Page MenuHome GnuPG

Feature RequestExperimental
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers (1)

Recent Activity

Today

werner activated P5 bak.
Sun, Jun 20, 6:16 PM · Feature Request
Fred23 archived P5 bak.
Sun, Jun 20, 6:02 PM · Feature Request

Fri, Jun 18

werner triaged T5494: gpg-agent doesn't support security-key (sk) key types as Low priority.

ggp-agent has no support for U2F and it can't work with these key types. Given that Yubikeys also have proper keys (even eddsa) I doubt that we will implement support for ecdsa-sk OpenSSH feature any time soon,

Fri, Jun 18, 11:31 PM · Feature Request, ssh
svenschwermer updated the task description for T5494: gpg-agent doesn't support security-key (sk) key types.
Fri, Jun 18, 7:50 PM · Feature Request, ssh
svenschwermer created T5494: gpg-agent doesn't support security-key (sk) key types.
Fri, Jun 18, 7:48 PM · Feature Request, ssh

Wed, Jun 16

werner added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Some ideas:

  • the someflags thing will probably just be a reserved parameter
  • If DATA is not NULL but an MD is set the sign function should fail
  • Should ownership of MD be moved to the CTX?
Wed, Jun 16, 11:11 AM · FIPS, libgcrypt, Feature Request
Jakuje added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

In an email from @werner couple days back, I got a suggestion that we could use hashing tied to the context, rather than this one-shot call tied only to digests. I circled back this suggestion to Stephan and he confirmed that it should be fine from the FIPS point of view so I am posting the suggested API here too:

ctx = gcry_pk_new (someflags)
md = gcry_md_open (...)
gcry_ctx_set_md (md);
gcry_pk_sign_ext (ctx, result, data, skey)
[...]
gcry_ctx_release (ctx);
Wed, Jun 16, 10:52 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

OK. I think that the patch at SUSE is updated one which works.
As I understand correctly, this is a kind of very old patch, which intended to work around old libgcrypt limitation of RSA PSS.

Wed, Jun 16, 10:34 AM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

I think that {D1476} is still a sketch (not real code which works). I would guess an intended use, but it's good to have concrete example program which uses the feature being added.

Wed, Jun 16, 8:45 AM · FIPS, libgcrypt, Feature Request
werner added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

FWIW, there is also this newer patch: https://dev.gnupg.org/differential/diff/1476/

Wed, Jun 16, 8:40 AM · FIPS, libgcrypt, Feature Request

Tue, Jun 15

werner added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Our public key functions are stateless. For several reasons it would be good to have an option to keep some state (think pre-computations). Our gcry_ctx_t would be a perfect fit for this and it will allow us to join a pubkey function with for example a hash function.

Tue, Jun 15, 1:42 PM · FIPS, libgcrypt, Feature Request
gniibe added a comment to T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation.

Does the patch really work, or is it a sketch to describe the intended use?

Tue, Jun 15, 12:37 PM · FIPS, libgcrypt, Feature Request

Thu, Jun 10

werner added a project to T5480: Export keys + manual: gpg4win.

The private key contains the public key. Thus there is no need to export the public key if you already got the secret key.

Thu, Jun 10, 10:39 PM · gpg4win, Feature Request
rda updated the task description for T5480: Export keys + manual.
Thu, Jun 10, 3:39 PM · gpg4win, Feature Request
rda created T5480: Export keys + manual.
Thu, Jun 10, 3:36 PM · gpg4win, Feature Request

Wed, Jun 2

Saturneric created T5468: About the API of GpgME to revoke key pairs and subkeys..
Wed, Jun 2, 9:08 PM · Feature Request
werner triaged T5463: gpgconf: Options that gpgconf won't change should be flagged as read-only as Normal priority.

There is also the issue that options flagged as ignore or forced in the global config file won't have an effect either. But indeed we could mark them as non-change.

Wed, Jun 2, 5:00 PM · gnupg (gpg23), Feature Request

Tue, Jun 1

ikloecker created T5463: gpgconf: Options that gpgconf won't change should be flagged as read-only.
Tue, Jun 1, 11:21 AM · gnupg (gpg23), Feature Request

May 19 2021

cesar.portilla added a comment to T5324: Kleopatra: Add recursive folder decryption.

I did a new test and found that if it is a single file regardless of disk size, no error appears, but when there are multiple files in a single encrypted folder with a size greater than 1.5GB, the error occurs. Traverse a directory like Zorvek and Aheinecke wrote would be an optimal solution or at least some alert messsage to be aware of the action no supported.

May 19 2021, 9:12 PM · Feature Request, gpg4win
aheinecke added a comment to T5324: Kleopatra: Add recursive folder decryption.

I have allowed myself to edit this task to more reflect what this is about. Although the error is of course in my opinion more of a bug because it is so bad but I would rather fix it with this feature.

May 19 2021, 2:25 PM · Feature Request, gpg4win
aheinecke renamed T5324: Kleopatra: Add recursive folder decryption from Decrypt Folder Fails to Kleopatra: Add recursive folder decryption.
May 19 2021, 2:25 PM · Feature Request, gpg4win
aheinecke added a comment to T5324: Kleopatra: Add recursive folder decryption.

I actually agree that this makes sense. I mean at least Kleo could say: "Hey we have detected 50 files that are encryped in this folder tree, do you really want to decrypt them all?"

May 19 2021, 2:21 PM · Feature Request, gpg4win
werner edited projects for T5324: Kleopatra: Add recursive folder decryption, added: Feature Request; removed Support, Bug Report.
May 19 2021, 9:50 AM · Feature Request, gpg4win

May 10 2021

ikloecker closed T5426: [Pinentry]: add remeber password checkbox in pinentry-qt. as Wontfix.

GnuPG (more precisely gpg-agent) does cache the password for some time in memory. The default is 10 minutes. Add

default-cache-ttl n

where n is the number of seconds to cache the password, to ~/.gnupg/gpg-agent.conf.

May 10 2021, 9:23 AM · Feature Request

May 8 2021

evan0g created T5426: [Pinentry]: add remeber password checkbox in pinentry-qt..
May 8 2021, 11:17 AM · Feature Request

Apr 26 2021

gniibe added a comment to T1756: gpg-agent doesn't accept ssh certificates.

Update:
It looks like OpenSSH version 8 now supports ssh-agent's handling REQUEST_IDENTITIES.

Apr 26 2021, 8:32 AM · gnupg, Feature Request

Apr 21 2021

werner triaged T5407: gpg fails to import second secret key in .pfx (PKCS12) file as Normal priority.
Apr 21 2021, 9:09 PM · gnupg (gpg23), Feature Request, S/MIME

Apr 20 2021

neal closed T5403: Consider all Issuer subpackets when validating a signature as Invalid.
Apr 20 2021, 11:54 AM · OpenPGP, Feature Request
neal added a comment to T5403: Consider all Issuer subpackets when validating a signature.

I just realized that my example is incorrect. It doesn't make sense to support multiple issuer subpackets on self signatures. But it is useful to do so on binary signatures and third-party certifications. Here's a better example, which gpg correctly supports. As such, this issue should be closed. Sorry for the noise.

Apr 20 2021, 11:54 AM · OpenPGP, Feature Request
werner triaged T5403: Consider all Issuer subpackets when validating a signature as Low priority.
Apr 20 2021, 11:48 AM · OpenPGP, Feature Request

Apr 19 2021

werner moved T4894: FIPS: RSA/DSA/ECDSA are missing hashing operation from Backlog to For 1.10 on the libgcrypt board.
Apr 19 2021, 6:16 PM · FIPS, libgcrypt, Feature Request
werner closed T4673: 2.3-only: Don't fallback to PC/SC on failure by the internal CCID driver, only use PC/SC when --disable-ccid is specified as Resolved.
Apr 19 2021, 5:56 PM · gnupg (gpg23), Testing, scd, Feature Request
werner closed T4735: Please provide an option to make --verify accept only signatures from specific trusted UID as Resolved.

aheinecke: I agree, we should not port everything back just because we could do that.

Apr 19 2021, 5:55 PM · gnupg (gpg23), Feature Request
werner edited projects for T4921: Support import of PKCS#12 encoded ECC private keys., added: gnupg (gpg22); removed gnupg (gpg23).
Apr 19 2021, 5:52 PM · gnupg (gpg22), backport, Feature Request, S/MIME
werner closed T4398: Rework Console and command line handling on Windows as Resolved.

This has been released with 2.3.0 and no relevant problems have reported in the last two weeks, thus closing.

Apr 19 2021, 5:48 PM · Feature Request, gnupg (gpg23)

Apr 18 2021

werner added a comment to T5394: scute: Build failure with slibtool.

t-link does not do antthing useful, anyway. I don't think it is justified to add dlopen stuff. Running real test is anyway a manual action; for a full test automation we would need to emulate all supported cards.

Apr 18 2021, 7:40 PM · toolchain, Feature Request, scute

Apr 17 2021

gouttegd added a comment to T5394: scute: Build failure with slibtool.

the t-link test should dlopen scute.so in runtime rather than link against it in build-time.

Apr 17 2021, 4:15 PM · toolchain, Feature Request, scute

Apr 16 2021

midipix added a comment to T5394: scute: Build failure with slibtool.

As of slibtool commit 9c5ba5eb, scute now builds out of the box. I'd still recommend taking the above into consideration, though.

Apr 16 2021, 4:53 PM · toolchain, Feature Request, scute
midipix added a comment to T5394: scute: Build failure with slibtool.

For what it's worth, scute is in violation of gnu libtool's documentation. Building with gnu libtool:

Apr 16 2021, 10:21 AM · toolchain, Feature Request, scute

Apr 15 2021

werner assigned T5294: Displaying the date and time at which you've replied to an email when using GPgOL to aheinecke.
Apr 15 2021, 9:15 AM · gpgol, Feature Request
werner added a project to T4673: 2.3-only: Don't fallback to PC/SC on failure by the internal CCID driver, only use PC/SC when --disable-ccid is specified: gnupg (gpg23).
Apr 15 2021, 8:39 AM · gnupg (gpg23), Testing, scd, Feature Request
gniibe raised the priority of T4673: 2.3-only: Don't fallback to PC/SC on failure by the internal CCID driver, only use PC/SC when --disable-ccid is specified from Normal to High.

Making this task up to HIGH priority, so that people can easily find this change in 2.3.0.

Apr 15 2021, 7:20 AM · gnupg (gpg23), Testing, scd, Feature Request
gniibe closed T4158: UIF (User Interaction Flag) DO support as Resolved.
Apr 15 2021, 4:09 AM · Testing, Feature Request, scd, gnupg

Apr 13 2021

midipix added a comment to T5394: scute: Build failure with slibtool.

Regarding slibtool: I would actually like to have an easier to maintain tool than libtool (of which we use our own version) for GnuPG related software. However, its requirement "the compiler should support -std=c99" is currently a no-starter for libgcrypt and some other libs.

Apr 13 2021, 9:13 PM · toolchain, Feature Request, scute
werner closed T5387: Accept key signatures from LDAP servers as Resolved.

Done for 2.2. and 2.3.

Apr 13 2021, 2:56 PM · Feature Request, gnupg (gpg22)
werner triaged T5394: scute: Build failure with slibtool as Normal priority.
Apr 13 2021, 8:13 AM · toolchain, Feature Request, scute
gniibe closed T3416: gpg should select available signing key on card (even with -u option) as Resolved.

Done in 2.3.0.

Apr 13 2021, 8:07 AM · Testing, Feature Request, gnupg
gniibe closed T3416: gpg should select available signing key on card (even with -u option), a subtask of T2291: Smartcard interaction improvement (was: Shadowed private key design (for smartcard)), as Resolved.
Apr 13 2021, 8:07 AM · Testing, Feature Request, gnupg
gniibe closed T4695: Remove SERIALNO as an identifier to select keys, a subtask of T2291: Smartcard interaction improvement (was: Shadowed private key design (for smartcard)), as Resolved.
Apr 13 2021, 8:06 AM · Testing, Feature Request, gnupg
gniibe closed T4695: Remove SERIALNO as an identifier to select keys as Resolved.

Done in 2.3.0.

Apr 13 2021, 8:06 AM · Testing, Feature Request, gnupg