Feature RequestExperimental
ActivePublic

Members

  • This project does not have any members.

Watchers (1)

Recent Activity

Sat, Jan 23

gouttegd closed T4659: Release Pinentry-1.1.1, a subtask of T3428: pinentry-curses should be able to avoid showing *s when user enters passphrase, as Resolved.
Sat, Jan 23, 11:22 PM · pinentry, Feature Request
Denisov23 closed T5092: Translate Gnupg in Italian as Resolved.
Sat, Jan 23, 5:55 PM · gnupg, i18n, Feature Request
Denisov23 added projects to T5171: Wish: in GPA add other types of keys such as Kleopatra: gpa, Feature Request.
Sat, Jan 23, 5:54 PM · Feature Request, gpa
Denisov23 added a comment to T5092: Translate Gnupg in Italian.

Hi,
you can close this tickets, the Italian translation has already been uploaded successfully. Don't import anything to GnuPG. Thanks a lot!

Sat, Jan 23, 5:52 PM · gnupg, i18n, Feature Request

Fri, Jan 22

werner raised the priority of T3211: [website] Atom/RSS feed for releases, news and/or blog from Wishlist to Normal.
Fri, Jan 22, 12:04 PM · Feature Request

Mon, Jan 18

werner moved T4951: Support point compression in Libgcrypt from For 1.9 to For 1.10 on the libgcrypt board.
Mon, Jan 18, 7:05 PM · Feature Request, libgcrypt
werner moved T4873: Enable AES GCM in FIPS mode from FIPS to For 1.10 on the libgcrypt board.
Mon, Jan 18, 7:04 PM · libgcrypt, Feature Request
werner removed a subtask for T1303: Please support GCRYSEXP_FMT_BASE64: T4294: Release Libgcrypt 1.9.0.
Mon, Jan 18, 7:02 PM · Feature Request, libgcrypt
gouttegd closed T3428: pinentry-curses should be able to avoid showing *s when user enters passphrase as Resolved.

No disagreement after more than a year, I think it’s fair to say that either everybody is fine with that feature being only present in the -qt, -tqt, -gtk, and -curses pinentries, or that nobody cares. :) Closing now, will be part of the upcoming pinentry-1.1.1.

Mon, Jan 18, 2:04 PM · pinentry, Feature Request

Tue, Jan 12

werner moved T4584: --quick-sign-key offers no way to override a current certification from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Tue, Jan 12, 11:05 AM · Restricted Project, gnupg (gpg22), Feature Request
werner added a project to T4584: --quick-sign-key offers no way to override a current certification: Restricted Project.
Tue, Jan 12, 8:05 AM · Restricted Project, gnupg (gpg22), Feature Request
werner raised the priority of T4584: --quick-sign-key offers no way to override a current certification from Normal to High.
Tue, Jan 12, 8:04 AM · Restricted Project, gnupg (gpg22), Feature Request

Mon, Jan 11

aheinecke edited projects for T4699: X.509 certificate request more comfortable, added: Restricted Project; removed g10code.
Mon, Jan 11, 10:55 AM · Restricted Project, kleopatra, S/MIME, gpg4win, Feature Request

Fri, Jan 8

aheinecke added a project to T4699: X.509 certificate request more comfortable: g10code.
Fri, Jan 8, 4:31 PM · Restricted Project, kleopatra, S/MIME, gpg4win, Feature Request
gniibe added a comment to T4951: Support point compression in Libgcrypt.

Reading compressed point (in keys) is supported (except for NIST P-224). When curve point is represented in compressed format, it is correctly interpreted now. So, for example, I think that with 1.9.0, gpgsm can handle certificate which uses compressed format in its curve point representation.

Fri, Jan 8, 2:09 AM · Feature Request, libgcrypt

Thu, Jan 7

werner moved T4873: Enable AES GCM in FIPS mode from For 1.9 to FIPS on the libgcrypt board.
Thu, Jan 7, 5:59 PM · libgcrypt, Feature Request
werner moved T4951: Support point compression in Libgcrypt from Backlog to For 1.9 on the libgcrypt board.
Thu, Jan 7, 11:42 AM · Feature Request, libgcrypt
werner moved T4873: Enable AES GCM in FIPS mode from Backlog to For 1.9 on the libgcrypt board.
Thu, Jan 7, 11:40 AM · libgcrypt, Feature Request
werner claimed T4926: Add API to map a curve name to its canonical OID..
Thu, Jan 7, 11:30 AM · Feature Request, libgcrypt
werner added a comment to T4951: Support point compression in Libgcrypt.

What is the state of this bug? Reading is implemented - do we really need writing (maybe to support certain smartcards)?

Thu, Jan 7, 11:29 AM · Feature Request, libgcrypt
werner added a subtask for T4486: Add AEAD mode AES-SIV to libgcrypt (RFC 5297): T4485: Add AEAD mode AES-GCM-SIV to libgcrypt (RFC 8452).
Thu, Jan 7, 11:04 AM · Feature Request, libgcrypt
werner added a parent task for T4485: Add AEAD mode AES-GCM-SIV to libgcrypt (RFC 8452): T4486: Add AEAD mode AES-SIV to libgcrypt (RFC 5297).
Thu, Jan 7, 11:04 AM · Feature Request, libgcrypt
werner lowered the priority of T1303: Please support GCRYSEXP_FMT_BASE64 from Normal to Wishlist.
Thu, Jan 7, 9:14 AM · Feature Request, libgcrypt

Wed, Jan 6

rupor-github added a comment to T3883: Add Win32-OpenSSH support to gpg-agent's ssh-agent.

I wrote https://github.com/rupor-github/win-gpg-agent to simplify usage on Windows until this issue is resolved - it handles various edge cases on Windows.

Wed, Jan 6, 7:25 PM · gnupg (gpg23), Windows, ssh, gpgagent, Feature Request

Tue, Jan 5

werner added a comment to T3505: Port GPGME's Python bindings to Windows.

The C++, CL, Javascript and QT Bindings are all written by hand.

Tue, Jan 5, 4:06 PM · Feature Request, gpgme, Python
bernhard added a comment to T3505: Port GPGME's Python bindings to Windows.

Hi Werner,

we do it for the other bindings as well.

can you elaborate?

Tue, Jan 5, 3:01 PM · Feature Request, gpgme, Python
werner lowered the priority of T3505: Port GPGME's Python bindings to Windows from High to Normal.

Given all the resources we had put on this Python bindings I'd suggest to bite the bullet and replace Swig by handcrafted bindings. More work but we do it for the other bindings as well.

Tue, Jan 5, 10:59 AM · Feature Request, gpgme, Python
werner lowered the priority of T4695: Remove SERIALNO as an identifier to select keys from High to Normal.

I think we can close this one, right?

Tue, Jan 5, 10:54 AM · Testing, Feature Request, gnupg
wiktor-k added a comment to T4694: manage first-party attestations.

For the context of all subscribed parties I think Werner refers to what Hockeypuck is doing: https://lists.gnupg.org/pipermail/gnupg-users/2020-December/064441.html

Tue, Jan 5, 10:45 AM · Keyserver, Feature Request
werner lowered the priority of T4694: manage first-party attestations from High to Low.

Meanwhile there are simpler ideas and code on how to do only authenticated uploads. Thus lowering the prio.

Tue, Jan 5, 10:41 AM · Keyserver, Feature Request
werner triaged T5060: Feature to migrate a card based to a file based key pair as Normal priority.
Tue, Jan 5, 9:36 AM · gnupg (gpg23), Feature Request
werner triaged T4961: ship gpgrt.pc as Normal priority.
Tue, Jan 5, 9:34 AM · Feature Request, gpgrt

Fri, Jan 1

scratchmex added a comment to T3808: Unable to safely delete IDs with shared secret keys.

Actually this isn't really a special case when you want to migrate your existing ssh keys to gpg and import them. As stated in this guide https://opensource.com/article/19/4/gpg-subkeys-ssh-multiples, what you need to do currently is export the master key with its private keys, delete the imported ssh key from your keyring and then import your private keys again.

Fri, Jan 1, 3:08 PM · Feature Request

Dec 21 2020

werner closed T4788: System wide configuration of the GnuPG system as Resolved.
Dec 21 2020, 7:40 PM · gnupg (gpg23), Feature Request, gpg4win, g10code

Dec 18 2020

ikloecker changed the status of T5138: Change Reset Code not working in Kleopatra from Open to Testing.

Werner, please retest. If "Change Reset Code" still doesn't work for you, then please answer the questions in the first comment.

Dec 18 2020, 12:19 PM · Feature Request, Bug Report, kleopatra
ikloecker added a comment to T5138: Change Reset Code not working in Kleopatra.

Note: Officially, Kleopatra does not support OpenPGP v1 cards. At least, according to the text that is displayed if no card is found.

Dec 18 2020, 12:15 PM · Feature Request, Bug Report, kleopatra
werner added a commit to T4788: System wide configuration of the GnuPG system: rGa028f24136a0: Backport of the new option parser from 2.3.
Dec 18 2020, 11:30 AM · gnupg (gpg23), Feature Request, gpg4win, g10code
ikloecker added a commit to T5138: Change Reset Code not working in Kleopatra: rKLEOPATRA7b3bc5596af7: Add support for unblocking the PIN/card with the reset code.
Dec 18 2020, 11:12 AM · Feature Request, Bug Report, kleopatra
ikloecker added a commit to T5138: Change Reset Code not working in Kleopatra: rKLEOPATRA4bb358ec2931: Add explicit reset mode for changing a PIN.
Dec 18 2020, 11:12 AM · Feature Request, Bug Report, kleopatra
ikloecker added a comment to T5138: Change Reset Code not working in Kleopatra.

"Change Reset Code" should work in Kleopatra. At least for OpenPGP v2+ cards. Kleopatra simply does "SCD PASSWD --reset OPENPGP.2", i.e. the same as gpg-card. I have verified that it works with a Yubikey.

Dec 18 2020, 11:11 AM · Feature Request, Bug Report, kleopatra

Dec 16 2020

gniibe reopened T4563: gpg-agent fails to sign request of PKISSH as "Open".
Dec 16 2020, 1:43 AM · Feature Request, gpgagent
gniibe closed T4563: gpg-agent fails to sign request of PKISSH as Wontfix.
Dec 16 2020, 1:42 AM · Feature Request, gpgagent
gniibe added a comment to T4563: gpg-agent fails to sign request of PKISSH.

If your problem is the incompatibility between standard OpenSSH (server) and PKIXSSH (client) for use of ssh-agent emulation of gpg-agent with ECDSA key, I'd suggest to apply following patch to your PKIXSSH:

diff --git a/compat.c b/compat.c
index fe71951..0c9b1ef 100644
--- a/compat.c
+++ b/compat.c
@@ -245,7 +245,6 @@ xkey_compatibility(const char *remote_version) {
 {	static sshx_compatibility info[] = {
 		{ 0, "OpenSSH*PKIX[??.*" /* 10.+ first correct */ },
 		{ 0, "OpenSSH*PKIX[X.*" /* developlement */ },
-		{ 1, "OpenSSH*" /* PKIX pre 10.0 */ },
 		{ 1, "SecureNetTerm-3.1" /* same as PKIX pre 10.0 */},
 		{ 0, NULL } };
 	p = xkey_compatibility_find(remote_version, info);
Dec 16 2020, 12:58 AM · Feature Request, gpgagent

Dec 14 2020

gniibe added a comment to T4563: gpg-agent fails to sign request of PKISSH.

Unfortunately and confusingly, PKISSH returns "OpenSSH" when asked by "ssh -V".
Please install real OpenSSH, if this is the case for you.

Dec 14 2020, 10:52 AM · Feature Request, gpgagent
idl0r added a comment to T4563: gpg-agent fails to sign request of PKISSH.

Quote from IRC:
hey, i've some problems with my smartcard since quite some time. i'm not sure whether it's openssh related or gnupg. it's a openpgpcard v2.0 and i have to workaround ssh logins by using "SSH_AUTH_SOCK=0 ssh ...". .gnupg/gpg-agent.conf -

the debug log: esp. "ssh sign request failed: Unknown option <GPG Agent>" and ssh says "sign_and_send_pubkey: signing failed: agent refused operation"
gpg --edit-card and --card-status works fine and sign/encrypt works fine as well. only ssh auth fails
openssh 8.1_p1, gnupg 2.2.20

Dec 14 2020, 10:31 AM · Feature Request, gpgagent
idl0r added a comment to T4563: gpg-agent fails to sign request of PKISSH.

Yeah but it seems to be the same issue / reason. I wasn't aware that PKISSH is something else. I thought it was an extension/protocol or something

Dec 14 2020, 10:26 AM · Feature Request, gpgagent
gniibe added a comment to T4563: gpg-agent fails to sign request of PKISSH.

I added "Feature Request", because this is a request to support:

  • A feature of bug compatibility, which is implemented wrongly in PKISSH
  • for a specific algo of key, which is not considered so useful (== ECDSA)
  • PKISSH, which is variant of OpenSSH
Dec 14 2020, 10:23 AM · Feature Request, gpgagent
gniibe added a comment to T4563: gpg-agent fails to sign request of PKISSH.
In T4563#140184, @idl0r wrote:

I was and I am using OpenSSH on both sides, client and server.

Dec 14 2020, 10:20 AM · Feature Request, gpgagent
idl0r added a comment to T4563: gpg-agent fails to sign request of PKISSH.

I was and I am using OpenSSH on both sides, client and server.

Dec 14 2020, 10:16 AM · Feature Request, gpgagent
werner added a comment to T4563: gpg-agent fails to sign request of PKISSH.

I do not think that we should support a fork of openssh right now. If we would support it we are bound to maintain that for years - this is not a good idea.

Dec 14 2020, 10:09 AM · Feature Request, gpgagent