From dkg at fifthhorseman.net Tue Jun 2 04:52:23 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Mon, 1 Jun 2015 22:52:23 -0400
Subject: [PATCH] use g_debug(format, ...) safely
Message-ID: <1433213543-18778-1-git-send-email-dkg@fifthhorseman.net>
* pinentry/password-cache.c (password_cache_clear): use g_debug safely
in case error->message is malformed.
--
Without this change, with -Werror=format-security, we see:
password-cache.c: In function ?password_cache_clear?:
password-cache.c:153:7: error: format not a string literal and no format arguments [-Werror=format-security]
g_debug(error->message);
^
---
pinentry/password-cache.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pinentry/password-cache.c b/pinentry/password-cache.c
index 60a9c3a..70b33f4 100644
--- a/pinentry/password-cache.c
+++ b/pinentry/password-cache.c
@@ -150,7 +150,7 @@ password_cache_clear (const char *keygrip)
{
printf("Failed to clear password for key %s with secret service: %s\n",
keygrip, error->message);
- g_debug(error->message);
+ g_debug("%s", error->message);
g_error_free (error);
return -1;
}
--
2.1.4
From gniibe at fsij.org Tue Jun 2 06:58:24 2015
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Tue, 02 Jun 2015 13:58:24 +0900
Subject: [PATCH] scd: do_decipher change for OpenPGPcard v3.0
Message-ID: <556D37F0.80301@fsij.org>
Hello,
This is the change required by current draft of OpenPGPcard v3.0
specification.
The decoration was not needed (for me), but, it would make sense,
perhaps.
I'm going to change Gnuk so that it will support both (w/ decoration
or w/out decoration).
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 8520231..0e751e0 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -4046,6 +4046,7 @@ do_decipher (app_t app, const char *keyidstr,
int exmode, le_value;
unsigned char *fixbuf = NULL;
int padind = 0;
+ int fixuplen = 0;
if (!keyidstr || !*keyidstr || !indatalen)
return gpg_error (GPG_ERR_INV_VALUE);
@@ -4092,8 +4093,6 @@ do_decipher (app_t app, const char *keyidstr,
if (app->app_local->keyattr[1].key_type == KEY_TYPE_RSA)
{
- int fixuplen;
-
/* We might encounter a couple of leading zeroes in the
cryptogram. Due to internal use of MPIs these leading zeroes
are stripped. However the OpenPGP card expects exactly 128
@@ -4146,7 +4145,26 @@ do_decipher (app_t app, const char *keyidstr,
}
}
else if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC)
- padind = -1;
+ {
+ fixuplen = 7;
+ fixbuf = xtrymalloc (fixuplen + indatalen);
+ if (!fixbuf)
+ return gpg_error_from_syserror ();
+
+ /* Build 'Cipher DO' */
+ fixbuf[0] = '\xa6';
+ fixbuf[1] = (char)(indatalen+5);
+ fixbuf[2] = '\x7f';
+ fixbuf[3] = '\x49';
+ fixbuf[4] = (char)(indatalen+2);
+ fixbuf[5] = '\x86';
+ fixbuf[6] = (char)indatalen;
+ memcpy (fixbuf+fixuplen, indata, indatalen);
+ indata = fixbuf;
+ indatalen = fixuplen + indatalen;
+
+ padind = -1;
+ }
else
return gpg_error (GPG_ERR_INV_VALUE);
--
From wk at gnupg.org Tue Jun 2 11:38:54 2015
From: wk at gnupg.org (Werner Koch)
Date: Tue, 02 Jun 2015 11:38:54 +0200
Subject: [PATCH] use g_debug(format, ...) safely
In-Reply-To: <1433213543-18778-1-git-send-email-dkg@fifthhorseman.net> (Daniel
Kahn Gillmor's message of "Mon, 1 Jun 2015 22:52:23 -0400")
References: <1433213543-18778-1-git-send-email-dkg@fifthhorseman.net>
Message-ID: <87y4k2qwk1.fsf@vigenere.g10code.de>
On Tue, 2 Jun 2015 04:52, dkg at fifthhorseman.net said:
> * pinentry/password-cache.c (password_cache_clear): use g_debug safely
> in case error->message is malformed.
Thanks.
I also enabled more warnings to catch them in the future. Someone might
want to check the warning for the Qt modules and add appropriate CPP
(no-)warning options.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From wk at gnupg.org Tue Jun 2 15:23:06 2015
From: wk at gnupg.org (Werner Koch)
Date: Tue, 02 Jun 2015 15:23:06 +0200
Subject: [Announce] GnuPG 2.0.28 "stable" released
Message-ID: <87zj4ip7lx.fsf@vigenere.g10code.de>
Hello!
We are pleased to announce the availability of a new stable GnuPG-2.0
release: Version 2.0.28. This is a maintenance release which fixes a
couple of bugs. Update to this version is suggested.
The GNU Privacy Guard (GnuPG) is a complete and free implementation of
the OpenPGP standard as defined by RFC-4880 and better known as PGP.
GnuPG, also known as GPG, allows to encrypt and sign data and
communication, features a versatile key management system as well as
access modules for public key directories. GnuPG itself is a command
line tool with features for easy integration with other applications.
A wealth of frontend applications and libraries making use of GnuPG
are available. Since version 2 GnuPG provides support for S/MIME and
Secure Shell in addition to OpenPGP.
GnuPG is Free Software (meaning that it respects your freedom). It can
be freely used, modified and distributed under the terms of the GNU
General Public License.
Three different versions of GnuPG are actively maintained:
- GnuPG "modern" (2.1) is the latest development with a lot of new
features including support for ECC.
- GnuPG "stable" (2.0) - which this is about - is the current stable
version for general use. This is what most users are currently using.
- GnuPG "classic" (1.4) is the old standalone version which is most
suitable for older or embedded platforms.
You may not install "modern" (2.1) and "stable" (2.0) at the same
time. However, it is possible to install "classic" (1.4) along with
any of the other versions.
What's New in 2.0.28
====================
* agent: Added support for an external password manager.
* gpg: New command --list-gcrypt-config.
* gpg: Issue NEWSIG status lines during signature verification.
* gpgsm: The default hash algo for a CSR is now SHA-256 and the
default encryption algo is AES-128.
* scdaemon: Allow PC/SC reader selection by partial name match.
* gpgtar: Fix extracting files with a size of a multiple of 512.
* Fixed several other bugs.
* Libgcrypt 1.5 is now required.
Getting the Software
====================
Please follow the instructions found at https://gnupg.org/download/
or read on:
GnuPG 2.0.28 may be downloaded from one of the GnuPG mirror sites or
direct from . The list of mirrors
can be found at . Note that GnuPG is
not available at ftp.gnu.org.
On ftp.gnupg.org and on its mirrors you should find the following new
files in the gnupg/ directory:
- The GnuPG source code compressed using BZIP2 and its OpenPGP
signature:
gnupg-2.0.28.tar.bz2 (4332k)
gnupg-2.0.28.tar.bz2.sig
Note, that we don't distribute gzip compressed tarballs for GnuPG-2.
A Windows version will eventually be released at https://gpg4win.org .
If you are new to GnuPG please consider to use the "modern" version
2.1.4.
Checking the Integrity
======================
In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:
* If you already have a version of GnuPG installed, you can simply
verify the supplied signature. For example to verify the signature
of the file gnupg-2.0.28.tar.bz2 you would use this command:
gpg --verify gnupg-2.0.28.tar.bz2.sig gnupg-2.0.28.tar.bz2
This checks whether the signature file matches the source file.
You should see a message indicating that the signature is good and
made by one or more of the release signing keys. Make sure that
this is a valid key, either by matching the shown fingerprint
against a trustworthy list of valid release signing keys or by
checking that the key has been signed by trustworthy other keys.
See below for information on the signing keys.
* If you are not able to use an existing version of GnuPG, you have
to verify the SHA-1 checksum. On Unix systems the command to do
this is either "sha1sum" or "shasum". Assuming you downloaded the
file gnupg-2.0.28.tar.bz2, you would run the command like this:
sha1sum gnupg-2.0.28.tar.bz2
and check that the output matches the next line:
9a1050f72b6c9afe2b4a0a3f2e9dca2abba8e4ef gnupg-2.0.28.tar.bz2
Release Signing Keys
====================
To guarantee that a downloaded GnuPG version has not been tampered by
malicious entities we provide signature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959
David Shaw (GnuPG Release Signing Key)
rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28]
Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06
NIIBE Yutaka (GnuPG Release Key)
rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31]
Key fingerprint = D238 EA65 D64C 67ED 4C30 73F2 8A86 1B1C 7EFD 60D9
Werner Koch (Release Signing Key)
You may retrieve these files from the keyservers using this command
gpg --recv-keys 249B39D24F25E3B6 04376F3EE0856959 \
2071B08A33BD3F06 8A861B1C7EFD60D9
using an already installed version of gpg. Remeber to check the
fingerprints against the above list (which you also find on the flip
side of our printed visit cards). The keys are also available at
and in the released GnuPG tarball
in the file g10/distsigkey.gpg . Note that this mail has been signed
using my standard PGP key.
Documentation
=============
The file gnupg.info has the complete user manual of the system.
Separate man pages are included as well; however they have not all the
details available in the manual. It is also possible to read the
complete manual online in HTML format at
https://www.gnupg.org/documentation/manuals/gnupg/
or in Portable Document Format at
https://www.gnupg.org/documentation/manuals/gnupg.pdf .
The chapters on gpg-agent, gpg and gpgsm include information on how
to set up the whole thing. You may also want search the GnuPG mailing
list archives or ask on the gnupg-users mailing lists for advise on
how to solve problems. Many of the new features are around for
several years and thus enough public knowledge is already available.
Support
=======
Please consult the archive of the gnupg-users mailing list before
reporting a bug .
We suggest to send bug reports for a new release to this list in favor
of filing a bug at . We also have a dedicated
service directory at:
https://www.gnupg.org/service.html
If you are a developer and you may need a certain feature for your
project, please do not hesitate to bring it to the gnupg-devel mailing
list for discussion.
Thanks
======
We have to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
servers, spreading the word, and answering questions on the mailing
lists. Maintenance and development of GnuPG is possible due to many
individual and corporate donations; for a list of non-anonymous donors
see .
For the GnuPG hackers,
Werner
p.s.
This is an announcement only mailing list. Please send replies only to
the gnupg-users 'at' gnupg.org mailing list.
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL:
-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From dkg at fifthhorseman.net Tue Jun 2 16:14:39 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Tue, 02 Jun 2015 10:14:39 -0400
Subject: [PATCH] Typo fix for gpg.texi
In-Reply-To: <1409665400-14603-1-git-send-email-dkg@fifthhorseman.net>
References: <1409665400-14603-1-git-send-email-dkg@fifthhorseman.net>
Message-ID: <87oaky9oz4.fsf@alice.fifthhorseman.net>
Hi GnuPG folks--
Thanks for the release of 2.0.28.
The patch below still needs to be applied to the 2.0 branch:
Regards,
--dkg
On Tue 2014-09-02 09:43:20 -0400, Daniel Kahn Gillmor wrote:
> Originally reported by Jakub Wilk in https://bugs.debian.org/760273
> ---
> doc/gpg.texi | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/doc/gpg.texi b/doc/gpg.texi
> index 7ac1613..e9bcff3 100644
> --- a/doc/gpg.texi
> +++ b/doc/gpg.texi
> @@ -3509,7 +3509,7 @@ sense. Although OpenPGP works with time intervals, GnuPG uses an
> absolute value internally and thus the last year we can represent is
> 2105.
>
> - at item Ceation-Date: @var{iso-date}
> + at item Creation-Date: @var{iso-date}
> Set the creation date of the key as stored in the key information and
> which is also part of the fingerprint calculation. Either a date like
> "1986-04-26" or a full timestamp like "19860426T042640" may be used.
> --
> 2.1.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL:
From dkg at fifthhorseman.net Tue Jun 2 16:16:31 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Tue, 02 Jun 2015 10:16:31 -0400
Subject: [PATCH] gpg: Fix segv due to NULL value stored as opaque MPI
(BRANCH 2.0)
In-Reply-To: <1424561024-22745-1-git-send-email-dkg@fifthhorseman.net>
References: <1424561024-22745-1-git-send-email-dkg@fifthhorseman.net>
Message-ID: <87lhg29ow0.fsf@alice.fifthhorseman.net>
Hi GnuPG folks--
I believe the patch below still needs to be applied to the 2.0 branch.
Regards,
--dkg
On Sat 2015-02-21 18:23:44 -0500, Daniel Kahn Gillmor wrote:
> * g10/build-packet.c (do_secret_key): Check for NULL return from
> gcry_mpi_get_opaque.
> * g10/keyid.c (hash_public_key): Ditto.
> --
>
> This is a backport of 76c8122adfed0f0f443cce7bda702ba2b39661b3 from
> master to the STABLE-BRANCH-2-0
>
> On the STABLE-BRANCH-2-0, we may also want to patch g10/seckey-cert.c,
> but that has not been done in this patch.
>
> This fix extends commmit 0835d2f44ef62eab51fce6a927908f544e01cf8f.
>
> gpg2 --export --no-default-keyring --keyring TESTDATA
>
> With TESTDATA being below after unpacking.
>
> -----BEGIN PGP ARMORED FILE-----
>
> mBMEhdkMmS8BcX8F//8F5voEhQAQmBMEnAAAZwAAo4D/f/8EhQAAAIAEnP8EhQAQ
> iBMEnP8AAAAABf8jIID///8EhQYQmBMEnIUAEIgTBKT/AAAAAAUAACCA/f//BIUA
> EJgTBJx/AP8ABPPzBJx/AP8ABPPz
> =2yE0
> -----END PGP ARMORED FILE-----
>
> Reported-by: Jodie Cunningham
> Signed-off-by: Daniel Kahn Gillmor
> ---
> g10/build-packet.c | 6 ++++--
> g10/keyid.c | 16 ++++++++++------
> 2 files changed, 14 insertions(+), 8 deletions(-)
>
> diff --git a/g10/build-packet.c b/g10/build-packet.c
> index e986987..5cc03cf 100644
> --- a/g10/build-packet.c
> +++ b/g10/build-packet.c
> @@ -398,7 +398,8 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
>
> assert (gcry_mpi_get_flag (sk->skey[npkey], GCRYMPI_FLAG_OPAQUE));
> p = gcry_mpi_get_opaque (sk->skey[npkey], &ndatabits );
> - iobuf_write (a, p, (ndatabits+7)/8 );
> + if (p)
> + iobuf_write (a, p, (ndatabits+7)/8 );
> }
> else if ( sk->is_protected )
> {
> @@ -410,7 +411,8 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
>
> assert (gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE));
> p = gcry_mpi_get_opaque (sk->skey[i], &ndatabits);
> - iobuf_write (a, p, (ndatabits+7)/8);
> + if (p)
> + iobuf_write (a, p, (ndatabits+7)/8);
> }
> write_16(a, sk->csum );
> }
> diff --git a/g10/keyid.c b/g10/keyid.c
> index 6af0f48..ef6ee1c 100644
> --- a/g10/keyid.c
> +++ b/g10/keyid.c
> @@ -115,14 +115,18 @@ hash_public_key( gcry_md_hd_t md, PKT_public_key *pk )
> if(npkey==0 && pk->pkey[0]
> && gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE))
> {
> - gcry_md_write (md, pp[0], nn[0]);
> + if (pp[0])
> + gcry_md_write (md, pp[0], nn[0]);
> }
> else
> - for(i=0; i < npkey; i++ )
> - {
> - gcry_md_write ( md, pp[i], nn[i] );
> - xfree(pp[i]);
> - }
> + {
> + for(i=0; i < npkey; i++ )
> + {
> + if (pp[i])
> + gcry_md_write ( md, pp[i], nn[i] );
> + xfree(pp[i]);
> + }
> + }
> }
>
> static gcry_md_hd_t
> --
> 2.1.4
>
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL:
From dkg at fifthhorseman.net Tue Jun 2 17:33:31 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Tue, 02 Jun 2015 11:33:31 -0400
Subject: s2k-cipher-mode default
Message-ID: <87d21e9lbo.fsf@alice.fifthhorseman.net>
Hi GnuPG devs--
I've been thinking about s2k-cipher-mode defaults. In 2.0 and 1.4
branches, this defaults to CAST5. In 2.1, it defaults to AES (aes128).
I think it should change to AES256, with explanation below.
When s2k-cipher-mode is used to select the cipher for secret key
material, there is no interoperability concerns: this is relevant only
for the system that it's on. Therefore, for ciphers that select the
secret key, it should be the strongest symmetric cipher known to the
running system. This is probably AES256, not CAST5 or AES128.
Interoperability concerns may arise when this is applied to symmetric
encryption intended for a remote recipient. In this case, it's possible
that the peer doesn't have access to AES256. AES was standardized in
2001, 14 years ago. The underlying algorithm, Rijndael, was known for
years before the standardization process. GnuPG added AES256 around
2002. PGP 7.0.3, from ~2001 supports AES256 (i have not checked earlier
versions of PGP).
Peers that do not support AES256 are either extremely rare or hopelessly
out of date. Reducing the strength of the ciphers in use for the sake
of preserving interop with these peers seems like a bad tradeoff.
What do folks think about making this change to the defaults?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL:
From wk at gnupg.org Tue Jun 2 18:31:24 2015
From: wk at gnupg.org (Werner Koch)
Date: Tue, 02 Jun 2015 18:31:24 +0200
Subject: s2k-cipher-mode default
In-Reply-To: <87d21e9lbo.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's
message of "Tue, 02 Jun 2015 11:33:31 -0400")
References: <87d21e9lbo.fsf@alice.fifthhorseman.net>
Message-ID: <87mw0im5r7.fsf@vigenere.g10code.de>
On Tue, 2 Jun 2015 17:33, dkg at fifthhorseman.net said:
> I think it should change to AES256, with explanation below.
I am fine to switch to AES-128 for 2.0 too.
> secret key, it should be the strongest symmetric cipher known to the
> running system. This is probably AES256, not CAST5 or AES128.
Whether AES-256 is stronger than AES-128 in the real world is a pretty
good bike shedding topic. Changing the default cipher to AES-256 should
be the least problem for those who need such a kind of protection.
Here is my reason why AES-128 is a better *default*:
AES-128 | nanosecs/byte mebibytes/sec cycles/byte
CFB enc | 1.77 ns/B 537.9 MiB/s 4.08 c/B
CFB dec | 0.374 ns/B 2548.9 MiB/s 0.861 c/B
OCB enc | 0.527 ns/B 1810.8 MiB/s 1.21 c/B
OCB dec | 0.546 ns/B 1746.0 MiB/s 1.26 c/B
AES-256 | nanosecs/byte mebibytes/sec cycles/byte
CFB enc | 2.42 ns/B 393.6 MiB/s 5.57 c/B
CFB dec | 0.543 ns/B 1755.1 MiB/s 1.25 c/B
OCB enc | 0.695 ns/B 1372.9 MiB/s 1.60 c/B
OCB dec | 0.728 ns/B 1310.2 MiB/s 1.67 c/B
OpenPGP uses CFB mode. I listed OCB in case rfc4880bis will switch to
that mode.
Encrypting with AES-128 is 35% faster than with AES-256.
Decrypting with AES-128 is 45% faster than with AES-256.
It makes a difference whether you need 32 or 45 minutes to encrypt 1TiB.
Yeah, I know this is theoretical because a backup is I/O bounded but
nevertheless AES-256 takes up more CPU resources than AES-128.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From wk at gnupg.org Tue Jun 2 19:08:04 2015
From: wk at gnupg.org (Werner Koch)
Date: Tue, 02 Jun 2015 19:08:04 +0200
Subject: passphrase callback
In-Reply-To: <20150529070517.GC5163@belle.intranet.vanheusden.com>
(folkert@vanheusden.com's message of "Fri, 29 May 2015 09:05:17
+0200")
References: <20150527193008.GA5163@belle.intranet.vanheusden.com>
<20150527210717.GB5163@belle.intranet.vanheusden.com>
<87vbfdyyks.fsf@vigenere.g10code.de>
<20150529070517.GC5163@belle.intranet.vanheusden.com>
Message-ID: <87iob6m423.fsf@vigenere.g10code.de>
On Fri, 29 May 2015 09:05, folkert at vanheusden.com said:
> Ah so there's a mismatch between the gpgme and gpg2 version in debian
> right? Can you confirm this? Then I'll create a debian bug report for
GPGME is independent of GnuPG. In general GPGME checks the GnuPG
version before using a new GnuPG feature. However, when I added the
passphrase-mode feature to GPGME I assumed that it will only be used by
users who require GnuPG 2.1 anyway and thus saved the overhead of
checking the version.
> Yeah but maybe it should emit an error or so. Maybe in debug-mode.
Similar functions (e.g. gpgme_set_progress_cb) work exactly the same
way. In fact they do not hav a way to return an error code.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From wk at gnupg.org Tue Jun 2 19:16:04 2015
From: wk at gnupg.org (Werner Koch)
Date: Tue, 02 Jun 2015 19:16:04 +0200
Subject: for signing; selecting a specific private key
In-Reply-To: <20150531181406.GF5163@belle.intranet.vanheusden.com>
(folkert@vanheusden.com's message of "Sun, 31 May 2015 20:14:06
+0200")
References: <20150531181406.GF5163@belle.intranet.vanheusden.com>
Message-ID: <87eglum3or.fsf@vigenere.g10code.de>
On Sun, 31 May 2015 20:14, folkert at vanheusden.com said:
> In the key ring I have more then 1 private key so I want to select the
> correct one.
> This fails with: "Unusable secret key (117440566)".
Tou run into this error:
/* In this case at least one signatures was not created perhaps
due to a bad passphrase etc. Thus the entire message is
broken and should not be used. We add the already created
signatures to the invalid signers list and thus this case can
be detected. */
TRACE_LOG3 ("result: invalid signers: %u, signatures: %u, count: %u",
inv_signers, signatures, gpgme_signers_count (ctx));
Please enable gpgme debugging at level 3 or higher to get detailed
information.
GPGME_DEBUG=4:/foo/bar/gpgme.log ./program
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From dkg at fifthhorseman.net Tue Jun 2 19:25:39 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Tue, 02 Jun 2015 13:25:39 -0400
Subject: s2k-cipher-mode default
In-Reply-To: <87mw0im5r7.fsf@vigenere.g10code.de>
References: <87d21e9lbo.fsf@alice.fifthhorseman.net>
<87mw0im5r7.fsf@vigenere.g10code.de>
Message-ID: <871thu9g4s.fsf@alice.fifthhorseman.net>
On Tue 2015-06-02 12:31:24 -0400, Werner Koch wrote:
> On Tue, 2 Jun 2015 17:33, dkg at fifthhorseman.net said:
>
>> I think it should change to AES256, with explanation below.
>
> I am fine to switch to AES-128 for 2.0 too.
Any reason to avoid it for the 1.4 branch?
>> secret key, it should be the strongest symmetric cipher known to the
>> running system. This is probably AES256, not CAST5 or AES128.
>
> Whether AES-256 is stronger than AES-128 in the real world is a pretty
> good bike shedding topic. Changing the default cipher to AES-256 should
> be the least problem for those who need such a kind of protection.
>
> Here is my reason why AES-128 is a better *default*:
>
> AES-128 | nanosecs/byte mebibytes/sec cycles/byte
> CFB enc | 1.77 ns/B 537.9 MiB/s 4.08 c/B
> CFB dec | 0.374 ns/B 2548.9 MiB/s 0.861 c/B
> OCB enc | 0.527 ns/B 1810.8 MiB/s 1.21 c/B
> OCB dec | 0.546 ns/B 1746.0 MiB/s 1.26 c/B
>
> AES-256 | nanosecs/byte mebibytes/sec cycles/byte
> CFB enc | 2.42 ns/B 393.6 MiB/s 5.57 c/B
> CFB dec | 0.543 ns/B 1755.1 MiB/s 1.25 c/B
> OCB enc | 0.695 ns/B 1372.9 MiB/s 1.60 c/B
> OCB dec | 0.728 ns/B 1310.2 MiB/s 1.67 c/B
>
> OpenPGP uses CFB mode. I listed OCB in case rfc4880bis will switch to
> that mode.
>
> Encrypting with AES-128 is 35% faster than with AES-256.
> Decrypting with AES-128 is 45% faster than with AES-256.
>
> It makes a difference whether you need 32 or 45 minutes to encrypt
> 1TiB.
This is the case for symmetric backups. For secret key protection, the
time difference is negligible compared to things like passphrase entry.
Do you still think this argument is relevant for secret key protection?
> Yeah, I know this is theoretical because a backup is I/O bounded but
> nevertheless AES-256 takes up more CPU resources than AES-128.
As you say, CPU is not the bottleneck on modern systems dealing with
this kind of data, either large or small. So why not move to stronger
protections against an adversary who might have visibility of the
ciphertext?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL:
From wk at gnupg.org Tue Jun 2 20:38:13 2015
From: wk at gnupg.org (Werner Koch)
Date: Tue, 02 Jun 2015 20:38:13 +0200
Subject: s2k-cipher-mode default
In-Reply-To: <871thu9g4s.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's
message of "Tue, 02 Jun 2015 13:25:39 -0400")
References: <87d21e9lbo.fsf@alice.fifthhorseman.net>
<87mw0im5r7.fsf@vigenere.g10code.de>
<871thu9g4s.fsf@alice.fifthhorseman.net>
Message-ID: <877frmlzvu.fsf@vigenere.g10code.de>
On Tue, 2 Jun 2015 19:25, dkg at fifthhorseman.net said:
>> I am fine to switch to AES-128 for 2.0 too.
>
> Any reason to avoid it for the 1.4 branch?
Can be done.
> This is the case for symmetric backups. For secret key protection, the
> time difference is negligible compared to things like passphrase entry.
Secret key protection does not require that strength. Do you really
thing anyone is using a passphrase (intended to be memorized) with more
than 128 bit of entropy?
Anywa, I won't care whether this is AES-256 or AES-128 - implementation
wise it does not make a real difference to implement one or both.
> As you say, CPU is not the bottleneck on modern systems dealing with
> this kind of data, either large or small. So why not move to stronger
Why using cycles and energy without a reason?
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From dkg at fifthhorseman.net Tue Jun 2 21:01:21 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Tue, 02 Jun 2015 15:01:21 -0400
Subject: s2k-cipher-mode default
In-Reply-To: <877frmlzvu.fsf@vigenere.g10code.de>
References: <87d21e9lbo.fsf@alice.fifthhorseman.net>
<87mw0im5r7.fsf@vigenere.g10code.de> <871thu9g4s.fsf@alice.fifthhorseman.net>
<877frmlzvu.fsf@vigenere.g10code.de>
Message-ID: <87twuq7x4u.fsf@alice.fifthhorseman.net>
On Tue 2015-06-02 14:38:13 -0400, Werner Koch wrote:
> On Tue, 2 Jun 2015 19:25, dkg at fifthhorseman.net said:
>
>>> I am fine to switch to AES-128 for 2.0 too.
>>
>> Any reason to avoid it for the 1.4 branch?
>
> Can be done.
Thanks, making all the branches have the same defaults when they support
the same algorithms seems reasonable to me.
>> This is the case for symmetric backups. For secret key protection, the
>> time difference is negligible compared to things like passphrase entry.
>
> Secret key protection does not require that strength. Do you really
> thing anyone is using a passphrase (intended to be memorized) with more
> than 128 bit of entropy?
No, i suspect that most people are not. But (a) why limit them to it?
and (b) as i mentioned to Robert, depending on the attacks against
AES-128, and how much key material is intended to be protected, there
may be attacks against AES that are significantly more effective than
brute force over the entire keyspace.
> Anywa, I won't care whether this is AES-256 or AES-128 - implementation
> wise it does not make a real difference to implement one or both.
Both are implemented already. I'm asking about what the default should
be.
>> As you say, CPU is not the bottleneck on modern systems dealing with
>> this kind of data, either large or small. So why not move to stronger
>
> Why using cycles and energy without a reason?
To protect data at rest against a powerful adversary, right?
Regards,
--dkg
From gniibe at fsij.org Wed Jun 3 13:49:14 2015
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Wed, 03 Jun 2015 20:49:14 +0900
Subject: Canonical Key Format for ECC?
Message-ID: <556EE9BA.3040209@fsij.org>
Hello,
I'm testing OpenPGPcard specification v3.0 for ECC. Currently,
I'm testing NIST P-256 curve.
I got test key from:
A. Jivsov, Sample Keys and Messages:
https://sites.google.com/site/brainhub/pgpecckeys
and imported.
Then, the private key is created under
.gnupg/private-keys-v1.d/E4403F3FD7A443FAC29FEF288FA0D20AC212851E.key
in the format of:
(private-key(ecc(curve 1.2.840.10045.3.1.7)....))
On the other hand, when we generate a key, it is in the format of:
(private-key(ecc(curve NIST P-256)...))
Those two are same thing, but I think that it's better to use one.
Shouldn't we fix the code (g10/import.c:transfer_secret_keys) to use
the name of curve (instead of OID string)?
--
From dkg at fifthhorseman.net Wed Jun 3 17:03:13 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Wed, 03 Jun 2015 11:03:13 -0400
Subject: Canonical Key Format for ECC?
In-Reply-To: <556EE9BA.3040209@fsij.org>
References: <556EE9BA.3040209@fsij.org>
Message-ID: <87oakw7s26.fsf@alice.fifthhorseman.net>
On Wed 2015-06-03 07:49:14 -0400, NIIBE Yutaka wrote:
> Then, the private key is created under
> .gnupg/private-keys-v1.d/E4403F3FD7A443FAC29FEF288FA0D20AC212851E.key
> in the format of:
>
> (private-key(ecc(curve 1.2.840.10045.3.1.7)....))
>
> On the other hand, when we generate a key, it is in the format of:
>
> (private-key(ecc(curve NIST P-256)...))
>
> Those two are same thing, but I think that it's better to use one.
>
> Shouldn't we fix the code (g10/import.c:transfer_secret_keys) to use
> the name of curve (instead of OID string)?
I like the named format better than the OID format, just because it's
more readable if someone looks in. I don't know anyone who has
memorized the OID space, but i know that the string "NIST P-256" is
meaningful to many of the people who might dig around inside
~/.gnupg/private-keys-v1.d.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL:
From wk at gnupg.org Wed Jun 3 17:45:45 2015
From: wk at gnupg.org (Werner Koch)
Date: Wed, 03 Jun 2015 17:45:45 +0200
Subject: Canonical Key Format for ECC?
In-Reply-To: <556EE9BA.3040209@fsij.org> (NIIBE Yutaka's message of "Wed, 03
Jun 2015 20:49:14 +0900")
References: <556EE9BA.3040209@fsij.org>
Message-ID: <877frkkd7a.fsf@vigenere.g10code.de>
On Wed, 3 Jun 2015 13:49, gniibe at fsij.org said:
> A. Jivsov, Sample Keys and Messages:
> https://sites.google.com/site/brainhub/pgpecckeys
FWIW, the same keys are available at
gnupg/tests/openpgp/samplekeys/ecc-sample-*.asc
> Shouldn't we fix the code (g10/import.c:transfer_secret_keys) to use
> the name of curve (instead of OID string)?
Given that Libgcrypt uses "NIST P-nnn" as canonical names and makes the
OIDs only aliases, this changing makes sense. It requires a few lines
of extra code and my laziness is the only reason I have not done it.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From dkg at fifthhorseman.net Wed Jun 3 19:27:26 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Wed, 3 Jun 2015 13:27:26 -0400
Subject: [PATCH] pinentry_setbufferlen returns pin when already large enough
Message-ID: <1433352446-6643-1-git-send-email-dkg@fifthhorseman.net>
* pinentry/pinentry.c (pinentry_setbufferlen): when pin buffer is
already large enough, return the buffer instead of NULL.
pinentry-curses.c is the only place that checks this return value
now, and it expects this behavior.
--
Signed-Off-By: Daniel Kahn Gillmor
Debian-Bug-Id: 787639
---
pinentry/pinentry.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c
index 9a6a090..94909dc 100644
--- a/pinentry/pinentry.c
+++ b/pinentry/pinentry.c
@@ -435,7 +435,7 @@ pinentry_setbufferlen (pinentry_t pin, int len)
len = 2048;
if (len <= pin->pin_len)
- return NULL;
+ return pin->pin;
newp = secmem_realloc (pin->pin, len);
if (newp)
--
2.1.4
From gniibe at fsij.org Wed Jun 3 23:07:55 2015
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Thu, 04 Jun 2015 06:07:55 +0900
Subject: [PATCH] scd: do_decipher change for OpenPGPcard v3.0
In-Reply-To: <556D37F0.80301@fsij.org>
References: <556D37F0.80301@fsij.org>
Message-ID: <556F6CAB.5060504@fsij.org>
On 06/02/2015 01:58 PM, NIIBE Yutaka wrote:
> This is the change required by current draft of OpenPGPcard v3.0
> specification.
Well, it's published now.
> The decoration was not needed (for me), but, it would make sense,
> perhaps.
>
> I'm going to change Gnuk so that it will support both (w/ decoration
> or w/out decoration).
Tested with Gnuk 1.1.5 using NIST P-256 keys.
OK to apply?
--
From wk at gnupg.org Thu Jun 4 15:55:23 2015
From: wk at gnupg.org (Werner Koch)
Date: Thu, 04 Jun 2015 15:55:23 +0200
Subject: [PATCH] scd: do_decipher change for OpenPGPcard v3.0
In-Reply-To: <556F6CAB.5060504@fsij.org> (NIIBE Yutaka's message of "Thu, 04
Jun 2015 06:07:55 +0900")
References: <556D37F0.80301@fsij.org> <556F6CAB.5060504@fsij.org>
Message-ID: <87sia7h92s.fsf@vigenere.g10code.de>
On Wed, 3 Jun 2015 23:07, gniibe at fsij.org said:
> Tested with Gnuk 1.1.5 using NIST P-256 keys.
>
> OK to apply?
Sure, but in any case you decide.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From neal at walfield.org Thu Jun 4 17:47:34 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Thu, 04 Jun 2015 17:47:34 +0200
Subject: [PATCH] pinentry_setbufferlen returns pin when already large
enough
In-Reply-To: <1433352446-6643-1-git-send-email-dkg@fifthhorseman.net>
References: <1433352446-6643-1-git-send-email-dkg@fifthhorseman.net>
Message-ID: <87zj4fqxux.wl-neal@walfield.org>
Hi Daniel,
At Wed, 3 Jun 2015 13:27:26 -0400,
Daniel Kahn Gillmor wrote:
>
> * pinentry/pinentry.c (pinentry_setbufferlen): when pin buffer is
> already large enough, return the buffer instead of NULL.
> pinentry-curses.c is the only place that checks this return value
> now, and it expects this behavior.
I've applied this with a slightly different change log.
Thanks!
:) Neal
From dkg at fifthhorseman.net Thu Jun 4 19:36:30 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Thu, 04 Jun 2015 13:36:30 -0400
Subject: pinentry-gnome3 and gpg-agent 2.0.28 kbd accelerators not working
Message-ID: <87bngv2x5t.fsf@alice.fifthhorseman.net>
Hi Neal and other pinentry folks--
pinentry-gnome3 doesn't seem to be making proper use of the keyboard
accelerators. Instead, it shows the prefixed underscores, and doesn't
convert them into accelerator shortcuts.
Here's a screenshot (look at "_OK", "_Cancel", and "_Save in Password
manager"):
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pinentry-gnome3.screenshot.small.jpg
Type: image/jpeg
Size: 24474 bytes
Desc: pinentry-gnome3 showing (but not using) keyboard accelerators
URL:
-------------- next part --------------
I looked in the code, but I'm not sure how to fix this. Any pointers?
This is when it is used against GnuPG 2.0.28 on debian unstable.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL:
From neal at walfield.org Thu Jun 4 19:52:34 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Thu, 04 Jun 2015 19:52:34 +0200
Subject: pinentry-gnome3 and gpg-agent 2.0.28 kbd accelerators not working
In-Reply-To: <87bngv2x5t.fsf@alice.fifthhorseman.net>
References: <87bngv2x5t.fsf@alice.fifthhorseman.net>
Message-ID: <87wpzjqs2l.wl-neal@walfield.org>
Hi Daniel,
At Thu, 04 Jun 2015 13:36:30 -0400,
Daniel Kahn Gillmor wrote:
> Hi Neal and other pinentry folks--
>
> pinentry-gnome3 doesn't seem to be making proper use of the keyboard
> accelerators. Instead, it shows the prefixed underscores, and doesn't
> convert them into accelerator shortcuts.
>
> Here's a screenshot (look at "_OK", "_Cancel", and "_Save in Password
> manager"):
>
>
> I looked in the code, but I'm not sure how to fix this. Any pointers?
>
> This is when it is used against GnuPG 2.0.28 on debian unstable.
I just tried something similar on my system and the accelerators are
displayed and work fine. There is probably a bug in the gcr backend
that you are using. I'm on Xfce and thus (AIUI) I get the Gtk+ back
end.
:) Neal
From dkg at fifthhorseman.net Thu Jun 4 20:11:20 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Thu, 04 Jun 2015 14:11:20 -0400
Subject: pinentry-gnome3 and gpg-agent 2.0.28 kbd accelerators not working
In-Reply-To: <87wpzjqs2l.wl-neal@walfield.org>
References: <87bngv2x5t.fsf@alice.fifthhorseman.net>
<87wpzjqs2l.wl-neal@walfield.org>
Message-ID: <87y4jz1gzb.fsf@alice.fifthhorseman.net>
On Thu 2015-06-04 13:52:34 -0400, Neal H. Walfield wrote:
> I just tried something similar on my system and the accelerators are
> displayed and work fine. There is probably a bug in the gcr backend
> that you are using. I'm on Xfce and thus (AIUI) I get the Gtk+ back
> end.
Thanks for the quick response, Neal. another twisty maze of
dependencies for me to track down :/
Can you send a screenshot of what your xfce screenshot looks like? I'll
try to reproduce it here too...
--dkg
From neal at walfield.org Thu Jun 4 20:28:20 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Thu, 04 Jun 2015 20:28:20 +0200
Subject: pinentry-gnome3 and gpg-agent 2.0.28 kbd accelerators not working
In-Reply-To: <87y4jz1gzb.fsf@alice.fifthhorseman.net>
References: <87bngv2x5t.fsf@alice.fifthhorseman.net>
<87wpzjqs2l.wl-neal@walfield.org>
<87y4jz1gzb.fsf@alice.fifthhorseman.net>
Message-ID: <87twunqqez.wl-neal@walfield.org>
At Thu, 04 Jun 2015 14:11:20 -0400,
Daniel Kahn Gillmor wrote:
>
> On Thu 2015-06-04 13:52:34 -0400, Neal H. Walfield wrote:
>
> > I just tried something similar on my system and the accelerators are
> > displayed and work fine. There is probably a bug in the gcr backend
> > that you are using. I'm on Xfce and thus (AIUI) I get the Gtk+ back
> > end.
>
> Thanks for the quick response, Neal. another twisty maze of
> dependencies for me to track down :/
>
> Can you send a screenshot of what your xfce screenshot looks like? I'll
> try to reproduce it here too...
Here are the Assuan commands that I used:
setok _OK
setcancel _Cancel
option default-pwmngr _Save in Password manager
option allow-external-password-cache
setkeyinfo Foo
getpin
The screenshot is attached. Interestingly, the check box's
accelerator is not working, but the OK and Cancel buttons are.
Neal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pinentry-gnome3.png
Type: image/png
Size: 14998 bytes
Desc: not available
URL:
From neal at walfield.org Thu Jun 4 20:31:22 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Thu, 04 Jun 2015 20:31:22 +0200
Subject: pinentry-gnome3 and gpg-agent 2.0.28 kbd accelerators not working
In-Reply-To: <87sia71gf0.fsf@alice.fifthhorseman.net>
References: <87bngv2x5t.fsf@alice.fifthhorseman.net>
<87wpzjqs2l.wl-neal@walfield.org>
<87y4jz1gzb.fsf@alice.fifthhorseman.net>
<87sia71gf0.fsf@alice.fifthhorseman.net>
Message-ID: <87sia7qq9x.wl-neal@walfield.org>
Hi Daniel,
At Thu, 04 Jun 2015 14:23:31 -0400,
Daniel Kahn Gillmor wrote:
> in this case, the accelerators work for Cancel and OK, but they don't
> work for "_Save in password manager".
>
> What's different about our setups that they work for you?
Sorry, as I mentioned in my other message just now, the buttons work
for me, but the checkbox accelerator does not.
> PS i notice one other issue under xfce4 that doesn't happen in gnome3:
> in xfce4, the TAB key is treated as input to the password field, instead
> of switching input fields. shift-TAB, however, does work to cycle
> through the fields in reverse tab order. under GNOME, both TAB and
> shift-TAB work as expected. weirdness...
I just tried it and both tab and shift-tab seem to work normally.
(I'm using Debian Jessie.)
:) Neal
From folkert at vanheusden.com Thu Jun 4 20:59:05 2015
From: folkert at vanheusden.com (folkert)
Date: Thu, 4 Jun 2015 20:59:05 +0200
Subject: for signing; selecting a specific private key
In-Reply-To: <87eglum3or.fsf@vigenere.g10code.de>
References: <20150531181406.GF5163@belle.intranet.vanheusden.com>
<87eglum3or.fsf@vigenere.g10code.de>
Message-ID: <20150604185905.GC9362@belle.intranet.vanheusden.com>
Hi,
> > In the key ring I have more then 1 private key so I want to select the
> > correct one.
> > This fails with: "Unusable secret key (117440566)".
>
> Tou run into this error:
> /* In this case at least one signatures was not created perhaps
> due to a bad passphrase etc. Thus the entire message is
> broken and should not be used. We add the already created
> signatures to the invalid signers list and thus this case can
> be detected. */
I've created a key both with gnupg and gnupg2 both have the same
problem.
> TRACE_LOG3 ("result: invalid signers: %u, signatures: %u, count: %u",
> inv_signers, signatures, gpgme_signers_count (ctx));
This tracing does not appear in eighter the gpg nor the gpg2 key
version.
> Please enable gpgme debugging at level 3 or higher to get detailed
> information.
> GPGME_DEBUG=4:/foo/bar/gpgme.log ./program
gpg key:
-------
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_debug: level=4
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_check_version: call: 0=(nil), req_version=(null), VERSION=1.5.1
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_check_version_internal: call: 0=(nil), req_version=(null), offset_sig_validity=60
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_set_locale: enter: ctx=(nil), category=0, value=C
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_set_locale: leave
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_set_locale: enter: ctx=(nil), category=5, value=C
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_set_locale: leave
GPGME 2015-06-04 18:57:09 <0x1905> gpgme-dinfo: gpgconf='/usr/bin/gpgconf'
GPGME 2015-06-04 18:57:09 <0x1905> gpgme-dinfo: gpg='/usr/bin/gpg2'
GPGME 2015-06-04 18:57:09 <0x1905> gpgme-dinfo: gpgsm='/usr/bin/gpgsm'
GPGME 2015-06-04 18:57:09 <0x1905> gpgme-dinfo: homedir='/home/folkert/.gnupg'
GPGME 2015-06-04 18:57:09 <0x1905> gpgme-dinfo: agent='/home/folkert/.gnupg/S.gpg-agent'
GPGME 2015-06-04 18:57:09 <0x1905> gpgme-dinfo: uisrv='/home/folkert/.gnupg/S.uiserver'
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_new: enter: r_ctx=0x7ffdf87155a8
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_new: leave: ctx=0x16c8810
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_op_keylist_start: enter: ctx=0x16c8810, pattern=14B7E8E6, secret_only=1
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_add_io_cb: call: ctx=0x16c8810, fd 4, dir=1 -> tag=0x16ca6b0
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_add_io_cb: call: ctx=0x16c8810, fd 6, dir=1 -> tag=0x16ca800
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:gpg_io_event: call: gpg=0x16c8c10, event 0x7f6a59a9dad0, type 0, type_data (nil)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_op_keylist_start: leave
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_op_keylist_next: enter: ctx=0x16c8810
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16ca820, need to check
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16ca820, handler (0x16c8c10, 6)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = (nil), line = sec:u:1024:1:D2C2514414B7E8E6:1432752075:::u:::scESC::::::
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = 0x16ca850, line = fpr:::::::::95C76C5EF83943DA2F322CF4D2C2514414B7E8E6:
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = 0x16ca850, line = uid:u::::1432752075::8ECF92C774CE2A15116BEB0B2038DE9D3CCA7A9E::testkey2 (testkey2) :
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = 0x16ca850, line = ssb:u:1024:1:2E197B51ED8059EA:1432752075::::::e::::::
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = 0x16ca850, line = fpr:::::::::47AE514B363C3E225FD474022E197B51ED8059EA:
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = 0x16ca850, line = ssb:u:1024:1:7A26564274D6F5C6:1433074279::::::s::::::
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = 0x16ca850, line = fpr:::::::::61F756F77290CBBCE30988567A26564274D6F5C6:
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16ca820, need to check
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16ca820, handler (0x16c8c10, 6)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = 0x16ca850, line = (null)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:gpg_io_event: call: gpg=0x16c8c10, event 0x7f6a59a9dad0, type 2, type_data 0x16ca850
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_remove_io_cb: call: data=0x16ca800, setting fd 0x6 (item=0x16ca820) done
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_op_keylist_next: leave: key=0x16ca850 (95C76C5EF83943DA2F322CF4D2C2514414B7E8E6)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_release: call: ctx=0x16c8810
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_remove_io_cb: call: data=0x16ca6b0, setting fd 0x4 (item=0x16ca6d0) done
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_new: enter: r_ctx=0x7ffdf8715618
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_new: leave: ctx=0x16ca210
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_op_keylist_start: enter: ctx=0x16ca210, pattern=4BE78BDCF3F5352CF624A6DF3AD6F8118300CC02, secret_only=0
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_add_io_cb: call: ctx=0x16ca210, fd 4, dir=1 -> tag=0x16c9f50
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_add_io_cb: call: ctx=0x16ca210, fd 6, dir=1 -> tag=0x16c9fa0
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:gpg_io_event: call: gpg=0x16c8c10, event 0x7f6a59a9dad0, type 0, type_data (nil)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_op_keylist_start: leave
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_op_keylist_next: enter: ctx=0x16ca210
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16c9fc0, need to check
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16c9fc0, handler (0x16c8c10, 6)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16ca210, key = (nil), line = tru::0:1433443869:2410285847:3:1:5
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16ca210, key = (nil), line = pub:-:1024:17:3AD6F8118300CC02:1039074767:::-:::scESC::::::
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16ca210, key = 0x16cac20, line = fpr:::::::::4BE78BDCF3F5352CF624A6DF3AD6F8118300CC02:
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16ca210, key = 0x16cac20, line = uid:-::::1203999932::275AAD3E991F1962AD510CC96760907BE70FE668::Bla :
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16ca210, key = 0x16cac20, line = uid:-::::1203999938::59689891229F1817EF66BFC63D9D0BB2F45F5209::Bla :
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16ca210, key = 0x16cac20, line = uid:r::::::8A709552E7AB85B53DDAE18A48C0978E5EBF5547::Bla :
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16ca210, key = 0x16cac20, line = sub:-:2048:16:942E547C12A6B1C2:1039075030::::::e::::::
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16ca210, key = 0x16cac20, line = fpr:::::::::E69EF5226BBF7EC14F1D7D96942E547C12A6B1C2:
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16c9f70, need to check
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16c9f70, handler (0x16c8c10, 4)
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_remove_io_cb: call: data=0x16c9f50, setting fd 0x4 (item=0x16c9f70) done
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16c9fc0, need to check
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16c9fc0, handler (0x16c8c10, 6)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16ca210, key = 0x16cac20, line = (null)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:gpg_io_event: call: gpg=0x16c8c10, event 0x7f6a59a9dad0, type 2, type_data 0x16cac20
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_remove_io_cb: call: data=0x16c9fa0, setting fd 0x6 (item=0x16c9fc0) done
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:gpg_io_event: call: gpg=0x16c8c10, event 0x7f6a59a9dad0, type 1, type_data 0x7ffdf8715560
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_op_keylist_next: leave: key=0x16cac20 (4BE78BDCF3F5352CF624A6DF3AD6F8118300CC02)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_release: call: ctx=0x16ca210
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_new: enter: r_ctx=0x7ffdf87155c8
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_new: leave: ctx=0x16ca550
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_set_passphrase_cb: call: ctx=0x16ca550, passphrase_cb=(nil)/(nil)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_set_pinentry_mode: call: ctx=0x16ca550, pinentry_mode=4
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_set_passphrase_cb: call: ctx=0x16ca550, passphrase_cb=0x403420/0x16c8058
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_set_passphrase_cb: call: ctx=0x16ca550, passphrase_cb=0x403420/0x16c8058
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_new: enter: r_ctx=0x7ffdf8715568
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_new: leave: ctx=0x16c8810
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_op_keylist_start: enter: ctx=0x16c8810, pattern=14B7E8E6, secret_only=0
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_add_io_cb: call: ctx=0x16c8810, fd 4, dir=1 -> tag=0x16cd080
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_add_io_cb: call: ctx=0x16c8810, fd 6, dir=1 -> tag=0x16cd1d0
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:gpg_io_event: call: gpg=0x16c9d50, event 0x7f6a59a9dad0, type 0, type_data (nil)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_op_keylist_start: leave
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_op_keylist_next: enter: ctx=0x16c8810
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16cd1f0, need to check
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16cd1f0, handler (0x16c9d50, 6)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = (nil), line = tru::0:1433443869:2410285847:3:1:5
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = (nil), line = pub:u:1024:1:D2C2514414B7E8E6:1432752075:::u:::scESC::::::
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = 0x16cd220, line = fpr:::::::::95C76C5EF83943DA2F322CF4D2C2514414B7E8E6:
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = 0x16cd220, line = uid:u::::1432752075::8ECF92C774CE2A15116BEB0B2038DE9D3CCA7A9E::testkey2 (testkey2) :
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = 0x16cd220, line = sub:u:1024:1:2E197B51ED8059EA:1432752075::::::e::::::
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = 0x16cd220, line = fpr:::::::::47AE514B363C3E225FD474022E197B51ED8059EA:
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = 0x16cd220, line = sub:u:1024:1:7A26564274D6F5C6:1433074279::::::s::::::
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = 0x16cd220, line = fpr:::::::::61F756F77290CBBCE30988567A26564274D6F5C6:
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16cd0a0, need to check
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16cd0a0, handler (0x16c9d50, 4)
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_remove_io_cb: call: data=0x16cd080, setting fd 0x4 (item=0x16cd0a0) done
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16cd1f0, need to check
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16cd1f0, handler (0x16c9d50, 6)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:keylist_colon_handler: call: ctx=0x16c8810, key = 0x16cd220, line = (null)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:gpg_io_event: call: gpg=0x16c9d50, event 0x7f6a59a9dad0, type 2, type_data 0x16cd220
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_remove_io_cb: call: data=0x16cd1d0, setting fd 0x6 (item=0x16cd1f0) done
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:gpg_io_event: call: gpg=0x16c9d50, event 0x7f6a59a9dad0, type 1, type_data 0x7ffdf87154c0
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_op_keylist_next: leave: key=0x16cd220 (95C76C5EF83943DA2F322CF4D2C2514414B7E8E6)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_release: call: ctx=0x16c8810
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_signers_clear: call: ctx=0x16ca550
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_signers_add: enter: ctx=0x16ca550, key=0x16ca850 (95C76C5EF83943DA2F322CF4D2C2514414B7E8E6)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_signers_add: leave
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_op_encrypt_sign: enter: ctx=0x16ca550, flags=0x1, plain=0x16caf80, cipher=0x16cbfd0
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_op_encrypt_sign: check: ctx=0x16ca550, recipient[0] = 0x16cd220 (95C76C5EF83943DA2F322CF4D2C2514414B7E8E6)
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_sig_notation_get: call: ctx=0x16ca550, ctx->sig_notations=(nil)
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_add_io_cb: call: ctx=0x16ca550, fd 4, dir=1 -> tag=0x16ca070
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_add_io_cb: call: ctx=0x16ca550, fd 8, dir=1 -> tag=0x16ca1c0
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_add_io_cb: call: ctx=0x16ca550, fd 11, dir=0 -> tag=0x16ca210
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:gpg_io_event: call: gpg=0x16c9d50, event 0x7f6a59a9dad0, type 0, type_data (nil)
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16ca230, need to check
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16ca230, handler (0x16caf80, 11)
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_data_outbound_handler: enter: dh=0x16caf80, fd=0xb
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_data_outbound_handler: leave
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16ca230, need to check
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16ca230, handler (0x16caf80, 11)
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_data_outbound_handler: enter: dh=0x16caf80, fd=0xb
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_remove_io_cb: call: data=0x16ca210, setting fd 0xb (item=0x16ca230) done
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_data_outbound_handler: leave
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16ca090, need to check
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16ca090, handler (0x16c9d50, 4)
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16ca090, need to check
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_run_io_cb: call: item=0x16ca090, handler (0x16c9d50, 4)
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_cancel_with_err: enter: ctx=0x16ca550, ctx_err=117440566, op_err=0
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_remove_io_cb: call: data=0x16ca070, setting fd 0x4 (item=0x16ca090) done
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_remove_io_cb: call: data=0x16ca1c0, setting fd 0x8 (item=0x16ca1e0) done
GPGME 2015-06-04 18:57:09 <0x1905> gpgme:gpg_io_event: call: gpg=0x16c9d50, event 0x7f6a59a9dad0, type 1, type_data 0x7ffdf87154c0
GPGME 2015-06-04 18:57:09 <0x1905> _gpgme_cancel_with_err: leave
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_op_encrypt_sign: error: Unusable secret key
GPGME 2015-06-04 18:57:09 <0x1905> gpgme_release: call: ctx=0x16ca550
gpg2 key:
--------
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_debug: level=4
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_check_version: call: 0=(nil), req_version=(null), VERSION=1.5.1
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_check_version_internal: call: 0=(nil), req_version=(null), offset_sig_validity=60
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_set_locale: enter: ctx=(nil), category=0, value=C
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_set_locale: leave
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_set_locale: enter: ctx=(nil), category=5, value=C
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_set_locale: leave
GPGME 2015-06-04 18:58:16 <0x1927> gpgme-dinfo: gpgconf='/usr/bin/gpgconf'
GPGME 2015-06-04 18:58:16 <0x1927> gpgme-dinfo: gpg='/usr/bin/gpg2'
GPGME 2015-06-04 18:58:16 <0x1927> gpgme-dinfo: gpgsm='/usr/bin/gpgsm'
GPGME 2015-06-04 18:58:16 <0x1927> gpgme-dinfo: homedir='/home/folkert/.gnupg'
GPGME 2015-06-04 18:58:16 <0x1927> gpgme-dinfo: agent='/home/folkert/.gnupg/S.gpg-agent'
GPGME 2015-06-04 18:58:16 <0x1927> gpgme-dinfo: uisrv='/home/folkert/.gnupg/S.uiserver'
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_new: enter: r_ctx=0x7fff5afd07a8
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_new: leave: ctx=0x20c0810
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_op_keylist_start: enter: ctx=0x20c0810, pattern=0BF38589, secret_only=1
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_add_io_cb: call: ctx=0x20c0810, fd 4, dir=1 -> tag=0x20c26b0
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_add_io_cb: call: ctx=0x20c0810, fd 6, dir=1 -> tag=0x20c2800
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:gpg_io_event: call: gpg=0x20c0c10, event 0x7fd8b1a20ad0, type 0, type_data (nil)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_op_keylist_start: leave
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_op_keylist_next: enter: ctx=0x20c0810
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c2820, need to check
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c2820, handler (0x20c0c10, 6)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = (nil), line = sec:u:2048:1:CC73A8A60BF38589:1433443717:::u:::scESC::::::
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c2850, line = fpr:::::::::20CD3FF80DA6C1E46CD9F135CC73A8A60BF38589:
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c2850, line = uid:u::::1433443717::9963CFDE0C8920AD077B06A281992C4008E67E4F::testkey3 (testkey3) :
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c2850, line = ssb:u:2048:1:22317805D48C1491:1433443717::::::e::::::
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c2850, line = fpr:::::::::FB6FFB7D8BEC710A745DE86C22317805D48C1491:
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c26d0, need to check
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c26d0, handler (0x20c0c10, 4)
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_remove_io_cb: call: data=0x20c26b0, setting fd 0x4 (item=0x20c26d0) done
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c2820, need to check
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c2820, handler (0x20c0c10, 6)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c2850, line = (null)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:gpg_io_event: call: gpg=0x20c0c10, event 0x7fd8b1a20ad0, type 2, type_data 0x20c2850
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_remove_io_cb: call: data=0x20c2800, setting fd 0x6 (item=0x20c2820) done
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:gpg_io_event: call: gpg=0x20c0c10, event 0x7fd8b1a20ad0, type 1, type_data 0x7fff5afd0700
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_op_keylist_next: leave: key=0x20c2850 (20CD3FF80DA6C1E46CD9F135CC73A8A60BF38589)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_release: call: ctx=0x20c0810
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_new: enter: r_ctx=0x7fff5afd0818
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_new: leave: ctx=0x20c2210
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_op_keylist_start: enter: ctx=0x20c2210, pattern=4BE78BDCF3F5352CF624A6DF3AD6F8118300CC02, secret_only=0
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_add_io_cb: call: ctx=0x20c2210, fd 4, dir=1 -> tag=0x20c1f50
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_add_io_cb: call: ctx=0x20c2210, fd 6, dir=1 -> tag=0x20c1fa0
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:gpg_io_event: call: gpg=0x20c0c10, event 0x7fd8b1a20ad0, type 0, type_data (nil)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_op_keylist_start: leave
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_op_keylist_next: enter: ctx=0x20c2210
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c1fc0, need to check
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c1fc0, handler (0x20c0c10, 6)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = (nil), line = tru::0:1433443869:2410285847:3:1:5
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = (nil), line = pub:-:1024:17:3AD6F8118300CC02:1039074767:::-:::scESC::::::
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = 0x20c2b70, line = fpr:::::::::4BE78BDCF3F5352CF624A6DF3AD6F8118300CC02:
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = 0x20c2b70, line = uid:-::::1203999932::275AAD3E991F1962AD510CC96760907BE70FE668::Bla :
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = 0x20c2b70, line = uid:-::::1203999938::59689891229F1817EF66BFC63D9D0BB2F45F5209::Bla :
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = 0x20c2b70, line = uid:r::::::8A709552E7AB85B53DDAE18A48C0978E5EBF5547::Bla :
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = 0x20c2b70, line = sub:-:2048:16:942E547C12A6B1C2:1039075030::::::e::::::
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = 0x20c2b70, line = fpr:::::::::E69EF5226BBF7EC14F1D7D96942E547C12A6B1C2:
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c1f70, need to check
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c1f70, handler (0x20c0c10, 4)
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_remove_io_cb: call: data=0x20c1f50, setting fd 0x4 (item=0x20c1f70) done
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c1fc0, need to check
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c1fc0, handler (0x20c0c10, 6)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c2210, key = 0x20c2b70, line = (null)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:gpg_io_event: call: gpg=0x20c0c10, event 0x7fd8b1a20ad0, type 2, type_data 0x20c2b70
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_remove_io_cb: call: data=0x20c1fa0, setting fd 0x6 (item=0x20c1fc0) done
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:gpg_io_event: call: gpg=0x20c0c10, event 0x7fd8b1a20ad0, type 1, type_data 0x7fff5afd0760
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_op_keylist_next: leave: key=0x20c2b70 (4BE78BDCF3F5352CF624A6DF3AD6F8118300CC02)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_release: call: ctx=0x20c2210
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_new: enter: r_ctx=0x7fff5afd07c8
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_new: leave: ctx=0x20c2550
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_set_passphrase_cb: call: ctx=0x20c2550, passphrase_cb=(nil)/(nil)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_set_pinentry_mode: call: ctx=0x20c2550, pinentry_mode=4
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_set_passphrase_cb: call: ctx=0x20c2550, passphrase_cb=0x403420/0x20c0058
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_set_passphrase_cb: call: ctx=0x20c2550, passphrase_cb=0x403420/0x20c0058
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_new: enter: r_ctx=0x7fff5afd0768
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_new: leave: ctx=0x20c0810
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_op_keylist_start: enter: ctx=0x20c0810, pattern=0BF38589, secret_only=0
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_add_io_cb: call: ctx=0x20c0810, fd 4, dir=1 -> tag=0x20c4fd0
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_add_io_cb: call: ctx=0x20c0810, fd 6, dir=1 -> tag=0x20c5120
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:gpg_io_event: call: gpg=0x20c1d50, event 0x7fd8b1a20ad0, type 0, type_data (nil)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_op_keylist_start: leave
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_op_keylist_next: enter: ctx=0x20c0810
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c5140, need to check
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c5140, handler (0x20c1d50, 6)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = (nil), line = tru::0:1433443869:2410285847:3:1:5
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = (nil), line = pub:u:2048:1:CC73A8A60BF38589:1433443717:::u:::scESC::::::
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c5170, line = fpr:::::::::20CD3FF80DA6C1E46CD9F135CC73A8A60BF38589:
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c5170, line = uid:u::::1433443717::9963CFDE0C8920AD077B06A281992C4008E67E4F::testkey3 (testkey3) :
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c5170, line = sub:u:2048:1:22317805D48C1491:1433443717::::::e::::::
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c5170, line = fpr:::::::::FB6FFB7D8BEC710A745DE86C22317805D48C1491:
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c4ff0, need to check
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c4ff0, handler (0x20c1d50, 4)
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_remove_io_cb: call: data=0x20c4fd0, setting fd 0x4 (item=0x20c4ff0) done
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c5140, need to check
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c5140, handler (0x20c1d50, 6)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:keylist_colon_handler: call: ctx=0x20c0810, key = 0x20c5170, line = (null)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:gpg_io_event: call: gpg=0x20c1d50, event 0x7fd8b1a20ad0, type 2, type_data 0x20c5170
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_remove_io_cb: call: data=0x20c5120, setting fd 0x6 (item=0x20c5140) done
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:gpg_io_event: call: gpg=0x20c1d50, event 0x7fd8b1a20ad0, type 1, type_data 0x7fff5afd06c0
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_op_keylist_next: leave: key=0x20c5170 (20CD3FF80DA6C1E46CD9F135CC73A8A60BF38589)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_release: call: ctx=0x20c0810
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_signers_clear: call: ctx=0x20c2550
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_signers_add: enter: ctx=0x20c2550, key=0x20c2850 (20CD3FF80DA6C1E46CD9F135CC73A8A60BF38589)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_signers_add: leave
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_op_encrypt_sign: enter: ctx=0x20c2550, flags=0x1, plain=0x20c2ed0, cipher=0x20c3f20
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_op_encrypt_sign: check: ctx=0x20c2550, recipient[0] = 0x20c5170 (20CD3FF80DA6C1E46CD9F135CC73A8A60BF38589)
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_sig_notation_get: call: ctx=0x20c2550, ctx->sig_notations=(nil)
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_add_io_cb: call: ctx=0x20c2550, fd 4, dir=1 -> tag=0x20c2070
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_add_io_cb: call: ctx=0x20c2550, fd 8, dir=1 -> tag=0x20c21c0
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_add_io_cb: call: ctx=0x20c2550, fd 11, dir=0 -> tag=0x20c2210
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:gpg_io_event: call: gpg=0x20c1d50, event 0x7fd8b1a20ad0, type 0, type_data (nil)
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c2230, need to check
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c2230, handler (0x20c2ed0, 11)
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_data_outbound_handler: enter: dh=0x20c2ed0, fd=0xb
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_data_outbound_handler: leave
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c2230, need to check
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c2230, handler (0x20c2ed0, 11)
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_data_outbound_handler: enter: dh=0x20c2ed0, fd=0xb
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_remove_io_cb: call: data=0x20c2210, setting fd 0xb (item=0x20c2230) done
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_data_outbound_handler: leave
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c2090, need to check
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c2090, handler (0x20c1d50, 4)
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c2090, need to check
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_run_io_cb: call: item=0x20c2090, handler (0x20c1d50, 4)
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_cancel_with_err: enter: ctx=0x20c2550, ctx_err=117440566, op_err=0
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_remove_io_cb: call: data=0x20c2070, setting fd 0x4 (item=0x20c2090) done
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_remove_io_cb: call: data=0x20c21c0, setting fd 0x8 (item=0x20c21e0) done
GPGME 2015-06-04 18:58:16 <0x1927> gpgme:gpg_io_event: call: gpg=0x20c1d50, event 0x7fd8b1a20ad0, type 1, type_data 0x7fff5afd06c0
GPGME 2015-06-04 18:58:16 <0x1927> _gpgme_cancel_with_err: leave
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_op_encrypt_sign: error: Unusable secret key
GPGME 2015-06-04 18:58:16 <0x1927> gpgme_release: call: ctx=0x20c2550
Folkert van Heusden
From ueno at gnu.org Tue Jun 2 10:56:44 2015
From: ueno at gnu.org (Daiki Ueno)
Date: Tue, 02 Jun 2015 17:56:44 +0900
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
In-Reply-To: <874mms4tzc.wl-neal@walfield.org> (Neal H. Walfield's message of
"Sun, 31 May 2015 18:00:55 +0200")
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
Message-ID:
Hello Neal,
Thanks for the thorough review, responses are inlined below.
By the way, on second thoughts, I ended up with a specialized protocol
for this, to avoid unnecessary character escaping and encoding
conversion (and also reconnecting to a socket every time). The protocol
is actually a subset of the Pinentry Assuan protocol, and implemented in
pinentry.el, which shall be included in Emacs, maybe under lisp/net/ or
ELPA.
I'm attaching the new patch and pinentry.el. To test, use "M-x
pinentry-start" instead of "M-x server-start".
"Neal H. Walfield" writes:
>> +if test "$pinentry_emacs" = "maybe"; then
>> + AC_MSG_CHECKING([if Unix domain socket is supported])
>
> I think we should check for != "no" here. If pinentry_emacs is yes,
> but we don't support unix domain sockets, then it would be better to
> error out here than when compiling the code. Do you agree?
Yes, exactly. Fixed.
>> +#include
>
> As far as I can tell, this include is gratuitious.
Removed.
>> + if (strlen (tmpdir) + strlen (socket_name) + 10 + 2
>> + >= sizeof (emacs_server_address.sun_path))
[...]
>> + sprintf (emacs_server_address.sun_path, "%s/emacs%lu/%s",
>> + tmpdir, (unsigned long) uid, socket_name);
>
> I think the check above is wrong. It should be something like:
>
> if (strlen (tmpdir) + strlen("/emacs") + 10 + strlen("/")
> + strlen (socket_name) + 1
> >= sizeof (emacs_server_address.sun_path))
Right, thanks for pointing that out. Fixed using the correct formula.
>> + if (connect (s, (struct sockaddr *) &emacs_server_address,
>> + strlen (emacs_server_address.sun_path) + 2) < 0)
>
> Why don't you just use 'sizeof (emacs_server_address)' here? I really
> don't like the magic number 2 here.
Fixed using SUN_LEN from GnuPG.
>> + if (strprefix ("-print ", p))
> Does it make sense to emit a warning if there is a line with an
> unrecognized prefix? As far as I can see, lines with unknown commands
> are currently ignored.
Yes, added warnings.
>> + sprintf (command, "(" CALLBACK_NAME " \"%s\" %s)",
>> + name, quoted_value);
>> + if (quoted_value != nil)
>> + free (quoted_value);
>
> Here's another instance where I'd strongly prefer something like
> asprintf.
Yes. Those allocation and copying are no longer necessary with the new
protocol.
>> + quoted_command = build_command (name, local_value);
>> + if (local_value != value)
>> + free (local_value);
>
> I think this comparison is useless. If value is not NULL, then we
> call pinentry_utf8_to_local, which always allocates a new buffer.
Good point. Likewise to the above, the extra allocation is not needed
anymore.
> Does emacs not support setting custom button labels?
Yes, it could. However, for a password query, labels would be too
verbose to be shown in the minibuffer. So, in pinentry.el, they are
only used for a confirmation query.
> If pe->prompt is NULL, then you should fallback to pe->default_prompt.
Fixed.
> If you have time, it would be nice to add support for the external
> password manager checkbox. In the very least, please note the lack of
> this support with an XXX comment in the source code.
Sure, added a comment.
>> + if (pe->repeat_passphrase)
>> + pe->repeat_okay = 1;
>
> Why are you setting this if the user didn't actually enter the
> password twice?
I implemented the repeat feature in the new patch.
>> +int
>> +do_confirm (pinentry_t pe)
[...]
>> + set_value (pe, "SETPROMPT", pe->prompt);
>
> Again, please fallback to pe->default_prompt.
Fixed.
> Any reason, there is no support for custom button labels? Also, what
> about support for the other button? If this is not yet possible,
> please note it with an XXX comment.
Fixed.
>> -#if defined FALLBACK_CURSES || defined PINENTRY_CURSES || defined
>> PINENTRY_GTK
>> +#if defined FALLBACK_CURSES || defined INSIDE_EMACS || defined
>> PINENTRY_CURSES || defined PINENTRY_GTK
>> char *
>> pinentry_utf8_to_local (const char *lc_ctype, const char *text)
>> {
>
> I think we should check if PINENTRY_EMACS is defined, not INSIDE_EMACS
> here.
I reverted this change since the patch no longer uses
pinentry_utf8_to_local.
Regards,
--
Daiki Ueno
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-inside-Emacs-mode-to-GUI-pinentry-programs.patch
Type: text/x-patch
Size: 33333 bytes
Desc: not available
URL:
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: pinentry.el
URL:
From neal at walfield.org Wed Jun 3 14:49:27 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Wed, 03 Jun 2015 14:49:27 +0200
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
In-Reply-To:
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
Message-ID: <873829rm7c.wl-neal@walfield.org>
Hi Daiki,
I just took a quick look and it seems good. I'll have time to do a
thorough review tomorrow (Thursday).
:) Neal
At Tue, 02 Jun 2015 17:56:44 +0900,
Daiki Ueno wrote:
>
> [1 ]
> Hello Neal,
>
> Thanks for the thorough review, responses are inlined below.
>
> By the way, on second thoughts, I ended up with a specialized protocol
> for this, to avoid unnecessary character escaping and encoding
> conversion (and also reconnecting to a socket every time). The protocol
> is actually a subset of the Pinentry Assuan protocol, and implemented in
> pinentry.el, which shall be included in Emacs, maybe under lisp/net/ or
> ELPA.
>
> I'm attaching the new patch and pinentry.el. To test, use "M-x
> pinentry-start" instead of "M-x server-start".
>
> "Neal H. Walfield" writes:
>
> >> +if test "$pinentry_emacs" = "maybe"; then
> >> + AC_MSG_CHECKING([if Unix domain socket is supported])
> >
> > I think we should check for != "no" here. If pinentry_emacs is yes,
> > but we don't support unix domain sockets, then it would be better to
> > error out here than when compiling the code. Do you agree?
>
> Yes, exactly. Fixed.
>
> >> +#include
> >
> > As far as I can tell, this include is gratuitious.
>
> Removed.
>
> >> + if (strlen (tmpdir) + strlen (socket_name) + 10 + 2
> >> + >= sizeof (emacs_server_address.sun_path))
> [...]
> >> + sprintf (emacs_server_address.sun_path, "%s/emacs%lu/%s",
> >> + tmpdir, (unsigned long) uid, socket_name);
> >
> > I think the check above is wrong. It should be something like:
> >
> > if (strlen (tmpdir) + strlen("/emacs") + 10 + strlen("/")
> > + strlen (socket_name) + 1
> > >= sizeof (emacs_server_address.sun_path))
>
> Right, thanks for pointing that out. Fixed using the correct formula.
>
> >> + if (connect (s, (struct sockaddr *) &emacs_server_address,
> >> + strlen (emacs_server_address.sun_path) + 2) < 0)
> >
> > Why don't you just use 'sizeof (emacs_server_address)' here? I really
> > don't like the magic number 2 here.
>
> Fixed using SUN_LEN from GnuPG.
>
> >> + if (strprefix ("-print ", p))
>
> > Does it make sense to emit a warning if there is a line with an
> > unrecognized prefix? As far as I can see, lines with unknown commands
> > are currently ignored.
>
> Yes, added warnings.
>
> >> + sprintf (command, "(" CALLBACK_NAME " \"%s\" %s)",
> >> + name, quoted_value);
> >> + if (quoted_value != nil)
> >> + free (quoted_value);
> >
> > Here's another instance where I'd strongly prefer something like
> > asprintf.
>
> Yes. Those allocation and copying are no longer necessary with the new
> protocol.
>
> >> + quoted_command = build_command (name, local_value);
> >> + if (local_value != value)
> >> + free (local_value);
> >
> > I think this comparison is useless. If value is not NULL, then we
> > call pinentry_utf8_to_local, which always allocates a new buffer.
>
> Good point. Likewise to the above, the extra allocation is not needed
> anymore.
>
> > Does emacs not support setting custom button labels?
>
> Yes, it could. However, for a password query, labels would be too
> verbose to be shown in the minibuffer. So, in pinentry.el, they are
> only used for a confirmation query.
>
> > If pe->prompt is NULL, then you should fallback to pe->default_prompt.
>
> Fixed.
>
> > If you have time, it would be nice to add support for the external
> > password manager checkbox. In the very least, please note the lack of
> > this support with an XXX comment in the source code.
>
> Sure, added a comment.
>
> >> + if (pe->repeat_passphrase)
> >> + pe->repeat_okay = 1;
> >
> > Why are you setting this if the user didn't actually enter the
> > password twice?
>
> I implemented the repeat feature in the new patch.
>
> >> +int
> >> +do_confirm (pinentry_t pe)
> [...]
> >> + set_value (pe, "SETPROMPT", pe->prompt);
> >
> > Again, please fallback to pe->default_prompt.
>
> Fixed.
>
> > Any reason, there is no support for custom button labels? Also, what
> > about support for the other button? If this is not yet possible,
> > please note it with an XXX comment.
>
> Fixed.
>
> >> -#if defined FALLBACK_CURSES || defined PINENTRY_CURSES || defined
> >> PINENTRY_GTK
> >> +#if defined FALLBACK_CURSES || defined INSIDE_EMACS || defined
> >> PINENTRY_CURSES || defined PINENTRY_GTK
> >> char *
> >> pinentry_utf8_to_local (const char *lc_ctype, const char *text)
> >> {
> >
> > I think we should check if PINENTRY_EMACS is defined, not INSIDE_EMACS
> > here.
>
> I reverted this change since the patch no longer uses
> pinentry_utf8_to_local.
>
> Regards,
> --
> Daiki Ueno
> [2 0001-Add-inside-Emacs-mode-to-GUI-pinentry-programs.patch ]
> From 14789d2bfa4fd7931a0191a1379d3fcd449e12aa Mon Sep 17 00:00:00 2001
> From: Daiki Ueno
> Date: Wed, 27 May 2015 17:06:08 +0900
> Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
>
> * configure.ac: Add --enable-pinentry-emacs and
> --enable-inside-emacs option.
> (BUILD_LIBPINENTRY_EMACS): New conditional.
> (BUILD_PINENTRY_EMACS): New conditional.
> (INSIDE_EMACS): New conditional.
> * Makefile.am (pinentry_emacs): New.
> (SUBDIRS): Add "emacs" subdir if PINENTRY_EMACS is set.
>
> * pinentry/pinentry-emacs.h: New file.
> * pinentry/pinentry-emacs.c: New file.
> * pinentry/Makefile.am: New file.
>
> * emacs/pinentry-emacs.c: New file.
> * emacs/Makefile.am: New file.
>
> * qt4/Makefile.am (libemacs): New variable, set if the
> INSIDE_EMACS conditional is true.
> (pinentry_qt4_LDADD): Add $(libemacs).
> * qt4/main.cpp (main): Set pinentry_cmd_handler if
> the INSIDE_EMACS envvar is set and the socket is usable.
>
> * gnome3/Makefile.am (libemacs): New variable, set if the
> INSIDE_EMACS conditional is true.
> (LDADD): Add $(libemacs).
> * gnome3/pinentry-gnome3.c (main): Set pinentry_cmd_handler if
> the INSIDE_EMACS envvar is set and the socket is usable.
>
> * gtk+-2/Makefile.am (libemacs): New variable, set if the INSIDE_EMACS
> conditional is true.
> (LDADD): Add $(libemacs).
> * gtk+-2/pinentry-gtk-2.c (main): Set pinentry_cmd_handler if
> the INSIDE_EMACS envvar is set and the socket is usable.
> ---
> Makefile.am | 10 +-
> configure.ac | 60 +++++
> emacs/Makefile.am | 29 +++
> emacs/pinentry-emacs.c | 47 ++++
> gnome3/Makefile.am | 8 +-
> gnome3/pinentry-gnome3.c | 21 +-
> gtk+-2/Makefile.am | 8 +-
> gtk+-2/pinentry-gtk-2.c | 25 +-
> pinentry/Makefile.am | 9 +-
> pinentry/pinentry-emacs.c | 640 ++++++++++++++++++++++++++++++++++++++++++++++
> pinentry/pinentry-emacs.h | 41 +++
> qt4/Makefile.am | 9 +-
> qt4/main.cpp | 93 ++++---
> 13 files changed, 941 insertions(+), 59 deletions(-)
> create mode 100644 emacs/Makefile.am
> create mode 100644 emacs/pinentry-emacs.c
> create mode 100644 pinentry/pinentry-emacs.c
> create mode 100644 pinentry/pinentry-emacs.h
>
> diff --git a/Makefile.am b/Makefile.am
> index 177f37e..388464e 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -40,6 +40,12 @@ else
> pinentry_tty =
> endif
>
> +if BUILD_PINENTRY_EMACS
> +pinentry_emacs = emacs
> +else
> +pinentry_emacs =
> +endif
> +
> if BUILD_PINENTRY_GTK_2
> pinentry_gtk_2 = gtk+-2
> else
> @@ -65,8 +71,8 @@ pinentry_w32 =
> endif
>
> SUBDIRS = assuan secmem pinentry ${pinentry_curses} ${pinentry_tty} \
> - ${pinentry_gtk_2} ${pinentry_gnome_3} ${pinentry_qt4} \
> - ${pinentry_w32} doc
> + ${pinentry_emacs} ${pinentry_gtk_2} ${pinentry_gnome_3} \
> + ${pinentry_qt4} ${pinentry_w32} doc
>
>
> install-exec-local:
> diff --git a/configure.ac b/configure.ac
> index 9948d1f..abc248e 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -271,6 +271,63 @@ if test "$pinentry_curses" = "yes" \
> fi
> fi
>
> +dnl
> +dnl Check for emacs pinentry program.
> +dnl
> +AC_ARG_ENABLE(pinentry-emacs,
> + AC_HELP_STRING([--enable-pinentry-emacs], [build emacs pinentry]),
> + pinentry_emacs=$enableval, pinentry_emacs=maybe)
> +AC_ARG_ENABLE(inside-emacs,
> + AC_HELP_STRING([--enable-inside-emacs], [include emacs hack]),
> + inside_emacs=$enableval, inside_emacs=maybe)
> +
> +if test "$pinentry_emacs" != "no"; then
> + AC_MSG_CHECKING([if Unix domain socket is supported])
> + AC_TRY_COMPILE([
> +#include
> +#include
> +],
> + [int s = socket (AF_UNIX, SOCK_STREAM, 0);],
> + [_unixsock_works=yes],
> + [_unixsock_works=no])
> + AC_MSG_RESULT($_unixsock_works)
> + if test "$_unixsock_works" = "yes"; then
> + pinentry_emacs=yes
> + else
> + if test "$pinentry_emacs" = "yes"; then
> + AC_MSG_ERROR([[
> +***
> +*** Support for Unix domain sockets is required.
> +***]])
> + fi
> + pinentry_emacs=no
> + fi
> +fi
> +
> +if test "$inside_emacs" = "maybe"; then
> + if test "$pinentry_emacs" = "yes"; then
> + inside_emacs=yes
> + else
> + inside_emacs=no
> + fi
> +fi
> +
> +AM_CONDITIONAL(BUILD_LIBPINENTRY_EMACS,
> + test "$pinentry_emacs" = "yes" -o "$inside_emacs" = "yes")
> +AM_CONDITIONAL(BUILD_PINENTRY_EMACS, test "$pinentry_emacs" = "yes")
> +AM_CONDITIONAL(INSIDE_EMACS, test "$inside_emacs" = "yes")
> +
> +if test "$pinentry_emacs" = "yes"; then
> + AC_DEFINE(PINENTRY_EMACS, 1,
> + [The Emacs version of Pinentry is to be build])
> +fi
> +
> +if test "$inside_emacs" = "yes"; then
> + inside_emacs=yes
> + AC_DEFINE(INSIDE_EMACS, 1,
> + [The GUI pinentries should respect INSIDE_EMACS envvar.])
> +fi
> +
>
>
> dnl
> @@ -512,6 +569,7 @@ secmem/Makefile
> pinentry/Makefile
> curses/Makefile
> tty/Makefile
> +emacs/Makefile
> gtk+-2/Makefile
> gnome3/Makefile
> qt4/Makefile
> @@ -531,12 +589,14 @@ AC_MSG_NOTICE([
>
> Curses Pinentry ..: $pinentry_curses
> TTY Pinentry .....: $pinentry_tty
> + Emacs Pinentry ...: $pinentry_emacs
> GTK+-2 Pinentry ..: $pinentry_gtk_2
> GNOME 3 Pinentry .: $pinentry_gnome_3
> Qt4 Pinentry .....: $pinentry_qt4 $pinentry_qt4_clip_msg
> W32 Pinentry .....: $pinentry_w32
>
> Fallback to Curses: $fallback_curses
> + Inside-EMACS mode : $inside_emacs
>
> libsecret ........: $libsecret
>
> diff --git a/emacs/Makefile.am b/emacs/Makefile.am
> new file mode 100644
> index 0000000..a0bfe6c
> --- /dev/null
> +++ b/emacs/Makefile.am
> @@ -0,0 +1,29 @@
> +# Makefile.am - PIN entry emacs frontend.
> +# Copyright (C) 2002, 2015 g10 Code GmbH
> +#
> +# This file is part of PINENTRY.
> +#
> +# PINENTRY is free software; you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation; either version 2 of the License, or
> +# (at your option) any later version.
> +#
> +# PINENTRY is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License
> +# along with this program; if not, write to the Free Software
> +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
> +
> +## Process this file with automake to produce Makefile.in
> +
> +bin_PROGRAMS = pinentry-emacs
> +
> +AM_CPPFLAGS = $(COMMON_CFLAGS) $(NEMACS_INCLUDE) -I$(top_srcdir)/pinentry
> +LDADD = ../pinentry/libpinentry.a ../pinentry/libpinentry-emacs.a \
> + ../assuan/libassuan.a ../secmem/libsecmem.a \
> + $(COMMON_LIBS) $(LIBCAP) $(LIBEMACS) $(LIBICONV)
> +
> +pinentry_emacs_SOURCES = pinentry-emacs.c
> diff --git a/emacs/pinentry-emacs.c b/emacs/pinentry-emacs.c
> new file mode 100644
> index 0000000..de4ca05
> --- /dev/null
> +++ b/emacs/pinentry-emacs.c
> @@ -0,0 +1,47 @@
> +/* pinentry-emacs.c - A secure emacs dialog for PIN entry, library version
> + Copyright (C) 2015 Daiki Ueno
> +
> + This file is part of PINENTRY.
> +
> + PINENTRY is free software; you can redistribute it and/or modify it
> + under the terms of the GNU General Public License as published by
> + the Free Software Foundation; either version 2 of the License, or
> + (at your option) any later version.
> +
> + PINENTRY is distributed in the hope that it will be useful, but
> + WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + General Public License for more details.
> +
> + You should have received a copy of the GNU General Public License
> + along with this program; if not, see .
> +*/
> +
> +#ifdef HAVE_CONFIG_H
> +#include
> +#endif
> +
> +#include
> +#include
> +
> +#include "pinentry.h"
> +#include "pinentry-emacs.h"
> +
> +pinentry_cmd_handler_t pinentry_cmd_handler = emacs_cmd_handler;
> +
> +
> +int
> +main (int argc, char *argv[])
> +{
> + pinentry_init ("pinentry-emacs");
> +
> + if (!pinentry_emacs_init ())
> + return 1;
> +
> + pinentry_parse_opts (argc, argv);
> +
> + if (pinentry_loop ())
> + return 1;
> +
> + return 0;
> +}
> diff --git a/gnome3/Makefile.am b/gnome3/Makefile.am
> index 46639de..c8767df 100644
> --- a/gnome3/Makefile.am
> +++ b/gnome3/Makefile.am
> @@ -29,10 +29,16 @@ ncurses_include =
> libcurses =
> endif
>
> +if INSIDE_EMACS
> +libemacs = ../pinentry/libpinentry-emacs.a
> +else
> +libemacs =
> +endif
> +
> AM_CPPFLAGS = $(COMMON_CFLAGS) $(GNOME3CFLAGS) \
> $(ncurses_include) -I$(top_srcdir)/assuan \
> -I$(top_srcdir)/secmem -I$(top_srcdir)/pinentry
> LDADD = ../pinentry/libpinentry.a ../assuan/libassuan.a ../secmem/libsecmem.a \
> - $(COMMON_LIBS) $(LIBCAP) $(GNOME3LIBS) $(libcurses)
> + $(COMMON_LIBS) $(LIBCAP) $(GNOME3LIBS) $(libcurses) $(libemacs)
>
> pinentry_gnome3_SOURCES = pinentry-gnome3.c
> diff --git a/gnome3/pinentry-gnome3.c b/gnome3/pinentry-gnome3.c
> index 74ec89c..113bde3 100644
> --- a/gnome3/pinentry-gnome3.c
> +++ b/gnome3/pinentry-gnome3.c
> @@ -37,6 +37,10 @@
> #include "pinentry-curses.h"
> #endif
>
> +#ifdef INSIDE_EMACS
> +#include "pinentry-emacs.h"
> +#endif
> +
>
> #define PGMNAME "pinentry-gnome3"
>
> @@ -253,14 +257,21 @@ main (int argc, char *argv[])
> {
> pinentry_init (PGMNAME);
>
> -#ifdef FALLBACK_CURSES
> - if (pinentry_have_display (argc, argv))
> - gtk_init (&argc, &argv);
> +#ifdef INSIDE_EMACS
> + if (pinentry_inside_emacs () && pinentry_emacs_init ())
> + pinentry_cmd_handler = emacs_cmd_handler;
> else
> - pinentry_cmd_handler = curses_cmd_handler;
> +#endif
> + {
> +#ifdef FALLBACK_CURSES
> + if (pinentry_have_display (argc, argv))
> + gtk_init (&argc, &argv);
> + else
> + pinentry_cmd_handler = curses_cmd_handler;
> #else
> - gtk_init (&argc, &argv);
> + gtk_init (&argc, &argv);
> #endif
> + }
>
> pinentry_parse_opts (argc, argv);
>
> diff --git a/gtk+-2/Makefile.am b/gtk+-2/Makefile.am
> index 7e37469..8e7717e 100644
> --- a/gtk+-2/Makefile.am
> +++ b/gtk+-2/Makefile.am
> @@ -29,10 +29,16 @@ ncurses_include =
> libcurses =
> endif
>
> +if INSIDE_EMACS
> +libemacs = ../pinentry/libpinentry-emacs.a $(LIBEMACS) $(LIBICONV)
> +else
> +libemacs =
> +endif
> +
> AM_CPPFLAGS = $(COMMON_CFLAGS) $(GTK2CFLAGS) $(ncurses_include) \
> -I$(top_srcdir)/secmem -I$(top_srcdir)/pinentry
> LDADD = ../pinentry/libpinentry.a ../assuan/libassuan.a ../secmem/libsecmem.a \
> - $(COMMON_LIBS) $(LIBCAP) $(GTK2LIBS) $(libcurses)
> + $(COMMON_LIBS) $(LIBCAP) $(GTK2LIBS) $(libcurses) $(libemacs)
>
> pinentry_gtk_2_SOURCES = pinentry-gtk-2.c \
> gtksecentry.c gtksecentry.h gseal-gtk-compat.h
> diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c
> index 1a88e5a..7792046 100644
> --- a/gtk+-2/pinentry-gtk-2.c
> +++ b/gtk+-2/pinentry-gtk-2.c
> @@ -52,6 +52,10 @@
> #include "pinentry-curses.h"
> #endif
>
> +#ifdef INSIDE_EMACS
> +#include "pinentry-emacs.h"
> +#endif
> +
>
> #define PGMNAME "pinentry-gtk2"
>
> @@ -716,17 +720,24 @@ main (int argc, char *argv[])
>
> pinentry_init (PGMNAME);
>
> -#ifdef FALLBACK_CURSES
> - if (pinentry_have_display (argc, argv))
> +#ifdef INSIDE_EMACS
> + if (pinentry_inside_emacs () && pinentry_emacs_init ())
> + pinentry_cmd_handler = emacs_cmd_handler;
> + else
> +#endif
> {
> - if (! gtk_init_check (&argc, &argv))
> +#ifdef FALLBACK_CURSES
> + if (pinentry_have_display (argc, argv))
> + {
> + if (! gtk_init_check (&argc, &argv))
> + pinentry_cmd_handler = curses_cmd_handler;
> + }
> + else
> pinentry_cmd_handler = curses_cmd_handler;
> - }
> - else
> - pinentry_cmd_handler = curses_cmd_handler;
> #else
> - gtk_init (&argc, &argv);
> + gtk_init (&argc, &argv);
> #endif
> + }
>
> pinentry_parse_opts (argc, argv);
>
> diff --git a/pinentry/Makefile.am b/pinentry/Makefile.am
> index 7fbbab6..e6e4ba6 100644
> --- a/pinentry/Makefile.am
> +++ b/pinentry/Makefile.am
> @@ -27,7 +27,13 @@ else
> pinentry_curses =
> endif
>
> -noinst_LIBRARIES = libpinentry.a $(pinentry_curses)
> +if BUILD_LIBPINENTRY_EMACS
> +pinentry_emacs = libpinentry-emacs.a
> +else
> +pinentry_emacs =
> +endif
> +
> +noinst_LIBRARIES = libpinentry.a $(pinentry_curses) $(pinentry_emacs)
>
> LDADD = $(COMMON_LIBS)
> AM_CPPFLAGS = $(COMMON_CFLAGS) -I$(top_srcdir)/assuan -I$(top_srcdir)/secmem
> @@ -35,3 +41,4 @@ AM_CPPFLAGS = $(COMMON_CFLAGS) -I$(top_srcdir)/assuan -I$(top_srcdir)/secmem
> libpinentry_a_SOURCES = pinentry.h pinentry.c argparse.c argparse.h \
> password-cache.h password-cache.c
> libpinentry_curses_a_SOURCES = pinentry-curses.h pinentry-curses.c
> +libpinentry_emacs_a_SOURCES = pinentry-emacs.h pinentry-emacs.c
> diff --git a/pinentry/pinentry-emacs.c b/pinentry/pinentry-emacs.c
> new file mode 100644
> index 0000000..280546d
> --- /dev/null
> +++ b/pinentry/pinentry-emacs.c
> @@ -0,0 +1,640 @@
> +/* pinentry-emacs.c - A secure emacs dialog for PIN entry, library version
> + Copyright (C) 2015 Daiki Ueno
> +
> + This file is part of PINENTRY.
> +
> + PINENTRY is free software; you can redistribute it and/or modify it
> + under the terms of the GNU General Public License as published by
> + the Free Software Foundation; either version 2 of the License, or
> + (at your option) any later version.
> +
> + PINENTRY is distributed in the hope that it will be useful, but
> + WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + General Public License for more details.
> +
> + You should have received a copy of the GNU General Public License
> + along with this program; if not, see .
> +*/
> +
> +#ifdef HAVE_CONFIG_H
> +#include
> +#endif
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#ifdef HAVE_UTIME_H
> +#include
> +#endif /*HAVE_UTIME_H*/
> +
> +#include "pinentry.h"
> +#include "assuan.h"
> +#include "memory.h"
> +#include "secmem-util.h"
> +
> +/* The communication mechanism is similar to emacsclient, but there
> + are a few differences:
> +
> + - To avoid unnecessary character escaping and encoding conversion,
> + we use a subset of the Pinentry Assuan protocol, instead of the
> + emacsclient protocol.
> +
> + - We only use a Unix domain socket, while emacsclient has an
> + ability to use a TCP socket. The socket file is located at
> + ${TMPDIR-/tmp}/emacs$UID/pinentry (i.e., under the same directory
> + as the socket file used by emacsclient, so the same permission
> + and file owner settings apply).
> +
> + - The server implementation can be found in pinentry.el, which is
> + available in Emacs 25+ or from ELPA. */
> +
> +#define LINELENGTH ASSUAN_LINELENGTH
> +#define SEND_BUFFER_SIZE 4096
> +#define INITIAL_TIMEOUT 60
> +
> +#define MIN(x, y) ((x) < (y) ? (x) : (y))
> +
> +#ifndef SUN_LEN
> +# define SUN_LEN(ptr) ((size_t) (((struct sockaddr_un *) 0)->sun_path) \
> + + strlen ((ptr)->sun_path))
> +#endif
> +
> +static int emacs_socket = -1;
> +static char send_buffer[SEND_BUFFER_SIZE + 1];
> +static int send_buffer_length; /* Fill pointer for the send buffer. */
> +
> +#ifndef HAVE_DOSISH_SYSTEM
> +static int timed_out;
> +#endif
> +
> +static int
> +set_socket (const char *socket_name)
> +{
> + struct sockaddr_un unaddr;
> + struct stat statbuf;
> + const char *tmpdir;
> + char *tmpdir_storage = NULL;
> + uid_t uid;
> +
> + unaddr.sun_family = AF_UNIX;
> +
> + /* The socket address contains a UID, but POSIX doesn't define the
> + maximum of uid_t:
> + http://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xsh_chap02.html#tag_22_02_12_01
> + We only support 32-bit UIDs, which can be represented with 10
> + decimal digits.
> + */
> + uid = getuid ();
> + if (uid > 0x100000000)
> + {
> + fprintf (stderr, "UID is too large\n");
> + return 0;
> + }
> +
> + tmpdir = getenv ("TMPDIR");
> + if (!tmpdir)
> + {
> +#ifdef _CS_DARWIN_USER_TEMP_DIR
> + size_t n = confstr (_CS_DARWIN_USER_TEMP_DIR, NULL, (size_t) 0);
> + if (n > 0)
> + {
> + tmpdir = tmpdir_storage = malloc (n);
> + if (!tmpdir)
> + {
> + fprintf (stderr, "out of core\n");
> + return 0;
> + }
> + confstr (_CS_DARWIN_USER_TEMP_DIR, tmpdir_storage, n);
> + }
> + else
> +#endif
> + tmpdir = "/tmp";
> + }
> +
> + if (strlen (tmpdir) + strlen ("/emacs") + 10 + strlen ("/")
> + + strlen (socket_name) + 1 >= sizeof (unaddr.sun_path))
> + {
> + fprintf (stderr, "socket name is too long\n");
> + return 0;
> + }
> + sprintf (unaddr.sun_path, "%s/emacs%lu/%s", tmpdir,
> + (unsigned long) uid, socket_name);
> + free (tmpdir_storage);
> +
> + /* See if the socket exists, and if it's owned by us. */
> + if (stat (unaddr.sun_path, &statbuf) == -1)
> + {
> + perror ("stat");
> + return 0;
> + }
> +
> + if (statbuf.st_uid != geteuid ())
> + {
> + fprintf (stderr, "socket is not owned by the same user\n");
> + return 0;
> + }
> +
> + emacs_socket = socket (AF_UNIX, SOCK_STREAM, 0);
> + if (emacs_socket < 0)
> + {
> + perror ("socket");
> + return 0;
> + }
> +
> + if (connect (emacs_socket, (struct sockaddr *) &unaddr,
> + SUN_LEN (&unaddr)) < 0)
> + {
> + perror ("connect");
> + close (emacs_socket);
> + return 0;
> + }
> +
> + return 1;
> +}
> +
> +/* Percent-escape control characters in DATA. Return a newly
> + allocated string, or DATA itself if there is no need to escape any
> + character. Store the length of the string to LENGTHP. */
> +static char *
> +escape (const char *data, size_t *lengthp)
> +{
> + char *buffer, *out_p;
> + size_t length = *lengthp, buffer_length;
> + size_t offset = 0;
> + size_t count = 0;
> +
> + while (offset < length)
> + {
> + switch (data[offset])
> + {
> + case '%': case '\n': case '\r':
> + count++;
> + break;
> + default:
> + break;
> + }
> + offset++;
> + }
> +
> + if (count == 0)
> + return (char *) data;
> +
> + buffer_length = length + count * 2;
> + buffer = malloc (buffer_length);
> + if (!buffer)
> + return NULL;
> +
> + out_p = buffer;
> + while (offset < length)
> + {
> + int c = data[offset];
> + switch (c)
> + {
> + case '%': case '\n': case '\r':
> + sprintf (out_p, "%%%02X", c);
> + out_p += 3;
> + break;
> + default:
> + *out_p++ = c;
> + break;
> + }
> + offset++;
> + }
> +
> + *lengthp = buffer_length;
> + return buffer;
> +}
> +
> +/* The inverse of escape. Removes quoting in string STR by modifying
> + the string in place. */
> +static char *
> +unescape (char *data, size_t *lengthp)
> +{
> + char *p = data, *q = data;
> +
> + while (*p)
> + {
> + if (*p == '%' && p[1] && p[2])
> + {
> + p++;
> + *q++ = xtoi_2 (p);
> + p += 2;
> + }
> + else
> + *q++ = *p++;
> + }
> + *q = 0;
> + *lengthp = q - data;
> + return data;
> +}
> +
> +/* Let's send the data to Emacs when either
> + - the data ends in "\n", or
> + - the buffer is full (but this shouldn't happen)
> + Otherwise, we just accumulate it. */
> +static int
> +send_to_emacs (int s, const char *buffer, size_t length)
> +{
> + int retval = 1;
> +
> + while (*buffer)
> + {
> + size_t part = MIN (length, SEND_BUFFER_SIZE - send_buffer_length);
> + memcpy (&send_buffer[send_buffer_length], buffer, part);
> + buffer += part;
> + send_buffer_length += part;
> +
> + if (send_buffer_length == SEND_BUFFER_SIZE
> + || (send_buffer_length > 0
> + && send_buffer[send_buffer_length-1] == '\n'))
> + {
> + int sent = send (s, send_buffer, send_buffer_length, 0);
> + if (sent < 0)
> + {
> + fprintf (stderr, "failed to send %d bytes to socket: %s\n",
> + send_buffer_length, strerror (errno));
> + retval = 0;
> + break;
> + }
> + if (sent != send_buffer_length)
> + memmove (send_buffer, &send_buffer[sent],
> + send_buffer_length - sent);
> + send_buffer_length -= sent;
> + }
> +
> + length -= part;
> + }
> +
> + return retval;
> +}
> +
> +/* Read a server response. If the response contains any data, this
> + function returns it as a string. If BUFFER is not NULL, the data
> + will be stored there. Otherwise, it allocates memory. */
> +static char *
> +read_from_emacs (int s, int timeout, char *buffer, size_t *lengthp,
> + assuan_error_t *error)
> +{
> + struct timeval tv;
> + fd_set rfds;
> + int retval;
> + size_t offset = 0;
> + int allocated = buffer == NULL;
> + size_t allocated_capacity = 0;
> + int got_response = 0;
> + char read_buffer[BUFSIZ + 1];
> + size_t read_offset = 0;
> +
> + tv.tv_sec = timeout;
> + tv.tv_usec = 0;
> +
> + FD_ZERO (&rfds);
> + FD_SET (s, &rfds);
> + retval = select (s + 1, &rfds, NULL, NULL, &tv);
> + if (retval == -1)
> + {
> + perror ("select");
> + return 0;
> + }
> + else if (retval == 0)
> + {
> + timed_out = 1;
> + return 0;
> + }
> +
> + while (!got_response)
> + {
> + int rl = 0;
> + char *p, *end_p;
> + do
> + {
> + errno = 0;
> + rl = recv (s, read_buffer + read_offset,
> + sizeof (read_buffer) - 1 - read_offset, 0);
> + }
> + /* If we receive a signal (e.g. SIGWINCH, which we pass
> + through to Emacs), on some OSes we get EINTR and must retry. */
> + while (rl < 0 && errno == EINTR);
> +
> + if (rl < 0)
> + {
> + perror ("recv");
> + *error = ASSUAN_General_Error;
> + goto error;
> + }
> + if (rl == 0)
> + break;
> +
> + read_offset += rl;
> + read_buffer[read_offset] = '\0';
> +
> + end_p = strchr (read_buffer, '\n');
> +
> + /* If the buffer is filled without NL, throw the contents away.
> + FIXME: We could return ASSUAN_Line_Too_Long or
> + ASSUAN_Line_Not_Terminated here. */
> + if (!end_p && read_offset == sizeof (read_buffer) - 1)
> + read_offset = 0;
> +
> + /* Loop over all NL-terminated messages. */
> + for (p = read_buffer; end_p; p = end_p + 1, end_p = strchr (p, '\n'))
> + {
> + *end_p = '\0';
> + if (!strncmp ("D ", p, 2))
> + {
> + char *data;
> + size_t data_length;
> +
> + data = p + 2;
> + data_length = end_p - data;
> +
> + if (allocated && offset + data_length > allocated_capacity)
> + {
> + allocated_capacity = allocated_capacity * 2 + 10;
> + buffer = realloc (buffer, allocated_capacity);
> + if (!buffer)
> + {
> + *error = ASSUAN_Out_Of_Core;
> + goto error;
> + }
> + }
> + else if (!allocated && offset + data_length > *lengthp)
> + {
> + *error = ASSUAN_General_Error;
> + goto error;
> + }
> +
> + memcpy (&buffer[offset], data, data_length);
> + offset += data_length;
> + }
> + else if (!strcmp ("OK", p) || !strncmp ("OK ", p, 3))
> + {
> + *error = ASSUAN_No_Error;
> + got_response = 1;
> + break;
> + }
> + else if (!strncmp ("ERR ", p, 4))
> + {
> + unsigned long code = strtoul (p + 4, NULL, 10);
> + if (code == ULONG_MAX && errno == ERANGE)
> + *error = ASSUAN_General_Error;
> + else
> + *error = code;
> + got_response = 1;
> + break;
> + }
> + else if (!strncmp ("# ", p, 2))
> + ;
> + else
> + fprintf (stderr, "invalid response: %s\n", p);
> + }
> +
> + if (!got_response)
> + {
> + size_t length = &read_buffer[read_offset] - p;
> + memmove (read_buffer, p, length);
> + read_offset = length;
> + }
> + }
> +
> + if (*error == ASSUAN_No_Error)
> + {
> + *lengthp = offset;
> + return buffer;
> + }
> +
> + error:
> + if (allocated)
> + free (buffer);
> +
> + return NULL;
> +}
> +
> +int
> +set_label (pinentry_t pe, const char *name, const char *value)
> +{
> + char buffer[16], *escaped;
> + size_t length;
> + assuan_error_t error;
> + int retval;
> +
> + if (!send_to_emacs (emacs_socket, name, strlen (name))
> + || !send_to_emacs (emacs_socket, " ", 1))
> + return 0;
> +
> + length = strlen (value);
> + escaped = escape (value, &length);
> + if (!escaped)
> + return 0;
> +
> + retval = send_to_emacs (emacs_socket, escaped, length)
> + && send_to_emacs (emacs_socket, "\n", 1);
> +
> + if (escaped != value)
> + free (escaped);
> + if (!retval)
> + return 0;
> +
> + length = sizeof (buffer);
> + read_from_emacs (emacs_socket, pe->timeout, buffer, &length, &error);
> + return error == ASSUAN_No_Error;
> +}
> +
> +static void
> +set_labels (pinentry_t pe)
> +{
> + if (pe->title)
> + set_label (pe, "SETTITLE", pe->title);
> + if (pe->description)
> + set_label (pe, "SETDESC", pe->description);
> + if (pe->error)
> + set_label (pe, "SETERROR", pe->error);
> + if (pe->prompt)
> + set_label (pe, "SETPROMPT", pe->prompt);
> + else if (pe->default_prompt)
> + set_label (pe, "SETPROMPT", pe->default_prompt);
> + if (pe->repeat_passphrase)
> + set_label (pe, "SETREPEAT", pe->repeat_passphrase);
> + if (pe->repeat_error_string)
> + set_label (pe, "SETREPEATERROR", pe->repeat_error_string);
> +
> + /* XXX: pe->quality_bar and pe->quality_bar_tt are not supported. */
> +
> + /* Buttons. */
> + if (pe->ok)
> + set_label (pe, "SETOK", pe->ok);
> + else if (pe->default_ok)
> + set_label (pe, "SETOK", pe->default_ok);
> + if (pe->cancel)
> + set_label (pe, "SETCANCEL", pe->cancel);
> + else if (pe->default_ok)
> + set_label (pe, "SETCANCEL", pe->default_cancel);
> + if (pe->notok)
> + set_label (pe, "SETNOTOK", pe->notok);
> +}
> +
> +static int
> +do_password (pinentry_t pe)
> +{
> + char *escaped, *password;
> + size_t length;
> + assuan_error_t error;
> +
> + set_labels (pe);
> +
> + if (!send_to_emacs (emacs_socket, "GETPIN\n", 7))
> + return -1;
> +
> + escaped = read_from_emacs (emacs_socket, pe->timeout, NULL, &length, &error);
> + if (error != ASSUAN_No_Error)
> + {
> + pe->specific_err = error;
> + return -1;
> + }
> + /* No data sent from the server - maybe cancelled. */
> + if (!escaped)
> + {
> + pe->specific_err = ASSUAN_General_Error;
> + return -1;
> + }
> +
> + password = unescape (escaped, &length);
> + pinentry_setbufferlen (pe, length);
> + if (pe->pin)
> + memcpy (pe->pin, password, length);
> +
> + if (pe->repeat_passphrase)
> + pe->repeat_okay = 1;
> +
> + if (password != escaped)
> + free (password);
> + free (escaped);
> +
> + /* XXX: we don't support external password cache (yet). */
> +
> + return 1;
> +}
> +
> +static int
> +do_confirm (pinentry_t pe)
> +{
> + char buffer[16];
> + size_t length;
> + assuan_error_t error;
> +
> + set_labels (pe);
> +
> + if (!send_to_emacs (emacs_socket, "CONFIRM\n", 8))
> + return 0;
> +
> + length = sizeof (buffer);
> + read_from_emacs (emacs_socket, pe->timeout, buffer, &length, &error);
> + if (error != ASSUAN_No_Error)
> + {
> + pe->specific_err = error;
> + return 0;
> + }
> +
> + return 1;
> +}
> +
> +/* If a touch has been registered, touch that file. */
> +static void
> +do_touch_file (pinentry_t pinentry)
> +{
> +#ifdef HAVE_UTIME_H
> + struct stat st;
> + time_t tim;
> +
> + if (!pinentry->touch_file || !*pinentry->touch_file)
> + return;
> +
> + if (stat (pinentry->touch_file, &st))
> + return; /* Oops. */
> +
> + /* Make sure that we actually update the mtime. */
> + while ( (tim = time (NULL)) == st.st_mtime )
> + sleep (1);
> +
> + /* Update but ignore errors as we can't do anything in that case.
> + Printing error messages may even clubber the display further. */
> + utime (pinentry->touch_file, NULL);
> +#endif /*HAVE_UTIME_H*/
> +}
> +
> +#ifndef HAVE_DOSISH_SYSTEM
> +static void
> +catchsig (int sig)
> +{
> + if (sig == SIGALRM)
> + timed_out = 1;
> +}
> +#endif
> +
> +int
> +emacs_cmd_handler (pinentry_t pe)
> +{
> + int rc;
> +
> +#ifndef HAVE_DOSISH_SYSTEM
> + timed_out = 0;
> +
> + if (pe->timeout)
> + {
> + struct sigaction sa;
> +
> + memset (&sa, 0, sizeof(sa));
> + sa.sa_handler = catchsig;
> + sigaction (SIGALRM, &sa, NULL);
> + alarm (pe->timeout);
> + }
> +#endif
> +
> + if (pe->pin)
> + rc = do_password (pe);
> + else
> + rc = do_confirm (pe);
> +
> + do_touch_file (pe);
> + return rc;
> +}
> +
> +int
> +pinentry_inside_emacs (void)
> +{
> + const char *envvar;
> +
> + /* Check if INSIDE_EMACS envvar is set. */
> + envvar = getenv ("INSIDE_EMACS");
> + if (!envvar || !*envvar)
> + return 0;
> +
> + /* FIXME: Additional checks for the value. */
> + return 1;
> +}
> +
> +int
> +pinentry_emacs_init (void)
> +{
> + char buffer[256];
> + size_t length = sizeof (buffer);
> + assuan_error_t error;
> +
> + /* Check if we can connect to the Emacs server socket. */
> + if (!set_socket ("pinentry"))
> + return 0;
> +
> + /* Check if the server responds. */
> + read_from_emacs (emacs_socket, INITIAL_TIMEOUT, buffer, &length, &error);
> + return error == ASSUAN_No_Error;
> +}
> diff --git a/pinentry/pinentry-emacs.h b/pinentry/pinentry-emacs.h
> new file mode 100644
> index 0000000..732c0ac
> --- /dev/null
> +++ b/pinentry/pinentry-emacs.h
> @@ -0,0 +1,41 @@
> +/* pinentry-emacs.c - A secure emacs dialog for PIN entry, library version
> + Copyright (C) 2015 Daiki Ueno
> +
> + This file is part of PINENTRY.
> +
> + PINENTRY is free software; you can redistribute it and/or modify it
> + under the terms of the GNU General Public License as published by
> + the Free Software Foundation; either version 2 of the License, or
> + (at your option) any later version.
> +
> + PINENTRY is distributed in the hope that it will be useful, but
> + WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + General Public License for more details.
> +
> + You should have received a copy of the GNU General Public License
> + along with this program; if not, see .
> +*/
> +
> +#ifndef PINENTRY_EMACS_H
> +#define PINENTRY_EMACS_H
> +
> +#include "pinentry.h"
> +
> +#ifdef __cplusplus
> +extern "C" {
> +#endif
> +
> +/* Return true if INSIDE_EMACS is set. */
> +int pinentry_inside_emacs (void);
> +
> +/* Initialize the Emacs interface, return true if success. */
> +int pinentry_emacs_init (void);
> +
> +int emacs_cmd_handler (pinentry_t pinentry);
> +
> +#ifdef __cplusplus
> +}
> +#endif
> +
> +#endif /* PINENTRY_EMACS_H */
> diff --git a/qt4/Makefile.am b/qt4/Makefile.am
> index 816aade..c2ee3c6 100644
> --- a/qt4/Makefile.am
> +++ b/qt4/Makefile.am
> @@ -33,6 +33,12 @@ ncurses_include =
> libcurses =
> endif
>
> +if INSIDE_EMACS
> +libemacs = ../pinentry/libpinentry-emacs.a $(LIBEMACS) $(LIBICONV)
> +else
> +libemacs =
> +endif
> +
>
> AM_CPPFLAGS = $(COMMON_CFLAGS) \
> -I$(top_srcdir) -I$(top_srcdir)/assuan -I$(top_srcdir)/secmem \
> @@ -41,7 +47,8 @@ AM_CXXFLAGS = $(QT4_CORE_CFLAGS) $(QT4_GUI_CFLAGS)
> pinentry_qt4_LDADD = \
> ../pinentry/libpinentry.a $(top_builddir)/assuan/libassuan.a \
> $(top_builddir)/secmem/libsecmem.a \
> - $(COMMON_LIBS) $(QT4_CORE_LIBS) $(QT4_GUI_LIBS) $(libcurses) $(LIBCAP)
> + $(COMMON_LIBS) $(QT4_CORE_LIBS) $(QT4_GUI_LIBS) \
> + $(libcurses) $(libemacs) $(LIBCAP)
>
> BUILT_SOURCES = \
> pinentryconfirm.moc qsecurelineedit.moc pinentrydialog.moc
> diff --git a/qt4/main.cpp b/qt4/main.cpp
> index 37b6e7b..bb682b3 100644
> --- a/qt4/main.cpp
> +++ b/qt4/main.cpp
> @@ -50,6 +50,10 @@
> #include
> #endif
>
> +#ifdef INSIDE_EMACS
> +#include "pinentry-emacs.h"
> +#endif
> +
> static QString escape_accel( const QString & s ) {
>
> QString result;
> @@ -263,51 +267,58 @@ main (int argc, char *argv[])
>
> std::auto_ptr app;
>
> -#ifdef FALLBACK_CURSES
> - if (!pinentry_have_display (argc, argv))
> - pinentry_cmd_handler = curses_cmd_handler;
> +#ifdef INSIDE_EMACS
> + if (pinentry_inside_emacs () && pinentry_emacs_init ())
> + pinentry_cmd_handler = emacs_cmd_handler;
> else
> #endif
> {
> - /* Qt does only understand -display but not --display; thus we
> - are fixing that here. The code is pretty simply and may get
> - confused if an argument is called "--display". */
> - char **new_argv, *p;
> - size_t n;
> - int i, done;
> -
> - for (n=0,i=0; i < argc; i++)
> - n += strlen (argv[i])+1;
> - n++;
> - new_argv = (char**)calloc (argc+1, sizeof *new_argv);
> - if (new_argv)
> - *new_argv = (char*)malloc (n);
> - if (!new_argv || !*new_argv)
> - {
> - fprintf (stderr, "pinentry-qt4: can't fixup argument list: %s\n",
> - strerror (errno));
> - exit (EXIT_FAILURE);
> -
> - }
> - for (done=0,p=*new_argv,i=0; i < argc; i++)
> - if (!done && !strcmp (argv[i], "--display"))
> - {
> - new_argv[i] = strcpy (p, argv[i]+1);
> - p += strlen (argv[i]+1) + 1;
> - done = 1;
> - }
> - else
> - {
> - new_argv[i] = strcpy (p, argv[i]);
> - p += strlen (argv[i]) + 1;
> - }
> +#ifdef FALLBACK_CURSES
> + if (!pinentry_have_display (argc, argv))
> + pinentry_cmd_handler = curses_cmd_handler;
> + else
> +#endif
> + {
> + /* Qt does only understand -display but not --display; thus we
> + are fixing that here. The code is pretty simply and may get
> + confused if an argument is called "--display". */
> + char **new_argv, *p;
> + size_t n;
> + int i, done;
> +
> + for (n=0,i=0; i < argc; i++)
> + n += strlen (argv[i])+1;
> + n++;
> + new_argv = (char**)calloc (argc+1, sizeof *new_argv);
> + if (new_argv)
> + *new_argv = (char*)malloc (n);
> + if (!new_argv || !*new_argv)
> + {
> + fprintf (stderr, "pinentry-qt4: can't fixup argument list: %s\n",
> + strerror (errno));
> + exit (EXIT_FAILURE);
>
> - /* We use a modal dialog window, so we don't need the application
> - window anymore. */
> - i = argc;
> - app.reset (new QApplication (i, new_argv));
> - const QIcon icon( QLatin1String( ":/document-encrypt.png" ) );
> - app->setWindowIcon( icon );
> + }
> + for (done=0,p=*new_argv,i=0; i < argc; i++)
> + if (!done && !strcmp (argv[i], "--display"))
> + {
> + new_argv[i] = strcpy (p, argv[i]+1);
> + p += strlen (argv[i]+1) + 1;
> + done = 1;
> + }
> + else
> + {
> + new_argv[i] = strcpy (p, argv[i]);
> + p += strlen (argv[i]) + 1;
> + }
> +
> + /* We use a modal dialog window, so we don't need the application
> + window anymore. */
> + i = argc;
> + app.reset (new QApplication (i, new_argv));
> + const QIcon icon( QLatin1String( ":/document-encrypt.png" ) );
> + app->setWindowIcon( icon );
> + }
> }
>
>
> --
> 2.1.0
>
> [3 pinentry.el ]
> ;;; pinentry.el --- GnuPG Pinentry server implementation -*- lexical-binding: t -*-
>
> ;; Copyright (C) 2015 Free Software Foundation, Inc.
>
> ;; Author: Daiki Ueno
> ;; Keywords: GnuPG
>
> ;; This file is part of GNU Emacs.
>
> ;; GNU Emacs is free software: you can redistribute it and/or modify
> ;; it under the terms of the GNU General Public License as published by
> ;; the Free Software Foundation, either version 3 of the License, or
> ;; (at your option) any later version.
>
> ;; GNU Emacs is distributed in the hope that it will be useful,
> ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
> ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> ;; GNU General Public License for more details.
>
> ;; You should have received a copy of the GNU General Public License
> ;; along with GNU Emacs. If not, see .
>
> ;;; Code:
>
> (defvar pinentry--server-process nil)
> (defvar pinentry--connection-process-list nil)
>
> (defvar pinentry--labels nil)
> (put 'pinentry-read-point 'permanent-local t)
> (defvar pinentry--read-point nil)
> (put 'pinentry--read-point 'permanent-local t)
>
> ;; We use the same location as `server-socket-dir', when local sockets
> ;; are supported.
> (defvar pinentry--socket-dir
> (format "%s/emacs%d" (or (getenv "TMPDIR") "/tmp") (user-uid))
> "The directory in which to place the server socket.
> If local sockets are not supported, this is nil.")
>
> (defconst pinentry--set-label-commands
> '("SETPROMPT" "SETTITLE" "SETDESC"
> "SETREPEAT" "SETREPEATERROR"
> "SETOK" "SETCANCEL" "SETNOTOK"))
>
> (defmacro pinentry--error-code (code)
> (logior (lsh 5 24) code))
> (defconst pinentry--error-not-implemented
> (cons (pinentry--error-code 69) "not implemented"))
> (defconst pinentry--error-cancelled
> (cons (pinentry--error-code 99) "cancelled"))
> (defconst pinentry--error-not-confirmed
> (cons (pinentry--error-code 114) "not confirmed"))
>
> (autoload 'server-ensure-safe-dir "server")
>
> ;;;###autoload
> (defun pinentry-start ()
> "Start a Pinentry service."
> (interactive)
> (unless (featurep 'make-network-process '(:family local))
> (error "local sockets are not supported"))
> (if (process-live-p pinentry--server-process)
> (message "Pinentry service is already running")
> (let* ((server-file (expand-file-name "pinentry" pinentry--socket-dir)))
> (server-ensure-safe-dir pinentry--socket-dir)
> ;; Delete the socket files made by previous server invocations.
> (ignore-errors
> (let (delete-by-moving-to-trash)
> (delete-file server-file)))
> (setq pinentry--server-process
> (make-network-process
> :name "pinentry"
> :server t
> :noquery t
> :sentinel #'pinentry--process-sentinel
> :filter #'pinentry--process-filter
> :coding 'no-conversion
> :family 'local
> :service server-file))
> (process-put pinentry--server-process :server-file server-file))))
>
> (defun pinentry-stop ()
> "Stop a Pinentry service."
> (interactive)
> (when (process-live-p pinentry--server-process)
> (delete-process pinentry--server-process))
> (setq pinentry--server-process nil)
> (dolist (process pinentry--connection-process-list)
> (when (buffer-live-p (process-buffer process))
> (kill-buffer (process-buffer process))))
> (setq pinentry--connection-process-list nil))
>
> (defun pinentry--labels-to-shortcuts (labels)
> (mapcar (lambda (label)
> (when label
> (if (string-match "_\\([[:alnum:]]\\)" label)
> (let* ((key (match-string 1 label))
> (c (downcase (aref key 0))))
> (setq label (replace-match
> (propertize key 'face 'underline)
> t t label))
> (cons c label))
> (cons (if (= (length label) 0)
> ??
> (downcase (aref 0 label)))
> label))))
> labels))
>
> (defun pinentry--escape-string (string)
> "Escape STRING in the Assuan percent escape."
> (let ((length (length string))
> (index 0)
> (count 0))
> (while (< index length)
> (if (memq (aref string index) '(?\n ?\r ?%))
> (setq count (1+ count)))
> (setq index (1+ index)))
> (setq index 0)
> (let ((result (make-string (+ length (* count 2)) ?\0))
> (result-index 0)
> c)
> (while (< index length)
> (setq c (aref string index))
> (if (memq c '(?\n ?\r ?%))
> (let ((hex (format "%02X" c)))
> (aset result result-index ?%)
> (setq result-index (1+ result-index))
> (aset result result-index (aref hex 0))
> (setq result-index (1+ result-index))
> (aset result result-index (aref hex 1))
> (setq result-index (1+ result-index)))
> (aset result result-index c)
> (setq result-index (1+ result-index)))
> (setq index (1+ index)))
> result)))
>
> (defun pinentry--send-data (process escaped)
> "Send a string ESCAPED to a process PROCESS.
> ESCAPED will be split if it exceeds the line length limit of the
> Assuan protocol."
> (let ((length (length escaped))
> (index 0))
> (if (= length 0)
> (process-send-string process "D \n")
> (while (< index length)
> ;; 997 = ASSUAN_LINELENGTH (= 1000) - strlen ("D \n")
> (let* ((sub-length (min (- length index) 997))
> (sub (substring escaped index (+ index sub-length))))
> (unwind-protect
> (progn
> (process-send-string process "D ")
> (process-send-string process sub)
> (process-send-string process "\n"))
> (clear-string sub))
> (setq index (+ index sub-length)))))))
>
> (defun pinentry--send-error (process error)
> (process-send-string process (format "ERR %d %s\n" (car error) (cdr error))))
>
> (defun pinentry--process-filter (process input)
> (unless (buffer-live-p (process-buffer process))
> (let ((buffer (generate-new-buffer " *pinentry*")))
> (set-process-buffer process buffer)
> (with-current-buffer buffer
> (if (fboundp 'set-buffer-multibyte)
> (set-buffer-multibyte nil))
> (make-local-variable 'pinentry--read-point)
> (setq pinentry--read-point (point-min))
> (make-local-variable 'pinentry--labels))))
> (with-current-buffer (process-buffer process)
> (save-excursion
> (goto-char (point-max))
> (insert input)
> (goto-char pinentry--read-point)
> (beginning-of-line)
> (while (looking-at ".*\n") ;the input line finished
> (if (looking-at "\\([A-Z_]+\\) ?\\(.*\\)")
> (let ((command (match-string 1))
> (string (match-string 2)))
> (pcase command
> ((and set (guard (member set pinentry--set-label-commands)))
> (when (> (length string) 0)
> (let* ((symbol (intern (downcase (substring set 3))))
> (entry (assq symbol pinentry--labels))
> (label (decode-coding-string string 'utf-8)))
> (if entry
> (setcdr entry label)
> (push (cons symbol label) pinentry--labels))))
> (process-send-string process "OK\n"))
> ("NOP"
> (process-send-string process "OK\n"))
> ("GETPIN"
> (let ((prompt
> (or (cdr (assq 'desc pinentry--labels))
> (cdr (assq 'prompt pinentry--labels))
> ""))
> (confirm (not (null (assq 'repeat pinentry--labels))))
> entry)
> (if (setq entry (assq 'error pinentry--labels))
> (setq prompt (concat "Error: "
> (propertize
> (copy-sequence (cdr entry))
> 'face 'error)
> "\n"
> prompt)))
> (if (setq entry (assq 'title pinentry--labels))
> (setq prompt (format "[%s] %s"
> (cdr entry) prompt)))
> (if (string-match ":?[ \n]*\\'" prompt)
> (setq prompt (concat
> (substring
> prompt 0 (match-beginning 0)) ": ")))
> (let (passphrase escaped-passphrase encoded-passphrase)
> (unwind-protect
> (condition-case nil
> (progn
> (setq passphrase
> (read-passwd prompt confirm))
> (setq escaped-passphrase
> (pinentry--escape-string
> passphrase))
> (setq encoded-passphrase (encode-coding-string
> escaped-passphrase
> 'utf-8))
> (pinentry--send-data
> process encoded-passphrase)
> (process-send-string process "OK\n"))
> (error
> (pinentry--send-error
> process
> pinentry--error-cancelled)))
> (if passphrase
> (clear-string passphrase))
> (if escaped-passphrase
> (clear-string escaped-passphrase))
> (if encoded-passphrase
> (clear-string encoded-passphrase))))
> (setq pinentry--labels nil)))
> ("CONFIRM"
> (let ((prompt
> (or (cdr (assq 'desc pinentry--labels))
> ""))
> (buttons
> (pinentry--labels-to-shortcuts
> (list (cdr (assq 'ok pinentry--labels))
> (cdr (assq 'notok pinentry--labels))
> (cdr (assq 'cancel pinentry--labels)))))
> entry)
> (if (setq entry (assq 'error pinentry--labels))
> (setq prompt (concat "Error: "
> (propertize
> (copy-sequence (cdr entry))
> 'face 'error)
> "\n"
> prompt)))
> (if (setq entry (assq 'title pinentry--labels))
> (setq prompt (format "[%s] %s"
> (cdr entry) prompt)))
> (if (remq nil buttons)
> (progn
> (setq prompt
> (concat prompt " ("
> (mapconcat #'cdr (remq nil buttons)
> ", ")
> ") "))
> (condition-case nil
> (let ((result (read-char prompt)))
> (if (eq result (caar buttons))
> (process-send-string process "OK\n")
> (if (eq result (car (nth 1 buttons)))
> (pinentry--send-error
> process
> pinentry--error-not-confirmed)
> (pinentry--send-error
> process
> pinentry--error-cancelled))))
> (error
> (pinentry--send-error
> process
> pinentry--error-cancelled))))
> (if (string-match "[ \n]*\\'" prompt)
> (setq prompt (concat
> (substring
> prompt 0 (match-beginning 0)) " ")))
> (if (condition-case nil
> (y-or-n-p prompt)
> (quit))
> (process-send-string process "OK\n")
> (pinentry--send-error
> process
> pinentry--error-not-confirmed)))
> (setq pinentry--labels nil)))
> (_ (pinentry--send-error
> process
> pinentry--error-not-implemented)))
> (forward-line)
> (setq pinentry--read-point (point))))))))
>
> (defun pinentry--process-sentinel (process _status)
> "The process sentinel for Emacs server connections."
> ;; If this is a new client process, set the query-on-exit flag to nil
> ;; for this process (it isn't inherited from the server process).
> (when (and (eq (process-status process) 'open)
> (process-query-on-exit-flag process))
> (push process pinentry--connection-process-list)
> (set-process-query-on-exit-flag process nil)
> (process-send-string process "OK Your orders please\n"))
> ;; Kill the process buffer of the connection process.
> (when (and (not (process-contact process :server))
> (eq (process-status process) 'closed))
> (when (buffer-live-p (process-buffer process))
> (kill-buffer (process-buffer process)))
> (setq pinentry--connection-process-list
> (delq process pinentry--connection-process-list)))
> ;; Delete the associated connection file, if applicable.
> ;; Although there's no 100% guarantee that the file is owned by the
> ;; running Emacs instance, server-start uses server-running-p to check
> ;; for possible servers before doing anything, so it *should* be ours.
> (and (process-contact process :server)
> (eq (process-status process) 'closed)
> (ignore-errors
> (delete-file (process-get process :server-file)))))
>
> (provide 'pinentry)
>
> ;;; pinentry.el ends here
From dkg at fifthhorseman.net Thu Jun 4 20:23:31 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Thu, 04 Jun 2015 14:23:31 -0400
Subject: pinentry-gnome3 and gpg-agent 2.0.28 kbd accelerators not working
In-Reply-To: <87y4jz1gzb.fsf@alice.fifthhorseman.net>
References: <87bngv2x5t.fsf@alice.fifthhorseman.net>
<87wpzjqs2l.wl-neal@walfield.org> <87y4jz1gzb.fsf@alice.fifthhorseman.net>
Message-ID: <87sia71gf0.fsf@alice.fifthhorseman.net>
On Thu 2015-06-04 14:11:20 -0400, Daniel Kahn Gillmor wrote:
> On Thu 2015-06-04 13:52:34 -0400, Neal H. Walfield wrote:
>
>> I just tried something similar on my system and the accelerators are
>> displayed and work fine. There is probably a bug in the gcr backend
>> that you are using. I'm on Xfce and thus (AIUI) I get the Gtk+ back
>> end.
>
> Thanks for the quick response, Neal. another twisty maze of
> dependencies for me to track down :/
>
> Can you send a screenshot of what your xfce screenshot looks like? I'll
> try to reproduce it here too...
Here's what i see under xfce4 on debian unstable:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pinentry-gnome3.screenshot.xfce4.small.jpg
Type: image/jpeg
Size: 30119 bytes
Desc: pinentry-gnome3 showing (but not using) keyboard accelerators on XFCE4
URL:
-------------- next part --------------
in this case, the accelerators work for Cancel and OK, but they don't
work for "_Save in password manager".
What's different about our setups that they work for you?
--dkg
PS i notice one other issue under xfce4 that doesn't happen in gnome3:
in xfce4, the TAB key is treated as input to the password field, instead
of switching input fields. shift-TAB, however, does work to cycle
through the fields in reverse tab order. under GNOME, both TAB and
shift-TAB work as expected. weirdness...
From neal at walfield.org Thu Jun 4 22:43:22 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Thu, 04 Jun 2015 22:43:22 +0200
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
In-Reply-To:
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
Message-ID: <87r3prqk5x.wl-neal@walfield.org>
Hi Daiki,
My comments are inline.
Thanks!
:) Neal
At Tue, 02 Jun 2015 17:56:44 +0900,
Daiki Ueno wrote:
> +AM_CONDITIONAL(BUILD_LIBPINENTRY_EMACS,
> + test "$pinentry_emacs" = "yes" -o "$inside_emacs" = "yes")
I'm a bit confused by this. I can unstand building the emacs pinentry
without the inside emacs check, but doesn't inside_emacs imply
pinentry_emacs? If so, we only need to check if "$pinentry_emacs" =
"yes". Right?
> diff --git a/pinentry/pinentry-emacs.c b/pinentry/pinentry-emacs.c
> new file mode 100644
> index 0000000..280546d
> --- /dev/null
> +++ b/pinentry/pinentry-emacs.c
> + if (strlen (tmpdir) + strlen ("/emacs") + 10 + strlen ("/")
> + + strlen (socket_name) + 1 >= sizeof (unaddr.sun_path))
> + {
> + fprintf (stderr, "socket name is too long\n");
> + return 0;
> + }
> + sprintf (unaddr.sun_path, "%s/emacs%lu/%s", tmpdir,
> + (unsigned long) uid, socket_name);
Technically, this is too conservative. 10 is the maximum length of
the uid. If the user is 1000, then only 4 characters are needed.
> +/* Percent-escape control characters in DATA. Return a newly
> + allocated string, or DATA itself if there is no need to escape any
> + character. Store the length of the string to LENGTHP. */
> +static char *
> +escape (const char *data, size_t *lengthp)
> +{
> + char *buffer, *out_p;
> + size_t length = *lengthp, buffer_length;
The comment is inaccurate. *LENGTHP needs to contain the length of
DATA. It also doesn't return a string, but a character vector (it is
not NUL terminated as far as I can tell). This is actually a problem
for set_label (and perhaps elsewhere): it calls escape with the length
of the string, not including the NUL character!
Also, the return semantics are a bit too smart for my taste. It would
be better to always allocate a new string.
> +/* The inverse of escape. Removes quoting in string STR by modifying
> + the string in place. */
> +static char *
> +unescape (char *data, size_t *lengthp)
> +{
The semantics doesn't match escape's semantics: *LENGTHP is not the
length of the character vector. Instead, this function assumes that
DATA is a NUL-terminated C string. This lack of symmetry is another
reason to change escape.
> +static int
> +do_password (pinentry_t pe)
> +{
> + char *escaped, *password;
> + size_t length;
> + assuan_error_t error;
> +
> + set_labels (pe);
> +
> + if (!send_to_emacs (emacs_socket, "GETPIN\n", 7))
> + return -1;
> +
> + escaped = read_from_emacs (emacs_socket, pe->timeout, NULL, &length, &error);
It is a bit unfortunate that the password is initially read into
insecure memory. Let's allocate, say, 1k of secure memory and use
that.
> + password = unescape (escaped, &length);
> + pinentry_setbufferlen (pe, length);
> + if (pe->pin)
> + memcpy (pe->pin, password, length);
You should NUL terminate the password.
> +static int
> +do_confirm (pinentry_t pe)
> +{
> + char buffer[16];
> + size_t length;
> + assuan_error_t error;
> +
> + set_labels (pe);
> +
> + if (!send_to_emacs (emacs_socket, "CONFIRM\n", 8))
> + return 0;
> +
> + length = sizeof (buffer);
> + read_from_emacs (emacs_socket, pe->timeout, buffer, &length, &error);
> + if (error != ASSUAN_No_Error)
> + {
> + pe->specific_err = error;
> + return 0;
> + }
> +
> + return 1;
You don't handle the case when the user pressed cancelled (we need to
set pe->cancelled) or the third button. It is important to get at
least the former right. Are there any specific reasons that this is
difficult?
> +int
> +pinentry_inside_emacs (void)
> +{
> + const char *envvar;
> +
> + /* Check if INSIDE_EMACS envvar is set. */
> + envvar = getenv ("INSIDE_EMACS");
> + if (!envvar || !*envvar)
> + return 0;
> +
> + /* FIXME: Additional checks for the value. */
> + return 1;
> +}
> +
> +int
> +pinentry_emacs_init (void)
> +{
> + char buffer[256];
> + size_t length = sizeof (buffer);
> + assuan_error_t error;
> +
> + /* Check if we can connect to the Emacs server socket. */
> + if (!set_socket ("pinentry"))
> + return 0;
> +
> + /* Check if the server responds. */
> + read_from_emacs (emacs_socket, INITIAL_TIMEOUT, buffer, &length, &error);
> + return error == ASSUAN_No_Error;
> +}
Why doesn't pinentry_inside_emacs directly call pinentry_emacs_init?
It seems to me that the real test of whether we can use an emacs pin
is there?
Also, in your previous patch, you checked for the existence of a
particular symbol. Why don't you do that anymore? I think it is
reasonable that the INSIDE_EMACS is set, but the version of emacs
doesn't have support for pinentry.
Thanks,
Neal
From andreas.stieger at gmx.de Fri Jun 5 00:06:01 2015
From: andreas.stieger at gmx.de (Andreas Stieger)
Date: Fri, 05 Jun 2015 00:06:01 +0200
Subject: pinentry-gnome3: (libgcrypt): Cannot allocate memory
Message-ID: <5570CBC9.9080500@gmx.de>
Hello,
As I was packaging pinentry 0.9.3 with the new /usr/bin/pinentry-gnome3
I noticed the following:
$ /usr/bin/pinentry-gnome3
OK Your orders please
getpin
couldn't lock 16384 bytes of memory (libgcrypt): Cannot allocate memory
ERR 83886179 canceled
strace:
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7efc75498000
mmap(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x7efc75494000
mlock(0x7efc75494000, 16384) = -1 ENOMEM (Cannot allocate memory)
write(2, "couldn't lock 16384 bytes of mem"..., 72couldn't lock 16384
bytes of memory (libgcrypt): Cannot allocate memory
This is on a system with a fairly standard limit:
max locked memory (kbytes, -l) 64
Where would we start looking to debug and look for a possible solution?
Do you think the gnome3 variant could receive a change to stay below a
64k lock limit?
openSUSE tracks this in:
https://bugzilla.opensuse.org/show_bug.cgi?id=933687
Andreas
From dkg at fifthhorseman.net Fri Jun 5 01:46:13 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Thu, 04 Jun 2015 19:46:13 -0400
Subject: pinentry-gnome3: (libgcrypt): Cannot allocate memory
In-Reply-To: <5570CBC9.9080500@gmx.de>
References: <5570CBC9.9080500@gmx.de>
Message-ID: <87382711h6.fsf@alice.fifthhorseman.net>
Hi Andreas--
On Thu 2015-06-04 18:06:01 -0400, Andreas Stieger wrote:
> As I was packaging pinentry 0.9.3 with the new /usr/bin/pinentry-gnome3
You don't say what platform you're packaging this for, but please note
that pinentry-gnome3 is already available in debian unstable :)
> $ /usr/bin/pinentry-gnome3
> OK Your orders please
> getpin
> couldn't lock 16384 bytes of memory (libgcrypt): Cannot allocate memory
> ERR 83886179 canceled
>
> strace:
>
> mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> = 0x7efc75498000
> mmap(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0x7efc75494000
> mlock(0x7efc75494000, 16384) = -1 ENOMEM (Cannot allocate memory)
> write(2, "couldn't lock 16384 bytes of mem"..., 72couldn't lock 16384
> bytes of memory (libgcrypt): Cannot allocate memory
>
> This is on a system with a fairly standard limit:
> max locked memory (kbytes, -l) 64
>
> Where would we start looking to debug and look for a possible solution?
> Do you think the gnome3 variant could receive a change to stay below a
> 64k lock limit?
I can't reproduce this on debian:
0 dkg at alice:~$ ulimit -a | grep locked
max locked memory (kbytes, -l) 64
0 dkg at alice:~$ pinentry-gnome3
OK Your orders please
getpin
D abc123
OK
0 dkg at alice:~$
> openSUSE tracks this in:
> https://bugzilla.opensuse.org/show_bug.cgi?id=933687
Sounds like this might be platform specific. What version of libgcrypt
are you running?
--dkg
From dkg at fifthhorseman.net Fri Jun 5 03:39:21 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Thu, 04 Jun 2015 21:39:21 -0400
Subject: gnome keyring & gpg agent
In-Reply-To: <877fsbvwhr.wl-neal@walfield.org>
References: <87twvg8l4r.fsf@alice.fifthhorseman.net>
<87bnhowa4x.wl-neal@walfield.org>
<87twvfmnhx.fsf@vigenere.g10code.de> <87fv6z7032.fsf@alice.fifthhorseman.net>
<877fsbvwhr.wl-neal@walfield.org>
Message-ID: <87k2vjylva.fsf@alice.fifthhorseman.net>
On Thu 2015-05-14 14:34:40 -0400, Neal H. Walfield wrote:
> Is it possible to fix this issue in Debian Stable (e.g., in the next
> point release)?
This is a lot of change to push into a stable point release, so i'm not
sure that it'll happen. The first step would be to make sure that it's
all resolved in unstable, and then we can look into what parts are
possible for stable.
> So far, I've identified these requirements:
>
> - Adding a new pinentry-gnome3 package with the yet-to-be-released
> pinentry with Gnome3 support.
This is done in debian unstable, with pinentry 0.9.3. yay!
> - An update to GPG with the relatively small change.
I'm not sure exactly which change to gpg this is intended to be. do you
have a suggestion?
> - An update to Gnome-Keyring that disables it GPG Agent proxy.
Maybe we need to offer them a patch. the goal here is just to disable
gnome-keyring's gpg-agent proxy implementation by default, right?
> - Make Gnome Keyring depend on pinentry-gnome3.
I've opened https://bugs.debian.org/787786 for this.
--dkg
From neal at walfield.org Fri Jun 5 04:09:28 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Fri, 05 Jun 2015 04:09:28 +0200
Subject: gnome keyring & gpg agent
In-Reply-To: <87k2vjylva.fsf@alice.fifthhorseman.net>
References: <87twvg8l4r.fsf@alice.fifthhorseman.net>
<87bnhowa4x.wl-neal@walfield.org>
<87twvfmnhx.fsf@vigenere.g10code.de>
<87fv6z7032.fsf@alice.fifthhorseman.net>
<877fsbvwhr.wl-neal@walfield.org>
<87k2vjylva.fsf@alice.fifthhorseman.net>
Message-ID: <87oakurjmv.wl-neal@walfield.org>
Hi Daniel,
At Thu, 04 Jun 2015 21:39:21 -0400,
Daniel Kahn Gillmor wrote:
> On Thu 2015-05-14 14:34:40 -0400, Neal H. Walfield wrote:
> > Is it possible to fix this issue in Debian Stable (e.g., in the next
> > point release)?
>
> This is a lot of change to push into a stable point release, so i'm not
> sure that it'll happen. The first step would be to make sure that it's
> all resolved in unstable, and then we can look into what parts are
> possible for stable.
Ok.
> > So far, I've identified these requirements:
> >
> > - Adding a new pinentry-gnome3 package with the yet-to-be-released
> > pinentry with Gnome3 support.
>
> This is done in debian unstable, with pinentry 0.9.3. yay!
great :).
> > - An update to GPG with the relatively small change.
>
> I'm not sure exactly which change to gpg this is intended to be. do you
> have a suggestion?
The main change in 2.0.28: dde8ddffd37c9ef96cae2e2b1317d1dee607fc0b
(plus the minor fix in ef0741ac54c63b9b744de9dec86e82c530f9543a).
commit dde8ddffd37c9ef96cae2e2b1317d1dee607fc0b
Author: Neal H. Walfield
Date: Tue May 19 13:53:43 2015 +0200
agent: Backport changes from 2.1 to support an external password manager.
* agent/agent.h (agent_askpin): Add arguments keyinfo and cache_mode.
Update callers.
(agent_get_passphrase): Likewise.
(agent_clear_passphrase): New function.
(opt): Add field allow_external_cache.
* agent/call-pinentry.c (start_pinentry): Send "OPTION
allow-external-password-cache" to the pinentry.
(PINENTRY_STATUS_PASSWORD_FROM_CACHE): New constant.
(pinentry_status_cb): New function.
(agent_askpin): Add arguments keyinfo and cache_mode. If KEYINFO and
CACHE_MODE describe a cachable key, then send SETKEYINFO to the
pinentry. Pass PINENTRY_STATUS_CB to the "GETPIN" invocation. If the
passphrase was incorrect and PINENTRY_STATUS_PASSWORD_FROM_CACHE is
set, decrement PININFO->FAILED_TRIES.
(agent_get_passphrase): Add arguments keyinfo and cache_mode. If
KEYINFO and CACHE_MODE describe a cachable key, then send SETKEYINFO
to the pinentry.
(agent_clear_passphrase): New function.
* agent/call-pinentry.c (start_pinentry): Act upon new var,
allow_external_cache.
* agent/command.c (cmd_clear_passphrase): Call agent_clear_passphrase.
* agent/gpg-agent.c (oNoAllowExternalCache): New.
(opts): Add option --no-allow-external-cache.
(parse_rereadable_options): Set this option.
> > - An update to Gnome-Keyring that disables it GPG Agent proxy.
>
> Maybe we need to offer them a patch. the goal here is just to disable
> gnome-keyring's gpg-agent proxy implementation by default, right?
That's correct. It should be sufficient to configure gnome keyring
with --disable-gpg-agent (but I haven't tested this).
> > - Make Gnome Keyring depend on pinentry-gnome3.
>
> I've opened https://bugs.debian.org/787786 for this.
In that report, you note:
This is part of a larger project to reduce superfluous dependencies
on headless servers that use GnuPG while improving the user
experience for desktop users of GnuPG
That's a worth effort, but it might be worth mentioning that it is
also about fixing the gnome keyring hijack problem.
Thanks for working on this!
:) Neal
From dkg at fifthhorseman.net Fri Jun 5 04:14:25 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Thu, 04 Jun 2015 22:14:25 -0400
Subject: gnome keyring & gpg agent
In-Reply-To: <87oakurjmv.wl-neal@walfield.org>
References: <87twvg8l4r.fsf@alice.fifthhorseman.net>
<87bnhowa4x.wl-neal@walfield.org>
<87twvfmnhx.fsf@vigenere.g10code.de> <87fv6z7032.fsf@alice.fifthhorseman.net>
<877fsbvwhr.wl-neal@walfield.org> <87k2vjylva.fsf@alice.fifthhorseman.net>
<87oakurjmv.wl-neal@walfield.org>
Message-ID: <87a8wezyta.fsf@alice.fifthhorseman.net>
On Thu 2015-06-04 22:09:28 -0400, Neal H. Walfield wrote:
> The main change in 2.0.28: dde8ddffd37c9ef96cae2e2b1317d1dee607fc0b
> (plus the minor fix in ef0741ac54c63b9b744de9dec86e82c530f9543a).
Thanks, that's good to keep track of.
>> > - An update to Gnome-Keyring that disables it GPG Agent proxy.
>>
>> Maybe we need to offer them a patch. the goal here is just to disable
>> gnome-keyring's gpg-agent proxy implementation by default, right?
>
> That's correct. It should be sufficient to configure gnome keyring
> with --disable-gpg-agent (but I haven't tested this).
that would make it so that users who wanted to use gnome-keyring as the
gpg-agent (e.g. those who don't have smartcards, don't use gpgsm, and
who otherwise ignore the concerns Werner has raised about
gnome-keyring's incomplete gpg-agent support) would be unable to do so.
It's a more invasive change than just disabling the functionality as per
runtime defaults.
Then again, that might keep us from dealing with a lot of extra bug
reports :)
>> > - Make Gnome Keyring depend on pinentry-gnome3.
>>
>> I've opened https://bugs.debian.org/787786 for this.
>
> In that report, you note:
>
> This is part of a larger project to reduce superfluous dependencies
> on headless servers that use GnuPG while improving the user
> experience for desktop users of GnuPG
>
> That's a worth effort, but it might be worth mentioning that it is
> also about fixing the gnome keyring hijack problem.
The bug reports referenced in #787786 each point to the hijacking
problem as well, but i welcome any followup at 787786 at bugs.debian.org
that you think would be relevant there too.
Thanks,
--dkg
From neal at walfield.org Fri Jun 5 04:30:21 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Fri, 05 Jun 2015 04:30:21 +0200
Subject: gnome keyring & gpg agent
In-Reply-To: <87a8wezyta.fsf@alice.fifthhorseman.net>
References: <87twvg8l4r.fsf@alice.fifthhorseman.net>
<87bnhowa4x.wl-neal@walfield.org>
<87twvfmnhx.fsf@vigenere.g10code.de>
<87fv6z7032.fsf@alice.fifthhorseman.net>
<877fsbvwhr.wl-neal@walfield.org>
<87k2vjylva.fsf@alice.fifthhorseman.net>
<87oakurjmv.wl-neal@walfield.org>
<87a8wezyta.fsf@alice.fifthhorseman.net>
Message-ID: <87mw0erio2.wl-neal@walfield.org>
At Thu, 04 Jun 2015 22:14:25 -0400,
Daniel Kahn Gillmor wrote:
> >> > - An update to Gnome-Keyring that disables it GPG Agent proxy.
> >>
> >> Maybe we need to offer them a patch. the goal here is just to disable
> >> gnome-keyring's gpg-agent proxy implementation by default, right?
> >
> > That's correct. It should be sufficient to configure gnome keyring
> > with --disable-gpg-agent (but I haven't tested this).
>
> that would make it so that users who wanted to use gnome-keyring as the
> gpg-agent (e.g. those who don't have smartcards, don't use gpgsm, and
> who otherwise ignore the concerns Werner has raised about
> gnome-keyring's incomplete gpg-agent support) would be unable to do so.
>
> It's a more invasive change than just disabling the functionality as per
> runtime defaults.
>
> Then again, that might keep us from dealing with a lot of extra bug
> reports :)
I spoke with Stef (the maintainer of GNOME Keyring, cc'ed) and he
agrees that removing the proxy is the correct way forward.
The only reason that the proxy exists is to cache passwords.
pinentry-gnome3 does exactly that in a cleaner way. In other words:
it makes the proxy completely redundant.
A GSoC student is working on finishing the changes to GNOME Keyring
and pinentry-gnome3 (e.g., extending GCR to deal with all of GnuPG's
prompts). Nevertheless, the current pinentry version already more
complete than the proxy.
:) Neal
From dkg at fifthhorseman.net Fri Jun 5 06:20:07 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Fri, 05 Jun 2015 00:20:07 -0400
Subject: gnome keyring & gpg agent
In-Reply-To: <87mw0erio2.wl-neal@walfield.org>
References: <87twvg8l4r.fsf@alice.fifthhorseman.net>
<87bnhowa4x.wl-neal@walfield.org>
<87twvfmnhx.fsf@vigenere.g10code.de> <87fv6z7032.fsf@alice.fifthhorseman.net>
<877fsbvwhr.wl-neal@walfield.org> <87k2vjylva.fsf@alice.fifthhorseman.net>
<87oakurjmv.wl-neal@walfield.org> <87a8wezyta.fsf@alice.fifthhorseman.net>
<87mw0erio2.wl-neal@walfield.org>
Message-ID: <87vbf2yefc.fsf@alice.fifthhorseman.net>
Control: retitle 760102 gnome-keyring: please build with --disable-gpg-agent
Control: block 760102 with 787786
On Thu 2015-06-04 22:30:21 -0400, Neal H. Walfield wrote:
> At Thu, 04 Jun 2015 22:14:25 -0400, Daniel Kahn Gillmor wrote:
>> >> > - An update to Gnome-Keyring that disables it GPG Agent proxy.
>> >>
>> >> Maybe we need to offer them a patch. the goal here is just to disable
>> >> gnome-keyring's gpg-agent proxy implementation by default, right?
>> >
>> > That's correct. It should be sufficient to configure gnome keyring
>> > with --disable-gpg-agent (but I haven't tested this).
>>
>> that would make it so that users who wanted to use gnome-keyring as the
>> gpg-agent (e.g. those who don't have smartcards, don't use gpgsm, and
>> who otherwise ignore the concerns Werner has raised about
>> gnome-keyring's incomplete gpg-agent support) would be unable to do so.
>>
>> It's a more invasive change than just disabling the functionality as per
>> runtime defaults.
>>
>> Then again, that might keep us from dealing with a lot of extra bug
>> reports :)
>
> I spoke with Stef (the maintainer of GNOME Keyring, cc'ed) and he
> agrees that removing the proxy is the correct way forward.
>
> The only reason that the proxy exists is to cache passwords.
> pinentry-gnome3 does exactly that in a cleaner way. In other words:
> it makes the proxy completely redundant.
>
> A GSoC student is working on finishing the changes to GNOME Keyring
> and pinentry-gnome3 (e.g., extending GCR to deal with all of GnuPG's
> prompts). Nevertheless, the current pinentry version already more
> complete than the proxy.
Great, this sounds like a good assessment.
I'm forwarding this info to https://bugs.debian.org/760102, which is
already asking for some resolution of this situation.
If gnome-keyring can Depend: pinentry-gnome3 (#787786), it should be
able to build with --disable-gpg-agent.
Thanks for your work on this, all the coordination.
Regards,
--dkg
From dkg at fifthhorseman.net Fri Jun 5 08:16:57 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Fri, 05 Jun 2015 02:16:57 -0400
Subject: Bug#760102: gnome keyring & gpg agent
In-Reply-To: <55712734.1090206@debian.org>
References: <87twvg8l4r.fsf@alice.fifthhorseman.net>
<87bnhowa4x.wl-neal@walfield.org>
<87twvfmnhx.fsf@vigenere.g10code.de> <87fv6z7032.fsf@alice.fifthhorseman.net>
<877fsbvwhr.wl-neal@walfield.org> <87k2vjylva.fsf@alice.fifthhorseman.net>
<87oakurjmv.wl-neal@walfield.org> <87a8wezyta.fsf@alice.fifthhorseman.net>
<87mw0erio2.wl-neal@walfield.org> <87vbf2yefc.fsf@alice.fifthhorseman.net>
<55712734.1090206@debian.org>
Message-ID: <87r3pqy90m.fsf@alice.fifthhorseman.net>
On Fri 2015-06-05 00:36:04 -0400, Michael Biebl wrote:
> Am 05.06.2015 um 06:20 schrieb Daniel Kahn Gillmor:
>> If gnome-keyring can Depend: pinentry-gnome3 (#787786), it should be
>> able to build with --disable-gpg-agent.
>
> I just installed pinentry-gnome3 to give it a try, but apparently it
> needs further configuration to be used by gnome-keyring.
> Can you explain, how?
You need to:
* disable gnome-keyring's gpg-agent mechanism (either by rebuilding
gnome-keyring with --disable-gpg-agent or by fiddling with
/etc/xdg/autostart/gnome-keyring-gpg.desktop) , and
* make sure the gnupg-agent package is installed, and that gpg-agent is
running in your session (usually started by
/etc/X11/Xsession.d/90gpg-agent for gpg-agent < 2.1, or automatically
when needed for gpg2 and gpg-agent >= 2.1)
Then any gpg or gpg2 process that wants to talk to the gpg-agent will
find it. when gpg-agent wants a passphrase, it will invoke pinentry,
which should now be provided by pinentry-gnome3. this uses gcr for
prompting, and uses libsecret to (optionally) store passphrases with
gnome-keyring.
make sense? does this work for you? please let me know if you're
having any trouble with it, i'm happy to help.
--dkg
From dkg at fifthhorseman.net Fri Jun 5 09:06:12 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Fri, 05 Jun 2015 03:06:12 -0400
Subject: Bug#760102: gnome keyring & gpg agent
In-Reply-To: <5571443B.4080809@debian.org>
References: <87twvg8l4r.fsf@alice.fifthhorseman.net>
<87bnhowa4x.wl-neal@walfield.org>
<87twvfmnhx.fsf@vigenere.g10code.de> <87fv6z7032.fsf@alice.fifthhorseman.net>
<877fsbvwhr.wl-neal@walfield.org> <87k2vjylva.fsf@alice.fifthhorseman.net>
<87oakurjmv.wl-neal@walfield.org> <87a8wezyta.fsf@alice.fifthhorseman.net>
<87mw0erio2.wl-neal@walfield.org> <87vbf2yefc.fsf@alice.fifthhorseman.net>
<55712734.1090206@debian.org> <87r3pqy90m.fsf@alice.fifthhorseman.net>
<5571443B.4080809@debian.org>
Message-ID: <87k2viy6qj.fsf@alice.fifthhorseman.net>
On Fri 2015-06-05 02:39:55 -0400, Michael Biebl wrote:
> That said, the package doesn't ship any translations apparently, and the
> leading '_" in _Save, _OK and _Cancel look there is something broken
> with i18n.
The "_OK" and "_Cancel" work fine in gcr under xfce4, as noted here:
http://thread.gmane.org/gmane.comp.encryption.gpg.devel/20133/focus=20139
("_Save" is still broken on xfce4's gcr prompter, though). So I think
the issue is with gcr on gnome3, not with pinentry.
It looks to me like gcr_prompt_set_choice_label() doesn't support
prefixed-underscore accelerator keys the way
gcr_prompt_set_continue_label() and gcr_prompt_set_cancel_label() does
on xfce4's gcr.
Shall I open a bug in gcr about this?
> I think before we consider switching to pinentry-gnome3, this should be
> fixed and the package should provide a basic set of translations, at
> least for the more popular languages.
The translations of those strings actually ship in gpg-agent's source
(gnupg2), which already has translations for most of the strings. The
only new string in all of this is "Save in password manager", and gnupg
has plausible translations for de at least there.
(cs, da, jp, fr, nl, pl, ru, sv, uk, and zh_TW appear to have
fuzzy-mapped "Save in password manager" to the "Cancel" string, which is
probably a pretty bad outcome; i agree that part should be fixed)
--dkg
From Andreas.Stieger at gmx.de Fri Jun 5 09:47:04 2015
From: Andreas.Stieger at gmx.de (Andreas Stieger)
Date: Fri, 5 Jun 2015 09:47:04 +0200
Subject: pinentry-gnome3: (libgcrypt): Cannot allocate memory
In-Reply-To: <87382711h6.fsf@alice.fifthhorseman.net>
References: <5570CBC9.9080500@gmx.de>, <87382711h6.fsf@alice.fifthhorseman.net>
Message-ID:
Hello,
> > As I was packaging pinentry 0.9.3 with the new /usr/bin/pinentry-gnome3
>
> You don't say what platform you're packaging this for, but please note
> that pinentry-gnome3 is already available in debian unstable :)
This is for SUSE/openSUSE. Keeping pinentry and all packages of the project current was never an issue, but obviously as binary vendors we would like to make sure this is working properly.
> > $ /usr/bin/pinentry-gnome3
> > OK Your orders please
> > getpin
> > couldn't lock 16384 bytes of memory (libgcrypt): Cannot allocate memory
> > ERR 83886179 canceled
> >
> > strace:
> >
> > mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> > = 0x7efc75498000
> > mmap(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> > 0) = 0x7efc75494000
> > mlock(0x7efc75494000, 16384) = -1 ENOMEM (Cannot allocate memory)
> > write(2, "couldn't lock 16384 bytes of mem"..., 72couldn't lock 16384
> > bytes of memory (libgcrypt): Cannot allocate memory
> >
> > This is on a system with a fairly standard limit:
> > max locked memory (kbytes, -l) 64
> >
> > Where would we start looking to debug and look for a possible solution?
> > Do you think the gnome3 variant could receive a change to stay below a
> > 64k lock limit?
>
> I can't reproduce this on debian:
>
> 0 dkg at alice:~$ ulimit -a | grep locked
> max locked memory (kbytes, -l) 64
> 0 dkg at alice:~$ pinentry-gnome3
> OK Your orders please
> getpin
> D abc123
> OK
> 0 dkg at alice:~$
>
> > openSUSE tracks this in:
> > https://bugzilla.opensuse.org/show_bug.cgi?id=933687
>
> Sounds like this might be platform specific. What version of libgcrypt
> are you running?
This is occurring with libgcrypt 1.6.1 and 1.6.3, in this case on openSUSE 13.2.
I have seen different behaviour in this area before. I will look into this some more, let's see if this can be debugged. If you know anything that would point me in the right direction that would be appreciated.
Andreas
From dkg at fifthhorseman.net Fri Jun 5 10:01:46 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Fri, 05 Jun 2015 04:01:46 -0400
Subject: Bug#760102: gnome keyring & gpg agent
In-Reply-To: <55714AAA.1010100@michaelbiebl.de>
References: <87twvg8l4r.fsf@alice.fifthhorseman.net>
<87bnhowa4x.wl-neal@walfield.org>
<87twvfmnhx.fsf@vigenere.g10code.de> <87fv6z7032.fsf@alice.fifthhorseman.net>
<877fsbvwhr.wl-neal@walfield.org> <87k2vjylva.fsf@alice.fifthhorseman.net>
<87oakurjmv.wl-neal@walfield.org> <87a8wezyta.fsf@alice.fifthhorseman.net>
<87mw0erio2.wl-neal@walfield.org> <87vbf2yefc.fsf@alice.fifthhorseman.net>
<55712734.1090206@debian.org> <87r3pqy90m.fsf@alice.fifthhorseman.net>
<5571443B.4080809@debian.org> <55714AAA.1010100@michaelbiebl.de>
Message-ID: <87eglqy45x.fsf@alice.fifthhorseman.net>
[ dropping bug about gnome integration, Stef, and Neal from cc ]
On Fri 2015-06-05 03:07:22 -0400, Michael Biebl wrote:
> Am 05.06.2015 um 08:39 schrieb Michael Biebl:
>> Am 05.06.2015 um 08:16 schrieb Daniel Kahn Gillmor:
>>> make sense? does this work for you? please let me know if you're
>>> having any trouble with it, i'm happy to help.
>>
>> Seems to work ok for unlocking the keys. Haven't tried the "Save in
>> password manager" option yet, though.
>
> Daniel, on a related note, is it possible that gpg2 much slower then the
> older gpg v1?
It seems unlikely to me that this would be the case, but maybe it is.
What version of gpg2 are you running?
> It often happens here that Thunderbird (using enigmail) hangs for 30secs
> and I have a gpg2 process at 100% CPU. I never saw that behaviour with
> gpg v1.
What version of thunderbird? what version of enigmail?
When did you start to see this happen?
--dkg
From wk at gnupg.org Fri Jun 5 10:33:00 2015
From: wk at gnupg.org (Werner Koch)
Date: Fri, 05 Jun 2015 10:33:00 +0200
Subject: Facing issue while installing GnuPG 2.0.27 on AIX 7.1
In-Reply-To: <0b421b1066e8482491ea4a06308d61b2@CO2PR42MB076.048d.mgd.msft.net>
(manan navin mehta's message of "Thu, 4 Jun 2015 07:04:59 +0000")
References: <0b421b1066e8482491ea4a06308d61b2@CO2PR42MB076.048d.mgd.msft.net>
Message-ID: <87eglqftc3.fsf@vigenere.g10code.de>
On Thu, 4 Jun 2015 09:04, manan.navin.mehta at accenture.com said:
> Below are the OS level details:
>
> [cid:image006.png at 01D09EBE.3BD6EBA0]
Sorry, I can't view the images as they are only available in the HTML
rendered version. Please always transcript con5tents from screenshots
so that it is possible to search for the content. Anyway, the attached
config.log has all the details of your system.
> But still we are facing Error as C compiler cannot create executables
The configure run and the config.log show
> configure:3875: checking whether the C compiler works
> configure:3897: c99 -g conftest.c -lposix >&5
> ./configure[3899]: c99: not found
Thus you don't have a compiler installed. You need to have a compiler
and all related tools (the toolchain) to build software.
> If you have 24X7 support help line number then kindly share the
> details.
This is a public mailing list. If you need commercial support please
see http://gnupg.org/service.html .
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From wk at gnupg.org Fri Jun 5 10:52:36 2015
From: wk at gnupg.org (Werner Koch)
Date: Fri, 05 Jun 2015 10:52:36 +0200
Subject: Bug#760102: gnome keyring & gpg agent
In-Reply-To: <87k2viy6qj.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's
message of "Fri, 05 Jun 2015 03:06:12 -0400")
References: <87twvg8l4r.fsf@alice.fifthhorseman.net>
<87bnhowa4x.wl-neal@walfield.org>
<87twvfmnhx.fsf@vigenere.g10code.de>
<87fv6z7032.fsf@alice.fifthhorseman.net>
<877fsbvwhr.wl-neal@walfield.org>
<87k2vjylva.fsf@alice.fifthhorseman.net>
<87oakurjmv.wl-neal@walfield.org>
<87a8wezyta.fsf@alice.fifthhorseman.net>
<87mw0erio2.wl-neal@walfield.org>
<87vbf2yefc.fsf@alice.fifthhorseman.net> <55712734.1090206@debian.org>
<87r3pqy90m.fsf@alice.fifthhorseman.net> <5571443B.4080809@debian.org>
<87k2viy6qj.fsf@alice.fifthhorseman.net>
Message-ID: <87a8wefsff.fsf@vigenere.g10code.de>
On Fri, 5 Jun 2015 09:06, dkg at fifthhorseman.net said:
> (cs, da, jp, fr, nl, pl, ru, sv, uk, and zh_TW appear to have
> fuzzy-mapped "Save in password manager" to the "Cancel" string, which is
> probably a pretty bad outcome; i agree that part should be fixed)
fuzzy marked entries are not used by gettest. Thus this is only a
missing translation.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From wk at gnupg.org Fri Jun 5 11:31:23 2015
From: wk at gnupg.org (Werner Koch)
Date: Fri, 05 Jun 2015 11:31:23 +0200
Subject: Pinentry linking to libassuan?
(was: Add inside-Emacs mode to GUI pinentry programs)
In-Reply-To: <87r3prqk5x.wl-neal@walfield.org> (Neal H. Walfield's message of
"Thu, 04 Jun 2015 22:43:22 +0200")
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
Message-ID: <873826fqms.fsf_-_@vigenere.g10code.de>
Hi,
given that pinentry gets more and more complicated it does not anymore
fulfill its original goal to be small enough to be easily audited. One
of the main problem here has been the major changes to Gtk+ over the
last decade. And now of Emacs socket code is added as well.
Originally Pinentry should be mostly self-standing but today this is
only true for the plain curses, tty and Windows versions. Most users
however build one of the real GUI versions with all their large
dependencies.
The question is whether we should keep on using our much stripped down
versions of libassuan and libgpg-error or switch over to use libassuan
and libgpg-error directly. In fact, both libraries are required by
GnuPG itself and also be any software using GPGME. Thus we can expect
that such a change won't introduce any new platform problems.
However, we should also link to Libgcrypt to make use of its secure
memory code - if that is something we should keep on using. It would
also be possible to do without and make sure that the passphrase is only
stored at one place which we would manually clear as needed. Frankly, I
think that the mlock-ed memory area is not useful anymore because it
does not help against hibernation. To mitigate the swapping problem an
encrypted swap partition is anyway much easier and safer.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From ueno at gnu.org Fri Jun 5 12:28:44 2015
From: ueno at gnu.org (Daiki Ueno)
Date: Fri, 05 Jun 2015 19:28:44 +0900
Subject: Pinentry linking to libassuan?
In-Reply-To: <873826fqms.fsf_-_@vigenere.g10code.de> (Werner Koch's message of
"Fri, 05 Jun 2015 11:31:23 +0200")
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
<873826fqms.fsf_-_@vigenere.g10code.de>
Message-ID: <87lhfycuub.fsf-ueno@gnu.org>
Werner Koch writes:
> The question is whether we should keep on using our much stripped down
> versions of libassuan and libgpg-error or switch over to use libassuan
> and libgpg-error directly. In fact, both libraries are required by
> GnuPG itself and also be any software using GPGME. Thus we can expect
> that such a change won't introduce any new platform problems.
I think using proper libassuan would make sense, for the Emacs Pinentry
at least. Given the easiness of writing an Assuan server in Elisp (with
`make-network-process'), what really needed is for Pinentry protocol
messages to be directed to the socket which Emacs listens. If we can
use assuan_socket_connect (not available in the stripped down version)
for that, the Pinentry-side code could eliminate all the complex stuff,
including escaping and buffering in pinentry/pinentry-emacs.c.
(Thanks Neal for the review, will update the patch soon, in any case.)
Regards,
--
Daiki Ueno
From neal at walfield.org Fri Jun 5 15:55:22 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Fri, 05 Jun 2015 15:55:22 +0200
Subject: gnome keyring & gpg agent
In-Reply-To: <5571A616.9020508@gnome.org>
References: <87twvg8l4r.fsf@alice.fifthhorseman.net>
<87bnhowa4x.wl-neal@walfield.org>
<87twvfmnhx.fsf@vigenere.g10code.de>
<87fv6z7032.fsf@alice.fifthhorseman.net>
<877fsbvwhr.wl-neal@walfield.org>
<87k2vjylva.fsf@alice.fifthhorseman.net>
<87oakurjmv.wl-neal@walfield.org>
<87a8wezyta.fsf@alice.fifthhorseman.net>
<87mw0erio2.wl-neal@walfield.org>
<87vbf2yefc.fsf@alice.fifthhorseman.net>
<5571A616.9020508@gnome.org>
Message-ID: <87k2viqmyd.wl-neal@walfield.org>
Hi Stef,
At Fri, 05 Jun 2015 15:37:26 +0200,
Stef Walter wrote:
> Confirming that I'll be ready to remove the code once the new pinentry
> makes it into a release. Removing code always makes me smile :)
A new pinentry with the code has already been released (0.9.3).
:) Neal
From dkg at fifthhorseman.net Fri Jun 5 16:01:03 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Fri, 05 Jun 2015 10:01:03 -0400
Subject: gnupg2: occasionally runs for 30 seconds at 100% CPU [was: Re:
Bug#760102: gnome keyring & gpg agent]
In-Reply-To: <55715ADA.8070300@debian.org>
References: <87twvg8l4r.fsf@alice.fifthhorseman.net>
<87bnhowa4x.wl-neal@walfield.org>
<87twvfmnhx.fsf@vigenere.g10code.de> <87fv6z7032.fsf@alice.fifthhorseman.net>
<877fsbvwhr.wl-neal@walfield.org> <87k2vjylva.fsf@alice.fifthhorseman.net>
<87oakurjmv.wl-neal@walfield.org> <87a8wezyta.fsf@alice.fifthhorseman.net>
<87mw0erio2.wl-neal@walfield.org> <87vbf2yefc.fsf@alice.fifthhorseman.net>
<55712734.1090206@debian.org> <87r3pqy90m.fsf@alice.fifthhorseman.net>
<5571443B.4080809@debian.org> <55714AAA.1010100@michaelbiebl.de>
<87eglqy45x.fsf@alice.fifthhorseman.net> <55715ADA.8070300@debian.org>
Message-ID: <87bnguxnj4.fsf@alice.fifthhorseman.net>
Hi Michael--
On Fri 2015-06-05 04:16:26 -0400, Michael Biebl wrote:
> Am 05.06.2015 um 10:01 schrieb Daniel Kahn Gillmor:
>> On Fri 2015-06-05 03:07:22 -0400, Michael Biebl wrote:
>>> Daniel, on a related note, is it possible that gpg2 much slower then the
>>> older gpg v1?
>>
>> It seems unlikely to me that this would be the case, but maybe it is.
>> What version of gpg2 are you running?
>
> 2.0.28-1
thanks, can you give me a sense of the size of your public keyring and
the number of elements in it?
gpg2 --list-keys --with-colons | cut -f1 -d: | sort | uniq -c
gpg2 --list-secret-keys --with-colons | cut -f1 -d: | sort | uniq -c
and can you tell me whether you have no-auto-check-trustdb in
~/.gnupg/gpg.conf ?
>>> It often happens here that Thunderbird (using enigmail) hangs for 30secs
>>> and I have a gpg2 process at 100% CPU. I never saw that behaviour with
>>> gpg v1.
>>
>> What version of thunderbird? what version of enigmail?
>
> Thunderbird 31.7.0, Enigmail 1.8.2
Thanks. The next time this hang happens, can you use ps to figure out
what the exact command line is that is running, and report it here?
This might be an enigmail issue, so if we can find anything to improve
there, that would be great. (i'm happy to forward the bug to enigmail
upstream if we track it down)
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL:
From loweel at gmx.de Fri Jun 5 16:39:33 2015
From: loweel at gmx.de (Low Eel)
Date: Fri, 5 Jun 2015 16:39:33 +0200
Subject: Golang "OpenPGP" implementation...
Message-ID:
Hi All
?
I hope to don't be OT , and I have a question about OpenPGP libraries.
?
As you probably (?) know, Google launched their language, golang, and it ships
with something they call "OpenPGP" libraries:
?
https://godoc.org/golang.org/x/crypto/openpgp
?
I know because I am going to write some server using GPG and I was looking for
some library. Now the name "OpenPGP" Google is using seems promising, but.
- Are that libraries a port/endorsed/written together with the gpg dev?
- Does anyone knows if they are 100% compatible or a "google flavour"?
thanks in advance,
?
LowEel
?
--
LowEel
?
From neal at walfield.org Fri Jun 5 18:06:09 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Fri, 05 Jun 2015 18:06:09 +0200
Subject: Use of composed characters and altgr utf-8 symbols on passwords.
In-Reply-To:
References:
Message-ID: <87iob2qgwe.wl-neal@walfield.org>
Hi Pedro,
Reviewing the mailing list archive, I saw that your issue got no
responses. I've open an issue on the bug tracker so that it is not
lost [1]. If you have any additional information, please provide it. I
wonder if the problem is an encoding issue. Are you using the same
encoding on both computers?
Thanks,
:) Neal
[1] https://bugs.gnupg.org/gnupg/issue1998
At Thu, 30 Apr 2015 16:37:21 +0100,
Pedro Coelho wrote:
> I have an issue that I've detected today and searched the entire
> mailing list and did not find an answer.
> I hope I'm not wasting anyone's time.
> I use OpenSuSE 13.1 64bits as my main distribution on Linux.
> I encrypt on that same computer some files and my passphrase always
> used both composed characters as well as altgr symbols.
> Meaning utf-8 characters.
>
> In this particular case I used symmetric encryption on a file, like
> this:
>
> gpg -c --s2k-mode 3 --s2k-count 65011712 --s2k-cipher-algo AES256 -
> -cert-digest-algo SHA512 file.txt
>
> All is ok to decrypt the file when I use OpenSuSE KDE desktop even on
> other computers I have.
> What I have noticed tho is a strange behavior that should be of some
> concern.
> When trying to decrypt the exact same file on Other distros I always
> get the Bad Key message!
> Once the Same file is encrypted with a passphrase with no composed
> characters And No altgr characters everything is ok! the file is
> decrypted with no problem.
> I've done some testing and used Centos 6 CLI mode only, Centos 7 with
> x, Ubuntu (several versions) , Kali Linux, Tails ... you name it.
>
> Worst.
> On my computer I switched to a new session with LXDE as the desktop
> and ... the result was the same!
> The file I could decrypt in my KDE session I was not able to decrypt
> on the same computer o on the LXDE session.
> Same old bad key error.
>
> Of course this may be realted to the way those chars are "interpreted"
> between different environments. Or could this be a gpg bug?
>
> Also I must alert you good folks that this is for me of Paramount
> importance since increasing the character space of a passwrod is
> Hugely important to increase the security.
> It's also a big big hurdle if I can not have inter-environment
> compatibility.
> It really really is annoying ... and higly curtails a lot of the power
> contained in gnupg ..
>
> Can anyone try to explain why this happening ?
>
> Best regards,
> Pedro
>
> [2 ]
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
From neal at walfield.org Fri Jun 5 18:46:19 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Fri, 05 Jun 2015 18:46:19 +0200
Subject: gpg --check-trustdb returns data on stdout when --verbose
--verbose is present?
In-Reply-To: <87twvombpu.fsf@alice.fifthhorseman.net>
References: <87twvombpu.fsf@alice.fifthhorseman.net>
Message-ID: <87h9qmqf1g.wl-neal@walfield.org>
Hi, Daniel,
I noticed that this issue didn't get any responses. To prevent it
from getting lost, I've open a new issue on the bug tracker:
https://bugs.gnupg.org/gnupg/issue1999
Thanks,
:) Neal
At Thu, 07 May 2015 15:25:33 -0400,
Daniel Kahn Gillmor wrote:
>
> gpg --check-trustdb normally sends no data to stdout, even if --verbose
> is specfieid once. however, when i add --verbose --verbose it sends a
> lot of data to stdout, in particular, lines like this:
>
> 0:F2AD85AC1E42B367:U:::f:::Werner Koch :
> [...]
>
> I believe this also happens when the trustdb is automatically checked
> (though i'm not sure how to force that to happen to test it better).
>
> sending additional data to stdout during an automatic check (or even
> during --check-trustdb when it's not otherwise expected) seems
> problematic for anyone using the tool programmatically.
From jim at meyering.net Fri Jun 5 17:49:17 2015
From: jim at meyering.net (Jim Meyering)
Date: Fri, 5 Jun 2015 16:49:17 +0100
Subject: [PATCH] configure.ac: improve check for clock_gettime library
Message-ID:
Hello,
I noticed the clock_gettime-vs-librt problem with npth-1.2 on a CentOS6
system and fixed it, but then noticed that the first post-release patch also
made a change on that front. I have rebased on top of that.
I have attached an additional patch:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: npth-configure-vs-clock_gettime.patch
Type: application/octet-stream
Size: 2508 bytes
Desc: not available
URL:
From dkg at fifthhorseman.net Fri Jun 5 19:19:45 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Fri, 05 Jun 2015 13:19:45 -0400
Subject: Bug#760102: gnome keyring & gpg agent
In-Reply-To: <5571D6AF.1040306@debian.org>
References: <87twvg8l4r.fsf@alice.fifthhorseman.net>
<87bnhowa4x.wl-neal@walfield.org>
<87twvfmnhx.fsf@vigenere.g10code.de> <87fv6z7032.fsf@alice.fifthhorseman.net>
<877fsbvwhr.wl-neal@walfield.org> <87k2vjylva.fsf@alice.fifthhorseman.net>
<87oakurjmv.wl-neal@walfield.org> <87a8wezyta.fsf@alice.fifthhorseman.net>
<87mw0erio2.wl-neal@walfield.org> <87vbf2yefc.fsf@alice.fifthhorseman.net>
<5571A616.9020508@gnome.org> <87k2viqmyd.wl-neal@walfield.org>
<5571D6AF.1040306@debian.org>
Message-ID: <87twumvzri.fsf@alice.fifthhorseman.net>
On Fri 2015-06-05 13:04:47 -0400, Michael Biebl wrote:
> Just to be clear here: this new pinentry-gnome3 and gnupg-agent, do they
> both work with either gnupg and gnupg2?
Yes, they both work with either gnupg or gnupg2.
> @Joss: related to that, I notice, that you added a versioned dependency
> on gnupg (>= 1.4.7) to the seahorse package in 2008.
> Is this still valid today? Or should we either drop that dependency or
> replace it with something like Depends: gnupg2 | gnupg (>= 1.4.7)
>
> I have no strong preference which one we pick as default, as long as it
> works properly. So I'd leave the judgement to those more familiar with
> the advantages/disadvantags of gnupg vs gnupg2
seahorse links to libgpgme11, which itself depends on gnupg2 (this is
the preferred backend for GnuPG upstream).
Given that 1.4.7 is older than oldoldstable, you ought to be able to
drop the explicit gnupg dependency entirely from seahorse, iiuc.
--dkg
From dkg at fifthhorseman.net Fri Jun 5 19:34:22 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Fri, 05 Jun 2015 13:34:22 -0400
Subject: gpg --check-trustdb returns data on stdout when --verbose
--verbose is present?
In-Reply-To: <87h9qmqf1g.wl-neal@walfield.org>
References: <87twvombpu.fsf@alice.fifthhorseman.net>
<87h9qmqf1g.wl-neal@walfield.org>
Message-ID: <87r3pqvz35.fsf@alice.fifthhorseman.net>
On Fri 2015-06-05 12:46:19 -0400, Neal H. Walfield wrote:
> I noticed that this issue didn't get any responses. To prevent it
> from getting lost, I've open a new issue on the bug tracker:
>
> https://bugs.gnupg.org/gnupg/issue1999
Thanks, Neal. I think it's fixed in 2.1.4 already. i've followed up on
the ticket there with backported patches to STABLE-BRANCH-1-4 and
STABLE-BRANCH-2-0, which end up being very straightforward git
cherry-picks of b03a2647299a6c8764a2574590cbaccdff9e497d.
Regards,
--dkg
From neal at walfield.org Fri Jun 5 19:56:20 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Fri, 05 Jun 2015 19:56:20 +0200
Subject: gpg-agent features of loopback-pinentry mode, preset_passphrase
In-Reply-To: <1432032302-353352.688746913.ft4JAiSDp000769@rs146.luxsci.com>
References: <554C2094.20904@fsij.org> <874mnnlqxn.fsf@alice.fifthhorseman.net>
<554C309F.5010706@fsij.org> <871tiegpoh.fsf@vigenere.g10code.de>
<1432032302-353352.688746913.ft4JAiSDp000769@rs146.luxsci.com>
Message-ID: <87fv66qbsr.wl-neal@walfield.org>
At Tue, 19 May 2015 06:44:27 -0400,
Ben Kibbey wrote:
>
> While looking at the code for --gen-key I noticed that gpg-agent isn't
> used for getting the passphrase. Is it possible to do this? Or would
> that make creating the public key impossible? I ask because --command-fd
> isn't considered during --gen-key making pinentry-mode=loopback broken.
>
> I have patches for fixing --command-fd (bjk/passphrase-inquire branches
> of gpgme and gnupg) but those still don't use gpg-agent during
> --gen-key. Maybe there is a reason why --gen-key isn't supposed to work
> while using pinentry-mode=loopback?
Since you haven't gotten a response, I've create an issue in the bug
tracker.
https://bugs.gnupg.org/gnupg/issue2001
Thanks,
:) Neal
From andreas.stieger at gmx.de Fri Jun 5 19:20:56 2015
From: andreas.stieger at gmx.de (Andreas Stieger)
Date: Fri, 05 Jun 2015 19:20:56 +0200
Subject: pinentry-gnome3: (libgcrypt): Cannot allocate memory
In-Reply-To: <5570CBC9.9080500@gmx.de>
References: <5570CBC9.9080500@gmx.de>
Message-ID: <5571DA78.2090107@gmx.de>
Hello,
On 05/06/15 00:06, Andreas Stieger wrote:
> As I was packaging pinentry 0.9.3 with the new /usr/bin/pinentry-gnome3
> I noticed the following:
>
> $ /usr/bin/pinentry-gnome3
> OK Your orders please
> getpin
> couldn't lock 16384 bytes of memory (libgcrypt): Cannot allocate memory
> ERR 83886179 canceled
>
> strace:
>
> mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> = 0x7efc75498000
> mmap(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0x7efc75494000
> mlock(0x7efc75494000, 16384) = -1 ENOMEM (Cannot allocate memory)
> write(2, "couldn't lock 16384 bytes of mem"..., 72couldn't lock 16384
> bytes of memory (libgcrypt): Cannot allocate memory
>
> This is on a system with a fairly standard limit:
> max locked memory (kbytes, -l) 64
>
> Where would we start looking to debug and look for a possible solution?
> Do you think the gnome3 variant could receive a change to stay below a
> 64k lock limit?
tl;dnr: DEFAULT_POOLSIZE was set to 64k, leaving no more for mlock in
the -gnome3 UI with standard limits.
Debugged this... When running pinentry-gnome3, mlock called twice, first
via pinentry_init -> secmem_init
$ gdb pinentry-gnome3
done.
(gdb) catch syscall mlock
Catchpoint 1 (syscall 'mlock' [149])
(gdb) run
Starting program: /usr/bin/pinentry-gnome3
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Catchpoint 1 (call to syscall mlock), 0x00007ffff63a9307 in mlock ()
from /lib64/libc.so.6
(gdb) bt
#0 0x00007ffff63a9307 in mlock () at /lib64/libc.so.6
#1 0x0000000000409d14 in secmem_init (n=65536, p=0x7ffff7fe7000) at
secmem.c:167
#2 0x0000000000409d14 in secmem_init (n=65536) at secmem.c:246
#3 0x0000000000409d14 in secmem_init (n=65536, n at entry=1) at secmem.c:306
#4 0x00000000004052cf in pinentry_init (pgmname=pgmname at entry=0x40c2e7
"pinentry-gnome3") at pinentry.c:512
#5 0x0000000000403196 in main (argc=1, argv=0x7fffffffdce8) at
pinentry-gnome3.c:254
(gdb)
(gdb) c
Continuing.
Catchpoint 1 (returned from syscall mlock), 0x00007ffff63a9307 in mlock
() from /lib64/libc.so.6
(gdb) c
Continuing.
[New Thread 0x7fffec027700 (LWP 8640)]
OK Your orders please
getpin
[New Thread 0x7fffeb826700 (LWP 8641)]
And then again with via the GUI in -gnome3.
Catchpoint 1 (call to syscall mlock), 0x00007ffff63a9307 in mlock ()
from /lib64/libc.so.6
(gdb) bt
#0 0x00007ffff63a9307 in mlock () at /lib64/libc.so.6
#1 0x00007ffff6b41865 in () at /usr/lib64/libgcr-base-3.so.1
#2 0x00007ffff5ff0f29 in () at /usr/lib64/libgcrypt.so.20
#3 0x00007ffff5ff22c3 in () at /usr/lib64/libgcrypt.so.20
#4 0x00007ffff608c71b in () at /usr/lib64/libgcrypt.so.20
#5 0x00007ffff608c8d7 in () at /usr/lib64/libgcrypt.so.20
#6 0x00007ffff6b3c0ca in () at /usr/lib64/libgcr-base-3.so.1
#7 0x00007ffff6b148b6 in () at /usr/lib64/libgcr-base-3.so.1
#8 0x00007ffff6b151f8 in gcr_secret_exchange_receive () at
/usr/lib64/libgcr-base-3.so.1
#9 0x00007ffff6b186d9 in () at /usr/lib64/libgcr-base-3.so.1
#10 0x00007ffff5d3a7e1 in () at /usr/lib64/libgio-2.0.so.0
#11 0x00007ffff76768e5 in g_main_context_dispatch () at
/usr/lib64/libglib-2.0.so.0
#12 0x00007ffff7676c48 in () at /usr/lib64/libglib-2.0.so.0
#13 0x00007ffff7676f0a in g_main_loop_run () at /usr/lib64/libglib-2.0.so.0
#14 0x00007ffff6b17315 in () at /usr/lib64/libgcr-base-3.so.1
#15 0x00007ffff5ccd2ba in g_initable_new_valist () at
/usr/lib64/libgio-2.0.so.0
#16 0x00007ffff5ccd39c in g_initable_new () at /usr/lib64/libgio-2.0.so.0
#17 0x00007ffff6b191a1 in gcr_system_prompt_open_for_prompter () at
/usr/lib64/libgcr-base-3.so.1
#18 0x00000000004033b2 in create_prompt (pe=pe at entry=0x611ae0
, confirm=confirm at entry=0)
at pinentry-gnome3.c:80
#19 0x00000000004035f8 in gnome3_cmd_handler (pe=0x611ae0 ) at
pinentry-gnome3.c:176
#20 0x0000000000404f78 in cmd_getpin (ctx=0x7ffff7fe7008,
line=) at pinentry.c:1168
#21 0x0000000000408eea in process_request (linelen=,
line=0x7ffff7fe7056 "", ctx=0x7ffff7fe7008) at assuan-handler.c:435
#22 0x0000000000408eea in process_request (ctx=0x7ffff7fe7008) at
assuan-handler.c:458
#23 0x0000000000409470 in assuan_process (ctx=0x7ffff7fe7008) at
assuan-handler.c:526
#24 0x000000000040579d in pinentry_loop2 (infd=infd at entry=0,
outfd=outfd at entry=1) at pinentry.c:1426
#25 0x000000000040585c in pinentry_loop () at pinentry.c:1446
#26 0x00000000004031c4 in main (argc=1, argv=0x7fffffffdce8) at
pinentry-gnome3.c:267
(gdb)
Of course an initial mlock call of 64k will exhaust the lock limit,
leaving none for the second. The 64k was due to a local change of
DEFAULT_POOLSIZE to address a problem that has since vanished. Local
problem.
Andreas
From neal at walfield.org Fri Jun 5 20:24:01 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Fri, 05 Jun 2015 20:24:01 +0200
Subject: gnupg 2.1.4 fails to build with --disable-gpgsm
In-Reply-To: <5554AC7A.5040101@ipsumj.de>
References: <5554AC7A.5040101@ipsumj.de>
Message-ID: <87eglqqaim.wl-neal@walfield.org>
Hi,
I just tried this on Debian Jessie with the latest version of git.
The build completed without an error.
If you are still getting this error, please provide some more details
about your configuration.
Thanks,
:) Neal
GnuPG v2.1.5-beta6 has been configured as follows:
Revision: 3a93054 (14995)
Platform: GNU/Linux (x86_64-unknown-linux-gnu)
OpenPGP: yes
S/MIME: no
Agent: yes
Smartcard: yes (without internal CCID driver)
G13: yes
Dirmngr: yes
Gpgtar: no
Protect tool: (default)
LDAP wrapper: (default)
Default agent: (default)
Default pinentry: (default)
Default scdaemon: (default)
Default dirmngr: (default)
Dirmngr auto start: yes
Readline support: yes
LDAP support: yes
DNS SRV support: yes
TLS support: gnutls
At Thu, 14 May 2015 16:08:58 +0200,
HW42 wrote:
>
> Hi,
>
> when I try to build gnupg 2.1.4 with --disable-gpgsm the build fails.
>
> $ ./configure --disable-gpgsm --disable-gpgtar
> [ ... ]
> GnuPG v2.1.4 has been configured as follows:
>
> Revision: a67ead6 (42622)
> Platform: GNU/Linux (x86_64-unknown-linux-gnu)
>
> OpenPGP: yes
> S/MIME: no
> Agent: yes
> Smartcard: yes (without internal CCID driver)
> G13: yes
> Dirmngr: yes
> Gpgtar: no
>
> Protect tool: (default)
> LDAP wrapper: (default)
> Default agent: (default)
> Default pinentry: (default)
> Default scdaemon: (default)
> Default dirmngr: (default)
>
> Dirmngr auto start: yes
> Readline support: yes
> LDAP support: yes
> DNS SRV support: yes
> TLS support: gnutls
>
> $ make
> [ ... ]
> mv -f .deps/getkey.Tpo .deps/getkey.Po
> gcc -DHAVE_CONFIG_H -I. -I.. -I../common
> -DLOCALEDIR=\"/usr/local/share/locale\"
> -DGNUPG_BINDIR="\"/usr/local/bin\""
> -DGNUPG_LIBEXECDIR="\"/usr/local/libexec\""
> -DGNUPG_LIBDIR="\"/usr/local/lib/gnupg\""
> -DGNUPG_DATADIR="\"/usr/local/share/gnupg\""
> -DGNUPG_SYSCONFDIR="\"/usr/local/etc/gnupg\""
> -DGNUPG_LOCALSTATEDIR="\"/usr/local/var\""
> -I/tmp/b/libgcrypt-1.6.3/build/include
> -I/tmp/b/libgpg-error-1.19/build/include
> -I/tmp/b/libassuan-2.2.0/build/include
> -I/tmp/b/libgpg-error-1.19/build/include
> -I/tmp/b/libgpg-error-1.19/build/include -Wall -Wno-pointer-sign
> -Wpointer-arith -MT keydb.o -MD -MP -MF .deps/keydb.Tpo -c -o keydb.o
> keydb.c
> In file included from keydb.c:37:0:
> ../kbx/keybox.h:36:19: fatal error: ksba.h: No such file or directory
> # include
> ^
> compilation terminated.
> Makefile:775: recipe for target 'keydb.o' failed
> make[2]: *** [keydb.o] Error 1
> make[2]: Leaving directory '/tmp/b/gnupg-2.1.4/g10'
> Makefile:576: recipe for target 'all-recursive' failed
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory '/tmp/b/gnupg-2.1.4'
> Makefile:495: recipe for target 'all' failed
> make: *** [all] Error 2
> $ export CFLAGS="$CFLAGS $(ksba-config --cflags)" # workaroud 1
> $ ./configure --disable-gpgsm --disable-gpgtar
> [ ... ]
> $ make
> [ ... ]
> make[2]: *** No rule to make target '../kbx/libkeybox.a', needed by
> 'gpg2'. Stop.
> make[2]: Leaving directory '/tmp/b/gnupg-2.1.4/g10'
> Makefile:576: recipe for target 'all-recursive' failed
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory '/tmp/b/gnupg-2.1.4'
> Makefile:495: recipe for target 'all' failed
> make: *** [all] Error 2
> $ make kbx=kbx # workaround 2
> [ ... ]
> $ # successful build
>
> Without the --disable-gpgtar there is another missing include error.
>
> HW42
>
From wk at gnupg.org Fri Jun 5 20:52:12 2015
From: wk at gnupg.org (Werner Koch)
Date: Fri, 05 Jun 2015 20:52:12 +0200
Subject: gnome keyring & gpg agent
In-Reply-To: <87k2viqmyd.wl-neal@walfield.org> (Neal H. Walfield's message of
"Fri, 05 Jun 2015 15:55:22 +0200")
References: <87twvg8l4r.fsf@alice.fifthhorseman.net>
<87bnhowa4x.wl-neal@walfield.org>
<87twvfmnhx.fsf@vigenere.g10code.de>
<87fv6z7032.fsf@alice.fifthhorseman.net>
<877fsbvwhr.wl-neal@walfield.org>
<87k2vjylva.fsf@alice.fifthhorseman.net>
<87oakurjmv.wl-neal@walfield.org>
<87a8wezyta.fsf@alice.fifthhorseman.net>
<87mw0erio2.wl-neal@walfield.org>
<87vbf2yefc.fsf@alice.fifthhorseman.net> <5571A616.9020508@gnome.org>
<87k2viqmyd.wl-neal@walfield.org>
Message-ID: <877fridm3n.fsf@vigenere.g10code.de>
On Fri, 5 Jun 2015 15:55, neal at walfield.org said:
> A new pinentry with the code has already been released (0.9.3).
but you better get 0.9.4.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From dkg at fifthhorseman.net Fri Jun 5 20:57:40 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Fri, 05 Jun 2015 14:57:40 -0400
Subject: Bug#760102: gnome keyring & gpg agent
In-Reply-To: <5571DB96.1020007@debian.org>
References: <87twvg8l4r.fsf@alice.fifthhorseman.net>
<87bnhowa4x.wl-neal@walfield.org>
<87twvfmnhx.fsf@vigenere.g10code.de> <87fv6z7032.fsf@alice.fifthhorseman.net>
<877fsbvwhr.wl-neal@walfield.org> <87k2vjylva.fsf@alice.fifthhorseman.net>
<87oakurjmv.wl-neal@walfield.org> <87a8wezyta.fsf@alice.fifthhorseman.net>
<87mw0erio2.wl-neal@walfield.org> <87vbf2yefc.fsf@alice.fifthhorseman.net>
<5571A616.9020508@gnome.org> <87k2viqmyd.wl-neal@walfield.org>
<5571D6AF.1040306@debian.org> <87twumvzri.fsf@alice.fifthhorseman.net>
<5571DB96.1020007@debian.org>
Message-ID: <87lhfyvv8b.fsf@alice.fifthhorseman.net>
Control: clone 760102 -1
Control: reassign -1 seahorse
Control: tags -1 + patch
Control: retitle -1 build seahorse compatible with gpg2
On Fri 2015-06-05 13:25:42 -0400, Michael Biebl wrote:
> Am 05.06.2015 um 19:19 schrieb Daniel Kahn Gillmor:
>> Given that 1.4.7 is older than oldoldstable, you ought to be able to
>> drop the explicit gnupg dependency entirely from seahorse, iiuc.
>
> Well, assuming that seahorse does work properly with gnupg2.
> That's basically my question.
The seahorse source code seems to actually behave completely differently
depending on whether it is built with modern versions of any branch
(meaning: gpg >= 1.4.10, or gpg2 >= 2.0.12) versus older versions. (see
pgp/seahorse-gpgme-key-op.h). :(
This is not great engineering practice, because the version built
against isn't guaranteed to match the version that's running.
That said, even oldoldstable builds and runs "modern versions" by this
metric.
I just tested seahorse on a minimal-ish unstable gnome install, where i
did "dpkg --force-depend --purge gnupg".
Unfortunately, it looks like seahorse embeds the string "gpg" in it, so
it's looking for /usr/bin/gpg.
Running seahorse in this configuration produces lots of errors of this
form:
operation-Message: couldn't initialize gnupg properly: Invalid crypto engine
The attached patch should resolve things for future versions of
seahorse, though, both on build-time detection and on runtime
flexibility.
(the attached patch touches both ./configure.ac and ./configure -- since
the package appears to be doing autoreconf, maybe the modifications to
./configure are unnecessary)
The only failures i'm now running into with seahorse like this are
failures due to gcr_importer hard-coding paths to gpg as well, so those
are bugs i'll file separately..
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-avoid-deps-on-a-certain-version-of-gpg.patch
Type: text/x-diff
Size: 3968 bytes
Desc: avoid dependencies on a certain version of gpg
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL:
From hw42 at ipsumj.de Fri Jun 5 23:58:18 2015
From: hw42 at ipsumj.de (HW42)
Date: Fri, 05 Jun 2015 23:58:18 +0200
Subject: gnupg 2.1.4 fails to build with --disable-gpgsm
In-Reply-To: <87eglqqaim.wl-neal@walfield.org>
References: <5554AC7A.5040101@ipsumj.de> <87eglqqaim.wl-neal@walfield.org>
Message-ID: <55721B7A.3010409@ipsumj.de>
Hi Neal,
Werner already responded on 2015-05-15 that this will be fixed in 2.1.5
- but seems to forgot to CC the list.
Thank you.
HW42
Neal H. Walfield:
> Hi,
>
> I just tried this on Debian Jessie with the latest version of git.
> The build completed without an error.
>
> If you are still getting this error, please provide some more details
> about your configuration.
>
> Thanks,
>
> :) Neal
>
>
> GnuPG v2.1.5-beta6 has been configured as follows:
>
> Revision: 3a93054 (14995)
> Platform: GNU/Linux (x86_64-unknown-linux-gnu)
>
> OpenPGP: yes
> S/MIME: no
> Agent: yes
> Smartcard: yes (without internal CCID driver)
> G13: yes
> Dirmngr: yes
> Gpgtar: no
>
> Protect tool: (default)
> LDAP wrapper: (default)
> Default agent: (default)
> Default pinentry: (default)
> Default scdaemon: (default)
> Default dirmngr: (default)
>
> Dirmngr auto start: yes
> Readline support: yes
> LDAP support: yes
> DNS SRV support: yes
> TLS support: gnutls
>
> At Thu, 14 May 2015 16:08:58 +0200,
> HW42 wrote:
>>
>> Hi,
>>
>> when I try to build gnupg 2.1.4 with --disable-gpgsm the build fails.
>>
>> $ ./configure --disable-gpgsm --disable-gpgtar
>> [ ... ]
>> GnuPG v2.1.4 has been configured as follows:
>>
>> Revision: a67ead6 (42622)
>> Platform: GNU/Linux (x86_64-unknown-linux-gnu)
>>
>> OpenPGP: yes
>> S/MIME: no
>> Agent: yes
>> Smartcard: yes (without internal CCID driver)
>> G13: yes
>> Dirmngr: yes
>> Gpgtar: no
>>
>> Protect tool: (default)
>> LDAP wrapper: (default)
>> Default agent: (default)
>> Default pinentry: (default)
>> Default scdaemon: (default)
>> Default dirmngr: (default)
>>
>> Dirmngr auto start: yes
>> Readline support: yes
>> LDAP support: yes
>> DNS SRV support: yes
>> TLS support: gnutls
>>
>> $ make
>> [ ... ]
>> mv -f .deps/getkey.Tpo .deps/getkey.Po
>> gcc -DHAVE_CONFIG_H -I. -I.. -I../common
>> -DLOCALEDIR=\"/usr/local/share/locale\"
>> -DGNUPG_BINDIR="\"/usr/local/bin\""
>> -DGNUPG_LIBEXECDIR="\"/usr/local/libexec\""
>> -DGNUPG_LIBDIR="\"/usr/local/lib/gnupg\""
>> -DGNUPG_DATADIR="\"/usr/local/share/gnupg\""
>> -DGNUPG_SYSCONFDIR="\"/usr/local/etc/gnupg\""
>> -DGNUPG_LOCALSTATEDIR="\"/usr/local/var\""
>> -I/tmp/b/libgcrypt-1.6.3/build/include
>> -I/tmp/b/libgpg-error-1.19/build/include
>> -I/tmp/b/libassuan-2.2.0/build/include
>> -I/tmp/b/libgpg-error-1.19/build/include
>> -I/tmp/b/libgpg-error-1.19/build/include -Wall -Wno-pointer-sign
>> -Wpointer-arith -MT keydb.o -MD -MP -MF .deps/keydb.Tpo -c -o keydb.o
>> keydb.c
>> In file included from keydb.c:37:0:
>> ../kbx/keybox.h:36:19: fatal error: ksba.h: No such file or directory
>> # include
>> ^
>> compilation terminated.
>> Makefile:775: recipe for target 'keydb.o' failed
>> make[2]: *** [keydb.o] Error 1
>> make[2]: Leaving directory '/tmp/b/gnupg-2.1.4/g10'
>> Makefile:576: recipe for target 'all-recursive' failed
>> make[1]: *** [all-recursive] Error 1
>> make[1]: Leaving directory '/tmp/b/gnupg-2.1.4'
>> Makefile:495: recipe for target 'all' failed
>> make: *** [all] Error 2
>> $ export CFLAGS="$CFLAGS $(ksba-config --cflags)" # workaroud 1
>> $ ./configure --disable-gpgsm --disable-gpgtar
>> [ ... ]
>> $ make
>> [ ... ]
>> make[2]: *** No rule to make target '../kbx/libkeybox.a', needed by
>> 'gpg2'. Stop.
>> make[2]: Leaving directory '/tmp/b/gnupg-2.1.4/g10'
>> Makefile:576: recipe for target 'all-recursive' failed
>> make[1]: *** [all-recursive] Error 1
>> make[1]: Leaving directory '/tmp/b/gnupg-2.1.4'
>> Makefile:495: recipe for target 'all' failed
>> make: *** [all] Error 2
>> $ make kbx=kbx # workaround 2
>> [ ... ]
>> $ # successful build
>>
>> Without the --disable-gpgtar there is another missing include error.
>>
>> HW42
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL:
From dkg at fifthhorseman.net Sat Jun 6 00:48:57 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Fri, 05 Jun 2015 18:48:57 -0400
Subject: Pinentry linking to libassuan? (was: Add inside-Emacs mode to GUI
pinentry programs)
In-Reply-To: <873826fqms.fsf_-_@vigenere.g10code.de>
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
<873826fqms.fsf_-_@vigenere.g10code.de>
Message-ID: <87r3ppvkiu.fsf@alice.fifthhorseman.net>
Hi there--
On Fri 2015-06-05 05:31:23 -0400, Werner Koch wrote:
> Originally Pinentry should be mostly self-standing but today this is
> only true for the plain curses, tty and Windows versions. Most users
> however build one of the real GUI versions with all their large
> dependencies.
For users of graphical environments, this seems likely to be the right
choice.
> The question is whether we should keep on using our much stripped down
> versions of libassuan and libgpg-error or switch over to use libassuan
> and libgpg-error directly. In fact, both libraries are required by
> GnuPG itself and also be any software using GPGME. Thus we can expect
> that such a change won't introduce any new platform problems.
I'd be happy to switch to libassuan + gcrypt in those environments,
since those libraries are likely already on the system (and pinentry is
really usually expected to be invoked by gpg-agent, which itself depends
on libassuan and gcrypt).
That said, I'd like to try to minimize the number of dependencies for
the non-graphical clients in normal circumstances. I've filed:
https://bugs.debian.org/787883
to track doing that in debian. Is there a way to make a single build of
the pinentry tree, but to only enable libsecret for gtk2, qt4, and
gnome3 and leave it out for tty and curses? if not, i guess i can just
./configure twice and build different variants in the different
configurations.
> However, we should also link to Libgcrypt to make use of its secure
> memory code - if that is something we should keep on using. It would
> also be possible to do without and make sure that the passphrase is only
> stored at one place which we would manually clear as needed. Frankly, I
> think that the mlock-ed memory area is not useful anymore because it
> does not help against hibernation. To mitigate the swapping problem an
> encrypted swap partition is anyway much easier and safer.
Doing away with mlocking entirely would certainly simplify the pinentry
codebase.
--dkg
From neal at walfield.org Sat Jun 6 01:32:48 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Sat, 06 Jun 2015 01:32:48 +0200
Subject: Pinentry linking to libassuan? (was: Add inside-Emacs mode to GUI
pinentry programs)
In-Reply-To: <87r3ppvkiu.fsf@alice.fifthhorseman.net>
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
<873826fqms.fsf_-_@vigenere.g10code.de>
<87r3ppvkiu.fsf@alice.fifthhorseman.net>
Message-ID: <87bngtrasf.wl-neal@walfield.org>
At Fri, 05 Jun 2015 18:48:57 -0400,
Daniel Kahn Gillmor wrote:
> Is there a way to make a single build of
> the pinentry tree, but to only enable libsecret for gtk2, qt4, and
> gnome3 and leave it out for tty and curses? if not, i guess i can just
> ./configure twice and build different variants in the different
> configurations.
Enabling libsecret on a per-pinentry basis is possible, but it would
add a fair amount of complexity to the build system. If configuring
twice is easy, then let's do that.
Neal
From neal at walfield.org Sat Jun 6 03:02:41 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Sat, 06 Jun 2015 03:02:41 +0200
Subject: [PATCH] dirmngr_ldap: support ldap secure connection(ldaps)
In-Reply-To: <555C8BAF.1060202@digiflak.com>
References: <555C8BAF.1060202@digiflak.com>
Message-ID: <87a8wdr6mm.wl-neal@walfield.org>
Hi,
I'm having trouble applying this patch. It looks like the whitespace
got mangled in transit. Can you please resend the patch or provide a
tree that I can pull from?
Thanks,
Neal
At Wed, 20 May 2015 16:27:11 +0300,
Dmitry Falko wrote:
>
> Hello!
>
> I encountered a problem connecting to the LDAP server via TLS and
> wrote a small patch, send it as is.
>
> * dirmngr.h (ldap_server_s): add schema field
> * dirmngr_ldap.c (fetch_ldap): ldaps support
> * ldap.c (make_url, start_cert_fetch_ldap): add schema
> * ldapserver.c (ldapserver_parse_one): parse schema
> * server.c (lookup_cert_by_pattern): additional log info
>
> dirmngr_ldap can retrieve certificates from LDAP server
> by TLS(using ldaps protocol). Protocol can be set in
> dirmngr_ldapserver.conf:
> hostname:port:username:password:base_dn:schema
> If not set use ldap.By default dirmngr_ldap use
> /etc/ssl/CA(dirmngr_ldap.c CA_CERT_DEFAULT) CA certificate,
> user can set DIRMNGR_LDAP_CACERT env variable to
> override this value.
> ---
> dirmngr/dirmngr.h | 1 +
> dirmngr/dirmngr_ldap.c | 61
> +++++++++++++++++++++++++++++++++++++++++++++-----
> dirmngr/ldap.c | 24 +++++++++++++++-----
> dirmngr/ldapserver.c | 5 +++++
> dirmngr/server.c | 3 ++-
> 5 files changed, 81 insertions(+), 13 deletions(-)
>
> diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
> index 4f037e7..3406494 100644
> --- a/dirmngr/dirmngr.h
> +++ b/dirmngr/dirmngr.h
> @@ -46,6 +46,7 @@ struct ldap_server_s
> char *user;
> char *pass;
> char *base;
> + char *schema;
> };
> typedef struct ldap_server_s *ldap_server_t;
>
> diff --git a/dirmngr/dirmngr_ldap.c b/dirmngr/dirmngr_ldap.c
> index 61a7e39..8bb739c 100644
> --- a/dirmngr/dirmngr_ldap.c
> +++ b/dirmngr/dirmngr_ldap.c
> @@ -46,6 +46,8 @@
> /* For OpenLDAP, to enable the API that we're using. */
> # define LDAP_DEPRECATED 1
> # include
> + /* FIXME: use configure script to set this define */
> +# define CA_CERT_DEFAULT ("/etc/ssl/CA")
> #endif
>
> @@ -571,9 +573,10 @@ fetch_ldap (my_opt_t myopt, const char *url,
> const LDAPURLDesc *ludp)
> LDAP *ld;
> LDAPMessage *msg;
> int rc = 0;
> - char *host, *dn, *filter, *attrs[2], *attr;
> + char *host, *dn, *filter, *attrs[2], *attr, *ca_cert, *ldap_url;
> int port;
> int ret;
> + int err;
>
> host = myopt->host? myopt->host : ludp->lud_host;
> port = myopt->port? myopt->port : ludp->lud_port;
> @@ -583,6 +586,17 @@ fetch_ldap (my_opt_t myopt, const char *url,
> const LDAPURLDesc *ludp)
> attrs[1] = NULL;
> attr = attrs[0];
>
> + ca_cert = getenv("DIRMNGR_LDAP_CACERT");
> + if(!ca_cert)
> + {
> + if (myopt->verbose)
> + {
> + log_info("Using default CA certificate");
> + }
> +
> + ca_cert = CA_CERT_DEFAULT;
> + }
> +
> if (!port)
> port = (ludp->lud_scheme && !strcmp (ludp->lud_scheme, "ldaps"))?
> 636:389;
>
> @@ -628,23 +642,58 @@ fetch_ldap (my_opt_t myopt, const char *url,
> const LDAPURLDesc *ludp)
>
> set_timeout (myopt);
> +
> + ldap_url = alloca(4 + strlen(ludp->lud_scheme)
> + + strlen(host)
> + + 5); /* for port */
> + sprintf(ldap_url, "%s://%s:%d", ludp->lud_scheme, host, port);
> +
> npth_unprotect ();
> - ld = my_ldap_init (host, port);
> + err = ldap_initialize(&ld, ldap_url) ;
> npth_protect ();
> - if (!ld)
> + if (err != LDAP_SUCCESS)
> {
> - log_error (_("LDAP init to '%s:%d' failed: %s\n"),
> - host, port, strerror (errno));
> + log_error (_("LDAP init to '%s' failed: %s\n"),
> + ldap_url, ldap_err2string (errno));
> return -1;
> }
> npth_unprotect ();
> +
> + if(!strcmp (ludp->lud_scheme, "ldaps"))
> + {
> + /* Additional options for tls connection */
> + /*FIXME: LDAP_OPT_X_TLS_NEVER or LDAP_OPT_X_TLS_HARD, add option*/
> + int req_cert = LDAP_OPT_X_TLS_NEVER;
> +
> + err = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE,
> + ca_cert);
> + npth_protect ();
> + if(err != LDAP_SUCCESS)
> + {
> + log_error (_("setting ca-certificate failed: %s\n"),
> + ldap_err2string (err));
> + return -1;
> + }
> + npth_unprotect ();
> + err=ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
> + &req_cert);
> + npth_protect ();
> + if(err != LDAP_SUCCESS)
> + {
> + log_error (_("setting require certificate failed: %s\n"),
> + ldap_err2string (err));
> + return -1;
> + }
> + npth_unprotect ();
> + }
> +
> /* Fixme: Can we use MYOPT->user or is it shared with other theeads?.
> */
> ret = my_ldap_simple_bind_s (ld, myopt->user, myopt->pass);
> npth_protect ();
> if (ret)
> {
> log_error (_("binding to '%s:%d' failed: %s\n"),
> - host, port, strerror (errno));
> + host, port, ldap_err2string (errno));
> ldap_unbind (ld);
> return -1;
> }
> diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c
> index e4c6aa2..d4e0730 100644
> --- a/dirmngr/ldap.c
> +++ b/dirmngr/ldap.c
> @@ -423,10 +423,10 @@ escape4url (const char *string)
> need the host and port because this will be specified using the
> override options. */
> static gpg_error_t
> -make_url (char **url, const char *dn, const char *filter)
> +make_url (char **url, const char *dn, const char *filter, const char
> *schema)
> {
> gpg_error_t err;
> - char *u_dn, *u_filter;
> + char *u_dn, *u_filter, *u_schema;
> char const attrs[] = (USERCERTIFICATE ","
> /* USERSMIMECERTIFICATE "," */
> CACERTIFICATE ","
> @@ -434,6 +434,10 @@ make_url (char **url, const char *dn, const char
> *filter)
>
> *url = NULL;
>
> + u_schema = escape4url (schema);
> + if(!u_schema)
> + return gpg_error_from_errno (errno);
> +
> u_dn = escape4url (dn);
> if (!u_dn)
> return gpg_error_from_errno (errno);
> @@ -445,7 +449,8 @@ make_url (char **url, const char *dn, const char
> *filter)
> xfree (u_dn);
> return err;
> }
> - *url = malloc ( 8 + strlen (u_dn)
> + *url = malloc ( 4 + strlen (schema)
> + + strlen (u_dn)
> + 1 + strlen (attrs)
> + 5 + strlen (u_filter) + 1 );
> if (!*url)
> @@ -456,12 +461,14 @@ make_url (char **url, const char *dn, const char
> *filter)
> return err;
> }
>
> - stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (*url, "ldap:///"),
> + stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (stpcpy(*url,
> u_schema),
> + ":///"),
> u_dn),
> "?"),
> attrs),
> "?sub?"),
> u_filter);
> + xfree (u_schema);
> xfree (u_dn);
> xfree (u_filter);
> return 0;
> @@ -525,6 +532,7 @@ start_cert_fetch_ldap (ctrl_t ctrl,
> cert_fetch_context_t *context,
> const char *user;
> const char *pass;
> const char *base;
> + const char *schema;
> const char *argv[50];
> int argc;
> char portbuf[30], timeoutbuf[30];
> @@ -538,6 +546,7 @@ start_cert_fetch_ldap (ctrl_t ctrl,
> cert_fetch_context_t *context,
> user = server->user;
> pass = server->pass;
> base = server->base;
> + schema = server->schema;
> }
> else /* Use a default server. */
> return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
> @@ -545,6 +554,9 @@ start_cert_fetch_ldap (ctrl_t ctrl,
> cert_fetch_context_t *context,
> if (!base)
> base = "";
>
> + if(!schema)
> + schema = "ldap";
> +
> argc = 0;
> if (pass) /* Note: Must be the first item. */
> {
> @@ -606,9 +618,9 @@ start_cert_fetch_ldap (ctrl_t ctrl,
> cert_fetch_context_t *context,
> return gpg_error (GPG_ERR_INV_USER_ID);
> }
> if ((sl->flags & 1))
> - err = make_url (&url, sl->d, "objectClass=*");
> + err = make_url (&url, sl->d, "objectClass=*", schema);
> else
> - err = make_url (&url, base, sl->d);
> + err = make_url (&url, base, sl->d, schema);
> free_strlist (sl);
> if (err)
> {
> diff --git a/dirmngr/ldapserver.c b/dirmngr/ldapserver.c
> index 16e13e2..87c8b47 100644
> --- a/dirmngr/ldapserver.c
> +++ b/dirmngr/ldapserver.c
> @@ -115,6 +115,11 @@ ldapserver_parse_one (char *line,
> server->base = xstrdup (p);
> break;
>
> + case 6:
> + if (*p)
> + server->schema = xstrdup (p);
> + break;
> +
> default:
> /* (We silently ignore extra fields.) */
> break;
> diff --git a/dirmngr/server.c b/dirmngr/server.c
> index 1b7e9e9..bcf83f9 100644
> --- a/dirmngr/server.c
> +++ b/dirmngr/server.c
> @@ -1259,7 +1259,8 @@ lookup_cert_by_pattern (assuan_context_t ctx,
> char *line,
> ldap_server_t ldapserver = ldapserver_iter.server;
>
> if (DBG_LOOKUP)
> - log_debug ("cmd_lookup: trying %s:%d base=%s\n",
> + log_debug ("cmd_lookup: trying %s://%s:%d base=%s\n",
> + ldapserver->schema ? ldapserver->schema: "ldap",
> ldapserver->host, ldapserver->port,
> ldapserver->base?ldapserver->base : "[default]");
>
> --
> 1.9.1
>
> --
> Best Regards!
>
From gniibe at fsij.org Sat Jun 6 09:51:58 2015
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Sat, 06 Jun 2015 16:51:58 +0900
Subject: [PATCH] configure.ac: improve check for clock_gettime library
In-Reply-To:
References:
Message-ID: <5572A69E.10703@fsij.org>
On 06/06/2015 12:49 AM, Jim Meyering wrote:
> I noticed the clock_gettime-vs-librt problem with npth-1.2 on a CentOS6
> system and fixed it, but then noticed that the first post-release patch also
> made a change on that front. I have rebased on top of that.
>
> I have attached an additional patch:
Thank you. Applied and pushed.
--
From stef at thewalter.net Sun Jun 7 10:58:13 2015
From: stef at thewalter.net (Stef Walter)
Date: Sun, 07 Jun 2015 10:58:13 +0200
Subject: Removing gpg-agent from gnome-keyring
Message-ID: <557407A5.7010706@thewalter.net>
So due to the fine work of Neal Walfield, we're just about ready to
remove the gpg-agent from gnome-keyring.
Gnupg 2.x has a very different model for key usage, and the GPG agent is
an intimate part of GnuPG, not something that can be randomly reimplemented.
Here's the bug to remove the gpg-agent and a patch:
https://bugzilla.gnome.org/show_bug.cgi?id=750514
People should use the pinentry-gnome3 in 0.9.4 instead. We need to
figure out how to make this the default for GNOME. Any ideas? Currently
you have to put this in ~/.gnupg/gpg-agent.conf:
pinentry-program /usr/bin/pinentry-gnome3
Neal, I noticed that the code to actually optionally save the passphrase
via libsecret isn't yet hooked up. In particular the following function
is never invoked (which would get the checkbox value from the gnome
shell prompt):
gcr_prompt_get_choice_chosen()
There's also a bit of work here that's necessary before things show up
correctly:
https://bugzilla.gnome.org/show_bug.cgi?id=750465
Stef
From neal at walfield.org Sun Jun 7 14:39:05 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Sun, 07 Jun 2015 14:39:05 +0200
Subject: Removing gpg-agent from gnome-keyring
In-Reply-To: <557407A5.7010706@thewalter.net>
References: <557407A5.7010706@thewalter.net>
Message-ID: <87vbezpuae.wl-neal@walfield.org>
At Sun, 07 Jun 2015 10:58:13 +0200,
Stef Walter wrote:
> Neal, I noticed that the code to actually optionally save the passphrase
> via libsecret isn't yet hooked up. In particular the following function
> is never invoked (which would get the checkbox value from the gnome
> shell prompt):
>
> gcr_prompt_get_choice_chosen()
That's embarrassing. It seems I forgot to check for that. Storing
the passphrase definately works with pinentry-gtk, which is what I
used for testing when developing the functionality. I've now fixed
the gnome3 pinentry (and tested it) and I've pushed it as commit
444598586d0abf70d5a27d2aafcd6c14989621db.
Thanks and sorry about the bug!
:) Neal
From gnupg-devel at spodhuis.org Mon Jun 8 02:49:37 2015
From: gnupg-devel at spodhuis.org (Phil Pennock)
Date: Mon, 8 Jun 2015 00:49:37 +0000
Subject: Golang "OpenPGP" implementation...
In-Reply-To:
References:
Message-ID: <20150608004937.GA15405@tower.spodhuis.org>
On 2015-06-05 at 16:39 +0200, Low Eel wrote:
> As you probably (?) know, Google launched their language, golang, and it ships
> with something they call "OpenPGP" libraries:
OpenPGP is the IETF name for the specification. The Internet
Engineering Task Force defines the protocol. GnuPG is one
implementation of the OpenPGP specification, and today is very probably
the dominant implementation.
> https://godoc.org/golang.org/x/crypto/openpgp
> ?
> I know because I am going to write some server using GPG and I was looking for
> some library. Now the name "OpenPGP" Google is using seems promising, but.
>
> - Are that libraries a port/endorsed/written together with the gpg dev?
> - Does anyone knows if they are 100% compatible or a "google flavour"?
They are Google's implementation of the IETF standard. Compatibility is
a complex issue but in general anything claiming "100% compatible"
should be viewed with suspicion. Most products aren't even fully 100%
compatible with themselves across versions; in good projects, such
breakages then lead to additions to regression tests to try to avoid
repeating such embarrassments.
Casey Marshall wrote a PGP keyserver, Hockeypuck, designed to interop
with SKS (the dominant PGP keyserver); Hockeypuck is written in Go and
Casey tried to use the Google-provided x package, but ran into some
limitations and forked off something which he could adapt to work for
his use-case:
https://github.com/hockeypuck/openpgp/tree/v1
(see also: https://hockeypuck.github.io/contributing.html )
I recommend evaluating both Google's package and Casey's, to see which
is a better fit for your needs. Figure out why you choose one, and use
the differences as inspiration so that you know when and how to fork
yourself, to get closer to the level of compatibility which you need.
Good luck!
-Phil
From ueno at gnu.org Mon Jun 8 06:05:01 2015
From: ueno at gnu.org (Daiki Ueno)
Date: Mon, 08 Jun 2015 13:05:01 +0900
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
Message-ID:
Hello Neal,
Thanks for the prompt review. The new patch attached below should
address the issues.
"Neal H. Walfield" writes:
> At Tue, 02 Jun 2015 17:56:44 +0900,
> Daiki Ueno wrote:
>> +AM_CONDITIONAL(BUILD_LIBPINENTRY_EMACS,
>> + test "$pinentry_emacs" = "yes" -o "$inside_emacs" = "yes")
>
> I'm a bit confused by this. I can unstand building the emacs pinentry
> without the inside emacs check, but doesn't inside_emacs imply
> pinentry_emacs? If so, we only need to check if "$pinentry_emacs" =
> "yes". Right?
I think the check logic was rather wrong and the build settings of
inside_emacs and pinentry_emacs should be orthogonal, i.e., GUI
pinentries can be built with support for INSIDE_EMACS, but without
building the pinentry-emacs program itself (and vice versa).
It should be fixed now.
>> + if (strlen (tmpdir) + strlen ("/emacs") + 10 + strlen ("/")
>> + + strlen (socket_name) + 1 >= sizeof (unaddr.sun_path))
>
> Technically, this is too conservative. 10 is the maximum length of
> the uid. If the user is 1000, then only 4 characters are needed.
It seems that I misunderstood your previous suggestion regarding
asprintf. I added an extra allocation to relax the check.
>> +/* Percent-escape control characters in DATA. Return a newly
>> + allocated string, or DATA itself if there is no need to escape any
>> + character. Store the length of the string to LENGTHP. */
>> +static char *
>> +escape (const char *data, size_t *lengthp)
>> +{
>> + char *buffer, *out_p;
>> + size_t length = *lengthp, buffer_length;
>
> The comment is inaccurate. *LENGTHP needs to contain the length of
> DATA. It also doesn't return a string, but a character vector (it is
> not NUL terminated as far as I can tell). This is actually a problem
> for set_label (and perhaps elsewhere): it calls escape with the length
> of the string, not including the NUL character!
Oops.
> Also, the return semantics are a bit too smart for my taste. It would
> be better to always allocate a new string.
I see. Now all the string related functions (i.e., escape, unescape,
send_to_emacs, and read_from_emacs) treat input/output NUL terminated.
That significantly simplified the code, indeed.
>> +static int
>> +do_password (pinentry_t pe)
>> +{
>> + char *escaped, *password;
>> + size_t length;
>> + assuan_error_t error;
>> +
>> + set_labels (pe);
>> +
>> + if (!send_to_emacs (emacs_socket, "GETPIN\n", 7))
>> + return -1;
>> +
>> + escaped = read_from_emacs (emacs_socket, pe->timeout, NULL,
>> &length, &error);
>
> It is a bit unfortunate that the password is initially read into
> insecure memory. Let's allocate, say, 1k of secure memory and use
> that.
Good idea, done.
>> + password = unescape (escaped, &length);
>> + pinentry_setbufferlen (pe, length);
>> + if (pe->pin)
>> + memcpy (pe->pin, password, length);
>
> You should NUL terminate the password.
Done.
>> +static int
>> +do_confirm (pinentry_t pe)
>> +{
>
> You don't handle the case when the user pressed cancelled (we need to
> set pe->cancelled) or the third button. It is important to get at
> least the former right. Are there any specific reasons that this is
> difficult?
Thanks, I missed the field in the pinentry struct. Fixed.
>> +int
>> +pinentry_inside_emacs (void)
>> +{
>> + const char *envvar;
>> +
>> + /* Check if INSIDE_EMACS envvar is set. */
>> + envvar = getenv ("INSIDE_EMACS");
>> + if (!envvar || !*envvar)
>> + return 0;
>> +
>> + /* FIXME: Additional checks for the value. */
>> + return 1;
>> +}
>> +
> Why doesn't pinentry_inside_emacs directly call pinentry_emacs_init?
> It seems to me that the real test of whether we can use an emacs pin
> is there?
Good idea, done.
>> + /* Check if the server responds. */
>> + read_from_emacs (emacs_socket, INITIAL_TIMEOUT, buffer, &length, &error);
>> + return error == ASSUAN_No_Error;
>
> Also, in your previous patch, you checked for the existence of a
> particular symbol. Why don't you do that anymore? I think it is
> reasonable that the INSIDE_EMACS is set, but the version of emacs
> doesn't have support for pinentry.
Because the new patch no longer uses Elisp REPL, but the Assuan-like
protocol. We could send "NOP" when connecting, but it is defined that
an Assuan server should send an "OK" response on a new connection, and
it is already checked here.
Regards,
--
Daiki Ueno
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-inside-Emacs-mode-to-GUI-pinentry-programs.patch
Type: text/x-patch
Size: 33674 bytes
Desc: not available
URL:
From h.sand01 at gmail.com Mon Jun 8 12:53:01 2015
From: h.sand01 at gmail.com (Sand, Harrison)
Date: Mon, 08 Jun 2015 12:53:01 +0200
Subject: OpenPGP Card version 3.0 Availability
Message-ID: <5575740D.7070007@gmail.com>
Hi All,
I saw on g10code that the OpenPGP Card version 3.0 specification was
released last week. (http://g10code.com/docs/openpgp-card-3.0.pdf)
Are there any estimates to when this card will be publicly available?
Thanks,
Harrison
From wk at gnupg.org Mon Jun 8 15:29:59 2015
From: wk at gnupg.org (Werner Koch)
Date: Mon, 08 Jun 2015 15:29:59 +0200
Subject: [Announce] GPGME 1.5.5 released
Message-ID: <87fv62ba5j.fsf@vigenere.g10code.de>
Hello!
We are pleased to announce version 1.5.5 of GPGME.
GnuPG Made Easy (GPGME) is a C language library that allows to add
support for cryptography to a program. It is designed to make access
to public key crypto engines as included in GnuPG easier for
applications. GPGME provides a high-level crypto API for encryption,
decryption, signing, signature verification, and key management.
* Noteworthy changes in version 1.5.5
- Fixed crash in key listings for user ids with a backslash. This bug
was not exploitable except for a DoS (see commit 0d28a69).
- Fixed regression for GPGSM use with GnuPG < 2.1.
- Properly set signature summary for revoked OpenPGP keys.
* Download
You may download this library and its OpenPGP signature from:
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.5.5.tar.bz2 (953k)
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.5.5.tar.bz2.sig
The SHA-1 checksum is
88476d72cb099e179de4040760502886f7a54926 gpgme-1.5.5.tar.bz2
* Support
Please send questions regarding the use of GPGME to the gnupg-devel
mailing list:
https://lists.gnupg.org/mailman/listinfo/gnupg-devel/
If you need commercial support, you may want to consult this listing:
https://gnupg.org/service.html
For the GnuPG team,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL:
-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From neal at walfield.org Mon Jun 8 20:51:01 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Mon, 08 Jun 2015 20:51:01 +0200
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
In-Reply-To:
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
Message-ID: <87lhfuowyy.wl-neal@walfield.org>
Hi Daiki,
It looks great. Just a couple of small comments. I think we almost
there.
Thanks!
:) Neal
At Mon, 08 Jun 2015 13:05:01 +0900,
Daiki Ueno wrote:
> +static int
> +send_to_emacs (int s, const char *buffer)
> +{
> + size_t length;
> + int retval = 1;
> +
> + length = strlen (buffer);
> + while (*buffer)
> + {
> + size_t part = MIN (length, SEND_BUFFER_SIZE - send_buffer_length);
> + memcpy (&send_buffer[send_buffer_length], buffer, part);
> + buffer += part;
> + send_buffer_length += part;
> +
> + if (send_buffer_length == SEND_BUFFER_SIZE
> + || (send_buffer_length > 0
> + && send_buffer[send_buffer_length-1] == '\n'))
Should we check for embedded newlines and not just those at the end?
That is, something like this:
memchr (send_buffer, '\n', send_buffer_length)
> +read_from_emacs (int s, int timeout, char *buffer, size_t capacity,
> + assuan_error_t *error)
I think this function assumes that responses are line buffered. That
is, emacs will never send a single message consisting of "OK\nOK\n".
Is that reasonable?
> + if (allocated && offset + data_length + 1 > allocated_capacity)
> + {
> + allocated_capacity = allocated_capacity * 2 + 10;
I think this is wrong. allocated_capacity has to be at least as large
as offset + data_length + 1. If data_length is more than
allocated_capacity + 10, then we overflow when we copy the data into
buffer (this is easy when buffer is NULL). How about this?
allocated_capacity = MAX (allocated_capacity * 2 + 10,
offset + data_length + 1);
> +int
> +pinentry_inside_emacs (void)
> +{
> + const char *envvar;
> +
> + /* Check if INSIDE_EMACS envvar is set. */
> + envvar = getenv ("INSIDE_EMACS");
> + if (!envvar || !*envvar)
> + return 0;
> +
> + /* FIXME: Additional checks for the value. */
> + return pinentry_emacs_init ();
> +}
> +
> +int
> +pinentry_emacs_init (void)
> +{
> + char buffer[256];
> + assuan_error_t error;
> +
> + /* Check if we can connect to the Emacs server socket. */
> + if (!set_socket ("pinentry"))
> + return 0;
> +
> + /* Check if the server responds. */
> + read_from_emacs (emacs_socket, INITIAL_TIMEOUT, buffer, sizeof (buffer),
> + &error);
> + return error == ASSUAN_No_Error;
> +}
Since pinentry_inside_emacs calls pinentry_emacs_init should we make
sure pinentry_emacs_init is only called once (perhaps by checking
whether emacs_socket is -1)? Alternatively, if it has already been
called, then we should release emacs_socket.
From rfkrocktk at gmail.com Tue Jun 9 00:16:42 2015
From: rfkrocktk at gmail.com (Naftuli Tzvi Kay)
Date: Mon, 8 Jun 2015 15:16:42 -0700
Subject: Feature request: handle multiple encryption subkeys on different
smart cards intelligently
Message-ID:
Here's a little background on what I'm experiencing:
https://security.stackexchange.com/questions/91054/multiple-encryption-subkeys-on-hardware-smart-cards/91068
Basically, I have two PGP identities: mine and my wife's. For each
identity, we have multiple hardware smart cards storing 3 RSA certificates:
one for encryption, one for signing, and one for authentication.
It kind of looks like this:
- Identitiy: me (master key, RSA signing key only)
- Card: 1001
- Encryption Subkey A
- Signing Subkey B
- Authentication Subkey C
- Card: 1002:
- Encryption Subkey D
- Signing Subkey E
- Authentication Subkey F
- Identity: wife (master key, RSA signing key only)
- Card: 1003:
- Encryption Subkey G
- Signing Subkey H
- Authentication Subkey I
- Card: 1004:
- Encryption Subkey J
- Signing Subkey K
- Authentication Subkey L
Both my wife and I should have access to a given file X, therefore I
encrypt it like this:
gpg --encrypt --recipient me --encyrpt-to $ENC_SUBKEY_A! --encrypt-to
$ENC_SUBKEY_D! \
--recipient wife --encrypt-to $ENC_SUBKEY_G! --encrypt-to
$ENC_SUBKEY_J!
This encrypts the file for myself and for my wife, and forces it to encrypt
it for all of our subkeys.
Decrypting this file, however, proves to be problematic. Since each
identity has multiple encryption subkeys and all encryption subkeys live on
smart cards, GPG seems to get confused by things and dosen't seem to
execute certain commands in the right order.
The process it seems to use is like this:
1. Check if $ENC_SUBKEY_A's secret key is present: it's not.
2. Complain about the card not being present:
Please remove the current card and insert the one with serial number:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Hit return when ready or enter 'c' to cancel
3. Hit c until it gets to the right key and prompts for the smart card
PIN. This can take a while, as I have 3 cards per identity.
What it *should* do is this:
1. Examine the file and determine which keys can decrypt it. _If_ a
smart card is present _and_ the smart card's secret key stub in secring.gpg
can decrypt the file, immediately defer to using that card.
2. If no card is present or the file is --hidden-recipient, try
decrypting with any present keys in the keyring whose smart card is present.
3. If there are no present keys, the present key can't decrypt the file,
or the present key failed to decrypt the file, then start prompting to
"insert the key known as ...".
An explanation of my setup and why I did what I did is in order. I and my
wife will be primarily using a single smart card each to access our data
and boot our computers. Our encrypted key files will be encrypted for both
of our identities and all of our smart cards. The reason for this is
redundancy: if I lose access to my primary smart card, I'll be able to grab
my backup smart card, revoke the keys of the first smart card, and decrypt
the encrypted key file using the second smart card. As my wife will also
need to boot the computer, she can use her primary smart card to decrypt
the key file, falling back to her other one if the first one is
compromised. My disk is encrypted using LUKS and a key file encrypted by
GPG.
This setup, though possibly confusing, gives me the best flexibility in
terms of key compromise, as I can grab the backup hardware key and keep
going. I can immediately issue a revocation for the keys on the first smart
card, and begin reencyrpting all of my valuable data to exclude the
compromised key. By keeping a reasonable amount of keys per identity and
storing them in secure locations, I get all the benefits of strong
encryption that GnuPG provides, the ability to recover in case of
compromise, and the security of knowing my private keys only exist in
hardware.
Please see my inquiry on security.stackexchange and evaluate my setup and
LUKS decrypt script, and you'll hopefully see what's going wrong and what
could be improved in this regard.
As far as I know, I can still accomplish what I want to by hacking my LUKS
decryption script, but the process could be streamlined tremendously to one
step for the user rather than up to 6 steps in my case (ie: hit c 5 times,
then finally enter the PIN). In --batch mode, it just fails outright, which
really shouldn't happen: it should see if it can decrypt with *any* present
secret key (hardware or otherwise) and only then it should fail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From dkg at fifthhorseman.net Tue Jun 9 04:57:45 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Mon, 08 Jun 2015 22:57:45 -0400
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
In-Reply-To:
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
Message-ID: <87616xsi52.fsf@alice.fifthhorseman.net>
Hi Daiki--
thanks for your work on this. A couple questions/comments below...
On Mon 2015-06-08 00:05:01 -0400, Daiki Ueno wrote:
> --- a/gnome3/pinentry-gnome3.c
> +++ b/gnome3/pinentry-gnome3.c
[...]
> @@ -253,14 +257,21 @@ main (int argc, char *argv[])
> {
> pinentry_init (PGMNAME);
>
> -#ifdef FALLBACK_CURSES
> - if (pinentry_have_display (argc, argv))
> - gtk_init (&argc, &argv);
> +#ifdef INSIDE_EMACS
> + if (pinentry_inside_emacs ())
> + pinentry_cmd_handler = emacs_cmd_handler;
> else
> - pinentry_cmd_handler = curses_cmd_handler;
> +#endif
> + {
> +#ifdef FALLBACK_CURSES
> + if (pinentry_have_display (argc, argv))
> + gtk_init (&argc, &argv);
> + else
> + pinentry_cmd_handler = curses_cmd_handler;
> #else
> - gtk_init (&argc, &argv);
> + gtk_init (&argc, &argv);
> #endif
> + }
>
> pinentry_parse_opts (argc, argv);
This worries me a bit. I use emacs regularly, and i often use emacs
under X11. I'd generally rather that emacs *not* ever see or touch my
passphrase or my secret key material, deferring instead to gpg-agent and
graphical pinentry prompts to retain its ignorance.
But i think the code you've outlined above makes it so that pinentry
will be used automatically as long as it is detected as running within
emacs. is that right? What can i do to ensure that this doesn't
happen, if i want to rely on either pinentry-curses (without X11) or one
of the graphical pinentries, while still invoking GnuPG from within
emacs?
> --- /dev/null
> +++ b/pinentry/pinentry-emacs.c
[...]
> +int
> +pinentry_inside_emacs (void)
> +{
> + const char *envvar;
> +
> + /* Check if INSIDE_EMACS envvar is set. */
> + envvar = getenv ("INSIDE_EMACS");
> + if (!envvar || !*envvar)
> + return 0;
> +
> + /* FIXME: Additional checks for the value. */
> + return pinentry_emacs_init ();
> +}
What does the FIXME above mean? What checks do you imagine going here?
what problems could happen if the checks are not done?
--dkg
From ueno at gnu.org Tue Jun 9 05:40:36 2015
From: ueno at gnu.org (Daiki Ueno)
Date: Tue, 09 Jun 2015 12:40:36 +0900
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
In-Reply-To: <87616xsi52.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's
message of "Mon, 08 Jun 2015 22:57:45 -0400")
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
<87616xsi52.fsf@alice.fifthhorseman.net>
Message-ID:
Hello Daniel,
Thanks for the comment.
Daniel Kahn Gillmor writes:
> This worries me a bit. I use emacs regularly, and i often use emacs
> under X11. I'd generally rather that emacs *not* ever see or touch my
> passphrase or my secret key material, deferring instead to gpg-agent and
> graphical pinentry prompts to retain its ignorance.
That's a valid concern. Actually, I too am unlikely to use the Emacs
pinentry regularly for security reasons, while users are really eager
for the enter-passphrase-from-the-minibuffer feature.
> But i think the code you've outlined above makes it so that pinentry
> will be used automatically as long as it is detected as running within
> emacs. is that right?
Partly yes. To enable the Emacs pinentry, a user needs to call M-x
pinentry-start manually. However, this might not be sufficient for
GnuPG not to interact with Emacs. In that case, it might make sense to
add an option to pinentry.conf, e.g., {no-,}allow-emacs-pinentry.
I will try to add it in the new patch.
>> + /* Check if INSIDE_EMACS envvar is set. */
>> + envvar = getenv ("INSIDE_EMACS");
>> + if (!envvar || !*envvar)
>> + return 0;
>> +
>> + /* FIXME: Additional checks for the value. */
>> + return pinentry_emacs_init ();
>> +}
>
> What does the FIXME above mean? What checks do you imagine going
> here?
> what problems could happen if the checks are not done?
I was thinking of some version checks of Emacs, based on the value of
INSIDE_EMACS, which normally in the form of "25.0.50.1,comint".
However, now that the Emacs side code (pinentry.el) doesn't depend on
particular version of Emacs, we can remove the comment.
Regards,
--
Daiki Ueno
From dkg at fifthhorseman.net Tue Jun 9 05:54:27 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Mon, 08 Jun 2015 23:54:27 -0400
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
In-Reply-To:
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
<87616xsi52.fsf@alice.fifthhorseman.net>
Message-ID: <87r3plr0y4.fsf@alice.fifthhorseman.net>
On Mon 2015-06-08 23:40:36 -0400, Daiki Ueno wrote:
> That's a valid concern. Actually, I too am unlikely to use the Emacs
> pinentry regularly for security reasons, while users are really eager
> for the enter-passphrase-from-the-minibuffer feature.
Which users are demanding this? In what contexts? How have the options
and tradeoffs been presented to them? Understanding the goals and use
cases for this potentially-risky feature seems like an important step,
particularly if the folks developing it don't want to use it themselves.
> To enable the Emacs pinentry, a user needs to call M-x pinentry-start
> manually. However, this might not be sufficient for GnuPG not to
> interact with Emacs. In that case, it might make sense to add an
> option to pinentry.conf, e.g., {no-,}allow-emacs-pinentry.
>
> I will try to add it in the new patch.
thanks, this is an interesting option.
--dkg
From yuuma.sato at gmail.com Tue Jun 9 05:31:28 2015
From: yuuma.sato at gmail.com (Watson Sato)
Date: Tue, 9 Jun 2015 00:31:28 -0300
Subject: Default configuration of pinentry in gnome3
Message-ID:
Hi, I'm Yuuma and I'm working on GNOME side of pinentry-gnome3 as a GSoC
project.
With pinentry-gnome3 implemented we are looking to set this pinentry
program as default in gnome3.
I know it' possible to configure the default pinentry through configuration
in gpg-agent.conf file and it also can be passed as a parameter on
execution.
But what would be the way for GNOME to change default pinentry to
pinentry-gnome3 when starting a session?
Neal has mentioned that Debian uses update-alternatives to configure the
default pinentry, would this approach be enough?
Maybe reading a secondary config file where session managers can change
stuff.
Is there a better approach?
--
Watson Yuuma Sato
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From ueno at gnu.org Tue Jun 9 07:43:18 2015
From: ueno at gnu.org (Daiki Ueno)
Date: Tue, 09 Jun 2015 14:43:18 +0900
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
In-Reply-To: <87r3plr0y4.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's
message of "Mon, 08 Jun 2015 23:54:27 -0400")
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
<87616xsi52.fsf@alice.fifthhorseman.net>
<87r3plr0y4.fsf@alice.fifthhorseman.net>
Message-ID:
Daniel Kahn Gillmor writes:
> On Mon 2015-06-08 23:40:36 -0400, Daiki Ueno wrote:
>> That's a valid concern. Actually, I too am unlikely to use the Emacs
>> pinentry regularly for security reasons, while users are really eager
>> for the enter-passphrase-from-the-minibuffer feature.
>
> Which users are demanding this? In what contexts? How have the options
> and tradeoffs been presented to them?
I don't want to repeat the discussions here, sorry. If you are really
interested, you can search on the Emacs bug tracker and the emacs-devel
mailing list.
> Understanding the goals and use cases for this potentially-risky
> feature seems like an important step, particularly if the folks
> developing it don't want to use it themselves.
I merely meant that I generally prefer to do crypto operations outside
of Emacs, as Emacs is inherently insecure (e.g., the read-passwd
function could be replaced at run-time, by an external package).
Nevertheless, the pinentry-emacs mechanism should be reasonably secure
for the typical use-cases.
>> option to pinentry.conf, e.g., {no-,}allow-emacs-pinentry.
>>
>> I will try to add it in the new patch.
>
> thanks, this is an interesting option.
I'm now turning the option off by default.
Regards,
--
Daiki Ueno
From andreas.stieger at gmx.de Tue Jun 9 08:44:12 2015
From: andreas.stieger at gmx.de (Andreas Stieger)
Date: Tue, 09 Jun 2015 08:44:12 +0200
Subject: Default configuration of pinentry in gnome3
In-Reply-To:
References:
Message-ID: <55768B3C.2040709@gmx.de>
Hello,
On 09/06/15 05:31, Watson Sato wrote:
> Hi, I'm Yuuma and I'm working on GNOME side of pinentry-gnome3 as a GSoC
> project.
>
> With pinentry-gnome3 implemented we are looking to set this pinentry
> program as default in gnome3.
>
> I know it' possible to configure the default pinentry through
> configuration in gpg-agent.conf file and it also can be passed as a
> parameter on execution.
>
> But what would be the way for GNOME to change default pinentry to
> pinentry-gnome3 when starting a session?
>
> Neal has mentioned that Debian uses update-alternatives to configure the
> default pinentry, would this approach be enough?
> Maybe reading a secondary config file where session managers can change
> stuff.
>
> Is there a better approach?
You may be interested to know that SUSE/openSUSE and Fedora (et al) use
a script wrapper in /usr/bin/pinentry that auto-detects the running
graphical environment, desktop sesssion and installed pinentry binaries
and calls the best available one. I found this to be superior to
update-alternatives.
https://build.opensuse.org/package/view_file/openSUSE:Factory/pinentry/pinentry?expand=1
http://pkgs.fedoraproject.org/cgit/pinentry.git/tree/pinentry-wrapper
The openSUSE one has testamentary support for the newly added
pinentry-gnome3, maybe you can suggest an environment variable for
detecting a GNOME3 session reliably?
Andreas
From ueno at gnu.org Tue Jun 9 09:49:38 2015
From: ueno at gnu.org (Daiki Ueno)
Date: Tue, 09 Jun 2015 16:49:38 +0900
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
In-Reply-To: <87lhfuowyy.wl-neal@walfield.org> (Neal H. Walfield's message of
"Mon, 08 Jun 2015 20:51:01 +0200")
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
<87lhfuowyy.wl-neal@walfield.org>
Message-ID:
Thanks for the review, I'm attaching a new patch.
"Neal H. Walfield" writes:
>> +static int
>> +send_to_emacs (int s, const char *buffer)
>> +{
[...]
>> + if (send_buffer_length == SEND_BUFFER_SIZE
>> + || (send_buffer_length > 0
>> + && send_buffer[send_buffer_length-1] == '\n'))
>
> Should we check for embedded newlines and not just those at the end?
For our use-cases of send_to_emacs, we can assume that a newline
character only appears at the end of buffer.
The comment of send_to_emacs (copied from emacsclient.c) says:
/* Let's send the data to Emacs when either
- the data ends in "\n", or
- the buffer is full (but this shouldn't happen)
Otherwise, we just accumulate it. */
and a typical usage of the function:
if (!send_to_emacs (emacs_socket, name)
|| !send_to_emacs (emacs_socket, " "))
return 0;
escaped = escape (value);
if (!escaped)
return 0;
retval = send_to_emacs (emacs_socket, escaped)
&& send_to_emacs (emacs_socket, "\n");
Here, a newline character will never be passed to send_to_emacs, until
the last call of the function. Perhaps the comment should state that
more clearly.
>> +read_from_emacs (int s, int timeout, char *buffer, size_t capacity,
>> + assuan_error_t *error)
>
> I think this function assumes that responses are line buffered. That
> is, emacs will never send a single message consisting of "OK\nOK\n".
> Is that reasonable?
Yes, I think so. A send_to_emacs/read_from_emacs pair basically
emulates assuan_transact, which expects at most one response code which
completes a transaction (i.e., OK/ERR/END).
>> + if (allocated && offset + data_length + 1 > allocated_capacity)
>> + {
>> + allocated_capacity = allocated_capacity * 2 + 10;
>
> I think this is wrong. allocated_capacity has to be at least as large
> as offset + data_length + 1. If data_length is more than
> allocated_capacity + 10, then we overflow when we copy the data into
> buffer (this is easy when buffer is NULL). How about this?
>
> allocated_capacity = MAX (allocated_capacity * 2 + 10,
> offset + data_length + 1);
Oops, thanks for pointing that out. Fixed.
> Since pinentry_inside_emacs calls pinentry_emacs_init should we make
> sure pinentry_emacs_init is only called once (perhaps by checking
> whether emacs_socket is -1)?
Good point, but should we consider the case where pinentry_inside_emacs
is called multiple times? Assuming not, I added an assertion in
pinentry_emacs_init to prevent the socket being initialized twice, and
renamed pinentry_inside_emacs to a clearer name denoting a side effect:
pinentry_enable_emacs_cmd_handler.
Also, I moved the call to the function right after pinentry_parse_opts,
aiming for the option dependent behavior, which I wrote in the reply to
Daniel:
> GnuPG not to interact with Emacs. In that case, it might make sense to
> add an option to pinentry.conf, e.g., {no-,}allow-emacs-pinentry.
>
> I will try to add it in the new patch.
I postpone this for now, since it turned out that it requires a change
in GnuPG.
Regards,
--
Daiki Ueno
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-inside-Emacs-mode-to-GUI-pinentry-programs.patch
Type: text/x-patch
Size: 30311 bytes
Desc: not available
URL:
From wk at gnupg.org Tue Jun 9 09:55:40 2015
From: wk at gnupg.org (Werner Koch)
Date: Tue, 09 Jun 2015 09:55:40 +0200
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
In-Reply-To: <87r3plr0y4.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's
message of "Mon, 08 Jun 2015 23:54:27 -0400")
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
<87616xsi52.fsf@alice.fifthhorseman.net>
<87r3plr0y4.fsf@alice.fifthhorseman.net>
Message-ID: <87sia19uyr.fsf@vigenere.g10code.de>
On Tue, 9 Jun 2015 05:54, dkg at fifthhorseman.net said:
> Which users are demanding this? In what contexts? How have the options
Well, it would make it easier to read encrypted mails by attaching to a
remote Gnus session. I share your concerns that this is not a good idea
security wise. OTOH, being able to attach to a remote Emacs session
already allows you to take over the remote box.
>> option to pinentry.conf, e.g., {no-,}allow-emacs-pinentry.
>>
>> I will try to add it in the new patch.
>
> thanks, this is an interesting option.
Ack.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From wk at gnupg.org Tue Jun 9 10:05:46 2015
From: wk at gnupg.org (Werner Koch)
Date: Tue, 09 Jun 2015 10:05:46 +0200
Subject: Feature request: handle multiple encryption subkeys on different
smart cards intelligently
In-Reply-To:
(Naftuli Tzvi Kay's message of "Mon, 8 Jun 2015 15:16:42 -0700")
References:
Message-ID: <87oakp9uhx.fsf@vigenere.g10code.de>
On Tue, 9 Jun 2015 00:16, rfkrocktk at gmail.com said:
> Decrypting this file, however, proves to be problematic. Since each
> identity has multiple encryption subkeys and all encryption subkeys live on
> smart cards, GPG seems to get confused by things and dosen't seem to
> execute certain commands in the right order.
See also: https://bugs.gnupg.org/gnupg/issue1955
Your suggestion makes a lot of sense.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From wk at gnupg.org Tue Jun 9 10:10:07 2015
From: wk at gnupg.org (Werner Koch)
Date: Tue, 09 Jun 2015 10:10:07 +0200
Subject: Default configuration of pinentry in gnome3
In-Reply-To:
(Watson Sato's message of "Tue, 9 Jun 2015 00:31:28 -0300")
References:
Message-ID: <87k2vd9uao.fsf@vigenere.g10code.de>
On Tue, 9 Jun 2015 05:31, yuuma.sato at gmail.com said:
> Neal has mentioned that Debian uses update-alternatives to configure the
> default pinentry, would this approach be enough?
Yes. In fact gpg-agent looks for /usr/bin/pinentry which is supposed to
be a link to one of the alternatives. The pinentry make install rule
does exactly this.
> Maybe reading a secondary config file where session managers can change
> stuff.
gpgconf allows to change a conf file at runtime. If you want to use a
specific Pinentry per session, I would suggest to make use of this
feature.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From yuuma.sato at gmail.com Tue Jun 9 13:19:59 2015
From: yuuma.sato at gmail.com (Watson Sato)
Date: Tue, 9 Jun 2015 08:19:59 -0300
Subject: gnome-keyring Auto launched gpg-agent doesn't work with
pinentry-gnome3
In-Reply-To: <557697D1.6080201@redhat.com>
References: <557697D1.6080201@redhat.com>
Message-ID:
On Tue, Jun 9, 2015 at 4:37 AM, Stef Walter wrote:
>
> Yuuma, since you're working to help finish up this work, here's probably
> another task you could work on patches for.
>
I'd like to help.
But I couldn't reproduce the issue here. Surely I'm missing something.
--
Watson Yuuma Sato
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From neal at walfield.org Tue Jun 9 13:55:25 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Tue, 09 Jun 2015 13:55:25 +0200
Subject: gnome keyring & gpg agent
In-Reply-To: <877fsbvwhr.wl-neal@walfield.org>
References: <87twvg8l4r.fsf@alice.fifthhorseman.net>
<87bnhowa4x.wl-neal@walfield.org>
<87twvfmnhx.fsf@vigenere.g10code.de>
<87fv6z7032.fsf@alice.fifthhorseman.net>
<877fsbvwhr.wl-neal@walfield.org>
Message-ID: <87egllp042.wl-neal@walfield.org>
At Thu, 14 May 2015 20:34:40 +0200,
Neal H. Walfield wrote:
> So far, I've identified these requirements:
>
> - Adding a new pinentry-gnome3 package with the yet-to-be-released
> pinentry with Gnome3 support.
>
> - An update to GPG with the relatively small change.
>
> - An update to Gnome-Keyring that disables it GPG Agent proxy.
Stef just removed GPG Agent from Gnome Keyring.
https://bugzilla.gnome.org/show_bug.cgi?id=750514
Thanks, Stef!
> - Make Gnome Keyring depend on pinentry-gnome3.
:) Neal
From ueno at gnu.org Tue Jun 9 14:12:43 2015
From: ueno at gnu.org (Daiki Ueno)
Date: Tue, 09 Jun 2015 21:12:43 +0900
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
In-Reply-To: (Daiki Ueno's message of "Tue, 09
Jun 2015 16:49:38 +0900")
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
<87lhfuowyy.wl-neal@walfield.org>
Message-ID: <87oakpqdvo.fsf-ueno@gnu.org>
Daiki Ueno writes:
>> GnuPG not to interact with Emacs. In that case, it might make sense to
>> add an option to pinentry.conf, e.g., {no-,}allow-emacs-pinentry.
>>
>> I will try to add it in the new patch.
>
> I postpone this for now, since it turned out that it requires a change
> in GnuPG.
Here is the follow-up patch which implements this. I'm also attaching a
patch to GnuPG.
Regards,
--
Daiki Ueno
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-allow-emacs-prompt-Assuan-option.patch
Type: text/x-diff
Size: 4084 bytes
Desc: not available
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-agent-Add-option-allow-emacs-pinentry.patch
Type: text/x-diff
Size: 3638 bytes
Desc: not available
URL:
From gniibe at fsij.org Tue Jun 9 14:57:32 2015
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Tue, 09 Jun 2015 21:57:32 +0900
Subject: Feature request: handle multiple encryption subkeys on different
smart cards intelligently
In-Reply-To:
References:
Message-ID: <5576E2BC.7070007@fsij.org>
Hello,
Thank you for detailed report. It helps me a lot to understand your
situation.
Let me explain current GnuPG implementation.
Basically, current implementation processes OpenPGP packets one by
one.
On 06/09/2015 07:16 AM, Naftuli Tzvi Kay wrote:
> The process it seems to use is like this:
>
> 1. Check if $ENC_SUBKEY_A's secret key is present: it's not.
> 2. Complain about the card not being present:
> Please remove the current card and insert the one with serial number:
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> Hit return when ready or enter 'c' to cancel
> 3. Hit c until it gets to the right key and prompts for the smart
> card PIN. This can take a while, as I have 3 cards per identity.
Correct. Note that this behavior is not for smartcard only, it also
applies to private keys on file system.
> What it /should/ do is this:
>
> 1. Examine the file and determine which keys can decrypt it. _If_ a
> smart card is present _and_ the smart card's secret key stub in
> secring.gpg can decrypt the file, immediately defer to using that
> card.
> 2. If no card is present or the file is --hidden-recipient, try
> decrypting with any present keys in the keyring whose smart card is
> present.
> 3. If there are no present keys, the present key can't decrypt the
> file, or the present key failed to decrypt the file, then start
> prompting to "insert the key known as ...".
Yes, I agree.
>From the implementation viewpoint, it will be something like:
(1) gpg frontend parses all packets for ESK (Encrypted Session Key)
sequence.
(2) Then, talks to gpg-agent for available private keys to decide
which private key to decrypt.
(3) Asks gpg-agent to decrypt.
--
From gniibe at fsij.org Tue Jun 9 15:25:52 2015
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Tue, 09 Jun 2015 22:25:52 +0900
Subject: OpenPGP Card version 3.0 Availability
In-Reply-To: <5575740D.7070007@gmail.com>
References: <5575740D.7070007@gmail.com>
Message-ID: <5576E960.4030606@fsij.org>
On 06/08/2015 07:53 PM, Sand, Harrison wrote:
> I saw on g10code that the OpenPGP Card version 3.0 specification was
> released last week. (http://g10code.com/docs/openpgp-card-3.0.pdf)
>
> Are there any estimates to when this card will be publicly available?
I don't have any information about the card 3.0. I mean, the product
itself. But I know about GnuPG and Gnuk.
GnuPG "modern" 2.1 will be ready for the OpenPGPcard specification
version 3.0. The required code for ECC has already implemented in the
repository. For other support, if needed, code will be added.
Gnuk 1.1.5 is mostly compatible to the OpenPGPcard specification
version 3.0 and users can use ECC with NIST P-256 curve now. I don't
think people want to use NIST P-256 curve, though.
Well, I am going to post Gnuk 1.1.5 release.
--
From attila at stalphonsos.com Tue Jun 9 15:07:05 2015
From: attila at stalphonsos.com (attila)
Date: Tue, 09 Jun 2015 08:07:05 -0500
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
In-Reply-To: <874mms4tzc.wl-neal@walfield.org>
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
Message-ID: <87ioax2emz.fsf@tldr.l.stalphonsos.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384
Hello gnupg-devel, Neal and Daiki,
I've been following the discussion with some interest and only wish to
make one slight comment:
Neal H. Walfield writes:
> Hi Daiki,
>
> [snip]
>> + if (strlen (tmpdir) + strlen (socket_name) + 10 + 2
>> + >= sizeof (emacs_server_address.sun_path))
>> + {
>> + fprintf (stderr, "socket name is too long\n");
>> + free (tmpdir_storage);
>> + return 0;
>> + }
>> +
>> + sprintf (emacs_server_address.sun_path, "%s/emacs%lu/%s",
>> + tmpdir, (unsigned long) uid, socket_name);
>
> I think the check above is wrong. It should be something like:
>
> if (strlen (tmpdir) + strlen("/emacs") + 10 + strlen("/")
> + strlen (socket_name) + 1
> >= sizeof (emacs_server_address.sun_path))
>
> Or, less conservatively, we could replace 10 with the actual length of
> the uid as a base-10 string.
>
> Perhaps the best approach is to use something like asprintf. (I say
> like, because we can't use asprintf: it is not portable. But, recent
> version of libgpg-error provide a replacement.)
>
I would humbly suggest an idiom based on snprintf(3):
if (snprintf (emacs_server_address.sun_path,
sizeof(emacs_server_address.sun_path),
"%s/emacs%lu/%s", tmpdir, (unsigned long) uid,
socket_name) >= sizeof(emacs_server_address.sun_path)) {
fprintf (stderr, "socket name is too long\n");
free (tmpdir_storage);
return 0;
}
This way you don't have to worry about checking the lengths of all the
individual components of the path; you state how much space is
available and snprintf(3) tells you if it was too much.
snprintf(3) is now universally available and leads to shorter code
whose intention is clearer. Before making this assertion I poked
around a bit for some confirmation and found a couple encouraging
things... on a NetBSD list related to Lua:
... which points at a blog post on MSDN re Microsoft support for
(among other things) snprintf(3):
So it seems previous objections to snprintf(3) based on portability
(*cough* Microsoft *cough*) are perhaps no longer valid. It certainly
appears to be supported everywhere else (C99 was a long time ago :-).
It also appears that other groups of hackers are considering adopting
use of snprintf(3) more universally for this reason, which is a good
thing.
The same idea applies for the rest of the sprintf calls here: replace
the "check the length manually then call sprintf" idiom with "call
snprintf and let it check the length". It is easier to audit code
like this, if nothing else.
>> [snip]
Thanks for the work on GnuPG and pinentry... M-x lurk-mode RET
Pax, -A
- --
http://trac.haqistan.net | attila at stalphonsos.com | 0xE6CC1EDB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Processed by Mailcrypt 3.5.9
iQIcBAEBCQAGBQJVdupGAAoJEJZ30KbmzB7bEhUQAK6dG3sLBiLGOdUxQoL3s6V6
UbFEpneG6EqOSNzbzmpt37sS498CKltT+B6U3SpaJP2ty+mpQSW2xsRrmopLJK1w
9IGHHeHIjBGF55TtiI008ervV71kBHVpGnFZeDdoQF45/iUDwzXilipEJWI9n67x
XasproNc1d/DnnOEQpG0zUAqcDN5EbIofrif6B9TyBuB+8GXdMezeiVUW4dURCAO
IWV7KkSvB4tbQeL8rNelNdpUz9rjwvm8yYfWgztv2eMY7XrQ1l7oBAj4ObodB75t
Vx2qv3U9Va0bW+LZPI1Ew2d7XLAKOJ8hU1Xr/7rLZ3qHlhfTJMFuoaULgMoI+PIb
MTR3SSuM1TuTyseCNtoDG7909Gr8CF7xTx/MOz57jHqiiHhAHdMojp1JF+2hGVcP
fVY3EHB+Qpp/e3SlTqa8/2QhrTabqngZ1qMYqyV7Rmo11J5sjb4yIh078e3DSH7z
KueTSAezpBX0/LL0qPUzJIxEcXY3aSzTrOVAOTPWNAQ645FBP28njAP4qWA8m6OG
3CIK7c9C/KnvMr8GVHXbNQ5C+1U0j7quIWIuzPa8u7SdMGSM/agABg92AFDyUQJR
1mJ5mLlfJ3tVri1fTkE0u/Fatmo3IHNdEetqBrf0CQoZIU0P32E0tDsqnJ2YvPbJ
ptzgyZldSupciatlfT/+
=E1qA
-----END PGP SIGNATURE-----
From dkg at fifthhorseman.net Tue Jun 9 22:34:58 2015
From: dkg at fifthhorseman.net (Daniel Kahn Gillmor)
Date: Tue, 09 Jun 2015 16:34:58 -0400
Subject: Default configuration of pinentry in gnome3
In-Reply-To:
References:
Message-ID: <877frcr571.fsf@alice.fifthhorseman.net>
On Mon 2015-06-08 23:31:28 -0400, Watson Sato wrote:
> Neal has mentioned that Debian uses update-alternatives to configure the
> default pinentry, would this approach be enough?
fwiw (as one of the debian developers maintaining pinentry and the gnupg
stack), i'm fine with using update-alternatives for this. By default
pinentry-gnome3 if present will be a higher priority in pinentry-gtk2.
so in debian, i think we could handle this by having the gnome-keyring
package Depend: pinentry-gnome3, and leave it at that.
Now you have three different responses to choose from, none of which
require you to do anything in GNOME directly afaict :)
* pinentry-wrapper (Andreas)
* gpgconf (Werner)
* /etc/alternatives (dkg)
--dkg
From rfkrocktk at gmail.com Tue Jun 9 21:26:56 2015
From: rfkrocktk at gmail.com (Naftuli Tzvi Kay)
Date: Tue, 9 Jun 2015 12:26:56 -0700
Subject: Feature request: handle multiple encryption subkeys on different
smart cards intelligently
In-Reply-To: <5576E2BC.7070007@fsij.org>
References:
<5576E2BC.7070007@fsij.org>
Message-ID:
Thank goodness! I'm glad I was on to something here, moreso glad that I'm
not hearing "it's not a bug, it's a feature?" as is unfortunately common to
hear these days.
I've yet to try using the --try-all-secrets in --batch mode, I'm not sure
if that will help remedy the problem. Do note that I'm using GnuPG 1, as
it's in an initramfs setting. Would that setting help remedy the problem in
the interrim?
I don't know what my options are in initramfs for using GnuPG without
piping the password in with the cryptsetup askpass command; I assume that
askpass does some magic to grab keyboard input that the gpg binary itself
probably wouldn't be able to do. If I'm able to get gpg working
interactively instead of reading the passphrase from STDIN, I can just
endure having to press 'c' several times until everything is right in the
world and it finds the right decryption key in hardware.
Thanks,
- Naftuli Tzvi
On Tue, Jun 9, 2015 at 5:57 AM, NIIBE Yutaka wrote:
> Hello,
>
> Thank you for detailed report. It helps me a lot to understand your
> situation.
>
> Let me explain current GnuPG implementation.
>
> Basically, current implementation processes OpenPGP packets one by
> one.
>
> On 06/09/2015 07:16 AM, Naftuli Tzvi Kay wrote:
> > The process it seems to use is like this:
> >
> > 1. Check if $ENC_SUBKEY_A's secret key is present: it's not.
> > 2. Complain about the card not being present:
> > Please remove the current card and insert the one with serial number:
> > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> > Hit return when ready or enter 'c' to cancel
> > 3. Hit c until it gets to the right key and prompts for the smart
> > card PIN. This can take a while, as I have 3 cards per identity.
>
> Correct. Note that this behavior is not for smartcard only, it also
> applies to private keys on file system.
>
> > What it /should/ do is this:
> >
> > 1. Examine the file and determine which keys can decrypt it. _If_ a
> > smart card is present _and_ the smart card's secret key stub in
> > secring.gpg can decrypt the file, immediately defer to using that
> > card.
> > 2. If no card is present or the file is --hidden-recipient, try
> > decrypting with any present keys in the keyring whose smart card is
> > present.
> > 3. If there are no present keys, the present key can't decrypt the
> > file, or the present key failed to decrypt the file, then start
> > prompting to "insert the key known as ...".
>
> Yes, I agree.
>
> From the implementation viewpoint, it will be something like:
>
> (1) gpg frontend parses all packets for ESK (Encrypted Session Key)
> sequence.
>
> (2) Then, talks to gpg-agent for available private keys to decide
> which private key to decrypt.
>
> (3) Asks gpg-agent to decrypt.
> --
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From neal at walfield.org Wed Jun 10 15:37:16 2015
From: neal at walfield.org (Neal H. Walfield)
Date: Wed, 10 Jun 2015 15:37:16 +0200
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
In-Reply-To: <87oakpqdvo.fsf-ueno@gnu.org>
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
<87lhfuowyy.wl-neal@walfield.org>
<87oakpqdvo.fsf-ueno@gnu.org>
Message-ID: <87mw07ofar.wl-neal@walfield.org>
Hi Daiki,
At Tue, 09 Jun 2015 21:12:43 +0900,
Daiki Ueno wrote:
> Here is the follow-up patch which implements this. I'm also attaching a
> patch to GnuPG.
Thanks.
I don't like this approach. In particular, I don't like adding new
options / commands to the Assuan protocol. I think it is sufficient
to have a command line option to the pinentry to do the emacs check.
Then, users who want to use this would add the following to their
gpg-agent.conf:
pinentry-program /usr/bin/pinentry --enable-emacs
(We could also add a new option called pinentry-program-options so
that users can still use the system default.)
Thoughts?
Neal
From wk at gnupg.org Wed Jun 10 16:58:29 2015
From: wk at gnupg.org (Werner Koch)
Date: Wed, 10 Jun 2015 16:58:29 +0200
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
In-Reply-To: <87oakpqdvo.fsf-ueno@gnu.org> (Daiki Ueno's message of "Tue, 09
Jun 2015 21:12:43 +0900")
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
<87lhfuowyy.wl-neal@walfield.org>
<87oakpqdvo.fsf-ueno@gnu.org>
Message-ID: <87eglj8vai.fsf@vigenere.g10code.de>
On Tue, 9 Jun 2015 14:12, ueno at gnu.org said:
> Here is the follow-up patch which implements this. I'm also attaching a
I just pushed the GnuPG part of it so that it will go into the release I
planned for today. I leave the Pinentry part to Neal.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From wk at gnupg.org Wed Jun 10 17:22:12 2015
From: wk at gnupg.org (Werner Koch)
Date: Wed, 10 Jun 2015 17:22:12 +0200
Subject: [PATCH] Add inside-Emacs mode to GUI pinentry programs
In-Reply-To: <87mw07ofar.wl-neal@walfield.org> (Neal H. Walfield's message of
"Wed, 10 Jun 2015 15:37:16 +0200")
References: <87y4kh5b9s.fsf@vigenere.g10code.de>
<87k2w158ew.fsf@vigenere.g10code.de>
<878ucg6hek.fsf@vigenere.g10code.de>
<874mms4tzc.wl-neal@walfield.org>
<87r3prqk5x.wl-neal@walfield.org>
<87lhfuowyy.wl-neal@walfield.org>
<87oakpqdvo.fsf-ueno@gnu.org>
<87mw07ofar.wl-neal@walfield.org>
Message-ID: <87a8w78u6z.fsf@vigenere.g10code.de>
On Wed, 10 Jun 2015 15:37, neal at walfield.org said:
> pinentry-program /usr/bin/pinentry --enable-emacs
>
> (We could also add a new option called pinentry-program-options so
> that users can still use the system default.)
Both options are problematic for gpgconf because there is no support for
this style of options. The --foo-options are already hard to handle by
gpgconf but pinentry-program would require another dedicated feature in
gpgconf.
With Ueno's patch we have immediate support for Emacs in the
configuration dialogs of GPA and Kleopatra (and hopefully others).
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From yuuma.sato at gmail.com Thu Jun 11 05:02:43 2015
From: yuuma.sato at gmail.com (Watson Sato)
Date: Thu, 11 Jun 2015 00:02:43 -0300
Subject: Default configuration of pinentry in gnome3
In-Reply-To: <877frcr571.fsf@alice.fifthhorseman.net>
References:
<877frcr571.fsf@alice.fifthhorseman.net>
Message-ID:
On Tue, Jun 9, 2015 at 5:34 PM, Daniel Kahn Gillmor
wrote:
> Now you have three different responses to choose from, none of which
> require you to do anything in GNOME directly afaict :)
>
Thanks for the replies.
So, as I understand, it is something to be setup by packagers or
distributors...
There are two separate things:
First is to indicate that gnome-keyring goes well with pinentry-gnome3.
That would be done by making one depend on the other?
And second is to make gpg choose pinentry-gnome3 as default when running a
GNOME session. I believe the pinentry-wrappers and alternatives to good
approaches, if the user wishes to user another pinentry gpg-agent.conf
should be used.
Our concern is to ensure that when gnome-keyring is running along with gpg
in a GNOME session gnome-keyring is able to cache gpg passphrases if opted
to.
Is there a mechanism for GNOME to recommend such setup up for packagers or
distributors, maybe docs or something? (Does this question make sense? I
don't know much about how packaging and shipping processes)
--
Watson Yuuma Sato
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From gniibe at fsij.org Thu Jun 11 08:06:11 2015
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Thu, 11 Jun 2015 15:06:11 +0900
Subject: [PATCH] pinentry: Added generating missing file.
In-Reply-To: <1408546196-28359-1-git-send-email-serge0x76@gmail.com>
References: <1408546196-28359-1-git-send-email-serge0x76@gmail.com>
Message-ID: <55792553.9020503@fsij.org>
Hello,
This is reply to your report on 2014-08-20. Thank you for your
report. Sorry not responding earlier.
On 08/20/2014 11:49 PM, Serge Voilokov wrote:
> Fresh cloned pinentry/autogen.sh gives an error "required file './compile' not found".
Perhaps, you've already known that it was fixed.
It was fixed by the commits in September 2014.
commit f21dcb8083905efef8e82e1bf91dd01457af81d1
Author: Werner Koch
Date: Thu Sep 18 10:22:34 2014 +0200
Add missing build support files and move them to build-aux.
commit 549479d69363ca1ef5e7c676517e2327b8baadea
Author: Werner Koch
Date: Thu Sep 18 10:21:19 2014 +0200
Use generic autogen.sh script.
Pinentry is under active development these days. Please try new
version, too.
--
From casey.marshall at gmail.com Thu Jun 11 14:07:34 2015
From: casey.marshall at gmail.com (Casey Marshall)
Date: Thu, 11 Jun 2015 07:07:34 -0500
Subject: Golang "OpenPGP" implementation...
In-Reply-To: <20150608004937.GA15405@tower.spodhuis.org>
References:
<20150608004937.GA15405@tower.spodhuis.org>
Message-ID: <55797A06.6070607@gmail.com>
On 06/07/2015 07:49 PM, Phil Pennock wrote:
> On 2015-06-05 at 16:39 +0200, Low Eel wrote:
>> As you probably (?) know, Google launched their language, golang, and it ships
>> with something they call "OpenPGP" libraries:
>
> OpenPGP is the IETF name for the specification. The Internet
> Engineering Task Force defines the protocol. GnuPG is one
> implementation of the OpenPGP specification, and today is very probably
> the dominant implementation.
>
>> https://godoc.org/golang.org/x/crypto/openpgp
>>
>> I know because I am going to write some server using GPG and I was looking for
>> some library. Now the name "OpenPGP" Google is using seems promising, but.
>>
>> - Are that libraries a port/endorsed/written together with the gpg dev?
>> - Does anyone knows if they are 100% compatible or a "google flavour"?
>
> They are Google's implementation of the IETF standard. Compatibility is
> a complex issue but in general anything claiming "100% compatible"
> should be viewed with suspicion. Most products aren't even fully 100%
> compatible with themselves across versions; in good projects, such
> breakages then lead to additions to regression tests to try to avoid
> repeating such embarrassments.
>
> Casey Marshall wrote a PGP keyserver, Hockeypuck, designed to interop
> with SKS (the dominant PGP keyserver); Hockeypuck is written in Go and
> Casey tried to use the Google-provided x package, but ran into some
> limitations and forked off something which he could adapt to work for
> his use-case:
>
> https://github.com/hockeypuck/openpgp/tree/v1
>
> (see also: https://hockeypuck.github.io/contributing.html )
>
To clarify -- and I should perhaps document this better on the
hockeypuck site and project page -- github.com/hockeypuck/openpgp is not
a fork of golang.org/x/openpgp. It's a wrapper around
golang.org/x/crypto/packet, a low-level OpenPGP packet processing API,
for the specific purpose of parsing key material to build a public
keyserver -- which needs to deal with good, bad, ugly and as-of-yet
unsupported key material. This is a much different concern from the
high-level OpenPGP API in x/crypto, which is more about using OpenPGP
for signing and encryption.
> I recommend evaluating both Google's package and Casey's, to see which
> is a better fit for your needs. Figure out why you choose one, and use
> the differences as inspiration so that you know when and how to fork
> yourself, to get closer to the level of compatibility which you need.
>
Use golang.org/x/crypto.
github.com/hockeypuck/openpgp is really only useful if you're developing
your own public keyserver, or have some other special-case need to
process OpenPGP packets (perhaps for some WoT analysis, debugging
OpenPGP implementations, etc.)
> Good luck!
> -Phil
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
>
--
-Casey
From wk at gnupg.org Thu Jun 11 16:00:49 2015
From: wk at gnupg.org (Werner Koch)
Date: Thu, 11 Jun 2015 16:00:49 +0200
Subject: [Announce] GnuPG 2.1.5 released
Message-ID: <874mme73am.fsf@vigenere.g10code.de>
Hello!
The GnuPG Project is pleased to announce the availability of a new
release of GnuPG modern: Version 2.1.5.
The GNU Privacy Guard (GnuPG) is a complete and free implementation
of the OpenPGP standard which is commonly abbreviated as PGP.
GnuPG allows to encrypt and sign data and communication, features a
versatile key management system as well as access modules for public key
directories. GnuPG itself is a command line tool with features for easy
integration with other applications. A wealth of frontend applications
and libraries making use of GnuPG are available. Since version 2 GnuPG
provides support for S/MIME and Secure Shell in addition to OpenPGP.
GnuPG is Free Software (meaning that it respects your freedom). It can
be freely used, modified and distributed under the terms of the GNU
General Public License.
Three different branches of GnuPG are actively maintained:
- GnuPG "modern" (2.1) is the latest development with a lot of new
features. This announcement is about this branch.
- GnuPG "stable" (2.0) is the current stable version for general use.
This is what most users are currently using.
- GnuPG "classic" (1.4) is the old standalone version which is most
suitable for older or embedded platforms.
You may not install "modern" (2.1) and "stable" (2.0) at the same
time. However, it is possible to install "classic" (1.4) along with
any of the other versions.
Noteworthy changes in version 2.1.5
===================================
* Support for an external passphrase cache.
* Support for the forthcoming version 3 OpenPGP smartcard.
* Manuals now show the actual used file names.
* Prepared for improved integration with Emacs.
* Code cleanups and minor bug fixes.
A detailed description of the changes found in the 2.1 branch can be
found at .
This version fixes some bugs found after the release of 2.1.4. Please
be aware that there are still known bugs which we are working on. Check
the the bug tracker, https://wiki.gnupg.org, or the mailing list
archives for known problems and workarounds.
Getting the Software
====================
Please follow the instructions found at https://gnupg.org/download/ or
read on:
GnuPG 2.1.5 may be downloaded from one of the GnuPG mirror sites or
direct from its primary FTP server. The list of mirrors can be found
at . Note that GnuPG is not available
at ftp.gnu.org.
On ftp.gnupg.org you find these files:
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.5.tar.bz2 (4791k)
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.5.tar.bz2.sig
This is the GnuPG source code compressed using BZIP2 and its OpenPGP
signature.
ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.5_20150611.exe (2567k)
ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.5_20150611.exe.sig
This is an installer for Windows without graphical frontends except for
a basic Pinentry tool. Please de-install an installed Gpg4win version
before trying this installer. Note, that TLS access to keyservers is
not yet available. The sources used to build the installer can be found
in the same directory with an ".tar.xz" suffix.
Checking the Integrity
======================
In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:
* If you already have a version of GnuPG installed, you can simply
verify the supplied signature. For example to verify the signature
of the file gnupg-2.1.5.tar.bz2 you would use this command:
gpg --verify gnupg-2.1.5.tar.bz2.sig gnupg-2.1.5.tar.bz2
This checks whether the signature file matches the source file.
You should see a message indicating that the signature is good and
made by one or more of the release signing keys. Make sure that
this is a valid key, either by matching the shown fingerprint
against a trustworthy list of valid release signing keys or by
checking that the key has been signed by trustworthy other keys.
See below for information on the signing keys.
* If you are not able to use an existing version of GnuPG, you have
to verify the SHA-1 checksum. On Unix systems the command to do
this is either "sha1sum" or "shasum". Assuming you downloaded the
file gnupg-2.1.5.tar.bz2, you would run the command like this:
sha1sum gnupg-2.1.5.tar.bz2
and check that the output matches the next line:
02bbe32e1ef3b06b3ae3c60c955fb767a1aa0f2f gnupg-2.1.5.tar.bz2
f705fb6ae7612428b33cc51e23e006cdbf958e5d gnupg-w32-2.1.5_20150611.exe
9ee6959be57c32bddeb2a855724a9080d1820079 gnupg-w32-2.1.5_20150611.tar.xz
Release Signing Keys
====================
To guarantee that a downloaded GnuPG version has not been tampered by
malicious entities we provide signature files for all tarballs and
binary versions. The keys are also signed by the long term keys of
their respective owners. Current releases are signed by one or more
of these four keys:
2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959
David Shaw (GnuPG Release Signing Key)
rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28]
Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06
NIIBE Yutaka (GnuPG Release Key)
rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31]
Key fingerprint = D238 EA65 D64C 67ED 4C30 73F2 8A86 1B1C 7EFD 60D9
Werner Koch (Release Signing Key)
You may retrieve these files from a keyserver using this command
gpg --keyserver hkp://keys.gnupg.net --recv-keys \
249B39D24F25E3B6 04376F3EE0856959 \
2071B08A33BD3F06 8A861B1C7EFD60D9
The keys are also available at https://gnupg.org/signature_key.html and
in any recently released GnuPG tarball in the file g10/distsigkey.gpg .
Note that this mail has been signed using by a different key.
Internationalization
====================
This version of GnuPG has support for 26 languages with Chinese,
Czech, French, German, Japanese, Russian, and Ukrainian being almost
completely translated (2071 different strings).
Documentation
=============
If you used GnuPG in the past you should read the description of
changes and new features at doc/whats-new-in-2.1.txt or online at
https://gnupg.org/faq/whats-new-in-2.1.html
The file gnupg.info has the complete user manual of the system.
Separate man pages are included as well but they have not all the
details available as are the manual. It is also possible to read the
complete manual online in HTML format at
https://gnupg.org/documentation/manuals/gnupg/
or in Portable Document Format at
https://gnupg.org/documentation/manuals/gnupg.pdf .
The chapters on gpg-agent, gpg and gpgsm include information on how
to set up the whole thing. You may also want search the GnuPG mailing
list archives or ask on the gnupg-users mailing lists for advise on
how to solve problems. Many of the new features are around for
several years and thus enough public knowledge is already available.
You may also want to follow postings at https://gnupg.org/blob/.
Support
========
Please consult the archive of the gnupg-users mailing list before
reporting a bug .
We suggest to send bug reports for a new release to this list in favor
of filing a bug at . For commercial support
requests we keep a list of known service companies at:
https://gnupg.org/service.html
If you are a developer and you may need a certain feature for your
project, please do not hesitate to bring it to the gnupg-devel mailing
list for discussion.
Thanks
======
We have to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
servers, spreading the word, and answering questions on the mailing
lists. Maintenance and development of GnuPG is possible due to many
individual and corporate donations; for a list of non-anonymous donors
see .
For the GnuPG hackers,
Werner
p.s.
This is a announcement only mailing list. Please send replies only to
the gnupg-users at gnupg.org mailing list.
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL:
-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From gniibe at fsij.org Fri Jun 12 09:05:56 2015
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Fri, 12 Jun 2015 16:05:56 +0900
Subject: pinentry-curses can be forced to loop endlessly
In-Reply-To:
References: