6, 11:18 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T5576: New set of API for public key cryptography.

I created an experimental branch:
https://dev.gnupg.org/source/libgcrypt/history/gniibe%252Fnew-pk-api/

Mon, Sep 6, 9:38 AM · FIPS, libgcrypt, Feature Request

Fri, Sep 3

raf created T5586: Please add dane lookup to --auto-key-retrieve.
Fri, Sep 3, 12:53 PM · Feature Request

Mon, Aug 30

gniibe triaged T5576: New set of API for public key cryptography as High priority.
Mon, Aug 30, 5:07 AM · FIPS, libgcrypt, Feature Request

Sun, Aug 29

sunknudsen added a comment to T5575: Supplying more than one passphrase or PIN using passphrase-fd.

Thanks for helping out @werner.

Sun, Aug 29, 5:23 PM · gnupg, yubikey, Feature Request
werner added projects to T5575: Supplying more than one passphrase or PIN using passphrase-fd: yubikey, gnupg.

You can write your own pinentry script instead of the loopback thing. The use the envvar PINENTRY-USER_DATA to communicate with the pinentry.

Sun, Aug 29, 5:00 PM · gnupg, yubikey, Feature Request
sunknudsen created T5575: Supplying more than one passphrase or PIN using passphrase-fd.
Sun, Aug 29, 4:38 PM · gnupg, yubikey, Feature Request

Aug 26 2021

Sanmilie added a comment to T5570: Add to detect external interference validation the card type : Securite carte à puce .

by the way when the applet is selected, I return
D2760001240103045343000000010000
this can be used to detect the manufacturer number

Aug 26 2021, 7:09 PM · Feature Request, scd
Sanmilie added a comment to T5570: Add to detect external interference validation the card type : Securite carte à puce .

Card ATR at the cool reset
Card ATR is : 3B 9C 95 81 01 50 53 43 50 2D 53 43 53 56 31 2E 30 8E
Historical Byte is 53435356312E30
CARD ATS-to-ATR is : 3B 8C 80 01 50 53 43 50 2D 53 43 53 56 31 2E 30 0A
CARD ATS is : 11 78 80 B8 02 50 53 43 50 2D 53 43 53 56 31 2E 30
Historical Byte is 53435356312E30
This can by detected for the card type.

Aug 26 2021, 6:57 PM · Feature Request, scd
werner added a project to T5570: Add to detect external interference validation the card type : Securite carte à puce : Feature Request.

Is there another way to to detect your card (I assume a Javacard) without relying on the openpgp card application vendor-id like we do it with the Yubikey? I want to avoid a possible early but expensive AID selection just to get the vendor-id.

Aug 26 2021, 6:29 PM · Feature Request, scd

Aug 25 2021

gniibe closed T5530: Add "prehash" support to DSA and ECDSA signing, a subtask of T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation, as Resolved.
Aug 25 2021, 3:29 AM · FIPS, libgcrypt, Feature Request
gniibe closed T5530: Add "prehash" support to DSA and ECDSA signing as Resolved.
Aug 25 2021, 3:29 AM · Testing, FIPS, libgcrypt, Feature Request
gniibe closed T5529: Support internal hashing for RSA-PSS, a subtask of T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation, as Resolved.
Aug 25 2021, 3:28 AM · FIPS, libgcrypt, Feature Request
gniibe closed T5529: Support internal hashing for RSA-PSS as Resolved.
Aug 25 2021, 3:28 AM · libgcrypt, Feature Request

Aug 23 2021

pert added a comment to T5135: Provide more practical thread-safe strerror, perhaps with strerror_l.

Actually, I think there's a way to make gpg_strerror_r more usable on its own. I previously said

I find it quite difficult to use strerror_r and gpg_strerror_r. With having to guess and retry to get an appropriate buffer length, a wrapper which dynamically allocates the string seems to be needed.

Aug 23 2021, 7:47 PM · gpgrt, Feature Request

Aug 13 2021

calestyo added a comment to T5554: support symmetric encryption with multiple passphrases.

At first I've had simply tried to give multiple --symmetric options (which of course didn't work).

Aug 13 2021, 11:27 PM · symmetric, gnupg, Feature Request
werner triaged T5554: support symmetric encryption with multiple passphrases as Normal priority.

I have no clear idea on how to style the UI for this feature. Technically it is simple but we need top query several passphrases. loopback mode with a list of passphrases might be easiest way to do that.

Aug 13 2021, 11:19 PM · symmetric, gnupg, Feature Request
werner changed the edit policy for Feature Request.
Aug 13 2021, 10:58 PM
calestyo created T5554: support symmetric encryption with multiple passphrases.
Aug 13 2021, 3:32 AM · symmetric, gnupg, Feature Request