From jsbiff at weldingengineering.com Wed Nov 1 18:43:44 2023 From: jsbiff at weldingengineering.com (Jeff Schmidt) Date: Wed, 1 Nov 2023 13:43:44 -0400 Subject: Suggestion for OpenPGP standard update Message-ID: <4a5ec8c0-0fd8-454e-93f7-28eca4455ef4@weldingengineering.com> Hello, ?? I was thinking, it's time for the OpenPGP standard to be updated with a shorter form for the parts of inline messages that indicate a message is signed and/or encrypted, to make it more useful for signing and/or encrypting messages on services that limit the number of chars per message. For example, a lot of Mastodon instances of the ActivityPub Fediverse, limit message length to 500 chars. It's a lot to give up a large fraction of the message char length for the following openpgp bits: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -----BEGIN PGP SIGNATURE----- -----END PGP SIGNATURE----- That's 108 characters just for OpenPGP. If that could be abbreviated, that would save some precious chars for people's actual messages. I realize that gnupg devels don't own the standard, but have to simply implement the standard, but I thought you all might be in a position to advocate such a change with whoever maintains the standard. So, for example, maybe something like: --BPSM-- H: SHA512 --BPSG-- --EPSG-- Which reduces the total char count down to 39 chars (of course, not counting the actual encrypted hash) at least with SHA512 as the hash - of course, it would be variable length because the hash abbreviation might be longer or shorter for other hashes. Sorry if this has been previously discussed on the mailing list - the list server does not provide a search function, and I couldn't find this in the gnupg FAQ, or doing a web search for "shorter pgp signature". It does occur to me another approach would be to attach signatures to such posts as an .asc file or .sig file, but as that may not always be an available solution for everyone, it really seems like shortening the openpgp inline text delimiters could be helpful in a lot of cases. -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0x566331566E95AC02.asc Type: application/pgp-keys Size: 677 bytes Desc: OpenPGP public key URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: From jsbiff at weldingengineering.com Wed Nov 1 22:00:13 2023 From: jsbiff at weldingengineering.com (Jeff Schmidt) Date: Wed, 1 Nov 2023 17:00:13 -0400 Subject: Suggestion for OpenPGP standard update In-Reply-To: References: <4a5ec8c0-0fd8-454e-93f7-28eca4455ef4@weldingengineering.com> Message-ID: <7f47af3a-846b-4e8f-9a47-86a3fe524650@weldingengineering.com> Thanks. I will join that list and post there. On 11/1/2023 4:28 PM, Wiktor Kwapisiewicz wrote: > Hi Jeff, > > I think a more appropriate venue for this type of discussion would be the OpenPGP Mailing List. See https://www.ietf.org/mailman/listinfo/openpgp > > Kind regards, > Wiktor > > > >> Hello, >> >> I was thinking, it's time for the OpenPGP standard to be updated with a shorter form for the parts of inline messages that indicate a message is signed and/or encrypted, to make it more useful for signing and/or encrypting messages on services that limit the number of chars per message. For example, a lot of Mastodon instances of the ActivityPub Fediverse, limit message length to 500 chars. It's a lot to give up a large fraction of the message char length for the following openpgp bits: >> >> >> That's 108 characters just for OpenPGP. If that could be abbreviated, that would save some precious chars for people's actual messages. I realize that gnupg devels don't own the standard, but have to simply implement the standard, but I thought you all might be in a position to advocate such a change with whoever maintains the standard. >> >> So, for example, maybe something like: >> >> --BPSM-- >> H: SHA512 >> --BPSG-- >> --EPSG-- >> >> Which reduces the total char count down to 39 chars (of course, not counting the actual encrypted hash) at least with SHA512 as the hash - of course, it would be variable length because the hash abbreviation might be longer or shorter for other hashes. >> >> Sorry if this has been previously discussed on the mailing list - the list server does not provide a search function, and I couldn't find this in the gnupg FAQ, or doing a web search for "shorter pgp signature". >> >> It does occur to me another approach would be to attach signatures to such posts as an .asc file or .sig file, but as that may not always be an available solution for everyone, it really seems like shortening the openpgp inline text delimiters could be helpful in a lot of cases. >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0x566331566E95AC02.asc Type: application/pgp-keys Size: 677 bytes Desc: OpenPGP public key URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: From wiktor at metacode.biz Wed Nov 1 21:28:07 2023 From: wiktor at metacode.biz (Wiktor Kwapisiewicz) Date: Wed, 01 Nov 2023 21:28:07 +0100 Subject: Suggestion for OpenPGP standard update In-Reply-To: <4a5ec8c0-0fd8-454e-93f7-28eca4455ef4@weldingengineering.com> References: <4a5ec8c0-0fd8-454e-93f7-28eca4455ef4@weldingengineering.com> Message-ID: Hi Jeff, I think a more appropriate venue for this type of discussion would be the OpenPGP Mailing List. See https://www.ietf.org/mailman/listinfo/openpgp Kind regards, Wiktor >Hello, > >?? I was thinking, it's time for the OpenPGP standard to be updated with a shorter form for the parts of inline messages that indicate a message is signed and/or encrypted, to make it more useful for signing and/or encrypting messages on services that limit the number of chars per message. For example, a lot of Mastodon instances of the ActivityPub Fediverse, limit message length to 500 chars. It's a lot to give up a large fraction of the message char length for the following openpgp bits: > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 >-----BEGIN PGP SIGNATURE----- >-----END PGP SIGNATURE----- > >That's 108 characters just for OpenPGP. If that could be abbreviated, that would save some precious chars for people's actual messages. I realize that gnupg devels don't own the standard, but have to simply implement the standard, but I thought you all might be in a position to advocate such a change with whoever maintains the standard. > >So, for example, maybe something like: > >--BPSM-- >H: SHA512 >--BPSG-- >--EPSG-- > >Which reduces the total char count down to 39 chars (of course, not counting the actual encrypted hash) at least with SHA512 as the hash - of course, it would be variable length because the hash abbreviation might be longer or shorter for other hashes. > >Sorry if this has been previously discussed on the mailing list - the list server does not provide a search function, and I couldn't find this in the gnupg FAQ, or doing a web search for "shorter pgp signature". > >It does occur to me another approach would be to attach signatures to such posts as an .asc file or .sig file, but as that may not always be an available solution for everyone, it really seems like shortening the openpgp inline text delimiters could be helpful in a lot of cases. > From wk at gnupg.org Thu Nov 2 08:53:26 2023 From: wk at gnupg.org (Werner Koch) Date: Thu, 02 Nov 2023 08:53:26 +0100 Subject: Suggestion for OpenPGP standard update In-Reply-To: <4a5ec8c0-0fd8-454e-93f7-28eca4455ef4@weldingengineering.com> (Jeff Schmidt's message of "Wed, 1 Nov 2023 13:43:44 -0400") References: <4a5ec8c0-0fd8-454e-93f7-28eca4455ef4@weldingengineering.com> Message-ID: <87fs1ovbex.fsf@jacob.g10code.de> Hi! On Wed, 1 Nov 2023 13:43, Jeff Schmidt said: > That's 108 characters just for OpenPGP. If that could be abbreviated, > that would save some precious chars for people's actual messages. I Ist seems your are using clearsigned signature which is a legacy method back from the BBS times. It still has its use cases but those are pretty limited. A better way for a realvily new protocol is to use a detached signature - either in the MIME format (if MIME is already used by Mastodon) or by using a cusom format like Git does it. You save a lot of extra octets and avoid many pitfalls in clearsigned texts. But yes, this requires some kind of support in Mastodon. > So, for example, maybe something like: > > --BPSM-- > H: SHA512 Mastodon clients may post- and pre- process such message before they are fed to gpg. But I would not suggest this. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From wk at gnupg.org Fri Nov 3 13:35:00 2023 From: wk at gnupg.org (Werner Koch) Date: Fri, 03 Nov 2023 13:35:00 +0100 Subject: Portuguese po translation In-Reply-To: <87ttq6jxf4.fsf@brilhante.top> (Daniel Cerqueira via Gnupg-devel's message of "Tue, 31 Oct 2023 21:26:39 +0000") References: <87ttq6jxf4.fsf@brilhante.top> Message-ID: <87v8ajj9qj.fsf@jacob.g10code.de> Hi! > 1. There are a lot of branches version. The GnuPG of my package manager > is following the 2.2.x version's. But the current version on gnupg.org > is 2.4.x . There are also 2.5-base and 2.6-base. My question is: which > git branch should I use for my translation? The stable branch is 2.4 - please translate only this branch. Don't case about the base tags - they are only used for our automatic version numering method. GnuPG 2.6 will take another year before we can do a release and then it will likely first be a 2.5 release for early adopters. > 2. When done, to where do I send the git patch? translations at gnupg.org is a good address. > 3. Last time I sent a git patch to an address, my email provider blocked > me sending the email, because my email provider flagged it as suspicious > of being SPAM. I probably will have to send the patch on a tar archive, This summer we had a massive backscatter attack on our server. Meanwhile we migrated to a new server and also use BATS. So all things should be fine now. > or send the patch as an OpenPGP encrypted email. Is this ok? Which of > the two options is best? (first, I will try to send it unencrypted) Signed commint would be the proofread thinsg but a signed mail is also okay. Thanks for helping with translations. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From bjk at luxsci.net Mon Nov 6 01:03:07 2023 From: bjk at luxsci.net (Ben Kibbey) Date: Sun, 5 Nov 2023 16:03:07 -0800 Subject: PATCH Libgpg-error] yat2m: Parse @dots{} to show ellipsis in HTML mode. Message-ID: <1699228990-6084640.36017282.f3A6038Su2405519@rs6161.luxsci.com> Hello, I wasn't sure if pushing this patch would be alright or not because of the UTF-8 character embedded in it and whether it is acceptable or not. >From 9b378b684a760a27031a05f0ba60fe3a6e8b3b90 Mon Sep 17 00:00:00 2001 From: Ben Kibbey Date: Sun, 5 Nov 2023 15:53:19 -0800 Subject: [PATCH Libgpg-error] yat2m: Parse @dots{} to show ellipsis in HTML mode. * doc/yat2m.c (proc_texi_cmd): Add "dots" to comamnd table and output "..." in manpages and ellipsis in HTML mode. Signed-off-by: Ben Kibbey --- doc/yat2m.c | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/yat2m.c b/doc/yat2m.c index b5978e4..103e5ce 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -1314,6 +1314,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "end", 4 }, { "quotation",1, ".RS\n\\fB" }, { "value", 8 }, + { "dots", 0, "...", NULL, "?" }, { NULL } }; size_t n; -- 2.42.0 -- Ben Kibbey From bjk at luxsci.net Mon Nov 6 05:52:29 2023 From: bjk at luxsci.net (Ben Kibbey) Date: Sun, 5 Nov 2023 20:52:29 -0800 Subject: PATCH Libgpg-error] yat2m: Parse @dots{} to show ellipsis in HTML mode. In-Reply-To: <65486BE9.5050608@gmail.com> References: <1699228990-6084640.36017282.f3A6038Su2405519@rs6161.luxsci.com> <65486BE9.5050608@gmail.com> Message-ID: <1699246351-263693.636958078.f3A64qU792695134@rs6161.luxsci.com> On Sun, Nov 05, 2023 at 10:30:33PM -0600, Jacob Bachmeyer wrote: > Ben Kibbey wrote: > > Hello, > > > > I wasn't sure if pushing this patch would be alright or not because of > > the UTF-8 character embedded in it and whether it is acceptable or not. > > If you are writing HTML, why not output the … character entity > instead of writing non-ASCII inline? Because the docs are generated from the same texinfo source; for manual pages and HTML and texinfo. -- Ben Kibbey From jcb62281 at gmail.com Mon Nov 6 05:30:33 2023 From: jcb62281 at gmail.com (Jacob Bachmeyer) Date: Sun, 05 Nov 2023 22:30:33 -0600 Subject: PATCH Libgpg-error] yat2m: Parse @dots{} to show ellipsis in HTML mode. In-Reply-To: <1699228990-6084640.36017282.f3A6038Su2405519@rs6161.luxsci.com> References: <1699228990-6084640.36017282.f3A6038Su2405519@rs6161.luxsci.com> Message-ID: <65486BE9.5050608@gmail.com> Ben Kibbey wrote: > Hello, > > I wasn't sure if pushing this patch would be alright or not because of > the UTF-8 character embedded in it and whether it is acceptable or not. > If you are writing HTML, why not output the … character entity instead of writing non-ASCII inline? -- Jacob From jasoncarrete5 at gmail.com Mon Nov 6 09:09:47 2023 From: jasoncarrete5 at gmail.com (Jason Carrete) Date: Mon, 6 Nov 2023 03:09:47 -0500 Subject: [PATCH pinentry] qt: Present option to save password in password manager Message-ID: <01ca0ad5-8c46-4370-8f3d-49a30ec4732a@gmail.com> * qt/main.cpp: Pass pinentry info to PinEntryDialog constructor. Set save passphrase checkbox text from pinentry_t->default_pwmngr. * qt/pinentrydialog.cpp, qt/pinentrydialog.h: Dialog now accepts pinentry info in the constructor and removed unneeded setter for pinentry info. Add save passphrase checkbox. -- This patch adds functionality to save key passphrases with pinentry-qt that already exists in pinentry-gtk-2. A "save passphrase" checkbox is shown when libsecret is available, the external password cache is enabled, and there is valid data in pinentry_t->keyinfo. When checked, the pinentry info is updated to allow the underlying implementation in pinentry/pinentry.c and pinentry/password-cache.c to cache the password using libsecret. Signed-off-by: Jason Carrete --- qt/main.cpp | 7 +++++-- qt/pinentrydialog.cpp | 37 +++++++++++++++++++++++++++++-------- qt/pinentrydialog.h | 9 +++++---- 3 files changed, 39 insertions(+), 14 deletions(-) diff --git a/qt/main.cpp b/qt/main.cpp index 8c8ab48..bc87e1a 100644 --- a/qt/main.cpp +++ b/qt/main.cpp @@ -212,12 +212,14 @@ qt_cmd_handler(pinentry_t pe) const QString generateTT = pe->genpin_tt ? from_utf8(pe->genpin_tt) : QString(); + const QString savePassphraseText = + pe->default_pwmngr ? escape_accel(from_utf8(pe->default_pwmngr)) : + QLatin1String("Save passphrase using libsecret"); if (want_pass) { - PinEntryDialog pinentry(nullptr, 0, pe->timeout, true, !!pe->quality_bar, + PinEntryDialog pinentry(pe, nullptr, 0, true, repeatString, visibilityTT, hideTT); setup_foreground_window(&pinentry, pe->parent_wid); - pinentry.setPinentryInfo(pe); pinentry.setPrompt(escape_accel(from_utf8(pe->prompt))); pinentry.setDescription(from_utf8(pe->description)); pinentry.setRepeatErrorText(repeatError); @@ -233,6 +235,7 @@ qt_cmd_handler(pinentry_t pe) from_utf8(pe->constraints_hint_long), from_utf8(pe->constraints_error_title) }); + pinentry.setSavePassphraseCBText(savePassphraseText); if (!title.isEmpty()) { pinentry.setWindowTitle(title); diff --git a/qt/pinentrydialog.cpp b/qt/pinentrydialog.cpp index 515576b..259fd6a 100644 --- a/qt/pinentrydialog.cpp +++ b/qt/pinentrydialog.cpp @@ -96,13 +96,14 @@ void PinEntryDialog::slotTimeout() reject(); } -PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name, - int timeout, bool modal, bool enable_quality_bar, +PinEntryDialog::PinEntryDialog(pinentry_t pe, QWidget *parent, const char *name, + bool modal, const QString &repeatString, const QString &visibilityTT, const QString &hideTT) : QDialog{parent} - , _have_quality_bar{enable_quality_bar} + , _have_quality_bar{!!pe->quality_bar} + , _pinentry_info{pe} , mVisibilityTT{visibilityTT} , mHideTT{hideTT} { @@ -232,7 +233,7 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name, grid->addWidget(mRepeatError, row, 2); } - if (enable_quality_bar) { + if (_have_quality_bar) { row++; _quality_bar_label = new QLabel(this); _quality_bar_label->setTextFormat(Qt::PlainText); @@ -246,6 +247,19 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name, grid->addWidget(_quality_bar, row, 2); } + ++row; + mSavePassphraseCB = new QCheckBox{this}; + mSavePassphraseCB->setVisible(false); + mSavePassphraseCB->setCheckState(!!_pinentry_info->may_cache_password + ? Qt::Checked + : Qt::Unchecked); +#ifdef HAVE_LIBSECRET + if (_pinentry_info->allow_external_password_cache && _pinentry_info->keyinfo) { + mSavePassphraseCB->setVisible(true); + } +#endif + grid->addWidget(mSavePassphraseCB, row, 1, 1, 2); + hbox->addLayout(grid, 1); mainLayout->addLayout(hbox); @@ -263,10 +277,10 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name, mainLayout->addWidget(buttons); mainLayout->setSizeConstraint(QLayout::SetFixedSize); - if (timeout > 0) { + if (_pinentry_info->timeout > 0) { _timer = new QTimer(this); connect(_timer, &QTimer::timeout, this, &PinEntryDialog::slotTimeout); - _timer->start(timeout * 1000); + _timer->start(_pinentry_info->timeout * 1000); } connect(buttons, &QDialogButtonBox::accepted, @@ -295,6 +309,8 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name, connect(mRepeat, &QLineEdit::textChanged, this, &PinEntryDialog::textChanged); } + connect(mSavePassphraseCB, &QCheckBox::stateChanged, + this, &PinEntryDialog::toggleSavePassphrase); auto capsLockWatcher = new CapsLockWatcher{this}; connect(capsLockWatcher, &CapsLockWatcher::stateChanged, @@ -510,6 +526,11 @@ void PinEntryDialog::toggleFormattedPassphrase() } } +void PinEntryDialog::toggleSavePassphrase() +{ + _pinentry_info->may_cache_password = !_pinentry_info->may_cache_password; +} + void PinEntryDialog::onBackspace() { cancelTimeout(); @@ -552,9 +573,9 @@ void PinEntryDialog::updateQuality(const QString &txt) } } -void PinEntryDialog::setPinentryInfo(pinentry_t peinfo) +void PinEntryDialog::setSavePassphraseCBText(const QString &text) { - _pinentry_info = peinfo; + mSavePassphraseCB->setText(text); } void PinEntryDialog::focusChanged(QWidget *old, QWidget *now) diff --git a/qt/pinentrydialog.h b/qt/pinentrydialog.h index 60161c5..6baa5ba 100644 --- a/qt/pinentrydialog.h +++ b/qt/pinentrydialog.h @@ -72,9 +72,8 @@ public: QString errorTitle; }; - explicit PinEntryDialog(QWidget *parent = 0, const char *name = 0, - int timeout = 0, bool modal = false, - bool enable_quality_bar = false, + explicit PinEntryDialog(pinentry_t pe, QWidget *parent = 0, const char *name = 0, + bool modal = false, const QString &repeatString = QString(), const QString &visibiltyTT = QString(), const QString &hideTT = QString()); @@ -110,7 +109,7 @@ public: void setConstraintsOptions(const ConstraintsOptions &options); - void setPinentryInfo(pinentry_t); + void setSavePassphraseCBText(const QString &text); bool timedOut() const; @@ -123,6 +122,7 @@ protected Q_SLOTS: void onBackspace(); void generatePin(); void toggleFormattedPassphrase(); + void toggleSavePassphrase(); protected: void keyPressEvent(QKeyEvent *event) override; @@ -176,6 +176,7 @@ private: QLabel *mCapsLockHint = nullptr; QLabel *mConstraintsHint = nullptr; QString mConstraintsErrorTitle; + QCheckBox *mSavePassphraseCB = nullptr; }; #endif // __PINENTRYDIALOG_H__ -- 2.42.1 -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 228 bytes Desc: OpenPGP digital signature URL: From gniibe at fsij.org Tue Nov 7 03:22:44 2023 From: gniibe at fsij.org (NIIBE Yutaka) Date: Tue, 07 Nov 2023 11:22:44 +0900 Subject: PATCH Libgpg-error] yat2m: Parse @dots{} to show ellipsis in HTML mode. In-Reply-To: <1699246351-263693.636958078.f3A64qU792695134@rs6161.luxsci.com> References: <1699228990-6084640.36017282.f3A6038Su2405519@rs6161.luxsci.com> <65486BE9.5050608@gmail.com> <1699246351-263693.636958078.f3A64qU792695134@rs6161.luxsci.com> Message-ID: <87zfzqqp3f.fsf@akagi.fsij.org> Hello, Support of @dots command is good. I think that Jacob Bachmeyer suggests the change: + { "dots", 0, "...", NULL, "…" }, That is, using the character entity reference of … (defined by HTML 4.0) for HTML output. This would be better since it doesn't require output file to be UTF-8 by the use of @dots. Also, the source code of yat2m.c is not required to be processed correctly as UTF-8. -- From jcb62281 at gmail.com Tue Nov 7 03:22:20 2023 From: jcb62281 at gmail.com (Jacob Bachmeyer) Date: Mon, 06 Nov 2023 20:22:20 -0600 Subject: PATCH Libgpg-error] yat2m: Parse @dots{} to show ellipsis in HTML mode. In-Reply-To: <1699246351-263693.636958078.f3A64qU792695134@rs6161.luxsci.com> References: <1699228990-6084640.36017282.f3A6038Su2405519@rs6161.luxsci.com> <65486BE9.5050608@gmail.com> <1699246351-263693.636958078.f3A64qU792695134@rs6161.luxsci.com> Message-ID: <65499F5C.1000003@gmail.com> Ben Kibbey wrote: > On Sun, Nov 05, 2023 at 10:30:33PM -0600, Jacob Bachmeyer wrote: > >> Ben Kibbey wrote: >> >>> Hello, >>> >>> I wasn't sure if pushing this patch would be alright or not because of >>> the UTF-8 character embedded in it and whether it is acceptable or not. >>> >> If you are writing HTML, why not output the … character entity >> instead of writing non-ASCII inline? >> > > Because the docs are generated from the same texinfo source; for manual > pages and HTML and texinfo. > Huh? Your patch as proposed contains an embedded UTF-8 ellipis, presumably in a location such that it will only be used for texinfo->HTML translation. Why not replace that string constant with "…" for the @dots{} command in HTML output? Presumably plain text output formats get the other "..." string which is three ASCII dots? -- Jacob From bjk at luxsci.net Tue Nov 7 04:13:26 2023 From: bjk at luxsci.net (Ben Kibbey) Date: Mon, 6 Nov 2023 19:13:26 -0800 Subject: PATCH Libgpg-error] yat2m: Parse @dots{} to show ellipsis in HTML mode. In-Reply-To: <65499F5C.1000003@gmail.com> References: <1699228990-6084640.36017282.f3A6038Su2405519@rs6161.luxsci.com> <65486BE9.5050608@gmail.com> <1699246351-263693.636958078.f3A64qU792695134@rs6161.luxsci.com> <65499F5C.1000003@gmail.com> Message-ID: <1699326810-8363363.41978453.f3A73DRRA392933@rs6161.luxsci.com> On Mon, Nov 06, 2023 at 08:22:20PM -0600, Jacob Bachmeyer wrote: > Ben Kibbey wrote: > > On Sun, Nov 05, 2023 at 10:30:33PM -0600, Jacob Bachmeyer wrote: > > > Ben Kibbey wrote: > > > > Hello, > > > > > > > > I wasn't sure if pushing this patch would be alright or not because of > > > > the UTF-8 character embedded in it and whether it is acceptable or not. > > > If you are writing HTML, why not output the … character entity > > > instead of writing non-ASCII inline? > > > > Because the docs are generated from the same texinfo source; for manual > > pages and HTML and texinfo. > > Huh? Your patch as proposed contains an embedded UTF-8 ellipis, presumably > in a location such that it will only be used for texinfo->HTML translation. > Why not replace that string constant with "…" for the @dots{} command > in HTML output? Presumably plain text output formats get the other "..." > string which is three ASCII dots? Sorry, I misunderstood what you were saying before. Your right. Using … is the way to go. Thanks, -- Ben Kibbey From kyle at iteratee.net Tue Nov 7 03:06:03 2023 From: kyle at iteratee.net (Kyle Butt) Date: Mon, 6 Nov 2023 19:06:03 -0700 Subject: Patch for keybox search with ED448 subkeys of v4 key Message-ID: I hit a bug at head recently because I had generated some ED448 subkeys of one of my keys. Looking up the public key block of the key id fails. It fails because the ED448 key has a 32 bit fingerprint and uses the first 64 bits as a long fingerprint. The lookup doesn't take this into account, because it assumes the same length of fingerprint for all subkeys beneath a key. I've attached a patch that corrects the behavior when searching the keybox. -------------- next part -------------- A non-text attachment was scrubbed... Name: keybox-search.patch Type: text/x-diff Size: 1364 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 297 bytes Desc: not available URL: From aheinecke at gnupg.org Wed Nov 8 11:30:12 2023 From: aheinecke at gnupg.org (Andre Heinecke) Date: Wed, 08 Nov 2023 11:30:12 +0100 Subject: [PATCH pinentry] qt: Present option to save password in password manager In-Reply-To: <01ca0ad5-8c46-4370-8f3d-49a30ec4732a@gmail.com> References: <01ca0ad5-8c46-4370-8f3d-49a30ec4732a@gmail.com> Message-ID: <13388181.uLZWGnKmhe@teutates> Hi Jason, thanks for your work! Nowadays we mostly use https://dev.gnupg.org for such things but patches per Mail are also always welcome. Using libsecret for password storage is indeed something that would be good for pinentry-qt. I have created https://dev.gnupg.org/T6801 for this. Could you maybe attach your patch through a differential https://dev.gnupg.org/differential/diff/create/ ? The problem is that even if I extract the raw Base64 from your mail the patch is already word wrapped and that breaks it in many places. I could fix it up manually but as you will have this as a patch file somwhere it would be easier if you could just upload it. Best Regards, Andre On Monday, 06 November 2023 09:09:47 CET Jason Carrete via Gnupg-devel wrote: > * qt/main.cpp: Pass pinentry info to PinEntryDialog constructor. Set > save passphrase checkbox text from pinentry_t->default_pwmngr. > * qt/pinentrydialog.cpp, qt/pinentrydialog.h: Dialog now accepts > pinentry info in the constructor and removed unneeded setter for > pinentry info. Add save passphrase checkbox. > > -- > > This patch adds functionality to save key passphrases with pinentry-qt > that already exists in pinentry-gtk-2. > > A "save passphrase" checkbox is shown when libsecret is available, > the external password cache is enabled, and there is valid data in > pinentry_t->keyinfo. When checked, the pinentry info is updated to allow > the underlying implementation in pinentry/pinentry.c and > pinentry/password-cache.c to cache the password using libsecret. > > Signed-off-by: Jason Carrete > --- > qt/main.cpp | 7 +++++-- > qt/pinentrydialog.cpp | 37 +++++++++++++++++++++++++++++-------- > qt/pinentrydialog.h | 9 +++++---- > 3 files changed, 39 insertions(+), 14 deletions(-) > > diff --git a/qt/main.cpp b/qt/main.cpp > index 8c8ab48..bc87e1a 100644 > --- a/qt/main.cpp > +++ b/qt/main.cpp > @@ -212,12 +212,14 @@ qt_cmd_handler(pinentry_t pe) > const QString generateTT = pe->genpin_tt ? from_utf8(pe->genpin_tt) : > QString(); > > + const QString savePassphraseText = > + pe->default_pwmngr ? escape_accel(from_utf8(pe->default_pwmngr)) : > + QLatin1String("Save passphrase using libsecret"); > > if (want_pass) { > - PinEntryDialog pinentry(nullptr, 0, pe->timeout, true, > !!pe->quality_bar, > + PinEntryDialog pinentry(pe, nullptr, 0, true, > repeatString, visibilityTT, hideTT); > setup_foreground_window(&pinentry, pe->parent_wid); > - pinentry.setPinentryInfo(pe); > pinentry.setPrompt(escape_accel(from_utf8(pe->prompt))); > pinentry.setDescription(from_utf8(pe->description)); > pinentry.setRepeatErrorText(repeatError); > @@ -233,6 +235,7 @@ qt_cmd_handler(pinentry_t pe) > from_utf8(pe->constraints_hint_long), > from_utf8(pe->constraints_error_title) > }); > + pinentry.setSavePassphraseCBText(savePassphraseText); > > if (!title.isEmpty()) { > pinentry.setWindowTitle(title); > diff --git a/qt/pinentrydialog.cpp b/qt/pinentrydialog.cpp > index 515576b..259fd6a 100644 > --- a/qt/pinentrydialog.cpp > +++ b/qt/pinentrydialog.cpp > @@ -96,13 +96,14 @@ void PinEntryDialog::slotTimeout() > reject(); > } > > -PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name, > - int timeout, bool modal, bool > enable_quality_bar, > +PinEntryDialog::PinEntryDialog(pinentry_t pe, QWidget *parent, const > char *name, > + bool modal, > const QString &repeatString, > const QString &visibilityTT, > const QString &hideTT) > : QDialog{parent} > - , _have_quality_bar{enable_quality_bar} > + , _have_quality_bar{!!pe->quality_bar} > + , _pinentry_info{pe} > , mVisibilityTT{visibilityTT} > , mHideTT{hideTT} > { > @@ -232,7 +233,7 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, > const char *name, > grid->addWidget(mRepeatError, row, 2); > } > > - if (enable_quality_bar) { > + if (_have_quality_bar) { > row++; > _quality_bar_label = new QLabel(this); > _quality_bar_label->setTextFormat(Qt::PlainText); > @@ -246,6 +247,19 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, > const char *name, > grid->addWidget(_quality_bar, row, 2); > } > > + ++row; > + mSavePassphraseCB = new QCheckBox{this}; > + mSavePassphraseCB->setVisible(false); > + mSavePassphraseCB->setCheckState(!!_pinentry_info->may_cache_password > + ? Qt::Checked > + : Qt::Unchecked); > +#ifdef HAVE_LIBSECRET > + if (_pinentry_info->allow_external_password_cache && > _pinentry_info->keyinfo) { > + mSavePassphraseCB->setVisible(true); > + } > +#endif > + grid->addWidget(mSavePassphraseCB, row, 1, 1, 2); > + > hbox->addLayout(grid, 1); > mainLayout->addLayout(hbox); > > @@ -263,10 +277,10 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, > const char *name, > mainLayout->addWidget(buttons); > mainLayout->setSizeConstraint(QLayout::SetFixedSize); > > - if (timeout > 0) { > + if (_pinentry_info->timeout > 0) { > _timer = new QTimer(this); > connect(_timer, &QTimer::timeout, this, > &PinEntryDialog::slotTimeout); > - _timer->start(timeout * 1000); > + _timer->start(_pinentry_info->timeout * 1000); > } > > connect(buttons, &QDialogButtonBox::accepted, > @@ -295,6 +309,8 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, > const char *name, > connect(mRepeat, &QLineEdit::textChanged, > this, &PinEntryDialog::textChanged); > } > + connect(mSavePassphraseCB, &QCheckBox::stateChanged, > + this, &PinEntryDialog::toggleSavePassphrase); > > auto capsLockWatcher = new CapsLockWatcher{this}; > connect(capsLockWatcher, &CapsLockWatcher::stateChanged, > @@ -510,6 +526,11 @@ void PinEntryDialog::toggleFormattedPassphrase() > } > } > > +void PinEntryDialog::toggleSavePassphrase() > +{ > + _pinentry_info->may_cache_password = > !_pinentry_info->may_cache_password; > +} > + > void PinEntryDialog::onBackspace() > { > cancelTimeout(); > @@ -552,9 +573,9 @@ void PinEntryDialog::updateQuality(const QString &txt) > } > } > > -void PinEntryDialog::setPinentryInfo(pinentry_t peinfo) > +void PinEntryDialog::setSavePassphraseCBText(const QString &text) > { > - _pinentry_info = peinfo; > + mSavePassphraseCB->setText(text); > } > > void PinEntryDialog::focusChanged(QWidget *old, QWidget *now) > diff --git a/qt/pinentrydialog.h b/qt/pinentrydialog.h > index 60161c5..6baa5ba 100644 > --- a/qt/pinentrydialog.h > +++ b/qt/pinentrydialog.h > @@ -72,9 +72,8 @@ public: > QString errorTitle; > }; > > - explicit PinEntryDialog(QWidget *parent = 0, const char *name = 0, > - int timeout = 0, bool modal = false, > - bool enable_quality_bar = false, > + explicit PinEntryDialog(pinentry_t pe, QWidget *parent = 0, const > char *name = 0, > + bool modal = false, > const QString &repeatString = QString(), > const QString &visibiltyTT = QString(), > const QString &hideTT = QString()); > @@ -110,7 +109,7 @@ public: > > void setConstraintsOptions(const ConstraintsOptions &options); > > - void setPinentryInfo(pinentry_t); > + void setSavePassphraseCBText(const QString &text); > > bool timedOut() const; > > @@ -123,6 +122,7 @@ protected Q_SLOTS: > void onBackspace(); > void generatePin(); > void toggleFormattedPassphrase(); > + void toggleSavePassphrase(); > > protected: > void keyPressEvent(QKeyEvent *event) override; > @@ -176,6 +176,7 @@ private: > QLabel *mCapsLockHint = nullptr; > QLabel *mConstraintsHint = nullptr; > QString mConstraintsErrorTitle; > + QCheckBox *mSavePassphraseCB = nullptr; > }; > > #endif // __PINENTRYDIALOG_H__ > -- > 2.42.1 > -- GnuPG.com - a brand of g10 Code, the GnuPG experts. g10 Code GmbH, Erkrath/Germany, AG Wuppertal HRB14459 GF Werner Koch, USt-Id DE215605608, www.g10code.com. GnuPG e.V., Rochusstr. 44, D-40479 D?sseldorf. VR 11482 D?sseldorf Vorstand: W.Koch, B.Reiter, A.Heinecke Mail: board at gnupg.org Finanzamt D-Altstadt, St-Nr: 103/5923/1779. Tel: +49-211-28010702 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 5655 bytes Desc: This is a digitally signed message part. URL: From jasoncarrete5 at gmail.com Wed Nov 8 20:15:36 2023 From: jasoncarrete5 at gmail.com (Jason Carrete) Date: Wed, 8 Nov 2023 14:15:36 -0500 Subject: [PATCH pinentry] qt: Present option to save password in password manager In-Reply-To: <13388181.uLZWGnKmhe@teutates> References: <01ca0ad5-8c46-4370-8f3d-49a30ec4732a@gmail.com> <13388181.uLZWGnKmhe@teutates> Message-ID: > I have created https://dev.gnupg.org/T6801 for this. Could you maybe attach > your patch through a differential https://dev.gnupg.org/differential/diff/create/ > ? I have created a diff here (https://dev.gnupg.org/differential/diff/1543/) and left a comment on https://dev.gnupg.org/T6801#178117 I'm not too familiar with phabricator software so I wasn't sure how to connect the diff together with the ticket you created. -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 228 bytes Desc: OpenPGP digital signature URL: From bernhard at intevation.de Fri Nov 17 17:13:37 2023 From: bernhard at intevation.de (Bernhard Reiter) Date: Fri, 17 Nov 2023 17:13:37 +0100 Subject: [PATCH gnupg] doc: update default-new-key-algo to ed25519 Message-ID: <202311171713.45161.bernhard@intevation.de> -- https://intevation.de/~bernhard ? +49 541 33 508 3-3 Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-doc-update-default-new-key-algo-to-ed25519.patch Type: text/x-diff Size: 1421 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: This is a digitally signed message part. URL: From jcb62281 at gmail.com Sat Nov 18 04:36:52 2023 From: jcb62281 at gmail.com (Jacob Bachmeyer) Date: Fri, 17 Nov 2023 21:36:52 -0600 Subject: [PATCH gnupg] doc: update default-new-key-algo to ed25519 In-Reply-To: <202311171713.45161.bernhard@intevation.de> References: <202311171713.45161.bernhard@intevation.de> Message-ID: <65583154.9050600@gmail.com> Bernhard Reiter wrote: > [patch in attachment] I suggest striking "what was" and revising, leaving "can be changed to the previous default value, which" to make the text flow less awkwardly. -- Jacob From ineiev at gnu.org Mon Nov 20 11:08:22 2023 From: ineiev at gnu.org (Ineiev) Date: Mon, 20 Nov 2023 10:08:22 +0000 Subject: GnuPG 2.4.3: ChangeLog is almost empty Message-ID: In gnupg-2.4.3, ChangeLog only includes a single entry, while doc/HACKNIG suggests that the file should be regenerated at dist time. Probably the distcheck rule doesn't check that correctly. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From wk at gnupg.org Mon Nov 20 13:29:19 2023 From: wk at gnupg.org (Werner Koch) Date: Mon, 20 Nov 2023 13:29:19 +0100 Subject: GnuPG 2.4.3: ChangeLog is almost empty In-Reply-To: (Ineiev via Gnupg-devel's message of "Mon, 20 Nov 2023 10:08:22 +0000") References: Message-ID: <875y1wfw0w.fsf@jacob.g10code.de> On Mon, 20 Nov 2023 10:08, Ineiev said: > In gnupg-2.4.3, ChangeLog only includes a single entry, > while doc/HACKNIG suggests that the file should be regenerated > at dist time. I recently wondered whether I should check the generated ChangeLog once in a while. Problem could be that I movfed to a new build machine and the gitlog-to-changelog script was not properly installed over there. I'll check. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From mail at bernhard-voelker.de Mon Nov 20 23:15:28 2023 From: mail at bernhard-voelker.de (Bernhard Voelker) Date: Mon, 20 Nov 2023 23:15:28 +0100 Subject: [GPGME] gpgme_op_delete silently succeeds while gpg says: delete key failed In-Reply-To: <53b80bf2-f32a-4f3e-8c89-852d9a10a1f1@bernhard-voelker.de> References: <53b80bf2-f32a-4f3e-8c89-852d9a10a1f1@bernhard-voelker.de> Message-ID: <44bf047a-3b06-4820-9317-50957648b652@bernhard-voelker.de> Hi *, I had to notice that I ported my application in the wrong way from gpgme-1.9.0 to 1.13.1 some years ago (now using latest, of course). GPGME-1.10.0 introduced the new key deletion flag GPGME_DELETE_FORCE and the new function gpgme_op_delete_ext, but somehow I failed to use the new function. Instead, my code looked like this: gpgme_error_t err = gpgme_op_delete (ctx, key, GPGME_DELETE_ALLOW_SECRET | GPGME_DELETE_FORCE); if (err) { handle_error(...); } Unluckily, both gpgme_op_delete and the newer gpgme_op_delete_ext have an integer type as third parameter, and therefore the GCC compiler didn't warn either, not even with -Wextra. As an effect, GPGME does not add the '--yes' option to the gpg call. Well, it was like that, but I was surprised to see that gpgme_op_delete does not return an error while the underlying `gpg` call fails: $ gpg --disable-dirmngr --batch --pinentry-mode=loopback --no-tty \ --delete-secret-and-public-key -- E7C0CD48F8BB8CFF481AC5D4408E548D1D380ED9 gpg: can't do this in batch mode without "--yes" gpg: E7C0CD48F8BB8CFF481AC5D4408E548D1D380ED9: delete key failed: End of file $ echo $? 2 Shouldn't gpgme_op_delete better propagate this error from GPG back to the caller? With that, I'd have detected my above porting fault much earlier. 'gpgme.trace' attached. Thanks & have a nice day, Berny -------------- next part -------------- 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_debug: level=9 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_check_version: call: req_version=(null), VERSION=1.23.1 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_check_version_internal: call: req_version=(null), offset_sig_validity=60 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_set_locale: enter: ctx=0x0000000000000000 category=0, value=en_US.utf8 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_set_locale: leave: 2023-11-15 01:46:54 gpgme[2647.a57] gpgme-dinfo: gpgconf='/usr/bin/gpgconf' 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_pipe: enter: inherit_idx=1 (GPGME uses it for reading) 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_pipe: leave: read fd=8 write fd=9 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: enter: path=/usr/bin/gpgconf 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 0] = /usr/bin/gpgconf 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 1] = --list-dirs 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: fd[0] = 0x9 -> 0x1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: fd[0] = 0x9 -> 0x1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: waiting for child process pid=2649 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: enter: fd=9 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: enter: fd=8 buffer=0x00007ffceb4b65b0 count=1023 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: sysconfdir:/etc/gnupg 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: bindir:/usr/bin 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: libexecdir:/usr/libexec 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: libdir:/usr/lib64/gnupg 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: datadir:/usr/share/gnupg 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: localedir:/usr/share/locale 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: socketdir:/run/user/717/gnupg/d.hn4sh7q1to53tbbx 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: fxiejnfj 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: dirmngr-socket:/run/user/717/gnupg/d.hn4sh7q1to5 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: 3tbbxfxiejnfj/S.dirmngr 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: keyboxd-socket:/run/user/717/gnupg/d.hn4sh7q1to5 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: 3tbbxfxiejnfj/S.keyboxd 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: agent-ssh-socket:/run/user/717/gnupg/d.hn4sh7q1t 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: o53tbbxfxiejnfj/S.gpg-agent.ssh 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: agent-extra-socket:/run/user/717/gnupg/d.hn4sh7q 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: 1to53tbbxfxiejnfj/S.gpg-agent.extra 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: agent-browser-socket:/run/user/717/gnupg/d.hn4sh 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: 7q1to53tbbxfxiejnfj/S.gpg-agent.browser 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: agent-socket:/run/user/717/gnupg/d.hn4sh7q1to53t 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: bbxfxiejnfj/S.gpg-agent 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: homedir:/home/voelkerb/cs.gnupghome/gnupghome.cs 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: _12700 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: leave: result=719 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: enter: fd=8 buffer=0x00007ffceb4b65b0 count=1023 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: enter: fd=8 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_pipe: enter: inherit_idx=1 (GPGME uses it for reading) 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_pipe: leave: read fd=8 write fd=9 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: enter: path=/usr/bin/gpgconf 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 0] = /usr/bin/gpgconf 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 1] = --list-components 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: fd[0] = 0x9 -> 0x1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: fd[0] = 0x9 -> 0x1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: waiting for child process pid=2651 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: enter: fd=9 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: enter: fd=8 buffer=0x00007ffceb4b65b0 count=1023 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: gpg:OpenPGP:/usr/bin/gpg2 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: gpgsm:S/MIME:/usr/bin/gpgsm 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: keyboxd:Public Keys:/usr/libexec/keyboxd 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: gpg-agent:Private Keys:/usr/bin/gpg-agent 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: scdaemon:Smartcards:/usr/libexec/scdaemon 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: tpm2daemon:TPM:/usr/libexec/tpm2daemon 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: dirmngr:Network:/usr/bin/dirmngr 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: pinentry:Passphrase Entry:/usr/bin/pinentry 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: leave: result=295 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: enter: fd=8 buffer=0x00007ffceb4b65b0 count=1023 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: enter: fd=8 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] gpgme-dinfo: gpg='/usr/bin/gpg2' 2023-11-15 01:46:54 gpgme[2647.a57] gpgme-dinfo: gpgsm='/usr/bin/gpgsm' 2023-11-15 01:46:54 gpgme[2647.a57] gpgme-dinfo: keyboxd='/usr/libexec/keyboxd' 2023-11-15 01:46:54 gpgme[2647.a57] gpgme-dinfo: gpg-agent='/usr/bin/gpg-agent' 2023-11-15 01:46:54 gpgme[2647.a57] gpgme-dinfo: scdaemon='/usr/libexec/scdaemon' 2023-11-15 01:46:54 gpgme[2647.a57] gpgme-dinfo: dirmngr='/usr/bin/dirmngr' 2023-11-15 01:46:54 gpgme[2647.a57] gpgme-dinfo: pinentry='/usr/bin/pinentry' 2023-11-15 01:46:54 gpgme[2647.a57] gpgme-dinfo: homedir='/home/voelkerb/cs.gnupghome/gnupghome.cs_12700' 2023-11-15 01:46:54 gpgme[2647.a57] gpgme-dinfo: sockdir='/run/user/717/gnupg/d.hn4sh7q1to53tbbxfxiejnfj' 2023-11-15 01:46:54 gpgme[2647.a57] gpgme-dinfo: agent='/run/user/717/gnupg/d.hn4sh7q1to53tbbxfxiejnfj/S.gpg-agent' 2023-11-15 01:46:54 gpgme[2647.a57] gpgme-dinfo: ssh='/run/user/717/gnupg/d.hn4sh7q1to53tbbxfxiejnfj/S.gpg-agent.ssh' 2023-11-15 01:46:54 gpgme[2647.a57] gpgme-dinfo: dirmngr='/run/user/717/gnupg/d.hn4sh7q1to53tbbxfxiejnfj/S.dirmngr' 2023-11-15 01:46:54 gpgme[2647.a57] gpgme-dinfo: uisrv='/run/user/717/gnupg/d.hn4sh7q1to53tbbxfxiejnfj/S.uiserver' 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_pipe: enter: inherit_idx=1 (GPGME uses it for reading) 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_pipe: leave: read fd=8 write fd=9 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: enter: path=/usr/bin/gpg2 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 0] = /usr/bin/gpg2 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 1] = --version 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: fd[0] = 0x9 -> 0x1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: fd[0] = 0x9 -> 0x1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: waiting for child process pid=2653 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: enter: fd=9 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: enter: fd=8 buffer=0x00007ffceb4b69a0 count=79 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: gpg (GnuPG) 2.4.3 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: libgcrypt 1.10.2 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: Copyright (C) 2023 g10 Code GmbH 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: License GNU 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: leave: result=79 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: enter: fd=8 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_pipe: enter: inherit_idx=1 (GPGME uses it for reading) 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_pipe: leave: read fd=8 write fd=9 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: enter: path=/usr/bin/gpgsm 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 0] = /usr/bin/gpgsm 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 1] = --version 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: fd[0] = 0x9 -> 0x1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: fd[0] = 0x9 -> 0x1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: waiting for child process pid=2655 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: enter: fd=9 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: enter: fd=8 buffer=0x00007ffceb4b69a0 count=79 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: gpgsm (GnuPG) 2.4.3 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: libgcrypt 1.10.2 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: libksba 1.6.4 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: Copyright (C) 2023 g10 Code 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: leave: result=79 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: enter: fd=8 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_pipe: enter: inherit_idx=1 (GPGME uses it for reading) 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_pipe: leave: read fd=8 write fd=9 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: enter: path=/usr/bin/gpgconf 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 0] = /usr/bin/gpgconf 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 1] = --version 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: fd[0] = 0x9 -> 0x1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: fd[0] = 0x9 -> 0x1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: waiting for child process pid=2657 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: enter: fd=9 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: enter: fd=8 buffer=0x00007ffceb4b69a0 count=79 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: gpgconf (GnuPG) 2.4.3 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: Copyright (C) 2023 g10 Code GmbH 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: License GNU GPL-3.0-or-l 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: leave: result=79 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: enter: fd=8 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_new: enter: r_ctx=0x00007ffceb4b6a68 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_new: leave: ctx=0x00000000016f5500 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_set_pinentry_mode: call: ctx=0x00000000016f5500 pinentry_mode=4 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_set_armor: call: ctx=0x00000000016f5500 use_armor=1 (yes) 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_set_offline: call: ctx=0x00000000016f5500 offline=1 (yes) 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_set_passphrase_cb: call: ctx=0x00000000016f5500 passphrase_cb=0x0000000000000000/0x0000000000000000 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_data_new_from_mem: enter: r_dh=0x00007ffceb4b59f8 buffer=0x00000000016f59f8, size=1751, copy=0 (no) 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_data_new_from_mem: leave: dh=0x00000000016f69a0 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_data_set_encoding: enter: dh=0x00000000016f69a0 encoding=3 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_data_set_encoding: leave: ... 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_op_delete: enter: ctx=0x00000000016ef720 key=0x00000000016ecdf0 (E7C0CD48F8BB8CFF481AC5D4408E548D1D380ED9), allow_secret=3 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_data_release: call: dh=0x0000000000000000 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_data_release: call: dh=0x00000000016f69a0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_pipe: enter: inherit_idx=1 (GPGME uses it for reading) 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_pipe: leave: read fd=8 write fd=9 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_set_close_notify: enter: fd=8 close_handler=0x00000000004e0089/0x00000000016ee5d0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_set_close_notify: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_set_close_notify: enter: fd=9 close_handler=0x00000000004e0089/0x00000000016ee5d0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_set_close_notify: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_data_new: enter: r_dh=0x00000000016ee740 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_data_new: leave: dh=0x00000000016f69a0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_pipe: enter: inherit_idx=1 (GPGME uses it for reading) 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_pipe: leave: read fd=10 write fd=11 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_set_close_notify: enter: fd=10 close_handler=0x00000000004e0089/0x00000000016ee5d0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_set_close_notify: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_set_close_notify: enter: fd=11 close_handler=0x00000000004e0089/0x00000000016ee5d0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_set_close_notify: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: enter: path=/usr/bin/gpg2 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 0] = gpg2 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 1] = --disable-dirmngr 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 2] = --pinentry-mode=loopback 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 3] = --batch 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 4] = --lc-ctype=en_US.utf8 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 5] = --status-fd 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 6] = 9 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 7] = --logger-fd 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 8] = 11 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[ 9] = --no-tty 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[10] = --charset=utf8 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[11] = --enable-progress-filter 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[12] = --exit-on-status-write-error 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[13] = --delete-secret-and-public-key 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[14] = -- 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: argv[15] = E7C0CD48F8BB8CFF481AC5D4408E548D1D380ED9 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: fd[0] = 0x9 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: fd[1] = 0xb 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: fd[1] = 0xb 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: check: waiting for child process pid=2734 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: enter: fd=9 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: check: invoking close handler 0x00000000004e0089/0x00000000016ee5d0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: enter: fd=11 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: check: invoking close handler 0x00000000004e0089/0x00000000016ee5d0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_spawn: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_add_io_cb: call: ctx=0x00000000016ef720 fd=8, dir=1 -> tag=0x00000000016d7100 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_add_io_cb: call: ctx=0x00000000016ef720 fd=10, dir=1 -> tag=0x00000000016ef430 2023-11-15 01:46:54 gpgme[2647.a57] gpgme:gpg_io_event: call: gpg=0x00000000016ee5d0 event 0x0000000000500283, type 0, type_data 0x0000000000000000 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: enter: nfds=10, nonblock=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: check: poll on [ r=8 r=10 ] 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: check: poll OK [ r=1 ] 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: leave: result=1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_run_io_cb: call: item=0x00000000016ecd70 need to check 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: enter: nfds=1, nonblock=1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: check: poll on [ r=10 ] 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: check: poll OK [ r=0 ] 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: leave: result=1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_run_io_cb: call: item=0x00000000016ecd70 handler (0x00000000016f69a0, 10) 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_data_inbound_handler: enter: dh=0x00000000016f69a0 fd=10 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: enter: fd=10 buffer=0x00007ffceb4b5920 count=4096 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: gpg: can't do this in batch mode without "--yes" 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: leave: result=49 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_data_write: enter: dh=0x00000000016f69a0 buffer=0x00007ffceb4b5920, size=49 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_data_write: leave: result=49 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_data_inbound_handler: leave: 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: enter: nfds=10, nonblock=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: check: poll on [ r=8 r=10 ] 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: check: poll OK [ r=1 ] 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: leave: result=1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_run_io_cb: call: item=0x00000000016ecd70 need to check 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: enter: nfds=1, nonblock=1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: check: poll on [ r=10 ] 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: check: poll OK [ r=0 ] 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: leave: result=1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_run_io_cb: call: item=0x00000000016ecd70 handler (0x00000000016f69a0, 10) 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_data_inbound_handler: enter: dh=0x00000000016f69a0 fd=10 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: enter: fd=10 buffer=0x00007ffceb4b5920 count=4096 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: gpg: E7C0CD48F8BB8CFF481AC5D4408E548D1D380ED9: d 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: check: elete key failed: End of file 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: leave: result=78 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_data_write: enter: dh=0x00000000016f69a0 buffer=0x00007ffceb4b5920, size=78 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_data_write: leave: result=78 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_data_inbound_handler: leave: 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: enter: nfds=10, nonblock=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: check: poll on [ r=8 r=10 ] 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: check: poll OK [ r=0 r=1 ] 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: leave: result=2 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_run_io_cb: call: item=0x00000000016ef870 need to check 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: enter: nfds=1, nonblock=1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: check: poll on [ r=8 ] 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: check: poll OK [ r=0 ] 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: leave: result=1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_run_io_cb: call: item=0x00000000016ef870 handler (0x00000000016ee5d0, 8) 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: enter: fd=8 buffer=0x00000000016e91f0 count=1024 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: enter: fd=8 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: check: invoking close handler 0x00000000004e0089/0x00000000016ee5d0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_remove_io_cb: call: data=0x00000000016d7100 setting fd 0x8 (item=0x00000000016ef870) done 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_run_io_cb: call: item=0x00000000016ecd70 need to check 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: enter: nfds=1, nonblock=1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: check: poll on [ r=10 ] 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: check: poll OK [ r=0 ] 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_select: leave: result=1 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_run_io_cb: call: item=0x00000000016ecd70 handler (0x00000000016f69a0, 10) 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_data_inbound_handler: enter: dh=0x00000000016f69a0 fd=10 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: enter: fd=10 buffer=0x00007ffceb4b5920 count=4096 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_read: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: enter: fd=10 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: check: invoking close handler 0x00000000004e0089/0x00000000016ee5d0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_remove_io_cb: call: data=0x00000000016ef430 setting fd 0xa (item=0x00000000016ecd70) done 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_io_close: leave: result=0 2023-11-15 01:46:54 gpgme[2647.a57] _gpgme_data_inbound_handler: leave: 2023-11-15 01:46:54 gpgme[2647.a57] gpgme:gpg_io_event: call: gpg=0x00000000016ee5d0 event 0x0000000000500283, type 1, type_data 0x00007ffceb4b6a30 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_release: call: ctx=0x00000000016ef720 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_data_release: call: dh=0x0000000000000000 2023-11-15 01:46:54 gpgme[2647.a57] gpgme_data_release: call: dh=0x00000000016f69a0 From bernhard at intevation.de Tue Nov 21 16:14:32 2023 From: bernhard at intevation.de (Bernhard Reiter) Date: Tue, 21 Nov 2023 16:14:32 +0100 Subject: [PATCH gnupg] doc: update default-new-key-algo to ed25519 In-Reply-To: <65583154.9050600@gmail.com> References: <202311171713.45161.bernhard@intevation.de> <65583154.9050600@gmail.com> Message-ID: <202311211614.33013.bernhard@intevation.de> > I suggest striking "what was" and revising, leaving "can be changed to > the previous default value, which" to make the text flow less awkwardly. Thanks, new patch version attached. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-doc-update-default-new-key-algo-to-ed25519.patch Type: text/x-diff Size: 1411 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: This is a digitally signed message part. URL: From jcb62281 at gmail.com Wed Nov 22 05:18:02 2023 From: jcb62281 at gmail.com (Jacob Bachmeyer) Date: Tue, 21 Nov 2023 22:18:02 -0600 Subject: [PATCH gnupg] doc: update default-new-key-algo to ed25519 In-Reply-To: <202311211614.33013.bernhard@intevation.de> References: <202311171713.45161.bernhard@intevation.de> <65583154.9050600@gmail.com> <202311211614.33013.bernhard@intevation.de> Message-ID: <655D80FA.1080704@gmail.com> Bernhard Reiter wrote: >> I suggest striking "what was" and revising, leaving "can be changed to >> the previous default value, which" to make the text flow less awkwardly. >> > > Thanks, new patch version attached. > The problem for me is "the value of what was the previous default" is awkward; I suggest instead saying "the previous default value" there. Is this an awkward phrasing to optimize TeX typesetting? -- Jacob From bernhard at intevation.de Wed Nov 22 09:15:02 2023 From: bernhard at intevation.de (Bernhard Reiter) Date: Wed, 22 Nov 2023 09:15:02 +0100 Subject: [PATCH gnupg] doc: update default-new-key-algo to ed25519 In-Reply-To: <655D80FA.1080704@gmail.com> References: <202311171713.45161.bernhard@intevation.de> <202311211614.33013.bernhard@intevation.de> <655D80FA.1080704@gmail.com> Message-ID: <202311220915.03215.bernhard@intevation.de> > The problem for me is "the value of what was the previous default" is > awkward; I suggest instead saying "the previous default value" there. New patch attached, thanks. > Is this an awkward phrasing to optimize TeX typesetting? I don't know as I somehow kept the structure of the original sentence. Feel free to improve the phrasing as the important part is that the chance in default is reflected here. (A potential additional improvement could be that it is generated into that place of the documentation, so it is not forgotten next time the default is changed.) Regards, Bernhard -------------- next part -------------- A non-text attachment was scrubbed... Name: 0003-doc-update-default-new-key-algo-to-ed25519.patch Type: text/x-diff Size: 1389 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: This is a digitally signed message part. URL: From mario.haustein at hrz.tu-chemnitz.de Tue Nov 28 23:09:04 2023 From: mario.haustein at hrz.tu-chemnitz.de (Mario Haustein) Date: Tue, 28 Nov 2023 23:09:04 +0100 Subject: [PATCH GnuPG 0/2] scd:p15: Add support for CardOS 5.4 and D-Trust Card 4.1/4.4 Message-ID: <3473643.QJadu78ljV@localdomain> Dear GnuPG developers, this patch adds support for the D-Trust Card 4.1/4.4 and the underlying CardOS 5.4 card operating system. The cards are sold by D-Trust a branch of the German Bundesdruckerei. They provide a qualified electronic signature (4.1) resp. qualified electronic seal (4.4) according to the EU eIDAS regulation. The signature cards furthermore provide an advanced electronic certificate which may be used for authentication and encryption as well. This patch implements the standard card. It requires a PIN verification for every single signature and uses RSA. Multicards can produce multiple signatures per PIN verification, but use elliptic curve algorithms. This is currently not implemented, but I will add this feature as soon as I can obtain such a card for testing. Mario Haustein (2): scd:p15: Add support for CardOS 5.4 scd:p15: Add support for D-Trust Card 4.1/4.4 scd/app-p15.c | 90 ++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 79 insertions(+), 11 deletions(-) -- 2.41.0 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5734 bytes Desc: not available URL: From mario.haustein at hrz.tu-chemnitz.de Tue Nov 28 23:09:26 2023 From: mario.haustein at hrz.tu-chemnitz.de (Mario Haustein) Date: Tue, 28 Nov 2023 23:09:26 +0100 Subject: [PATCH GnuPG 2/2] scd:p15: Add support for D-Trust Card 4.1/4.4 Message-ID: <4329774.ejJDZkT8p0@localdomain> * scd/app-p15.c (CARD_PRODUCT_DTRUST4) New. (app_select_p15): This cards uses a different AID for PKCS#15 application (do_sign): The card doesn't support MSE SET, but requires MSE RESTORE to a predefined template. (do_decipher): Ditto. --- scd/app-p15.c | 80 +++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 71 insertions(+), 9 deletions(-) diff --git a/scd/app-p15.c b/scd/app-p15.c index dab1f4901..c4eb1e019 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -87,7 +87,8 @@ typedef enum { CARD_PRODUCT_UNKNOWN, CARD_PRODUCT_RSCS, /* Rohde&Schwarz Cybersecurity */ - CARD_PRODUCT_DTRUST, /* D-Trust GmbH (bundesdruckerei.de) */ + CARD_PRODUCT_DTRUST3, /* D-Trust GmbH (bundesdruckerei.de) */ + CARD_PRODUCT_DTRUST4, CARD_PRODUCT_GENUA, /* GeNUA mbH */ CARD_PRODUCT_NEXUS /* Technology Nexus */ } @@ -151,6 +152,11 @@ static char const pkcs15_aid[] = { 0xA0, 0, 0, 0, 0x63, static char const pkcs15be_aid[] = { 0xA0, 0, 0, 0x01, 0x77, 0x50, 0x4B, 0x43, 0x53, 0x2D, 0x31, 0x35 }; +/* The D-TRUST Card 4.x variant - dito */ +static char const pkcs15dtrust4_aid[] = { 0xE8, 0x28, 0xBD, 0x08, 0x0F, 0xA0, + 0x00, 0x00, 0x01, 0x67, 0x45, 0x53, + 0x49, 0x47, 0x4E }; + /* The PIN types as defined in pkcs#15 v1.1 */ typedef enum @@ -554,7 +560,8 @@ cardproduct2str (card_product_t cardproduct) { case CARD_PRODUCT_UNKNOWN: return ""; case CARD_PRODUCT_RSCS: return "R&S"; - case CARD_PRODUCT_DTRUST: return "D-Trust"; + case CARD_PRODUCT_DTRUST3: return "D-Trust 3"; + case CARD_PRODUCT_DTRUST4: return "D-Trust 4.1/4.4"; case CARD_PRODUCT_GENUA: return "GeNUA"; case CARD_PRODUCT_NEXUS: return "Nexus"; } @@ -3500,7 +3507,7 @@ read_ef_tokeninfo (app_t app) ul |= (*p++) & 0xff; n--; } - if (ul) + if (ul > 1) { log_error ("p15: invalid version %lu in TokenInfo\n", ul); err = gpg_error (GPG_ERR_INV_OBJ); @@ -3834,7 +3841,14 @@ read_p15_info (app_t app) && !strncmp (app->app_local->token_label, "D-TRUST Card V3", 15) && app->app_local->card_type == CARD_TYPE_CARDOS_50) { - app->app_local->card_product = CARD_PRODUCT_DTRUST; + app->app_local->card_product = CARD_PRODUCT_DTRUST3; + } + if (!app->app_local->card_product + && app->app_local->token_label + && !strncmp (app->app_local->token_label, "D-TRUST Card 4.", 15) + && app->app_local->card_type == CARD_TYPE_CARDOS_54) + { + app->app_local->card_product = CARD_PRODUCT_DTRUST4; } @@ -5012,7 +5026,7 @@ prepare_verify_pin (app_t app, const char *keyref, } - if (app->app_local->card_product == CARD_PRODUCT_DTRUST) + if (app->app_local->card_product == CARD_PRODUCT_DTRUST3) { /* According to our protocol analysis we need to select a * special AID here. Before that the master file needs to be @@ -5263,7 +5277,8 @@ verify_pin (app_t app, if (prkdf && prkdf->usageflags.non_repudiation && (app->app_local->card_type == CARD_TYPE_BELPIC - || app->app_local->card_product == CARD_PRODUCT_DTRUST)) + || app->app_local->card_product == CARD_PRODUCT_DTRUST3 + || app->app_local->card_product == CARD_PRODUCT_DTRUST4)) label = _("||Please enter the PIN for the key to create " "qualified signatures."); else if (aodf->pinflags.so_pin) @@ -5627,7 +5642,8 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, goto leave; } if (app->app_local->card_type == CARD_TYPE_BELPIC - || app->app_local->card_product == CARD_PRODUCT_NEXUS) + || app->app_local->card_product == CARD_PRODUCT_NEXUS + || app->app_local->card_product == CARD_PRODUCT_DTRUST4) { /* The default for these cards is to use a plain hash. We * assume that due to the used certificate the correct hash @@ -5713,6 +5729,30 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, else err = micardo_mse (app, prkdf->path[prkdf->pathlen-1]); } + else if (app->app_local->card_product == CARD_PRODUCT_DTRUST4) + { + if (prkdf->is_ecc) + { + /* Not implemented due to lacking test hardware. */ + err = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); + } + else + { + /* The D-TRUST Card 4.x doesn't support setting a security + * environment, at least as specified in the specs. Insted a + * predefined security environment has to be loaded depending on the + * cipher and message digest used. The spec states SE-ID 0x25 for + * SHA256, 0x26 for SHA384 and 0x27 for SHA512, when using PKCS#1 + * padding. But this matters only if the message digest is computed + * on the card. When providing the digest info and a pre-calculated + * hash, all security environments yield the same result. Thus we + * choose 0x25. + * + * Note: For PSS signatures, different values apply. */ + err = iso7816_manage_security_env (app_get_slot (app), + 0xf3, 0x25, NULL, 0); + } + } else if (prkdf->key_reference_valid) { unsigned char mse[3]; @@ -5868,7 +5908,7 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, /* The next is guess work for CardOS. */ - if (app->app_local->card_product == CARD_PRODUCT_DTRUST) + if (app->app_local->card_product == CARD_PRODUCT_DTRUST3) { /* From analyzing an USB trace of a Windows signing application * we see that the SE is simply reset to 0x14. It seems to be @@ -5885,6 +5925,21 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, 0xF3, 0x14, NULL, 0); } + else if (app->app_local->card_product == CARD_PRODUCT_DTRUST4) + { + if (prkdf->is_ecc) + { + /* Not implemented due to lacking test hardware. */ + err = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); + } + else + { + /* SE-ID 0x31 is for PKCS#1 padded cryptograms. For OAEP encryption + * schemes, different values apply. */ + err = iso7816_manage_security_env (app_get_slot (app), + 0xF3, 0x31, NULL, 0); + } + } else if (prkdf->key_reference_valid) { unsigned char mse[9]; @@ -5928,7 +5983,8 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, le_value = prkdf->keynbits / 8; } - if (app->app_local->card_product == CARD_PRODUCT_DTRUST) + if (app->app_local->card_product == CARD_PRODUCT_DTRUST3 + || app->app_local->card_product == CARD_PRODUCT_DTRUST4) padind = 0x81; if (prkdf->is_ecc && IS_CARDOS_5(app)) @@ -6190,6 +6246,12 @@ app_select_p15 (app_t app) rc = iso7816_select_application_ext (slot, pkcs15_aid, sizeof pkcs15_aid, 1, &fci, &fcilen); + if (rc) + { + /* D-TRUST Card 4.x uses a different AID. */ + rc = iso7816_select_application_ext (slot, pkcs15dtrust4_aid, sizeof pkcs15dtrust4_aid, 1, + &fci, &fcilen); + } if (rc) { /* Not found: Try to locate it from 2F00. We use direct path selection here because it seems that the Belgian eID card -- 2.41.0 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5734 bytes Desc: not available URL: From mario.haustein at hrz.tu-chemnitz.de Tue Nov 28 23:09:21 2023 From: mario.haustein at hrz.tu-chemnitz.de (Mario Haustein) Date: Tue, 28 Nov 2023 23:09:21 +0100 Subject: [PATCH GnuPG 1/2] scd:p15: Add support for CardOS 5.4 Message-ID: <23327152.6Emhk5qWAg@localdomain> * scd/app-p15.c (CARD_TYPE_CARDOS_54): New. --- scd/app-p15.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/scd/app-p15.c b/scd/app-p15.c index 4338a623e..dab1f4901 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -74,6 +74,7 @@ typedef enum CARD_TYPE_MICARDO, CARD_TYPE_CARDOS_50, CARD_TYPE_CARDOS_53, + CARD_TYPE_CARDOS_54, CARD_TYPE_AET, /* A.E.T. Europe JCOP card. */ CARD_TYPE_BELPIC /* Belgian eID card specs. */ } @@ -123,6 +124,8 @@ static struct CARD_TYPE_CARDOS_50 }, /* CardOS 5.0 */ { 11, X("\x3b\xd2\x18\x00\x81\x31\xfe\x58\xc9\x03\x16"), CARD_TYPE_CARDOS_53 }, /* CardOS 5.3 */ + { 11, X("\x3b\xd2\x18\x00\x81\x31\xfe\x58\xc9\x04\x11"), + CARD_TYPE_CARDOS_54 }, /* CardOS 5.4 */ { 24, X("\x3b\xfe\x18\x00\x00\x80\x31\xfe\x45\x53\x43\x45" "\x36\x30\x2d\x43\x44\x30\x38\x31\x2d\x6e\x46\xa9"), CARD_TYPE_AET }, @@ -131,9 +134,10 @@ static struct #undef X -/* Macro to test for CardOS 5.0 and 5.3. */ +/* Macro to test for CardOS 5.0, 5.3 and 5.4. */ #define IS_CARDOS_5(a) ((a)->app_local->card_type == CARD_TYPE_CARDOS_50 \ - || (a)->app_local->card_type == CARD_TYPE_CARDOS_53) + || (a)->app_local->card_type == CARD_TYPE_CARDOS_53 \ + || (a)->app_local->card_type == CARD_TYPE_CARDOS_54) /* The default PKCS-15 home DF */ #define DEFAULT_HOME_DF 0x5015 @@ -536,6 +540,7 @@ cardtype2str (card_type_t cardtype) case CARD_TYPE_MICARDO: return "Micardo"; case CARD_TYPE_CARDOS_50: return "CardOS 5.0"; case CARD_TYPE_CARDOS_53: return "CardOS 5.3"; + case CARD_TYPE_CARDOS_54: return "CardOS 5.4"; case CARD_TYPE_BELPIC: return "Belgian eID"; case CARD_TYPE_AET: return "AET"; } @@ -6284,6 +6289,7 @@ app_select_p15 (app_t app) { case CARD_TYPE_CARDOS_50: case CARD_TYPE_CARDOS_53: + case CARD_TYPE_CARDOS_54: direct = 1; break; case CARD_TYPE_AET: -- 2.41.0 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5734 bytes Desc: not available URL: From wk at gnupg.org Wed Nov 29 20:39:33 2023 From: wk at gnupg.org (Werner Koch) Date: Wed, 29 Nov 2023 20:39:33 +0100 Subject: [PATCH GnuPG 2/2] scd:p15: Add support for D-Trust Card 4.1/4.4 In-Reply-To: <4329774.ejJDZkT8p0@localdomain> (Mario Haustein via Gnupg-devel's message of "Tue, 28 Nov 2023 23:09:26 +0100") References: <4329774.ejJDZkT8p0@localdomain> Message-ID: <87h6l4z6ve.fsf@jacob.g10code.de> Hi! your patches look good. > @@ -3500,7 +3507,7 @@ read_ef_tokeninfo (app_t app) > ul |= (*p++) & 0xff; > n--; > } > - if (ul) > + if (ul > 1) > { > log_error ("p15: invalid version %lu in TokenInfo\n", ul); Do you have any reference/spec for that version 1 TokenInfo? Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From mario.haustein at hrz.tu-chemnitz.de Wed Nov 29 21:27:17 2023 From: mario.haustein at hrz.tu-chemnitz.de (Mario Haustein) Date: Wed, 29 Nov 2023 21:27:17 +0100 Subject: [PATCH GnuPG 2/2] scd:p15: Add support for D-Trust Card 4.1/4.4 In-Reply-To: <87h6l4z6ve.fsf@jacob.g10code.de> References: <4329774.ejJDZkT8p0@localdomain> <87h6l4z6ve.fsf@jacob.g10code.de> Message-ID: <4878832.GXAFRqVoOG@localdomain> Am Mittwoch, 29. November 2023, 20:39:33 CET schrieb Werner Koch: > Hi! Hello, > your patches look good. thanks for reviewing the patches so quickly. > > @@ -3500,7 +3507,7 @@ read_ef_tokeninfo (app_t app) > > > > ul |= (*p++) & 0xff; > > n--; > > > > } > > > > - if (ul) > > + if (ul > 1) > > > > { > > > > log_error ("p15: invalid version %lu in TokenInfo\n", ul); > > Do you have any reference/spec for that version 1 TokenInfo? It's specified as a fixed value in the docs provided by the vendor. In my understanding a value of 1 means the data is compliant to ISO/IEC 7816-15:2016 which replaces PKCS#15. A value of 0 means the data is compliant to PKCS#15 (or at least older editions of ISO/IEC 7816-15). But the content is effectively the same. Kind regards -- Mario Haustein Facharbeitsgruppe Anwendungen Universit?tsrechenzentrum Technische Universit?t Chemnitz Stra?e der Nationen 62 | R. 1/B303 (neu: A11.303) 09111 Chemnitz Germany Tel: +49 371 531-36606 Fax: +49 371 531-836606 mario.haustein at hrz.tu-chemnitz.de www.tu-chemnitz.de -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part. URL: