Bug Report
ActivePublic

Members

  • This project does not have any members.

Recent Activity

Yesterday

gniibe added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

If the use of GnuPG (current implementation) is a condition, I think that you could improve the generation of SKESK packets, so that no other passphrase can not let gpg misunderstand as it may decrypt encrypted packet.

Thu, Jul 18, 11:48 PM · gnupg (gpg22), Bug Report
stm added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

Unfortunately, for my use case the corresponding SKESK packet number is not known when calling GnuPG.

Thu, Jul 18, 11:02 PM · gnupg (gpg22), Bug Report
ilf created T4644: gpg: implent keybox compression run.
Thu, Jul 18, 9:33 PM · Bug Report
JW-D added a comment to T4631: Difficulties to generate key on OpenPGP Smart Card V3.3.

I use the internal driver.

Thu, Jul 18, 8:37 PM · OpenPGP, scd, Bug Report
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

I'm aware of you releasing an RC for comments, and i apologize for not catching this particular case earlier. As you know from T4607, i was even advocating for it. i didn't understand the full implications of the "import-then-clean" approach at the time, and was thinking it would only apply to the incoming material, not the stored material.

Thu, Jul 18, 4:26 PM · Keyserver, gnupg (gpg22), Bug Report
werner edited projects for T4631: Difficulties to generate key on OpenPGP Smart Card V3.3, added: scd, OpenPGP; removed Info Needed.

Are you using pcscd (is that process running) or the internal driver.? Please try the latter if you are not already using it.

Thu, Jul 18, 11:15 AM · OpenPGP, scd, Bug Report
werner triaged T4633: gpg argument "--passphrase=" yields 'missing argument for option "--passphrase="' as High priority.
Thu, Jul 18, 11:13 AM · gnupg (gpg22), Bug Report
werner triaged T4634: "gpg --quiet --quick-gen-key" is not quiet: emits "key $FPR marked as ultimately trusted" to stderr. as Wishlist priority.
Thu, Jul 18, 11:11 AM · gnupg (gpg22), Bug Report
werner triaged T4640: Outdated text and links at <http://git.gnupg.org/> as Normal priority.
Thu, Jul 18, 11:10 AM · gpgweb, Bug Report
werner edited projects for T4640: Outdated text and links at <http://git.gnupg.org/>, added: gpgweb; removed Trash, Documentation.
Thu, Jul 18, 11:10 AM · gpgweb, Bug Report
werner added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

The code has comments why we do a first clean_key on the imported keyblock.

Thu, Jul 18, 11:07 AM · Keyserver, gnupg (gpg22), Bug Report
JW-D added a comment to T4631: Difficulties to generate key on OpenPGP Smart Card V3.3.

All my keys are RSA 4096. It worked fine with OpenPGP smart cards and with two Yubikey 5. On all devices a set of RSA 4096 keys were geneated on the device itself. Only one card failed. But even the card which failed, generated at least the signature key in RSA 4096.

Thu, Jul 18, 8:18 AM · OpenPGP, scd, Bug Report
gniibe added a project to T4631: Difficulties to generate key on OpenPGP Smart Card V3.3: Info Needed.

Please let us know what kind of key and how large, like RSA-4096 or ECC Brainpool.
For RSA 2048 or larger, yes, it takes too long.

Thu, Jul 18, 7:47 AM · OpenPGP, scd, Bug Report
gniibe added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

I mean, if all SKESK packets should be tried, we need some larger surgery of current implementation.

Thu, Jul 18, 5:07 AM · gnupg (gpg22), Bug Report
gniibe added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

Is it possible for your application (DOTS), to specify the packet number for SKESKP, not trying all SKESK packets?


^-- with this change, we can decrypt the skesks.asc with --passphrase-repeat=169, and skesks2.asc with --passphrase-repeat=30

Thu, Jul 18, 5:05 AM · gnupg (gpg22), Bug Report
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

i've merged a variant of rGbe99eec2b105eb5f8e3759147ae351dcc40560ad into the GnuPG packaging in debian unstable as of version 2.2.17-3 to avoid the risks of data loss and signature verification failures. I'll revert it if i see the concern addressed upstream.

Thu, Jul 18, 12:17 AM · Keyserver, gnupg (gpg22), Bug Report

Wed, Jul 17

dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.

@gniibe, thank you for backporting this to STABLE-BRANCH-2-2!

Wed, Jul 17, 10:25 PM · gnupg (gpg23), Bug Report
dkg added commits to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate: rGeb00a14f6d2d: gpg: Improve import slowness., rG33c17a8008c3: gpg: Improve import slowness..
Wed, Jul 17, 10:24 PM · gnupg (gpg23), Bug Report
stm added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

But that's exactly my use case in DOTS: an easily to create 'decryption puzzle' (including the hardness of iterated and salted S2K) for the serving party in order to make DoS harder. I don't see how public-key crypto can help here. Moreover, I would keep the user interaction as cheap as possible, i.e., copy'n'paste an ASCII-armored message and passwort to GnuPG without importing public keys etc.

Wed, Jul 17, 8:34 PM · gnupg (gpg22), Bug Report
olf created T4640: Outdated text and links at <http://git.gnupg.org/>.
Wed, Jul 17, 5:01 PM · gpgweb, Bug Report
werner added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

The problem here is that trial decryption may cost a lot of time because of the passphrase KDF function which, on purpose, takes long. There is one exception: A simple S2K (algo 0) takes no time and its use makes sense iff the passphrase has been created directly as a random string. However, I do not see the use cases for of a set of many passphrases compared to just use public key crypto.

Wed, Jul 17, 12:19 PM · gnupg (gpg22), Bug Report
JW-D added a comment to T4631: Difficulties to generate key on OpenPGP Smart Card V3.3.

I should may add, that on the card which failed, only the signature key was generated and written to the card. The authentication and encryption keys could not be generated..

Wed, Jul 17, 8:06 AM · OpenPGP, scd, Bug Report
stm added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

@gniibe Thanks for explaining the background. Are there any ideas for fixing? (e.g. the decrypted content could be checked for a valid packet structure or at least for starting with a valid packet header)

Wed, Jul 17, 7:36 AM · gnupg (gpg22), Bug Report
dkg created T4634: "gpg --quiet --quick-gen-key" is not quiet: emits "key $FPR marked as ultimately trusted" to stderr..
Wed, Jul 17, 1:01 AM · gnupg (gpg22), Bug Report
dkg added a comment to T4601: gpg --quiet --quick-sign-key is not quiet.

does the removal of the gpg22 tag mean that it will not be possible to rely on colon-delimited output for the gpg 2.2 series?

Wed, Jul 17, 12:56 AM · gnupg (gpg23), Bug Report
dkg created T4633: gpg argument "--passphrase=" yields 'missing argument for option "--passphrase="'.
Wed, Jul 17, 12:53 AM · gnupg (gpg22), Bug Report

Tue, Jul 16

JW-D created T4631: Difficulties to generate key on OpenPGP Smart Card V3.3.
Tue, Jul 16, 8:27 PM · OpenPGP, scd, Bug Report
dkg added a comment to T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net`.

Just a note that we're now shipping this patch in debian unstable. It would be great if it was merged upstream.

Tue, Jul 16, 8:08 PM · gnupg (gpg22), Bug Report, dirmngr
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

that pseudocode is strange to me -- it looks like you have (two) duplicate calls to clean_key (imported_keyblock) (though maybe i just don't know what .... means in this pseudocode).

Tue, Jul 16, 6:36 PM · Keyserver, gnupg (gpg22), Bug Report
gniibe closed T4105: Inconsistent output for revocation keys in --list-keys --with-colons as Resolved.

Thanks, fixed in master.

Tue, Jul 16, 9:55 AM · Documentation, gnupg, Bug Report
gniibe added a commit to T4105: Inconsistent output for revocation keys in --list-keys --with-colons: rG4195ce15f494: doc: Fix description of the field 11..
Tue, Jul 16, 9:55 AM · Documentation, gnupg, Bug Report
werner triaged T4627: "gpg --verbose --list-secret-keys" prints a lot of warning messages unrelated to secret keys as Low priority.
Tue, Jul 16, 8:29 AM · gnupg (gpg22), Bug Report
werner triaged T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned as Normal priority.
Tue, Jul 16, 8:25 AM · Keyserver, gnupg (gpg22), Bug Report
werner added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

You are partly right. I missed that we also do clean the original keyblock while updating a key. The code is

Tue, Jul 16, 8:17 AM · Keyserver, gnupg (gpg22), Bug Report
werner added a comment to T4594: dirmngr appears to unilaterally import system CAs.

I see. I am also mostly testing with ntbtls so I was wondering about the report. Thanks for reporting and fixing.

Tue, Jul 16, 8:04 AM · Bug Report, dirmngr, gnupg (gpg22)
gniibe added a comment to T4623: pkg-config for mingw needs to emit -lws2_32.

Current situation of *.pc: static linking is not supported (yet).
It has never supported, actually, by *-config.

Tue, Jul 16, 5:49 AM · Windows, gpgrt, Bug Report
gniibe triaged T4594: dirmngr appears to unilaterally import system CAs as Normal priority.

While I understand incorrectness, the risk in practice is not that high. So, I put this as "normal" priority.

Tue, Jul 16, 5:35 AM · Bug Report, dirmngr, gnupg (gpg22)
gniibe added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

In the current implementation of GnuPG, multiple packets of Symmetric-Key Encrypted Session Key Packet are not handled very well.

Tue, Jul 16, 4:03 AM · gnupg (gpg22), Bug Report
gniibe changed the status of T4594: dirmngr appears to unilaterally import system CAs from Open to Testing.

Pushed the change to master as well as 2.2 branch.

Tue, Jul 16, 3:15 AM · Bug Report, dirmngr, gnupg (gpg22)
gniibe added a commit to T4594: dirmngr appears to unilaterally import system CAs: rG58e234fbeb6c: dirmngr: Don't add system CAs for SKS HKPS pool..
Tue, Jul 16, 3:14 AM · Bug Report, dirmngr, gnupg (gpg22)
gniibe added a commit to T4594: dirmngr appears to unilaterally import system CAs: rG75e0ec65170b: dirmngr: Don't add system CAs for SKS HKPS pool..
Tue, Jul 16, 3:13 AM · Bug Report, dirmngr, gnupg (gpg22)
gniibe added a commit to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate: rGb7df72d3074b: gpg: Fix keyring retrieval..
Tue, Jul 16, 1:34 AM · gnupg (gpg23), Bug Report

Mon, Jul 15

dkg added a commit to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned: rGbe99eec2b105: gpg: drop import-clean from default keyserver import options.
Mon, Jul 15, 10:37 PM · Keyserver, gnupg (gpg22), Bug Report
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

I think dropping import-clean from the default keyserver options is the right way to go. It is not clear what additional benefit import-clean provides given that we are already using self-sigs-only. And the idea of non-additive behavior to the local keyring when pulling from a keyserver is a deeply surprising change for multiple users i've talked to.

Mon, Jul 15, 10:35 PM · Keyserver, gnupg (gpg22), Bug Report
dkg added a comment to T4591: gpg drops flooded certificates entirely if the certficate is too large, and gpg is using `pubring.kbx`.

The fact that import-clean modifies already-held certifications makes me think it is inappropriate to have as the default for keyserver access (see T4628 for more details).

Mon, Jul 15, 7:34 PM · Bug Report, gnupg (gpg22)
dkg created T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.
Mon, Jul 15, 7:09 PM · Keyserver, gnupg (gpg22), Bug Report
dkg created T4627: "gpg --verbose --list-secret-keys" prints a lot of warning messages unrelated to secret keys.
Mon, Jul 15, 5:17 PM · gnupg (gpg22), Bug Report
dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.

I am proposing to backport rG33c17a8008c3ba3bb740069f9f97c7467f156b54 and rGa7a043e82555a9da984c6fb01bfec4990d904690 to STABLE-BRANCH-2-2 as they represent a significant performance improvement in several specific use cases and appear to have no downsides.

Mon, Jul 15, 5:07 PM · gnupg (gpg23), Bug Report
dkg added a comment to T4615: gpg.exe very slow.

If you're on a platform that has awk available (any GNU/Linux and MacOS should provide it), you can scan for the largest OpenPGP certificate in your keyring with an awk script i posted over at https://dev.gnupg.org/T3972#127356

Mon, Jul 15, 4:57 PM · Bug Report, gpg4win
pschoenb added a comment to T4615: gpg.exe very slow.

How to find out which keys are affected?

Mon, Jul 15, 4:22 PM · Bug Report, gpg4win