OpenPGPProject
ActivePublic

Members

  • This project does not have any members.

Recent Activity

Today

gniibe merged task T3763: ECDH - encryption with obfuscated size of the symmetric key into T4908: ECDH with AES-128 decryption failure when fully padded.
Wed, Aug 5, 7:22 AM · OpenPGP, gnupg (gpg23)
gniibe added a comment to T3763: ECDH - encryption with obfuscated size of the symmetric key.

Since it was handled in T4908, this task is merged into that.

Wed, Aug 5, 7:22 AM · OpenPGP, gnupg (gpg23)

Wed, Jul 15

gniibe added a comment to T3763: ECDH - encryption with obfuscated size of the symmetric key.

@mbrinkers : I think that it was fixed in GnuPG 2.2.21 by T4908: ECDH with AES-128 decryption failure when fully padded.
It was unfortunate that this bug report didn't work to solve problem, with malformed data and discussion went to unrelated thing.

Wed, Jul 15, 2:01 AM · OpenPGP, gnupg (gpg23)

Tue, Jul 14

mbrinkers added a comment to T3763: ECDH - encryption with obfuscated size of the symmetric key.

I have run into an interoperability issue between BouncyCastle PGP (Java) library and gpg which seems to caused by key obfuscation.

Tue, Jul 14, 2:59 PM · OpenPGP, gnupg (gpg23)

May 27 2020

gniibe added a comment to T4954: SOS representation and improvements in GnuPG.

In the SOS branch, rG1c4291c3951d: ecc-sos: Add special leading zero octet removal. should be reverted.
Instead, the S_KEY should be fixed up in read_key_file in findkey.c,
and merge_lists in protect.c.
(Then, no need to be fixed up in extract_private_key.)

May 27 2020, 11:57 AM · OpenPGP, gnupg
gniibe added a comment to T4956: agent: Disrepancy of handling MPI for the interpretation of signed and unsigned.

Exactly same problem is there in libgcrypt.
In the definitions of curves, it uses negative constant internally in some specific places, but for other parts, we have same problems.

May 27 2020, 3:08 AM · libgcrypt, gpgagent, gnupg
gniibe updated the task description for T4956: agent: Disrepancy of handling MPI for the interpretation of signed and unsigned.
May 27 2020, 3:03 AM · libgcrypt, gpgagent, gnupg
gniibe created T4956: agent: Disrepancy of handling MPI for the interpretation of signed and unsigned.
May 27 2020, 3:03 AM · libgcrypt, gpgagent, gnupg

May 26 2020

gniibe added a comment to T4954: SOS representation and improvements in GnuPG.

I should concentrate the case of ECC, in particular, ECC with modern curves.
Removing leading zero from RSA/ECC/ELGamal assuming unsigned integer would result more work.

May 26 2020, 8:23 AM · OpenPGP, gnupg
gniibe added a comment to T4954: SOS representation and improvements in GnuPG.

In libgcrypt, we have another problem of GCRYSEXP_FMT_ADVANCED formatting, which is used by gpg-agent of GnuPG 2.3 with name-value list.

May 26 2020, 7:07 AM · OpenPGP, gnupg
gniibe added a comment to T4954: SOS representation and improvements in GnuPG.

Confusingly, in the SSH specification, it is signed MPI.
See RFC4251, for the definition of "mpint": https://tools.ietf.org/html/rfc4251#page-8

May 26 2020, 3:59 AM · OpenPGP, gnupg

May 25 2020

gniibe added a comment to T4954: SOS representation and improvements in GnuPG.

There are more places for clean up in GnuPG.
While "MPI" in OpenPGP specification is based on unsigned integer, the default "MPI" handling of GnuPG/Libgcrypt is signed. This difference matters internally.
Formatting by "%m" with libgcrypt, it may result prefixed by 0x00 (so that it represents unsigned value, even if scanned as signed).
And because of this, existing private keys in private-keys-v1.d may have this leading zero-byte.
But the counting bits don't count this byte.

May 25 2020, 7:27 AM · OpenPGP, gnupg

May 21 2020

gniibe added a comment to T4954: SOS representation and improvements in GnuPG.

Important interoperability issue:
OpenPGP implementations should implement:

  • Recovery of leading zero octets for Ed25519 key handling (secret part) and Ed25519 signature
May 21 2020, 7:01 AM · OpenPGP, gnupg
gniibe added a comment to T4954: SOS representation and improvements in GnuPG.

Better to paste directly:

# SOS representation
#
# Initially, it was intended as "Simply, Octet String", but 
# it is actually "Strange" Octet String.
#
May 21 2020, 6:52 AM · OpenPGP, gnupg
gniibe added a comment to T4954: SOS representation and improvements in GnuPG.

I wrote this:

May 21 2020, 6:51 AM · OpenPGP, gnupg
gniibe created T4954: SOS representation and improvements in GnuPG.
May 21 2020, 6:50 AM · OpenPGP, gnupg

Apr 17 2020

werner closed T4918: GnuPG cannot decrypt an ECDH-AES128 message encrypted to Alice's Key from draft-bre-openpgp-samples-00 as Resolved.

Sorry, I don't know what kind of sample data that is. The reference keys have been provided by the RFC6637 author and are part of GnuPG's test suite; see (gnupg/tests/openpgp/samplekeys/ecc-sample-*).

Apr 17 2020, 12:10 PM · OpenPGP

Apr 13 2020

gniibe added a comment to T4669: Key expiration time sometimes improperly interpreted as a signed 32-bit value.

I can't find any places where it is interpreted as signed integer.

Apr 13 2020, 4:16 AM · OpenPGP, gnupg, Bug Report

Apr 8 2020

gniibe added a comment to T3763: ECDH - encryption with obfuscated size of the symmetric key.

It seems that the reference to PKCS#5 is correct. It is an issue of how to describe the case of more than 8-byte padding in OpenPGP.

Apr 8 2020, 3:48 AM · OpenPGP, gnupg (gpg23)
gniibe claimed T3763: ECDH - encryption with obfuscated size of the symmetric key.

Your example data is malformed, I suppose.

Apr 8 2020, 3:31 AM · OpenPGP, gnupg (gpg23)

Apr 6 2020

werner added a project to T3763: ECDH - encryption with obfuscated size of the symmetric key: OpenPGP.

I also don't think that key size obfuscation is useful, after all the preferences of the key demand a certain key size.

Apr 6 2020, 12:19 PM · OpenPGP, gnupg (gpg23)

Mar 16 2020

werner lowered the priority of T4879: GnuPG treats reordered OpenPGP certificates differently from High to Low.

It is easy to explain:

Mar 16 2020, 1:04 PM · OpenPGP, gnupg (gpg22), Bug Report

Mar 13 2020

werner claimed T4879: GnuPG treats reordered OpenPGP certificates differently.
Mar 13 2020, 5:33 PM · OpenPGP, gnupg (gpg22), Bug Report

Jan 30 2020

aheinecke closed T4828: gpgOL Outlook PlugIn error code: 1 as Invalid.

That means that the GnuPG Backend does not work. I do not think that the office update is the reason, me and others use GpgOL with the most recent versions of Office Pro Plus without issue.
Have you possibly modified you gnupg config files? If there is a bad value in there it would result in such an error.

Jan 30 2020, 12:53 PM · OpenPGP, gpgol, Bug Report
grafalbert created T4828: gpgOL Outlook PlugIn error code: 1.
Jan 30 2020, 10:01 AM · OpenPGP, gpgol, Bug Report

Jan 9 2020

werner created T4803: Print a diagnostic for a missing encryption subkey.
Jan 9 2020, 2:34 PM · Feature Request, OpenPGP, gnupg

Dec 23 2019

werner added a subtask for T4795: GUI to manage first party attestations: T4694: manage first-party attestations.
Dec 23 2019, 11:23 AM · OpenPGP, Feature Request
werner created T4795: GUI to manage first party attestations.
Dec 23 2019, 11:22 AM · OpenPGP, Feature Request

Dec 4 2019

werner triaged T4767: gpgme_signature_t exp_timestamp behaves differently for OpenPGP vs. CMS as Low priority.
Dec 4 2019, 10:43 AM · OpenPGP, S/MIME, gpgme, Bug Report
dkg added a comment to T4767: gpgme_signature_t exp_timestamp behaves differently for OpenPGP vs. CMS.

Very few OpenPGP data signatures have an expiration time either, fwiw. I have never actually seen one in the wild, and no one that i know uses --ask-sig-expire or --default-sig-expire (it shows up in the cupt test suite and the apt test suite, but doesn't appear to be actually used by anything).

Dec 4 2019, 10:03 AM · OpenPGP, S/MIME, gpgme, Bug Report
werner added a comment to T4767: gpgme_signature_t exp_timestamp behaves differently for OpenPGP vs. CMS.

CMS signatures do not have a expiration time. Further the meaning of the expiration time of one of the certificates also depends on the validation model (shell or chain); thus a one-to-one relationship between these times is not possible.

Dec 4 2019, 8:56 AM · OpenPGP, S/MIME, gpgme, Bug Report
dkg created T4767: gpgme_signature_t exp_timestamp behaves differently for OpenPGP vs. CMS.
Dec 4 2019, 8:02 AM · OpenPGP, S/MIME, gpgme, Bug Report

Oct 15 2019

werner closed T4681: Allow non-OpenPGP cards with gpg 2.2 as Resolved.
Oct 15 2019, 1:05 PM · gnupg (gpg22), scd, OpenPGP
werner added a commit to T4681: Allow non-OpenPGP cards with gpg 2.2: rG652ca4b2bf98: gpg: Extend --quick-gen-key for creating keys from a card..
Oct 15 2019, 12:44 PM · gnupg (gpg22), scd, OpenPGP

Sep 25 2019

martin.von.wittich added a comment to T4710: Cannot use Secure PIN Entry for Reset Code.

For pinpadtest.py, you need to offer an option --add (adding dummy byte), when you are using Cherry ST-2xxx.

Sep 25 2019, 2:55 PM · OpenPGP, scd, Bug Report
gniibe added a comment to T4710: Cannot use Secure PIN Entry for Reset Code.

For pinpadtest.py, you need to offer an option --add (adding dummy byte), when you are using Cherry ST-2xxx.

Sep 25 2019, 1:39 PM · OpenPGP, scd, Bug Report
martin.von.wittich added a comment to T4710: Cannot use Secure PIN Entry for Reset Code.

It is not supported, by CCID protocol itself. So, it is not supported by scdaemon, and by any of card readers (which I know of), either.

Sep 25 2019, 1:26 PM · OpenPGP, scd, Bug Report
gniibe claimed T4710: Cannot use Secure PIN Entry for Reset Code.

It is not supported, by CCID protocol itself. So, it is not supported by scdaemon, and by any of card readers (which I know of), either.

Sep 25 2019, 12:09 PM · OpenPGP, scd, Bug Report
werner triaged T4710: Cannot use Secure PIN Entry for Reset Code as Normal priority.
Sep 25 2019, 9:23 AM · OpenPGP, scd, Bug Report

Aug 23 2019

werner moved T4681: Allow non-OpenPGP cards with gpg 2.2 from Backlog to For next release on the gnupg (gpg22) board.
Aug 23 2019, 10:33 AM · gnupg (gpg22), scd, OpenPGP

Aug 22 2019

werner added a comment to T4681: Allow non-OpenPGP cards with gpg 2.2.

Note that rGd3f5d8544fdb needs to be backported to 2.2 but we will wait until we have better tested it.

Aug 22 2019, 4:44 PM · gnupg (gpg22), scd, OpenPGP
werner added a commit to T4681: Allow non-OpenPGP cards with gpg 2.2: rGd3f5d8544fdb: gpg: Extend --quick-gen-key for creating keys from a card..
Aug 22 2019, 4:43 PM · gnupg (gpg22), scd, OpenPGP

Aug 21 2019

werner added a commit to T4681: Allow non-OpenPGP cards with gpg 2.2: rG9a317557c58d: gpg: Allow decryption using non-OpenPGP cards..
Aug 21 2019, 2:03 PM · gnupg (gpg22), scd, OpenPGP
werner created T4681: Allow non-OpenPGP cards with gpg 2.2.
Aug 21 2019, 1:56 PM · gnupg (gpg22), scd, OpenPGP

Aug 12 2019

werner triaged T4676: libgcrypt S2K (algo 3) doesn't match OpenPGP as Normal priority.

I am in charge of editing the current OpenPGP draft, so I will for sure keep an eye on that issue. If would appreciate if you can post your report also to openpgp at ietf org.

Aug 12 2019, 6:01 PM · Documentation, OpenPGP

Aug 5 2019

werner triaged T4669: Key expiration time sometimes improperly interpreted as a signed 32-bit value as Normal priority.
Aug 5 2019, 7:50 PM · OpenPGP, gnupg, Bug Report

Jul 19 2019

gniibe claimed T4631: Difficulties to generate key on OpenPGP Smart Card V3.3.

I am trying to reproduce your problem with my 3.3 card using my TTXS card reader.

Jul 19 2019, 3:37 AM · scd, Bug Report

Jul 18 2019

JW-D added a comment to T4631: Difficulties to generate key on OpenPGP Smart Card V3.3.

I use the internal driver.

Jul 18 2019, 8:37 PM · scd, Bug Report
werner edited projects for T4631: Difficulties to generate key on OpenPGP Smart Card V3.3, added: scd, OpenPGP; removed Info Needed.

Are you using pcscd (is that process running) or the internal driver.? Please try the latter if you are not already using it.

Jul 18 2019, 11:15 AM · scd, Bug Report

Jul 16 2019

gniibe added a comment to T4042: RFC 4880 compliance.

It was rG07250279e7ec: * keyedit.c (keyedit_menu): Invisible alias "passwd" as "password". in 2004, which set default to rfc2440-text behavior.
And in 2007, the commit rGb550330067b6: * gpg.c (main): Disable --rfc2440-text and --force-v3-sigs by default. Enable… changed the default to no-rfc2440-text.

Jul 16 2019, 10:20 AM · OpenPGP, gnupg