|Tags||security cryptography e-mail|
2.1.1902 Mar 2017 17:25 minor feature: Gpg: Print a warning if Tor mode is requested but the Tor daemon is not running. Gpg: New status code DECRYPTION_KEY to print the actual private. Key used for decryption. Gpgv: New options --log-file and --de. Gpg-agent: Revamp the prompts to ask for card PINs. Scd: Support for multiple card readers. Scd: Removed option --de-disable-ticker. Ticker is used. Only when it is required to watch removal of device/card. Scd: Improved detection of card inserting and removal. Dirmngr: New option --disable-ipv4. Dirmngr: New option --no-use-tor to explicitly disable the use of Tor. Dirmngr: The option --allow-version-check is now required even if. The option --use-tor is also used. Dirmngr: Handle a missing nsswitch.conf gracefully. Dirmngr: Avoid PTR lookups for keyserver pools. The are only done. For the decommand "keyserver --hosttable". Dirmngr: Rework the internal certificate cache to support classes of certificates. Load system provided certificates on startup. Add options --tls, --no-crl, and --systrust to the "VALIDATE". Command. Dirmngr: Add support for the ntbtls library. Wks: Create mails with a "WKS-Phase" header. detection of Draft-2 mode. The Windows installer is now build with limited TLS support. Many other and new regression tests.
2.1.1824 Jan 2017 07:25 minor bugfix: Gpg: Remove bogus subkey signature while cleaning a key (with. Export-clean, import-clean, or --edit-key's sub-command clean) Gpg: Allow freezing the clock with --faked-system-time. Gpg: New --export-option flag "backup", new --import-option flag. "restore". Gpg-agent: long delay due to a regression in the progress. Callback code. Scd: Lots of code cleanup and internal changes. Scd: Improved the internal CCID driver. Dirmngr: problem with the DNS glue code (removal of the. Trailing dot in domain names). Dirmngr: Make sure that Tor is actually enabled after changing the. Conf file and sending SIGHUP or "gpgconf --reload dirmngr". Dirmngr: Tor access to IPv6 addresses. Note that current. Versions of Tor may require that the flag "IPv6Traffic" is used With the option "SocksPort" in torrc to actually allow IPv6 Traffic. Dirmngr: HKP for literally given IPv6 addresses. Dirmngr: Enabled reverse DNS lookups via Tor. Dirmngr: Added experimental SRV record lookup for WKD. See commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10 for details. Dirmngr: For HKP use "pgpkey-hkps" and "pgpkey-hkp" in SRV record. Lookups. Avoid SRV record lookup when a port is explicitly Specified. This a regression from the 1.4 and 2.0 behavior. Dirmngr: Gracefully handle a missing /etc/nsswitch.conf. Ignore. Negation terms (e.g. " !UNAVAIL=return " instead of bailing out. Dirmngr: Better deoutput for flags "dns" and "network". Dirmngr: On reload mark all known HKP servers alive. Gpgconf: Allow keyword "all" for --launch, --kill, and --reload. Tools: gpg-wks-client now ignores a missing policy file on the. Server. Avoid unnecessary ambiguity error message in the option parsing. Further improvements of the regression test suite. Building with --disable-libdns configure option. a crash running the tests on 32 bit architectures. Spurious failures on BSD system in the spawn functions. This affected for example gpg-wks-client and gpgconf. See-also: gnupg-announc
2.1.1721 Dec 2016 07:25 minor feature: Gpg: By default new keys expire after 2 years. Gpg: New command --quick-set-expire to conveniently change the. Expiration date of keys. Gpg: Option and command names have been changed for easier. Comprehension. The old names are still available as aliases. Gpg: Improved the TOFU trust model. Gpg: New option --default-new-key-algo. Scd: Support OpenPGP card V3 for RSA. Dirmngr: Support for the ADNS library has been removed. Instead William Ahern's Libdns is now source included and used on all. Platforms. This enables Tor support on all platforms. The new Option --standard-resolver can be used to disable this code at Runtime. In case of build problems the new configure option --disable-libdns can be used to build without Libdns. Dirmngr: Lazily launch ldap reaper thread. Tools: New options --check and --status-fd for gpg-wks-client. The UTF-8 byte order mark is now skipped when reading conf files. Many and regressions. Major improvements to the test suite. For example it is possible to run the external test suite of GPGME.
2.1.1619 Nov 2016 19:25 minor feature: Gpg: New algorithm for selecting the best ranked public key when. Using a mail address with -r, -R, or --locate-key. Gpg: New option --with-tofu-info to print a new "tfs" record in. Colon formatted key listings. Gpg: New option --compliance as an alternative way to specify. Options like --rfc2440, --rfc4880, et al. Gpg: Many changes to the TOFU implementation. Gpg: Improve usability of --quick-gen-key. Gpg: In --verbose mode print a diagnostic when a pinentry is. Launched. Gpg: Remove code which warns for old versions of gnome-keyring. Gpg: New option --override-session-key-fd. Gpg: Option --output does now work with --verify. Gpgv: New option --output to allow saving the verified data. Gpgv: New option --enable-special-filenames. Agent, dirmngr: New --supervised mode for use by systemd and alike. Agent: By default listen on all available sockets using standard. Names. Agent: Invoke scdaemon with --homedir. Dirmngr: On Linux now detects the removal of its own socket and. Terminates. Scd: Support ECC key generation. Scd: Support more card readers. Dirmngr: New option --allow-version-check to download a software. Version database in the background. Dirmngr: Use system provided CAs if no --hkp-cacert is given. Dirmngr: Use a default keyserver if none is explicitly set. Gpgconf: New command --query-swdb to check software versions. Against an copy of an online database. Gpgconf: Print the socket directory with --list-dirs. Tools: The WKS tools now support draft version -02. Tools: Always build gpg-wks-client and install under libexec. Tools: New option --supported for gpg-wks-client. The log-file option now accepts a value "socket://" to log to the. Socket named "S.log" in the standard socket directory. Provide fake pinentries for use by tests cases of downstream. Developers. Many and regressions. Many changes and improvements for the test suite.
2.1.1519 Aug 2016 03:45 minor bugfix: Gpg: Remove the --tofu-db-format option and support for the split TOFU database. Gpg: Add option --sender to prepare for coming features. Gpg: Add option --input-size-hint to help progress indicators. Gpg: Extend the PROGRESS status line with the counted unit. Gpg: Avoid publishing the GnuPG version by default with --armor. Gpg: Properly ignore legacy keys in the keyring cache. Gpg: Always print fingerprint records in --with-colons mode. Gpg: Make sure that keygrips are printed for each subkey in. --with-colons mode. Gpg: New import filter "drop-sig". Gpgsm: a in the machine-readable key listing. Gpg,gpgsm: Block signals during keyring updates to limits the. Effects of a Ctrl-C at the wrong time. G13: Add command --umount and other for dm-crypt. Agent: regression in SIGTERM handling. Agent: Cleanup of the ssh-agent code. Agent: Allow import of overly long keys. Scd: problems with card removal. Dirmngr: Remove all code for running as a system service. Tools: Make gpg-wks-client conforming to the specs. Tests: Improve the output of the new regression test tool. Tests: Distribute the standalone test runner. Tests: Run each test in a clean environment. Spelling and grammar.
2.1.1415 Jul 2016 03:15 minor feature: Gpg: Removed options --print-dane-records and --print-pka-records. The new export options "export-pka" and "export-dane" can instead be used with the export command. Gpg: New options --import-filter and --export-filter. Gpg: New import options "import-show" and "import-export". Gpg: New option --no-keyring. Gpg: New command --quick-revuid. Gpg: New options -f/--recipient-file and -F/--hidden-recipient-file to directly specify encryption keys. Gpg: New option --mimemode to indicate that the content is a MIME. Part. Does only enable --textmode right now. Gpg: New option --rfc4880bis to allow experiments with proposed. Changes to the current OpenPGP specs. Gpg: regression in the "fetch" sub-command of --card-edit. Gpg: regression since 2.1 in option --try-all-secrets. Gpgv: Change default options for extra security. Gpgsm: No more root certificates are installed by default. Agent: "updatestartuptty" does now affect more environment. Variables. Scd: The option --homedir does now work with scdaemon. Scd: Support some more GEMPlus card readers. Gpgtar: handling of '-' as file name. Gpgtar: New commands --create and --extract. Gpgconf: Tweak for --list-dirs to better support shell scripts. Tools: Add programs gpg-wks-client and gpg-wks-server to implement a Web Key Service. The configure option --enable-wks-tools is. Required to build them; they should be considered Beta software. Tests: Complete rework of the openpgp part of the test suite. The. Test scripts have been changed from Bourne shell scripts to Scheme Programs. A customized scheme interpreter (gpgscm) is included. This change was triggered by the need to run the test suite on. Non-Unix platforms. The rendering of the man pages has been improved.
2.1.1317 Jun 2016 11:25 minor feature: Gpg: New command --quick-addkey. Extend the --quick-gen-key. Command. Gpg: New --keyid-format "none" which is now also the default. Gpg: New option --with-subkey-fingerprint. Gpg: Include Signer's UID subpacket in signatures if the secret key. Has been specified using a mail address and the new option --disable-signer-uid is not used. Gpg: Allow unattended deletion of a secret key. Gpg: Allow export of non-passphrase protected secret keys. Gpg: New status lines KEY_CONSIDERED and NOTATION_FLAGS. Gpg: Change status line TOFU_STATS_LONG to use ' ' as a non-breaking-space character. Gpg: Speedup key listings in Tofu mode. Gpg: Make sure that the current and total values of a PROGRESS. Status line are small enough. Gpgsm: Allow the use of AES192 and SERPENT ciphers. Dirmngr: Adjust WKD lookup to current specs. Dirmngr: Fallback to LDAP v3 if v2 is is not supported. Gpgconf: New commands --create-socketdir and --remove-socketdir. New option --homedir. If a /run/user/ UID directory exists, that directory is now used. For IPC sockets instead of the GNUPGHOME directory. This problems with NFS and too long socket names and thus avoids the Need for redirection files. The Speedo build systems now uses the new versions.gnupg.org server to retrieve the default package versions. Detection of libusb on FreeBSD. Speedup fd closing after a fork.
2.1.1205 May 2016 21:25 minor feature: Gpg: New --edit-key sub-command "change-usage" for testing. Purposes. Gpg: Out of order key-signatures are now systematically detected. And by --edit-key. Gpg: Improved detection of non-armored messages. Gpg: Removed the extra prompt needed to create Curve25519 keys. Gpg: Improved user ID selection for --quick-sign-key. Gpg: Use the root CAs provided by the system with --fetch-key. Gpg: Add support for the experimental Web Key Directory key. Location service. Gpg: Improve formatting of Tofu messages and emit new Tofu specific. Status lines. Gpgsm: Add option --pinentry-mode to support a loopback pinentry. Gpgsm: A new pubring.kbx is now created with the header blob so. That gpg can detect that the keybox format needs to be used. Agent: Add read support for the new private key protection format. Openpgp-s2k-ocb-aes. Agent: Add read support for the new extended private key format. Agent: Default to --allow-loopback-pinentry and add option. --no-allow-loopback-pinentry. Scd: Changed to use the new libusb 1.0 API for the internal CCID. Driver. Dirmngr: The dirmngr-client does now auto-detect the PEM format. G13: Add experimental support for dm-crypt. W32: Tofu support is now available with the Speedo build method. W32: Removed the need for libiconv.dll. The man pages for gpg and gpgv are now installed under the correct. Name (gpg2 or gpg - depending on a configure option). Lots of internal cleanups and.
2.1.1127 Jan 2016 10:45 minor bugfix: Gpg: New command --export-ssh-key to replace the gpgkey2ssh tool. Gpg: Allow to generate mail address only keys with --gen-key. Gpg: "--list-options show-usage" is now the default. Gpg: Make lookup of DNS CERT records holding an URL work. Gpg: Emit PROGRESS status lines during key generation. Gpg: Don't check for ambigious or non-matching key specification in. The config file or given to --encrypt-to. This feature will return in 2.3.x. Gpg: Lock keybox files while updating them. Gpg: Solve rare error on Windows during keyring and Keybox updates. Gpg: possible keyring corruption.. Gpg: regression of "bkuptocard" sub-command in --edit-key and. Remove "checkbkupkey" sub-command introduced with 2.1. Gpg: internal error in gpgv when using default keyid-format. Gpg: --auto-key-retrieve to work with dirmngr.conf configured. Keyservers. Agent: New option --pinentry-timeout. Scd: Improve unplugging of USB readers under Windows. Scd: regression for generating RSA keys on card. Dirmmgr: All configured keyservers are now searched. Dirmngr: Install CA certificate for hkps.pool.sks-keyservers.net. Use this certiticate even if --hkp-cacert is not used. Gpgtar: Add actual encryption code. gpgtar does now fully replace. Gpg-zip. Gpgtar: filename encoding problem on Windows. Print a warning if a GnuPG component is using an older version of. Gpg-agent, dirmngr, or scdaemon.
2.1.1005 Dec 2015 07:05 minor feature: Gpg: New trust models "tofu" and "tofu+pgp". Gpg: New command --tofu-policy. New options --tofu-default-policy. And --tofu-db-format. Gpg: New option --weak-digest to specify hash algorithms which. Should be considered weak. Gpg: Allow the use of multiple --default-key options; take the last. Available key. Gpg: New option --encrypt-to-default-key. Gpg: New option --unwrap to only strip the encryption layer. Gpg: New option --only-sign-text-ids to exclude photo IDs from key. Signing. Gpg: Check for ambigious or non-matching key specification in the. Config file or given to --encrypt-to. Gpg: Show the used card reader with --card-status. Gpg: Print export statistics and an EXPORTED status line. Gpg: Allow selecting subkeys by keyid in --edit-key. Gpg: Allow updating the expiration time of multiple subkeys at. Once. Dirmngr: New option --use-tor. For full support this requires. Libassuan version 2.4.2 and a patched version of libadns (e.g. adns-1.4-g10-7 as used by the standard Windows installer). Dirmngr: New option --nameserver to specify the nameserver used in Tor mode. Dirmngr: Keyservers may again be specified by IP address. Dirmngr: problems in resolving keyserver pools. Dirmngr: handling of premature termination of TLS streams so. That large numbers of keys can be refreshed via hkps. Gpg: a regression in --locate-key since 2.1.9 . Gpg: another for keyrings with legacy keys. Gpgsm: Allow combinations of usage flags in --gen-key. Make tilde expansion work with most options. Many other cleanups and.
2.1.911 Oct 2015 03:15 minor feature: Gpg: Allow fetching keys via OpenPGP DANE (--auto-key-locate). New. Option --print-dane-records. Gpg: for a problem with PGP-2 keys in a keyring. Gpg: Fail with an error instead of a warning if a modern cipher. Algorithm is used without a MDC. Agent: New option --pinentry-invisible-char. Agent: Always do a RSA signature verification after creation. Agent: a regression in ssh-add-ing Ed25519 keys. Agent: ssh fingerprint computation for nistp384 and EdDSA. Agent: crash during passprase entry on some platforms. Scd: Change timeout to problems with some 2.1 cards. Dirmngr: Displayed name is now Key Acquirer. Dirmngr: Add option --keyserver. Deprecate that option for gpg. Install a dirmngr.conf file from a skeleton for new installations.
2.1.811 Sep 2015 03:15 minor bugfix: Gpg: Sending very large keys to the keyservers works again. Gpg: Validity strings in key listings are now again translatable. Gpg: Emit FAILURE status lines to help GPGME. Gpg: Does not anymore link to Libksba to reduce dependencies. Gpgsm: Export of secret keys via Assuan is now possible. Agent: Raise the maximum passphrase length from 100 to 255 bytes. Agent: regression using EdDSA keys with ssh. Does not anymore use a build timestamp by default. The fallback encoding for broken locale settings changed. From Latin-1 to UTF-8. Many code cleanups and improved internal documentation. Various minor.
2.1.712 Aug 2015 06:45 feature: gpg: Support encryption with Curve25519 if Libgcrypt 1.7 is used. gpg: In the --edit-key menu: Removed the need for "toggle", changed how secret keys are indicated, new commands "fpr *" and "grip". gpg: More fixes related to legacy keys in a keyring. gpgv: Does now also work with a "trustedkeys.kbx" file. scd: Support some feature from the OpenPGP card 3.0 specs. scd: Improved ECC support. agent: New option --force for the DELETE_KEY command. w32: Look for the Pinentry at more places. Dropped deprecated gpgsm-gencert.sh. Various other bug fixes.
2.1.602 Jul 2015 06:05 cleanup: agent: New option --verify for the PASSWD command. gpgsm: Add command option "offline" as an alternative to. --disable-dirmngr. gpg: Do not prompt multiple times for a password in pinentry loopback mode. Allow the use of debug category names with --debug. Using gpg-agent and gpg/gpgsm with different locales will now show the correct translations in Pinentry. gpg: Improve speed of --list-sigs and --check-sigs. gpg: Make --list-options show-sig-subpackets work again. gpg: Fix an export problem for old keyrings with PGP-2 keys. scd: Support PIN-pads on more readers. dirmngr: Properly cleanup zombie LDAP helper processes and avoid hangs on dirmngr shutdown. Various other bug fixes.
2.1.512 Jun 2015 06:45 cleanup minor: Support for an external passphrase cache. Support for the forthcoming version 3 OpenPGP smartcard. Manuals now show the actual used file names. Prepared for improved integration with Emacs. Code cleanups and minor bug fixes.
2.1.414 May 2015 00:25 minor feature: ------------------------------------------------. * gpg: Add command --quick-adduid to non-interacitivly add a new user id to an existing key. * gpg: Do no enable honor-keyserver-url by default. Make it work if enabled. * gpg: Display the serial number in the --card-staus output again. * agent: Support for external password managers. Add option --no-allow-external-cache. * scdaemon: Improved handling of extended APDUs. * Make HTTP proxies work again. * All network access including DNS as been moved to Dirmngr. * Allow building without LDAP support. * Fixed lots of smaller bugs.
2.1.312 Apr 2015 18:25 minor: LDAP keyservers are now supported by 2.1. New option --with-icao-spelling. New option --print-pka-records. Changed the PKA method to use CERT records and hashed names. New command --list-gcrypt-config. New parameter "curve" for --list-config. Print a NEWSIG status line like gpgsm always did. Print MPI values with --list-packets and --verbose. Write correct MPI lengths with ECC keys. Skip legacy PGP-2 keys while searching. Improved searching for mail addresses when using a keybox. gpgsm: Changed default algos to AES-128 and SHA-256. gpgtar: Fixed extracting files with sizes of a multiple of 512. dirmngr: Fixed SNI handling for hkps pools. Extra-certs and trusted-certs are now always loaded from the sysconfig dir instead of the homedir. Fixed possible problems due to compiler optimization, two minor regressions, and other bugs.
2.0.2719 Feb 2015 12:26 minor feature: Detect faulty use of --verify on detached signatures. New import option "keep-ownertrust". Uses SHA-256 for all signature types also on RSA keys. Added support for algo names when generating keys using the --command-fd method. Unless --allow-weak-digest-algos is used the insecure MD5-based fingerprints are shown as all zeroe Fixed DoS based on bogus and overlong key packets. Better error reporting for keyserver problems. Fixed several bugs related to bogus keyrings and improved some other code.
2.1.212 Feb 2015 20:45 minor feature: gpg: The parameter 'Passphrase' for batch key generation works again. gpg: Using a passphrase option in batch mode now has the expected effect on --quick-gen-key. gpg: Improved reporting of unsupported PGP-2 keys. gpg: Added support for algo names when generating keys using command-fd. gpg: Fixed DoS based on bogus and overlong key packets. agent: When setting --default-cache-ttl the value for --max-cache-ttl is adjusted to be not lower than the former. agent: Fixed problems with the new --extra-socket. agent: Made --allow-loopback-pinentry changeable with gpgconf. agent: Fixed importing of unprotected openpgp keys. agent: Now tries to use a fallback pinentry if the standard pinentry is not installed. scd: Added support for ECDH. Fixed several bugs related to bogus keyrings and improved some other code.
2.1.117 Dec 2014 03:15 feature: gpg: Detect faulty use of --verify on detached signatures. gpg: New import option "keep-ownertrust". gpg: New sub-command "factory-reset" for --card-edit. gpg: A stub key for smartcards is now created by --card-status. gpg: Fixed regression in --refresh-keys. gpg: Fixed regresion in g and p codes for --sig-notation. gpg: Fixed best matching hash algo detection for ECDSA and EdDSA. gpg: Improved perceived speed of secret key listisngs. gpg: Print number of skipped PGP-2 keys on import. gpg: Removed the option aliases --throw-keyid and --notation-data; use --throw-keyids and --set-notation instead. gpg: New import option "keep-ownertrust". gpg: Skip too large keys during import. gpg,gpgsm: New option --no-autostart to avoid starting gpg-agent or dirmngr. gpg-agent: New option --extra-socket to provide a restricted command set for use with remote clients. gpgconf --kill does not anymore start a service only to kill it. gpg-pconnect-agent: Add convenience option --uiserver. Fixed keyserver access for Windows. Fixed build problems on Mac OS X The Windows installer does now install development files More translations . To support remotely mounted home directories, the IPC sockets may now be redirected. This feature requires Libassuan 2.2.0. Improved portability and the usual bunch of bug fixes.
2.1.007 Nov 2014 03:15 major feature: This release introduces a lot of changes. Most of them are internal and thus not user visible. However, some long standing behavior has slightly changed and it is strongly suggested that an existing gnupg" directory is backed up before this version is used. A verbose description of the major new features and changes can be found in the file doc/whats-new-in-2.1.txt. gpg: All support for v3 keys has been dropped. All signatures are now created as v4 signatures. v3 keys will be removed from the keyring. gpg: With pinentry-0.9.0 the passphrase "enter again" prompt shows up in the same window as the "new passphrase" prompt. gpg: Allow importing keys with duplicated long key ids. dirmngr: May now be build without support for LDAP. For a complete list of changes see the lists of changes for the 2.1.0 beta versions below. Note that all relevant fixes from versions 2.0.14 to 2.0.26 are also applied to this version. Noteworthy changes in version 2.1.0-beta864 gpg: Removed the GPG_AGENT_INFO related code. GnuPG does now always use a fixed socket name in its home directory. gpg: Renamed --gen-key to --full-gen-key and re-added a --gen-key command with less choices. gpg: Use SHA-256 for all signature types also on RSA keys. gpg: Default keyring is now created with a .kbx suffix. gpg: Add a shortcut to the key capabilies menu . gpg: Fixed obsolete options parsing. Further improvements for the alternative speedo build system. Noteworthy changes in version 2.1.0-beta834 gpg: Improved passphrase caching. gpg: Switched to algorithm number 22 for EdDSA. gpg: Removed CAST5 from the default preferences. gpg: Order SHA-1 last in the hash preferences. gpg: Changed default cipher for --symmetric to AES-128. gpg: Fixed export of ECC keys and import of EdDSA keys. dirmngr: Fixed the KS_FETCH command. The speedo build system now downloads related packages and works for non-Windows platforms. Noteworthy changes in version 2.1.0-beta783 gpg: Add command --quick-gen-key. gpg: Make
2.0.2613 Aug 2014 20:12 minor bugfix: Fixes another regression in 2.0.24 when a subkey id was given to --recv-keys et al. Attribute packets are capped at 16MB now. Auto-create the ".gnupg" home directory in the same way gpg does. scdaemon now allows for certificates 1024 when using PC/SC.
2.0.2502 Jul 2014 18:54 minor bugfix: Fix a regression in 2.0.24 if more than one keyid is given to --recv-keys et al. Cap RSA and Elgamal keysize at 4096 bit also for unattended key generation. Fix a DISPLAY related problem with --export-secret-key-p12. Support reader Gemalto IDBridge CT30.
1.4.1802 Jul 2014 18:51 minor bugfix: Fix a regression in 1.4.17 if more than one keyid is given to --recv-keys et al. Cap RSA and Elgamal keysize at 4096 bit also for unattended key generation.
ManageYou can also help out here by:
← Update project
or flagging this entry for moderator attention.