Feature RequestExperimental
ActivePublic

Members

  • This project does not have any members.

Watchers (1)

Recent Activity

Wed, Apr 10

aheinecke added a commit to T4388: GpgOL: Add draft encryption as an option.: rO9e4788126247: Add initial draft encryption support.
Wed, Apr 10, 9:43 AM · Feature Request, gpg4win, gpgol
dkg added a comment to T3767: simplify sharing dirmngr's across multiple GNUPGHOMEs.

One of the things that dirmngr has going for it is that it tracks the current network state, and it would be nice to be able to reuse that state across sessions. If an ephemeral keyring can't use a shared dirmngr, there are fewer arguments for having dirmngr in the first place, and people might be more justified in replacing it with things like https://gitlab.com/anarcat/scripts/blob/master/openpgp-key-get

Wed, Apr 10, 2:52 AM · Documentation, Feature Request, gnupg, dirmngr

Tue, Apr 9

werner lowered the priority of T3767: simplify sharing dirmngr's across multiple GNUPGHOMEs from High to Normal.

I don't anymore think this is a high priority request. BTW, A more real problem than several dirmngr instances is multi-user access to smartcards.

Tue, Apr 9, 8:59 AM · Documentation, Feature Request, gnupg, dirmngr

Mon, Apr 8

aheinecke merged task T4452: Send Attachments in Outlook with G-Suite Sync into T3545: GpgOL: Support G Suite Sync Accounts.
Mon, Apr 8, 2:49 PM · Feature Request
aheinecke added a comment to T4452: Send Attachments in Outlook with G-Suite Sync.

Yep, I'd like that, too. Sadly G-Suite Sync does not support "PGP/MIME" which is the standardized format we need to put together a message with attachments in a Mail.
So for now we only have PGP/Inline support. See: T3545

Mon, Apr 8, 2:49 PM · Feature Request
Kobi updated the task description for T4452: Send Attachments in Outlook with G-Suite Sync.
Mon, Apr 8, 11:05 AM · Feature Request
Kobi updated the task description for T4452: Send Attachments in Outlook with G-Suite Sync.
Mon, Apr 8, 11:05 AM · Feature Request
Kobi created T4452: Send Attachments in Outlook with G-Suite Sync.
Mon, Apr 8, 11:04 AM · Feature Request

Fri, Apr 5

werner added a comment to T4448: Add "Autocrypt" key-origin.
  • If the original key origin is a KEYSERVER or WKD it is fine to fetch an update of the key from a keyserver/wkd without user interaction.
  • if the key origin is file it can be assumed that the key has bee received hand to hand and thus the existence of that key should not be made public.
Fri, Apr 5, 5:12 PM · Feature Request
patrick added a comment to T4448: Add "Autocrypt" key-origin.

I did not yet implement the use of "key origin" in Enigmail. I don't believe that it adds much value, because I anyway need to track more details about autocrypt keys separately from the keyring (such as the peer-state).

Fri, Apr 5, 5:07 PM · Feature Request
dkg added a comment to T4448: Add "Autocrypt" key-origin.

does the proposed mail value indicate that the key was received over e-mail, or is it intended to have some more nuanced semantics?

Fri, Apr 5, 4:47 PM · Feature Request
Valodim added a comment to T4448: Add "Autocrypt" key-origin.

I disagree that it's conceptionally the same, unless you also consider any key on an HTTP server to be "conceptionally the same" as WKD.

Fri, Apr 5, 4:34 PM · Feature Request
werner added a comment to T4448: Add "Autocrypt" key-origin.

Conceptionally it is the same. You receive a key and start to use it, everything else is not a matter of gpg; in particular not the autocrypt protocol.

Fri, Apr 5, 4:26 PM · Feature Request
Valodim added a comment to T4448: Add "Autocrypt" key-origin.
Certain origins do have special treatment but in general the key origin is meta data for the frontend.
Fri, Apr 5, 10:56 AM · Feature Request
aheinecke updated subscribers of T4448: Add "Autocrypt" key-origin.

I agree with you and GpgOL handles it that way so for me this would work. But I'm not actually implementing autocrypt, so I also added @patrick to the subscribers.
I've talked about using key-origin in Enigmail with him in Brussels and I would be interested what he thinks Enigmail might require and if gpg could be improved for that.

Fri, Apr 5, 9:29 AM · Feature Request
werner triaged T4448: Add "Autocrypt" key-origin as Normal priority.
Fri, Apr 5, 9:27 AM · Feature Request
werner added a comment to T4448: Add "Autocrypt" key-origin.

autocrypt is not different from attaching a file to a (signed) message as it has always been done. We have no special treatment for that in gpg. Certain origins do have special treatment but in general the key origin is meta data for the frontend. For example it allows us to update a key received from WKD when it has expired.

Fri, Apr 5, 9:18 AM · Feature Request
aheinecke closed T4449: Configurable timer for having-to-input passphrase via "kleopatra" as Resolved.

Hi,
if I don't misunderstand you, we already have that:

Fri, Apr 5, 8:41 AM · Feature Request
aheinecke added a comment to T4448: Add "Autocrypt" key-origin.

My interpretation of the key-origin is that it's basically up to the application what it does with the information. It is added information, like the TOFU history we can have. I don't necessarily think in terms of "trustworthyness".

Fri, Apr 5, 8:36 AM · Feature Request
esdee created T4449: Configurable timer for having-to-input passphrase via "kleopatra".
Fri, Apr 5, 8:15 AM · Feature Request

Thu, Apr 4

Valodim added a comment to T4448: Add "Autocrypt" key-origin.

I'm a bit confused. The origin of Autocrypt keys is clearly different from keyservers ("ks"), why would they use the same value? I was aware that origin values are mapped to integers, but your description seems to imply that these integers have significant ordering in terms of trust. The documentation in the man page is a bit bare bones, but my interpretation of "key-origin" was that it simply stated the method of discovery for a key, leaving any implications of trust to the client. Is this incorrect?

Thu, Apr 4, 7:23 PM · Feature Request
dkg added a comment to T4448: Add "Autocrypt" key-origin.

@werner: what if the autocrypt header is in a dkim-signed message, and the dkim signature covers the autocrypt header, and the dkim signature is verifiable using dnssec? is it still the same as from a keyserver?

Thu, Apr 4, 6:32 PM · Feature Request
werner added a comment to T4448: Add "Autocrypt" key-origin.

Receiving a key by mail should in general be considered unknown and is not more trustworthy than receiving a key from a keyserver. I would suggest that you use "ks-pref" for this purpose. That origin value has no special meaning in gnupg but is numerical ordered between keyserver and and DANE; gpgme currently maps it to keyserver level anyway.

Thu, Apr 4, 5:50 PM · Feature Request
Valodim renamed T4448: Add "Autocrypt" key-origin from Add "Autocrypt" origin to Add "Autocrypt" key-origin.
Thu, Apr 4, 11:06 AM · Feature Request
Valodim created T4448: Add "Autocrypt" key-origin.
Thu, Apr 4, 11:05 AM · Feature Request

Wed, Apr 3

werner triaged T4446: please add --quick-revoke-subkey as Normal priority.
Wed, Apr 3, 10:46 PM · OpenPGP, gnupg (gpg23), Feature Request
ap4y added a comment to T4009: POLDI: Support for EC (nist, brainpool, at least).

I implemented support for ECC and DSA public keys in poldi. Tested with ECC (curve 25519) key on Gnuk smartcard (Nitrokey Start).

Wed, Apr 3, 11:07 AM · poldi, Feature Request

Tue, Apr 2

dkg created T4446: please add --quick-revoke-subkey.
Tue, Apr 2, 5:41 PM · OpenPGP, gnupg (gpg23), Feature Request

Mon, Apr 1

FrederickZh added a comment to T3416: gpg should select available signing key on card (even with -u option).

Here's an ugly hack to make this work (patch based on v2.2.15).

Mon, Apr 1, 2:24 PM · Feature Request, gnupg
werner created T4445: New feature to list keys signed by a certain key..
Mon, Apr 1, 10:56 AM · Feature Request, gnupg (gpg23)

Sat, Mar 30

FrederickZh added a comment to T3416: gpg should select available signing key on card (even with -u option).

@vsrinu26f No worries, looks like we are on the same page :)

Sat, Mar 30, 10:06 AM · Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

Sorry i think i blabbered without understanding context.

Sat, Mar 30, 10:00 AM · Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

I wish gnupg natively supports creating backup cards. To be able to import
private key material to do another keyto card. And every time it moves that
to card and removes from gnupg.

Sat, Mar 30, 9:46 AM · Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

For exactly same key material on tokens. Just before writing first token
backup .gnupg folder or export all key info. Do key to card. Delete .gnupg
folder and restore from backup and keytocard second token.

Sat, Mar 30, 9:39 AM · Feature Request, gnupg

Fri, Mar 29

FrederickZh added a comment to T3416: gpg should select available signing key on card (even with -u option).

Both tokens should have same material.

Fri, Mar 29, 1:38 PM · Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

On the other hand if we want to track which token is used by having multiple unexpired signing subkeys and each token have its own subkey is a possible usecase where multiple admins have the tokens.

Fri, Mar 29, 1:28 PM · Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

I think if we have to update one token then we have to update backup token as well if moved to new subkey.

Fri, Mar 29, 1:21 PM · Feature Request, gnupg
FrederickZh added a comment to T3416: gpg should select available signing key on card (even with -u option).

@vsrinu26f Yes I'm using subkeys with YubiKey.

Fri, Mar 29, 1:17 PM · Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

Sorry, ignore my comment if there is something with subkeys and you are
already using latest gnupg.

Fri, Mar 29, 1:11 PM · Feature Request, gnupg
vsrinu26f added a comment to T3416: gpg should select available signing key on card (even with -u option).

This is already implemented by yutaka.

Fri, Mar 29, 1:05 PM · Feature Request, gnupg
FrederickZh added a comment to T3416: gpg should select available signing key on card (even with -u option).

Sorry for jumping in out of the blue but the idea of automatically selecting the available signing key sounds also very appealing to me.

Fri, Mar 29, 9:29 AM · Feature Request, gnupg

Sun, Mar 24

jukivili closed T2388: Inform callers about memory alignment requirements of a cipher implementation as Resolved.
Sun, Mar 24, 8:56 PM · libgcrypt, Feature Request
jukivili added a commit to T2388: Inform callers about memory alignment requirements of a cipher implementation: rCbb03edcbba95: doc: add mention about aligning data to cachelines for best performance.
Sun, Mar 24, 4:58 PM · libgcrypt, Feature Request
jukivili claimed T2388: Inform callers about memory alignment requirements of a cipher implementation.
Sun, Mar 24, 9:51 AM · libgcrypt, Feature Request

Sat, Mar 23

crollinsphoto added a comment to T4392: Imports public key only, will not import secret key.

Great. Let me know when the newest gpg4win is released.

Sat, Mar 23, 9:49 PM · gnupg, Feature Request, gpg4win
dkg added a comment to T3389: canonical OpenPGP certificate export.

fwiw, a comment over on T4422 contains a bash script that tries to force GnuPG to do its certificate/signature re-ordering. this doesn't produce anything canonical yet, but it's the closest i've come so far to getting GnuPG to do something repeatable with a certificate after merging (but even that is not quite stable).

Sat, Mar 23, 2:34 AM · gnupg (gpg23), Feature Request

Thu, Mar 21

werner added a parent task for T3495: The --list-keys should account for groups that are defined: T4417: Work needed for gnupg 2.3.
Thu, Mar 21, 1:09 PM · Feature Request
werner added a parent task for T4406: Allow the use of the default-new-key-algo format for --quick-gen-key.: T4417: Work needed for gnupg 2.3.
Thu, Mar 21, 1:09 PM · Feature Request, gnupg (gpg23)
werner added a parent task for T4362: Replace the exec funtions for photoids in gpg by our standard exec functions.: T4417: Work needed for gnupg 2.3.
Thu, Mar 21, 1:09 PM · gnupg, Feature Request
werner added a parent task for T4398: Rework Console handling on Windows: T4417: Work needed for gnupg 2.3.
Thu, Mar 21, 1:09 PM · Feature Request, gnupg (gpg23)