OpenPGPProject
ActivePublic

Members

  • This project does not have any members.

Recent Activity

Fri, Aug 23

werner moved T4681: Allow non-OpenPGP cards with gpg 2.2 from Backlog to For next release on the gnupg (gpg22) board.
Fri, Aug 23, 10:33 AM · gnupg (gpg22), scd, OpenPGP

Thu, Aug 22

werner added a comment to T4681: Allow non-OpenPGP cards with gpg 2.2.

Note that rGd3f5d8544fdb needs to be backported to 2.2 but we will wait until we have better tested it.

Thu, Aug 22, 4:44 PM · gnupg (gpg22), scd, OpenPGP
werner added a commit to T4681: Allow non-OpenPGP cards with gpg 2.2: rGd3f5d8544fdb: gpg: Extend --quick-gen-key for creating keys from a card..
Thu, Aug 22, 4:43 PM · gnupg (gpg22), scd, OpenPGP

Wed, Aug 21

werner added a commit to T4681: Allow non-OpenPGP cards with gpg 2.2: rG9a317557c58d: gpg: Allow decryption using non-OpenPGP cards..
Wed, Aug 21, 2:03 PM · gnupg (gpg22), scd, OpenPGP
werner created T4681: Allow non-OpenPGP cards with gpg 2.2.
Wed, Aug 21, 1:56 PM · gnupg (gpg22), scd, OpenPGP

Aug 12 2019

werner triaged T4676: libgcrypt S2K (algo 3) doesn't match OpenPGP as Normal priority.

I am in charge of editing the current OpenPGP draft, so I will for sure keep an eye on that issue. If would appreciate if you can post your report also to openpgp at ietf org.

Aug 12 2019, 6:01 PM · Documentation, OpenPGP

Aug 5 2019

werner triaged T4669: Key expiration time sometimes improperly interpreted as a signed 32-bit value as Normal priority.
Aug 5 2019, 7:50 PM · OpenPGP, gnupg, Bug Report

Jul 19 2019

gniibe claimed T4631: Difficulties to generate key on OpenPGP Smart Card V3.3.

I am trying to reproduce your problem with my 3.3 card using my TTXS card reader.

Jul 19 2019, 3:37 AM · scd, Bug Report

Jul 18 2019

JW-D added a comment to T4631: Difficulties to generate key on OpenPGP Smart Card V3.3.

I use the internal driver.

Jul 18 2019, 8:37 PM · scd, Bug Report
werner edited projects for T4631: Difficulties to generate key on OpenPGP Smart Card V3.3, added: scd, OpenPGP; removed Info Needed.

Are you using pcscd (is that process running) or the internal driver.? Please try the latter if you are not already using it.

Jul 18 2019, 11:15 AM · scd, Bug Report

Jul 16 2019

gniibe added a comment to T4042: RFC 4880 compliance.

It was rG07250279e7ec: * keyedit.c (keyedit_menu): Invisible alias "passwd" as "password". in 2004, which set default to rfc2440-text behavior.
And in 2007, the commit rGb550330067b6: * gpg.c (main): Disable --rfc2440-text and --force-v3-sigs by default. Enable… changed the default to no-rfc2440-text.

Jul 16 2019, 10:20 AM · OpenPGP, gnupg

Jun 25 2019

werner closed T4579: RSA CRT decryption occasional failure as Invalid.
Jun 25 2019, 1:28 PM · OpenPGP, Not A Bug
Anthony added a comment to T4579: RSA CRT decryption occasional failure.

I see. Thanks for your explanation.

Jun 25 2019, 12:07 PM · OpenPGP, Not A Bug

Jun 24 2019

werner edited projects for T4579: RSA CRT decryption occasional failure, added: Not A Bug, OpenPGP; removed Bug Report.

I see. Thus the problem is that IPWorksOpenPGP does not create proper OpenPGP private keys. I guess they use OpenSSL with their different CRT parameter style and do not convert them correctly. RFC-4880 says this in 5.5.3:

The secret key is this series of multiprecision integers:
o  MPI of RSA secret exponent d;
o  MPI of RSA secret prime value p;
o  MPI of RSA secret prime value q (p < q);
o  MPI of u, the multiplicative inverse of p, mod q.
Jun 24 2019, 2:37 PM · OpenPGP, Not A Bug

May 17 2019

werner triaged T4520: gpg --verify foo.asc --output foo yields a warning when everything is good as Normal priority.

At the time the verification is done some output has already been written to the file 'signed'. When checking whether the deprecated abbreviated format

May 17 2019, 1:03 PM · OpenPGP, gnupg

May 9 2019

werner triaged T4489: gpg --quick-add-key should be able to add an existing key as a subkey, not just generating a new one as Normal priority.
May 9 2019, 8:09 AM · gnupg, OpenPGP, Feature Request

May 6 2019

werner added a comment to T4482: GPG: Error on sign-key with compliance de-vs because of SHA-1 usage.

The digest algorithm used is computed based on the preferences in the key if encryption is also used. Thus this should always work and any decent key has sha256 in its preferences. In case sha1 has a higher precedence, as seen on old keys, --personal-digest-preferences can be used to prefer sha256. However, it is way better to fix the key. The easisies way to do that is to change the expiration date - then the new standard preferences will be used.

May 6 2019, 1:41 PM · OpenPGP, gnupg
werner added a project to T4482: GPG: Error on sign-key with compliance de-vs because of SHA-1 usage: OpenPGP.
May 6 2019, 1:36 PM · OpenPGP, gnupg

Apr 3 2019

werner triaged T4446: please add --quick-revoke-subkey as Normal priority.
Apr 3 2019, 10:46 PM · OpenPGP, gnupg (gpg23), Feature Request

Mar 28 2019

khanhnd.vn added a comment to T4428: Would like to use our card with Kleopatra tool.

Thanks so much your helps.
With new version 3.1.6, I can generate key on Kleopatra tool and use key stored in smartcard.

Mar 28 2019, 3:39 AM · scd, OpenPGP, Bug Report, gpg4win

Mar 27 2019

aheinecke closed T4264: Gpg4win 3.1.6, a subtask of T4428: Would like to use our card with Kleopatra tool, as Resolved.
Mar 27 2019, 1:54 PM · scd, OpenPGP, Bug Report, gpg4win

Mar 26 2019

werner closed T4428: Would like to use our card with Kleopatra tool as Resolved.
Mar 26 2019, 6:46 PM · scd, OpenPGP, Bug Report, gpg4win
aheinecke added a subtask for T4428: Would like to use our card with Kleopatra tool: T4264: Gpg4win 3.1.6.
Mar 26 2019, 12:08 PM · scd, OpenPGP, Bug Report, gpg4win
aheinecke changed the status of T4428: Would like to use our card with Kleopatra tool from Open to Testing.

There was indeed a problem. With a test card I could reproduce the issue and fix it.

Mar 26 2019, 12:08 PM · scd, OpenPGP, Bug Report, gpg4win
aheinecke added a commit to T4428: Would like to use our card with Kleopatra tool: rMffdb75217bc0: cpp: Fix GenCardKeyInteractor and extend it.
Mar 26 2019, 12:05 PM · scd, OpenPGP, Bug Report, gpg4win
werner added projects to T4428: Would like to use our card with Kleopatra tool: OpenPGP, scd.
Mar 26 2019, 7:50 AM · scd, OpenPGP, Bug Report, gpg4win

Feb 22 2019

werner triaged T4370: Generate revocation certificates for subkey(s) as Normal priority.
Feb 22 2019, 8:47 AM · OpenPGP, gnupg, Feature Request

Jan 29 2019

werner created T4353: Make gnupg's openpgp_oid_to_str faster.
Jan 29 2019, 5:50 PM · OpenPGP, gnupg

Dec 28 2018

werner renamed T4299: Problem to verify PGP key used by Microsoft from Problem to verify PGP key to Problem to verify PGP key used by Microsoft.
Dec 28 2018, 6:14 PM · gpgol, gpg4win
JW-D added a comment to T4299: Problem to verify PGP key used by Microsoft.

I contacted Microsoft Security Response Center (MSRC) in regard to this matter. They confirmed the failed PGP key verification, but have not yet any explanation for that.

Dec 28 2018, 4:12 PM · gpgol, gpg4win

Dec 21 2018

BenM added a comment to T4299: Problem to verify PGP key used by Microsoft.

What are MS doing when they get it right, though? I'd look at the differences between those two to identify what they've messed up here.

Dec 21 2018, 8:18 PM · gpgol, gpg4win
werner updated subscribers of T4299: Problem to verify PGP key used by Microsoft.

Thanks. The mail is a standard, non-crypto mail with one attachment. That attachment is a TNEF file which has according to ytnef(1) just one file. That file has the name gpgolPGP.dat and contains a clearsigned message.

Dec 21 2018, 1:19 PM · gpgol, gpg4win
JW-D added a comment to T4299: Problem to verify PGP key used by Microsoft.

Sure, I zipped the eml which failed and I´ll send it by e-mail to you

Dec 21 2018, 9:38 AM · gpgol, gpg4win
werner added a comment to T4299: Problem to verify PGP key used by Microsoft.

Is it possible that you upload or send me a copy of such a mail (wk gnupg.org)? ZIP or tar the eml file and send it in an encrypted mail to me to make sure it won't be modified on the transport.

Dec 21 2018, 8:37 AM · gpgol, gpg4win

Dec 20 2018

JW-D added a comment to T4299: Problem to verify PGP key used by Microsoft.

I checked my mails in detail, and I can confirm that the error occurs only with "Microsoft security update releases". Indeed "Microsoft security advisory notification" and "Microsoft security update summary for..." will be verified correctly.

Dec 20 2018, 9:39 PM · gpgol, gpg4win
jmrexach added a comment to T4299: Problem to verify PGP key used by Microsoft.

I agree. It also happens to me. But only with mails coming from "Microsoft security update releases". Mails coming form "Microsoft security advisory notification" and Microsoft security update summary for..." are ok and are signed by the same key. It could be some trouble in MS automated email treatment.

Dec 20 2018, 7:50 PM · gpgol, gpg4win
werner edited projects for T4299: Problem to verify PGP key used by Microsoft, added: FAQ, OpenPGP; removed Bug Report.
Dec 20 2018, 8:40 AM · gpgol, gpg4win

Nov 8 2018

Valodim added a comment to T4235: GnuPG doesn't respect key flags when decrypting.

Fair enough. Let's wait and see what others think.

Nov 8 2018, 1:24 PM · Not A Bug, OpenPGP, gnupg
werner closed T4235: GnuPG doesn't respect key flags when decrypting as Resolved.

Also consider that it is possible to change the key usage flags. Thus it will never be clear whether one has a fixed or unfixed public key. I'd like to close this bug because it is currently also discussed in the IETF WG.

Nov 8 2018, 1:10 PM · Not A Bug, OpenPGP, gnupg

Nov 5 2018

werner closed T3773: private subkeys are never deleted on non-master instances as Invalid.

No info received.

Nov 5 2018, 10:12 AM · Info Needed, OpenPGP, gnupg (gpg22), Bug Report

Oct 30 2018

stm added a comment to T4235: GnuPG doesn't respect key flags when decrypting.

There is another argument for respecting the usage flags: it trims the admissible key space, if key ID in the PKESK packet is zero ('wild card') and thus all private keys have to be considered for decryption.

Oct 30 2018, 9:48 PM · Not A Bug, OpenPGP, gnupg

Oct 29 2018

aheinecke added a comment to T4235: GnuPG doesn't respect key flags when decrypting.

I disagree, and you don't have to try to convince me, the decision is with werner. I just want to give my opinion:
Bug compatibility is nothing esoteric or bad especially for a general purpose backend tool like gnupg. Being open to accepting broken input is a good thing because it will mean that we can get people out of a "broken tool vendor lock in".

Oct 29 2018, 8:29 PM · Not A Bug, OpenPGP, gnupg
dkg added a comment to T4235: GnuPG doesn't respect key flags when decrypting.

i agree with @Valodim that it would be better to not have a warning at all for an attempt to decrypt from secret key whose public key has never been marked as valid for encryption. A strict failure there (as with a strict failure for lack of mdc) is a better scenario than a warning. If the user controls the secret key and they decide they want to be able to decrypt with it, they should be able to mark it as decryption-capable (if that's really what they want) and retry. But this is an action only for experts.

Oct 29 2018, 8:04 PM · Not A Bug, OpenPGP, gnupg
Valodim added a comment to T4235: GnuPG doesn't respect key flags when decrypting.

The same *cannot* be said for a subkey that is marked specifically for certification or signing, and not for decryption.

Oct 29 2018, 7:57 PM · Not A Bug, OpenPGP, gnupg
dkg added a comment to T4235: GnuPG doesn't respect key flags when decrypting.

I understand the real world requirement for decrypting messages that have been encrypted to a revoked or expired key.

Oct 29 2018, 7:43 PM · Not A Bug, OpenPGP, gnupg
werner triaged T4235: GnuPG doesn't respect key flags when decrypting as Low priority.

I don't see a problem. If you have the private key you can and will use it. I guess your concern is an oracle?

Oct 29 2018, 8:47 AM · Not A Bug, OpenPGP, gnupg

Oct 18 2018

adam added a comment to T4189: GngOL cannot decrypt title nor sender; How to disable certificate selection dialog?.

Dear aheinecke,

Oct 18 2018, 1:04 PM · kleopatra, gnupg, Enigmail, OpenPGP, gpgol
aheinecke closed T4189: GngOL cannot decrypt title nor sender; How to disable certificate selection dialog? as Invalid.

Hi Adam,

Oct 18 2018, 12:26 PM · kleopatra, gnupg, Enigmail, OpenPGP, gpgol

Oct 17 2018

adam created T4189: GngOL cannot decrypt title nor sender; How to disable certificate selection dialog? in the S1 Public space.
Oct 17 2018, 11:49 AM · kleopatra, gnupg, Enigmail, OpenPGP, gpgol

Jun 24 2018

werner triaged T4042: RFC 4880 compliance as Normal priority.
Jun 24 2018, 9:50 PM · OpenPGP, gnupg