S/MIMEProject
ActivePublic

Members

  • This project does not have any members.

Watchers

  • This project does not have any watchers.

Recent Activity

Wed, Mar 27

lechten added a comment to T4436: gpgsm refuses to encrypt with failure to check CRL.

I forgot: Instead of importing the missing internal CA, this works:

Wed, Mar 27, 9:44 AM · gnupg (gpg22), S/MIME, Bug Report
lechten added a comment to T4436: gpgsm refuses to encrypt with failure to check CRL.

I agree, the question is which CRL is checked when how. Maybe there is some mistake on my side. Here is a recipe for Debian:

Wed, Mar 27, 9:23 AM · gnupg (gpg22), S/MIME, Bug Report
aheinecke added a comment to T4436: gpgsm refuses to encrypt with failure to check CRL.

I don't think this is a bug. Failure to encrypt when CRL check fails is expected.

Wed, Mar 27, 8:37 AM · gnupg (gpg22), S/MIME, Bug Report

Tue, Mar 26

werner triaged T4436: gpgsm refuses to encrypt with failure to check CRL as Normal priority.
Tue, Mar 26, 7:53 PM · gnupg (gpg22), S/MIME, Bug Report

Mar 14 2019

aheinecke removed a project from T4098: GpgSM: Add ECC support (Option to create an X.509/ECDSA key): gpg4win.
Mar 14 2019, 9:34 AM · Feature Request, S/MIME

Mar 4 2019

aheinecke added a comment to T4379: Invalid crypto engine importing a certificate.

Ouch indeed. Looks like you run into a "hanging" gpg-agent situation in that case our main background process is blocked and all other processes wait for it to respond and nothing works anymore.
This should never happen and we need to fix it. But so far we have not found a way to reproduce it.

Mar 4 2019, 10:57 AM · gpgme, S/MIME, Bug Report

Feb 28 2019

LoZio added a comment to T4379: Invalid crypto engine importing a certificate.

Looking at other threads I found the problem in some .lock file in my gnupg directory. One of them was locked by a running process and I was not able to delete. So I opened up task manager and I had dozens of gnupg related processes running. I killed all of them and removed any .lock file.
This way Kleopatra started again but the certificate above (aruba) was not present in the imported ones. And, of course, I'm not going to import it anymore, will use my sixt sense to trust certificates...

Feb 28 2019, 2:39 PM · gpgme, S/MIME, Bug Report
LoZio added a comment to T4379: Invalid crypto engine importing a certificate.

The exact file that created the lock is attached

.
I zipped it to avoid an unintended import that kills Kleopatra.

Feb 28 2019, 2:24 PM · gpgme, S/MIME, Bug Report
LoZio added a comment to T4379: Invalid crypto engine importing a certificate.

The only action I can do is quit the program telling it to stop the background actvity, but I cannot use it anymore...

Feb 28 2019, 2:13 PM · gpgme, S/MIME, Bug Report
LoZio added a comment to T4379: Invalid crypto engine importing a certificate.

Ouch, worse problem here. After closing kleopatra telling it to stop doing whatever it was, I restarted the application and now it's stuck in "Loading certificate cache"

Feb 28 2019, 2:00 PM · gpgme, S/MIME, Bug Report
LoZio added a comment to T4379: Invalid crypto engine importing a certificate.

The certificate was defintely missing the tag lines, thanks. I also tried opening the certificate from that page (Windows has no problems without the tag lines) and exporting it explicitly as base64, and the output file is fine.
The problem is that the import now seems to go well, but no certificate is imported at all. I tried several times and the import box just closes after selecting the file.
I tried to close Kleopatra and it says there are ongoing background operations. At least 15 mins passed between the import and the closing tentative.
Actually, it is stuck doing something.

Feb 28 2019, 1:57 PM · gpgme, S/MIME, Bug Report
aheinecke triaged T4379: Invalid crypto engine importing a certificate as Normal priority.

Thanks for the report.

Feb 28 2019, 1:09 PM · gpgme, S/MIME, Bug Report
aheinecke added a comment to T4380: GpgSM: CRL access not possible due to Tor mode.

Btw. I only noticed this now as I always had "disable-tor" in my config but recently removed it for testing.

Feb 28 2019, 7:59 AM · Bug Report, dirmngr, S/MIME
aheinecke created T4380: GpgSM: CRL access not possible due to Tor mode.
Feb 28 2019, 7:59 AM · Bug Report, dirmngr, S/MIME

Feb 27 2019

gniibe added a commit to T4104: gpgsm/ksba removes leading zeros from signature byte array: rK9fea74575085: Don't remove leading zero byte..
Feb 27 2019, 3:18 AM · Testing, libksba, S/MIME, Bug Report
gniibe claimed T4104: gpgsm/ksba removes leading zeros from signature byte array.

We also need to fix for encryption and signature in CSR.

Feb 27 2019, 3:17 AM · Testing, libksba, S/MIME, Bug Report

Feb 18 2019

gniibe added a commit to T4013: Certificate requests generated from Ed25519 keys are not compliant with draft-ietf-curdle-pkix: rG3cbdf896e691: sm: Support generation of card-based ed25519 CSR..
Feb 18 2019, 3:37 AM · S/MIME, Feature Request, libksba

Feb 15 2019

gniibe added a commit to T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed: rG74e9b579ca27: sm: Support generation of card-based ECDSA CSR..
Feb 15 2019, 3:02 AM · Feature Request, S/MIME

Feb 14 2019

werner added a comment to T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed.

Thanks for that summary.

Feb 14 2019, 7:31 AM · Feature Request, S/MIME
gniibe added a commit to T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed: rK98882064f457: Support multi-valued signatures in CSRs..
Feb 14 2019, 2:32 AM · Feature Request, S/MIME

Feb 13 2019

gouttegd added a project to T4092: Certificate requests generated from card-based ECDSA keys are incorrectly marked as RSA-signed: Feature Request.

Since it seems there is a renewed interest in adding ECC support to GpgSM (as indicated by the T4098 feature request), I would like to write down here more details about this task.

Feb 13 2019, 1:37 AM · Feature Request, S/MIME

Feb 6 2019

werner claimed T4098: GpgSM: Add ECC support (Option to create an X.509/ECDSA key).
Feb 6 2019, 9:57 AM · Feature Request, S/MIME
werner added a comment to T4098: GpgSM: Add ECC support (Option to create an X.509/ECDSA key).

See also T4013 which is about ed25519 key support

Feb 6 2019, 9:56 AM · Feature Request, S/MIME

Dec 18 2018

jmrexach added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

werner,
I'm the spanish user. Are you also setting default ocsp responder option?
Setting only ocsp_signer doesn't worked, there are several CA's with diferent ocsp responders.

Dec 18 2018, 8:19 PM · S/MIME
aheinecke added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

The reporter said that it did not work for him.

Dec 18 2018, 2:44 PM · S/MIME

Dec 17 2018

werner added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

A list of SHA-1 fingerprints for the valid certificates. With our without colons.

Dec 17 2018, 5:25 PM · S/MIME
aheinecke added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

@werner what should the contents of the file look like?

Dec 17 2018, 3:46 PM · S/MIME
werner added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

I had to look it up in the code and man page too ;-)

Dec 17 2018, 10:22 AM · S/MIME
aheinecke added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

Good to know. I thought that ocsp-signer was only used if ocsp-responder is explitly set. I've suggested the workaround in the Message Board.

Dec 17 2018, 9:48 AM · S/MIME
werner added a comment to T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.

Is using

Dec 17 2018, 9:44 AM · S/MIME
aheinecke created T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.
Dec 17 2018, 8:44 AM · S/MIME
aheinecke added a comment to T4248: gpg-agent: Rare unresponsiveness after importing a secret S/MIME cert on Windows.

In Wald someone reports that this also appears to happen when decrypting. https://wald.intevation.org/forum/message.php?msg_id=6377 Probably run-threaded will help to flush this out.

Dec 17 2018, 8:33 AM · S/MIME, gnupg (gpg22), gpgagent, gpg4win

Dec 14 2018

werner added a project to T4248: gpg-agent: Rare unresponsiveness after importing a secret S/MIME cert on Windows: S/MIME.
Dec 14 2018, 10:46 AM · S/MIME, gnupg (gpg22), gpgagent, gpg4win

Dec 13 2018

werner claimed T4013: Certificate requests generated from Ed25519 keys are not compliant with draft-ietf-curdle-pkix.
Dec 13 2018, 9:38 AM · S/MIME, Feature Request, libksba

Nov 19 2018

aheinecke closed T4227: Gpg4win 3.1.5, a subtask of T3967: dirmngr: "flush" does not flush in memory CRL's, as Resolved.
Nov 19 2018, 10:28 AM · kleopatra, S/MIME, gnupg

Nov 15 2018

aheinecke created T4257: GPGME: op_verify failes for S/MIME with EBADF in multithreaded signature verification.
Nov 15 2018, 12:44 PM · S/MIME, gpgme

Nov 12 2018

aheinecke added a commit to T3967: dirmngr: "flush" does not flush in memory CRL's: rG678e4706ee61: dirmngr: Add FLUSHCRLs command.
Nov 12 2018, 2:00 PM · kleopatra, S/MIME, gnupg
aheinecke added a commit to T3967: dirmngr: "flush" does not flush in memory CRL's: rKLEOPATRA05fb82066b18: Use new FLUSHCRLS command on windows.
Nov 12 2018, 1:56 PM · kleopatra, S/MIME, gnupg
aheinecke closed T3967: dirmngr: "flush" does not flush in memory CRL's as Resolved.
Nov 12 2018, 1:18 PM · kleopatra, S/MIME, gnupg
aheinecke closed T3967: dirmngr: "flush" does not flush in memory CRL's, a subtask of T3948: GPGSM: Multiple issues reported to KMail, as Resolved.
Nov 12 2018, 1:18 PM · gpgme, S/MIME
aheinecke added a subtask for T3967: dirmngr: "flush" does not flush in memory CRL's: T4227: Gpg4win 3.1.5.
Nov 12 2018, 1:18 PM · kleopatra, S/MIME, gnupg
aheinecke added a commit to T3967: dirmngr: "flush" does not flush in memory CRL's: rG00321a025f90: dirmngr: Add FLUSHCRLs command.
Nov 12 2018, 12:43 PM · kleopatra, S/MIME, gnupg

Oct 24 2018

aheinecke added a revision to T3967: dirmngr: "flush" does not flush in memory CRL's: D469: dirmngr: Add FLUSHCRLs command.
Oct 24 2018, 10:45 AM · kleopatra, S/MIME, gnupg

Sep 4 2018

aheinecke closed T4029: Gpg4win 3.1.3, a subtask of T3961: GpgOL: Add option to prefer S/MIME over OpenPGP in autoresolution, as Resolved.
Sep 4 2018, 9:24 AM · S/MIME, gpgol
aheinecke closed T4029: Gpg4win 3.1.3, a subtask of T4075: Kleopatra: Setting SigG PIN for Netkey should be optional, as Resolved.
Sep 4 2018, 9:24 AM · gpg4win, kleopatra, S/MIME
aheinecke closed T4029: Gpg4win 3.1.3, a subtask of T4069: GpgSM, Dirmngr communication on Windows sometimes very slow, as Resolved.
Sep 4 2018, 9:24 AM · dirmngr, S/MIME, gpg4win
aheinecke added a comment to T3961: GpgOL: Add option to prefer S/MIME over OpenPGP in autoresolution.

The original reporter in the gpg4win-forums reports that this does not work reliably. :-/

Sep 4 2018, 9:24 AM · S/MIME, gpgol
aheinecke closed T4080: Kleopatra: Learn Netkey certificates should show diagnostics only optionally as Resolved.

Gpg4win-3.1.3 was released.

Sep 4 2018, 9:20 AM · gpg4win, S/MIME, kleopatra

Aug 31 2018

aheinecke created T4117: GPGSM: SHA-256 Fingerprint handling.
Aug 31 2018, 8:50 AM · kleopatra, S/MIME

Aug 30 2018

aheinecke added a subtask for T4080: Kleopatra: Learn Netkey certificates should show diagnostics only optionally: T4029: Gpg4win 3.1.3.
Aug 30 2018, 1:06 PM · gpg4win, S/MIME, kleopatra