mirror of git://git.gnupg.org/gnupg.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4992 lines
164 KiB
4992 lines
164 KiB
Noteworthy changes in version 2.3.7 (unreleased) |
|
------------------------------------------------ |
|
|
|
|
|
Release-info: https://dev.gnupg.org/T5947 |
|
|
|
|
|
Noteworthy changes in version 2.3.6 (2022-04-25) |
|
------------------------------------------------ |
|
|
|
* gpg: Fix regression in 2.3.5 importing longer keys. [T5941] |
|
|
|
* gpg: Emit an ERROR status as hint for a bad passphrase. [T5943] |
|
|
|
* gpg: Avoid NULL-ptr access due to corrupted packets. [T5940] |
|
|
|
* gpgsm: Improve the "Certificate not found" error message. [T5821] |
|
|
|
* agent: Pass pattern directly to gpg-check-pattern. [rGe529c54fe3] |
|
|
|
* scd: Fix hard-coded constant for RSA authentication key OpenPGP.3. |
|
[rG2848fe4c84] |
|
|
|
Release-info: https://dev.gnupg.org/T5937 |
|
See-also: gnupg-announce/2022q2/000473.html |
|
|
|
|
|
Noteworthy changes in version 2.3.5 (2022-04-21) |
|
------------------------------------------------ |
|
|
|
* gpg: Up to five times faster verification of detached signatures. |
|
Doubled detached signing speed. [T5826,rG4e27b9defc,rGf8943ce098] |
|
|
|
* gpg: Threefold decryption speedup for large files. |
|
[T5820,rGab177eed51] |
|
|
|
* gpg: Nearly double the AES256.OCB encryption speed. [rG99e2c178c7] |
|
|
|
* gpg: Removed EAX from the preference list. [rG253fcb9777] |
|
|
|
* gpg: Allow --dearmor to decode all kinds of armor files. |
|
[rG34ea19aff9] |
|
|
|
* gpg: Remove restrictions for the name part of a user-id. |
|
[rG8945f1aedf] |
|
|
|
* gpg: Allow decryption of symmetric encrypted data even for |
|
non-compliant cipher. [rG8631d4cfe2] |
|
|
|
* gpg,gpgsm: New option --require-compliance. [rGee013c5350] |
|
|
|
* gpgsm: New option --ignore-cert-with-oid. [rGe23dc755fa] |
|
|
|
* gpgtar: Create and handle extended headers to support long file |
|
names. [T5754] |
|
|
|
* gpgtar: Support file names longer than MAX_PATH on Windows. |
|
[rG70b738f93f] |
|
|
|
* gpgtar: Use a pipe for decryption and thus avoid memory |
|
exhaustion. [rGe5ef5e3b91] |
|
|
|
* gpgtar: New option --with-log. [rGed53d41b4c] |
|
|
|
* agent: New flag "qual" for the trustlist.txt. [rG7c8c606061] |
|
|
|
* scdaemon: Add support for GeNUA cards. [rG0dcc249852] |
|
|
|
* scdaemon: Add --challenge-response option to PK_AUTH for OpenPGP |
|
cards. [T5862] |
|
|
|
* dirmngr: Support the use of ECDSA for CRLs and OCSP. |
|
[rGde87c8e1ea,rG890e9849b5] |
|
|
|
* dirmngr: Map all gnupg.net addresses to the Ubuntu keyserver. |
|
[T5751] |
|
|
|
* ssh: Return a faked response for the new session-bind extension. |
|
[T5931] |
|
|
|
* gpgconf: Add command aliases -L -K -R. [rGec4a1cffb8] |
|
|
|
* gpg: Request keygrip of key to add via command interface. [T5771] |
|
|
|
* gpg: Print Yubikey version correctly. [T5787] |
|
|
|
* gpg: Always use version >= 4 to generate key signature. [T5809] |
|
|
|
* gpg: Fix generating AEAD packet. [T5853] |
|
|
|
* gpg: Fix version on symmetric encrypted AEAD files if the force |
|
option is used. [T5856] |
|
|
|
* gpg: Fix adding the list of ultimate trusted keys. [T5742] |
|
|
|
* gpgsm: Fix parsing of certain PKCS#12 files. [T5793] |
|
|
|
* gpgsm: Print diagnostic about CRL problems due to Tor mode. |
|
[rG137e59a6a5] |
|
|
|
* agent: Use "Created:" field for creation time. [T5538] |
|
|
|
* scdaemon Fix error handling for a PC/SC reader selected with |
|
reader-port. [T5758] |
|
|
|
* scdaemon: Fix DEVINFO with no --watch. [rGc6dd9ff929] |
|
|
|
* scdaemon: Fix socket resource leak on Windwos. [T5029] |
|
|
|
* scdaemon: Use extended mode for pkcs#15 already for rsa2048. |
|
[rG597253ca17] |
|
|
|
* scdaemon: Enhance PASSWD command to accept KEYGRIP optionally. |
|
[T5862] |
|
|
|
* scdaemon: Fix memory leak in ccid-driver. [rG8ac92f0e80] |
|
|
|
* tpm: Always use hexgrip when storing a key password. |
|
[rGaf2fbd9b01] |
|
|
|
* dirmngr: Make WKD lookups work for resolvers not handling SRV |
|
records. [T4729] |
|
|
|
* dirmngr: Avoid initial delay on the first keyserver access in |
|
presence of --no-use-tor. [rG57d546674d] |
|
|
|
* dirmngr: Workaround for a certain broken LDAP URL. [rG90caa7ad59] |
|
|
|
* dirmngr: Escape more characters in WKD requests. [T5902] |
|
|
|
* dirmngr: Suppress error message on trial reading as PEM format. |
|
[T5531] |
|
|
|
* gpgconf: Fix component table when not building without TPM |
|
support. [T5701] |
|
|
|
* gpgconf: Silence warnings from parsing the option files. [T5874] |
|
|
|
* gpgconf: Do not list ignored options and mark forced options as |
|
read-only. [rG42785d7c8a] |
|
|
|
* gpgconf: Tweak the use of the ldapserver option. [T5801] |
|
|
|
* ssh: Fix adding an ed25519 key with a zero length comment. [T5794] |
|
|
|
* kbx: Fix searching for FPR20 in version 2 blob. [T5888] |
|
|
|
* Fix early homedir creation. [T5895] |
|
|
|
* Improve removing of stale lockfiles under Unix. [T5884] |
|
|
|
Release-info: https://dev.gnupg.org/T5743 |
|
See-also: gnupg-announce/2022q2/000472.html |
|
|
|
|
|
Noteworthy changes in version 2.3.4 (2021-12-20) |
|
------------------------------------------------ |
|
|
|
* gpg: New option --min-rsa-length. [rG5f39db70c0] |
|
|
|
* gpg: New option --forbid-gen-key. [rGc397ba3ac0] |
|
|
|
* gpg: New option --override-compliance-check. [T5655] |
|
|
|
* gpgconf: New command --show-configs. [rGa0fb78ee0f] |
|
|
|
* agent,dirmngr,keyboxd: New option --steal-socket. |
|
[rGb0079ab39d,rGdd708f60d5] |
|
|
|
* gpg: Fix printing of binary notations. [T5667] |
|
|
|
* gpg: Remove stale ultimately trusted keys from the trustdb. |
|
[T5685,T5742] |
|
|
|
* gpg: Fix indentation of --print-mds and --print-md sha512. [T5679] |
|
|
|
* gpg: Emit gpg 2.2 compatible Ed25519 signature. [T5331] |
|
|
|
* gpgsm: Detect circular chains in --list-chain. [rG74c5b35062] |
|
|
|
* dirmngr: Make reading resolv.conf more robust. [T5657] |
|
|
|
* dirmngr: Ask keyservers to provide the key fingerprints. [T5741] |
|
|
|
* gpgconf: Allow changing gpg's deprecated keyserver option. [T5462] |
|
|
|
* gpg-wks-server: Fix created file permissions. [rG60be00b033] |
|
|
|
* scd: Support longer data for ssh-agent authentication with openpgp |
|
cards. [T5682] |
|
|
|
* scd: Modify DEVINFO behavior to support looping forever. [T5359] |
|
|
|
* Support gpgconf.ctl for NetBSD and Solaris. [T5656,T5671] |
|
|
|
* Silence "Garbled console data" warning under Windows in most |
|
cases. [rGe293da3b21] |
|
|
|
* Silence warning about the rootdir under Unices w/o a mounted /proc |
|
file system. [T5656] |
|
|
|
* Fix possible build problems about missing include files. [T5592] |
|
|
|
Release-info: https://dev.gnupg.org/T5654 |
|
See-also: gnupg-announce/2021q4/000468.html |
|
|
|
|
|
Noteworthy changes in version 2.3.3 (2021-10-12) |
|
------------------------------------------------ |
|
|
|
* agent: Fix segv in GET_PASSPHRASE (regression). [#5577] |
|
|
|
* dirmngr: Fix Let's Encrypt certificate chain validation. [#5639] |
|
|
|
* gpg: Change default and maximum AEAD chunk size to 4 MiB. |
|
[ad3dabc9fb] |
|
|
|
* gpg: Print a warning when importing a bad cv25519 secret key. |
|
[#5464] |
|
|
|
* gpg: Fix --list-packets for undecryptable AEAD packets. [#5584] |
|
|
|
* gpg: Verify backsigs for v5 keys correctly. [#5628] |
|
|
|
* keyboxd: Fix checksum computation for no UBID entry on disk. |
|
[#5573] |
|
|
|
* keyboxd: Fix "invalid object" error with cv448 keys. [#5609] |
|
|
|
* dirmngr: New option --ignore-cert. [4b3e9a44b5] |
|
|
|
* agent: Fix calibrate_get_time use of clock_gettime. [#5623] |
|
|
|
* Silence process spawning diagnostics on Windows. [f2b01025c3] |
|
|
|
* Support a gpgconf.ctl file under Unix and use this for the |
|
regression tests. [#5999] |
|
|
|
Release-info: https://dev.gnupg.org/T5565 |
|
See-also: gnupg-announce/2021q4/000466.html |
|
|
|
|
|
Noteworthy changes in version 2.3.2 (2021-08-24) |
|
------------------------------------------------ |
|
|
|
* gpg: Allow fingerprint based lookup with --locate-external-key. |
|
[ec36eca08c] |
|
|
|
* gpg: Allow decryption w/o public key but with correct card |
|
inserted. [50293ec2eb] |
|
|
|
* gpg: Auto import keys specified with --trusted-keys. [100037ac0f] |
|
|
|
* gpg: Do not use import-clean for LDAP keyserver imports. [#5387] |
|
|
|
* gpg: Fix mailbox based search via AKL keyserver method. [4fcfac6feb] |
|
|
|
* gpg: Fix memory corruption with --clearsign introduced with 2.3.1. |
|
[#5430] |
|
|
|
* gpg: Use a more descriptive prompt for symmetric decryption. |
|
[6dfae2f402] |
|
|
|
* gpg: Improve speed of secret key listing. [40da61b89b] |
|
|
|
* gpg: Support keygrip search with traditional keyring. [#5469] |
|
|
|
* gpg: Let --fetch-key return an exit code on failure. [#5376] |
|
|
|
* gpg: Emit the NO_SECKEY status again for decryption. [#5562] |
|
|
|
* gpgsm: Support decryption of password based encryption (pwri). |
|
[eeb65d3bbd] |
|
|
|
* gpgsm: Support AES-GCM decryption. [4980fb3c6d] |
|
|
|
* gpgsm: Let --dump-cert --show-cert also print an OpenPGP |
|
fingerprint. [52bbdc731f] |
|
|
|
* gpgsm: Fix finding of issuer in use-keyboxd mode. [6b76693ff5] |
|
|
|
* gpgsm: New option --ldapserver as an alias for --keyserver. |
|
[89df86157e] |
|
|
|
* agent: Use SHA-256 for SSH fingerprint by default. [#5434] |
|
|
|
* agent: Fix calling handle_pincache_put. [#5436] |
|
|
|
* agent: Fix importing protected secret key. [#5122] |
|
|
|
* agent: Fix a regression in agent_get_shadow_info_type. [#5393] |
|
|
|
* agent: Add translatable text for Caps Lock hint. [#4950] |
|
|
|
* agent: New option --pinentry-formatted-passphrase. [#5517] |
|
|
|
* agent: Add checkpin inquiry for pinentry. [#5517,#5532] |
|
|
|
* agent: New option --check-sym-passphrase-pattern. [#5517] |
|
|
|
* agent: Use the sysconfdir for a pattern file. |
|
|
|
* agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry. |
|
[1305baf099] |
|
|
|
* dirmngr: LDAP search by a mailbox now ignores revoked keys. |
|
[1406f551f1] |
|
|
|
* dirmngr: For KS_SEARCH return the fingerprint also with LDAP. |
|
[#5441] |
|
|
|
* dirmngr: Allow for non-URL specified ldap keyservers. [#5405,#5452] |
|
|
|
* dirmngr: New option --ldapserver. [52cf32ce2f] |
|
|
|
* dirmngr: Fix regression in KS_GET for mail address pattern. |
|
[#5497] |
|
|
|
* card: New option --shadow for the list command. [2fce99d73a] |
|
|
|
* tests: Make sure the built keyboxd is used. [#5406] |
|
|
|
* scd: Fix computing shared secrets for 512 bit curves. |
|
[9e24f2a45c] |
|
|
|
* scd: Fix unblock PIN by a Reset Code with KDF. [#5413] |
|
|
|
* scd: Fix PC/SC removed card problem. [8d81fd7c01] |
|
|
|
* scd: Recover the partial match for PORTSTR for PC/SC. |
|
[53bdc6288f] |
|
|
|
* scd: Make sure to release the PC/SC context. [#5416] |
|
|
|
* scd: Fix zero-byte handling in ECC. [#5163] |
|
|
|
* scd: Fix serial number detection for Yubikey 5. [#5442] |
|
|
|
* scd: Add basic support for AET JCOP cards. [544ec7872a] |
|
|
|
* scd: Detect external interference when --pcsc-shared is in use. |
|
[#5484] |
|
|
|
* scd: Fix access to the list of cards. [#5524] |
|
|
|
* gpgconf: Do not list a disabled tpm2d. [#5408] |
|
|
|
* gpgconf: Make runtime changes with different homedir work. |
|
[31c0aa2ff3] |
|
|
|
* keyboxd: Fix searching for exact mail adddress. [f79e9540ca] |
|
|
|
* keyboxd: Fix searching with multiple patterns. [101ba4f18a] |
|
|
|
* gpgtar: Fix file size computation under Windows. [14e36bdbe1] |
|
|
|
* tools: Extend gpg-check-pattern. [73c03e0232] |
|
|
|
* wkd: Fix client issue with leading or trailing spaces in |
|
user-ids. [b4345f7521] |
|
|
|
* Under Windows add a fallback in case the console can't cope with |
|
Unicode. [#5491] |
|
|
|
* Under Windows use LOCAL_APPDATA for the socket directory. [#5537] |
|
|
|
* Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry. |
|
[#3659] |
|
|
|
* Change the default keyserver to keyserver.ubuntu.com. This is a |
|
temporary change due to the shutdown of the SKS keyserver pools. |
|
[55b5928099] |
|
|
|
Release-info: https://dev.gnupg.org/T5405 |
|
See-also: gnupg-announce/2021q3/000462.html |
|
|
|
|
|
Noteworthy changes in version 2.3.1 (2021-04-20) |
|
------------------------------------------------ |
|
|
|
* The new configuration file common.conf is now used to enable the |
|
use of the key database daemon with "use-keyboxd". Using this |
|
option in gpg.conf and gpgsm.conf is supported for a transitional |
|
period. See doc/example/common.conf for more. |
|
|
|
* gpg: Force version 5 key creation for ed448 and cv448 algorithms. |
|
|
|
* gpg: By default do not use the self-sigs-only option when |
|
importing from an LDAP keyserver. [#5387] |
|
|
|
* gpg: Lookup a missing public key of the active card via LDAP. |
|
[d7e707170f] |
|
|
|
* gpgsm: New command --show-certs. [51419d6341] |
|
|
|
* scd: Fix CCID driver for SCM SPR332/SPR532. [#5297] |
|
|
|
* scd: Further improvements for PKCS#15 cards. |
|
|
|
* Fix build problems on Fedora. [#5389] |
|
|
|
* Fix build problems on macOS. [#5400] |
|
|
|
* New configure option --with-tss to allow the selection of the TSS |
|
library. [93c88d0af3] |
|
|
|
Release-info: https://dev.gnupg.org/T5386 |
|
See-also: gnupg-announce/2021q2/000459.html |
|
|
|
|
|
Noteworthy changes in version 2.3.0 (2021-04-07) |
|
------------------------------------------------ |
|
|
|
* A new experimental key database daemon is provided. To enable it |
|
put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored |
|
in a SQLite database and make key lookup much faster. |
|
|
|
* New tool gpg-card as a flexible frontend for all types of |
|
supported smartcards. |
|
|
|
* New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and |
|
gpg-connect-agent. |
|
|
|
* The gpg-wks-client tool is now installed under bin; a wrapper for |
|
its old location at libexec is also installed. |
|
|
|
* tpm2d: New daemon to physically bind keys to the local machine. |
|
|
|
* gpg: Switch to ed25519/cv25519 as default public key algorithms. |
|
|
|
* gpg: Verification results now depend on the --sender option and |
|
the signer's UID subpacket. [T4735] |
|
|
|
* gpg: Do not use any 64-bit block size cipher algorithm for |
|
encryption. Use AES as last resort cipher preference instead of |
|
3DES. This can be reverted using --allow-old-cipher-algos. |
|
|
|
* gpg: Support AEAD encryption mode using OCB or EAX. |
|
|
|
* gpg: Support v5 keys and signatures. |
|
|
|
* gpg: Support curve X448 (ed448, cv448). |
|
|
|
* gpg: Allow use of group names in key listings. [e825aea2ba] |
|
|
|
* gpg: New option --full-timestrings to print date and time. |
|
|
|
* gpg: New option --force-sign-key. [#4584] |
|
|
|
* gpg: New option --no-auto-trust-new-key. |
|
|
|
* gpg: The legacy key discovery method PKA is no longer supported. |
|
The command --print-pka-records and the PKA related import and |
|
export options have been removed. |
|
|
|
* gpg: Support export of Ed448 Secure Shell keys. |
|
|
|
* gpgsm: Add basic ECC support. |
|
|
|
* gpgsm: Support creation of EdDSA certificates. [#4888] |
|
|
|
* agent: Allow the use of "Label:" in a key file to customize the |
|
pinentry prompt. [5388537806] |
|
|
|
* agent: Support ssh-agent extensions for environment variables. |
|
With a patched version of OpenSSH this avoids the need for the |
|
"updatestartuptty" kludge. [224e26cf7b] |
|
|
|
* scd: Improve support for multiple card readers and tokens. |
|
|
|
* scd: Support PIV cards. |
|
|
|
* scd: Support for Rohde&Schwarz Cybersecurity cards. |
|
|
|
* scd: Support Telesec Signature Cards v2.0 |
|
|
|
* scd: Support multiple application on certain smartcard. |
|
|
|
* scd: New option --application-priority. |
|
|
|
* scd: New option --pcsc-shared; see man page for important notes. |
|
|
|
* dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs. |
|
|
|
* The symcryptrun tool, a wrapper for the now obsolete external |
|
Chiasmus tool, has been removed. |
|
|
|
* Full Unicode support for the command line. [#4398] |
|
|
|
Changes also found in 2.2.27: |
|
|
|
* gpg: Fix regression in 2.2.24 for gnupg_remove function under |
|
Windows. [#5230] |
|
|
|
* gpgconf: Fix case with neither local nor global gpg.conf. [9f37d3e6f3] |
|
|
|
* gpgconf: Fix description of two new options. [#5221] |
|
|
|
* Build Windows installer without timestamps. Note that the |
|
Authenticode signatures still carry a timestamp. |
|
|
|
Changes also found in 2.2.26: |
|
|
|
* gpg: New AKL method "ntds". [559efd23e9] |
|
|
|
* gpg: Fix --trusted-key with fingerprint arg. [8a2e5025eb] |
|
|
|
* scd: Fix writing of ECC keys to an OpenPGP card. [#5163] |
|
|
|
* scd: Make an USB error fix specific to SPR532 readers. [#5167] |
|
|
|
* dirmngr: With new LDAP keyservers store the new attributes. Never |
|
store the useless pgpSignerID. Fix a long standing bug storing |
|
some keys on an ldap server. [0e88c73bc9,e47de85382] |
|
|
|
* dirmngr: Support the new Active Direcory LDAP schema for |
|
keyservers. [ac8ece9266] |
|
|
|
* dirmngr: Allow LDAP OpenPGP searches via fingerprint. |
|
[c75fd75532] |
|
|
|
* dirmngr: Do not block other threads during keyserver LDAP calls. |
|
[15bfd189c0] |
|
|
|
* Support global configuration files. [#4788,a028f24136] |
|
|
|
* Fix the iconv fallback handling to UTF-8. [#5038] |
|
|
|
Changes also found in 2.2.25: |
|
|
|
* scd: Fix regression in 2.2.24 requiring gpg --card-status before |
|
signing or decrypting. [#5065] |
|
|
|
* gpgsm: Using Libksba 1.5.0 signatures with a rarely used |
|
combination of attributes can now be verified. [#5146] |
|
|
|
Changes also found in 2.2.24: |
|
|
|
* Allow Unicode file names on Windows almost everywhere. Note that |
|
it is still not possible to use Unicode strings on the command |
|
line. This change also fixes a regression in 2.2.22 related to |
|
non-ascii file names. [#5098] |
|
|
|
* Fix localized time printing on Windows. [#5073] |
|
|
|
* gpg: New command --quick-revoke-sig. [#5093] |
|
|
|
* gpg: Do not use weak digest algos if selected by recipient |
|
preference during sign+encrypt. [4c181d51a6] |
|
|
|
* gpg: Switch to AES256 for symmetric encryption in de-vs mode. |
|
[166e779634] |
|
|
|
* gpg: Silence weak digest warnings with --quiet. [#4893] |
|
|
|
* gpg: Print new status line CANCELED_BY_USER for a cancel during |
|
symmetric encryption. [f05d1772c4] |
|
|
|
* gpg: Fix the encrypt+sign hash algo preference selection for |
|
ECDSA. This is in particular needed for keys created from |
|
existing smartcard based keys. [aeed0b93ff] |
|
|
|
* agent: Keep some permissions of private-keys-v1.d. [#2312] |
|
|
|
* dirmngr: Align sks-keyservers.netCA.pem use between ntbtls and |
|
gnutls builds. [e4f3b74c91] |
|
|
|
* dirmngr: Fix the pool keyserver case for a single host in the |
|
pool. [72e04b03b1a7] |
|
|
|
* scd: Fix the use case of verify_chv2 by CHECKPIN. [61aea64b3c] |
|
|
|
* scd: Various improvements to the ccid-driver. [#4616,#5065] |
|
|
|
* scd: Minor fixes for Yubikey [25bec16d0b] |
|
|
|
* gpgconf: New option --show-versions. |
|
|
|
* w32: Install gpg-check-pattern and example profiles. Install |
|
Windows subsystem variant of gpgconf (gpgconf-w32). |
|
|
|
Changes also found in 2.2.23: |
|
|
|
* gpg: Fix a possible segv in the key cleaning code. |
|
|
|
* gpgsm: Fix a minor RFC2253 parser bug. [#5037] |
|
|
|
* scdaemon: Fix a PIN verify failure on certain OpenPGP card |
|
implementations. Regression in 2.2.22. [#5039] |
|
|
|
Changes also found in 2.2.22: |
|
|
|
* gpg: Change the default key algorithm to rsa3072. |
|
|
|
* gpg: Add regular expression support for Trust Signatures on all |
|
platforms. [#4843] |
|
|
|
* gpg: Fix regression in 2.2.21 with non-default --passphrase-repeat |
|
option. [#4991] |
|
|
|
* gpg: Ignore --personal-digest-prefs for ECDSA keys. [#5021] |
|
|
|
* gpgsm: Make rsaPSS a de-vs compliant scheme. |
|
|
|
* gpgsm: Show also the SHA256 fingerprint in key listings. |
|
|
|
* gpgsm: Do not require a default keyring for --gpgconf-list. [#4867] |
|
|
|
* gpg-agent: Default to extended key format and record the creation |
|
time of keys. Add new option --disable-extended-key-format. |
|
|
|
* gpg-agent: Support the WAYLAND_DISPLAY envvar. [#5016] |
|
|
|
* gpg-agent: Allow using --gpgconf-list even if HOME does not |
|
exist. [#4866] |
|
|
|
* gpg-agent: Make the Pinentry work even if the envvar TERM is set |
|
to the empty string. [#4137] |
|
|
|
* scdaemon: Add a workaround for Gnuk tokens <= 2.15 which wrongly |
|
incremented the error counter when using the "verify" command of |
|
"gpg --edit-key" with only the signature key being present. |
|
|
|
* dirmngr: Better handle systems with disabled IPv6. [#4977] |
|
|
|
* gpgpslit: Install tool. It was not installed in the past to avoid |
|
conflicts with the version installed by GnuPG 1.4. [#5023] |
|
|
|
* gpgtar: Handle Unicode file names on Windows correctly. [#4083] |
|
|
|
* gpgtar: Make --files-from and --null work as documented. [#5027] |
|
|
|
* Build the Windows installer with the new Ntbtls 0.2.0 so that TLS |
|
connections succeed for servers demanding GCM. |
|
|
|
Changes also found in 2.2.21: |
|
|
|
* gpg: Add option --no-include-key-block. [#4856] |
|
|
|
* gpg: Allow for extra padding in ECDH. [#4908] |
|
|
|
* gpg: Only a single pinentry is shown for symmetric encryption if |
|
the pinentry supports this. [#4971] |
|
|
|
* gpg: Print a note if no keys are given to --delete-key. [#4959] |
|
|
|
* gpg,gpgsm: The ridiculous passphrase quality bar is not anymore |
|
shown. [#2103] |
|
|
|
* gpgsm: Certificates without a CRL distribution point are now |
|
considered valid without looking up a CRL. The new option |
|
--enable-issuer-based-crl-check can be used to revert to the |
|
former behaviour. |
|
|
|
* gpgsm: Support rsaPSS signature verification. [#4538] |
|
|
|
* gpgsm: Unless CRL checking is disabled lookup a missing issuer |
|
certificate using the certificate's authorityInfoAccess. [#4898] |
|
|
|
* gpgsm: Print the certificate's serial number also in decimal |
|
notation. |
|
|
|
* gpgsm: Fix possible NULL-deref in messages of --gen-key. [#4895] |
|
|
|
* scd: Support the CardOS 5 based D-Trust Card 3.1. |
|
|
|
* dirmngr: Allow http URLs with "LOOKUP --url". |
|
|
|
* wkd: Take name of sendmail from configure. Fixes an OpenBSD |
|
specific bug. [#4886] |
|
|
|
* Support a command history file in gpg-card and gpg-connect-agent. |
|
|
|
Changes also found in 2.2.20: |
|
|
|
* In constrast to 2.2 no explicit protection against overflow of the |
|
error counter is needed because libgpg-error takes care of this. |
|
|
|
* gpg: Make really sure that --verify-files always returns an error. |
|
|
|
* gpg: Fix key listing --with-secret if a pattern is given. [#4061] |
|
|
|
* gpg: Fix detection of certain keys used as default-key. [#4810] |
|
|
|
* gpg: Fix default-key selection when a card is available. [#4850] |
|
|
|
* gpg: Fix key expiration and key usage for keys created with a |
|
creation date of zero. [4670] |
|
|
|
* gpgsm: Fix import of some CR,LF terminated certificates. [#4847] |
|
|
|
* gpg: New options --include-key-block and --auto-key-import to |
|
allow encrypted replies after an initial signed message. [#4856] |
|
|
|
* gpg: Allow the use of a fingerprint with --trusted-key. [#4855] |
|
|
|
* gpg: New property "fpr" for use by --export-filter. |
|
|
|
* scdaemon: Disable the pinpad if a KDF DO is used. [#4832] |
|
|
|
* dirmngr: Improve finding OCSP certificates. [#4536] |
|
|
|
* Avoid build problems with LTO or gcc-10. [#4831] |
|
|
|
Changes also found in 2.2.19: |
|
|
|
* gpg: Only in 2.2.19; not requird in master: Fix double free when |
|
decrypting for hidden recipients. Regression in 2.2.18. [#4762]. |
|
|
|
* gpg: Use auto-key-locate for encryption even for mail addresses |
|
given with angle brackets. [#4726] |
|
|
|
* gpgsm: Add special case for certain expired intermediate |
|
certificates. [#4696] |
|
|
|
Changes also found in 2.2.18: |
|
|
|
* gpg: Changed the way keys are detected on a smartcards; this |
|
allows the use of non-OpenPGP cards. In the case of a not very |
|
likely regression the new option --use-only-openpgp-card is |
|
available. [#4681] |
|
|
|
* gpg: The commands --full-gen-key and --quick-gen-key now allow |
|
direct key generation from supported cards. [#4681] |
|
|
|
* gpg: Prepare against chosen-prefix SHA-1 collisions in key |
|
signatures. This change removes all SHA-1 based key signature |
|
from the web-of-trust. Note that this includes all key signature |
|
created with dsa1024 keys. (Version 2.2.18 limits this to key |
|
signatures newer than 2019-01-19.) The new option |
|
--allow-weak-key-signatues can be used to override the new and |
|
safer behaviour. [#4755,CVE-2019-14855] |
|
|
|
* gpg: Improve performance for import of large keyblocks. [#4592] |
|
|
|
* gpg: Implement a keybox compression run. [#4644] |
|
|
|
* gpg: Show warnings from dirmngr about redirect and certificate |
|
problems (details require --verbose as usual). |
|
|
|
* gpg: Allow to pass the empty string for the passphrase if the |
|
'--passphase=' syntax is used. [#4633] |
|
|
|
* gpg: Fix printing of the KDF object attributes. |
|
|
|
* gpg: Avoid surprises with --locate-external-key and certain |
|
--auto-key-locate settings. [#4662] |
|
|
|
* gpg: Improve selection of best matching key. [#4713] |
|
|
|
* gpg: Delete key binding signature when deleting a subkey. |
|
[#4665,#4457] |
|
|
|
* gpg: Fix a potential loss of key signatures during import with |
|
self-sigs-only active. [#4628] |
|
|
|
* gpg: Silence "marked as ultimately trusted" diagnostics if |
|
option --quiet is used. [#4634] |
|
|
|
* gpg: Silence some diagnostics during in key listsing even with |
|
option --verbose. [#4627] |
|
|
|
* gpg, gpgsm: Change parsing of agent's pkdecrypt results. [#4652] |
|
|
|
* gpgsm: Support AES-256 keys. |
|
|
|
* gpgsm: Fix a bug in triggering a keybox compression run if |
|
--faked-system-time is used. |
|
|
|
* dirmngr: System CA certificates are no longer used for the SKS |
|
pool if GNUTLS instead of NTBTLS is used as TLS library. [#4594] |
|
|
|
* dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces |
|
to avoid long timeouts. [#4165] |
|
|
|
* scd: Fix BWI value for APDU level transfers to make Gemalto Ezio |
|
Shield and Trustica Cryptoucan work. [#4654,#4566] |
|
|
|
* wkd: gpg-wks-client --install-key now installs the required policy |
|
file. |
|
|
|
Changes also found in 2.2.17: |
|
|
|
* gpg: Ignore all key-signatures received from keyservers. This |
|
change is required to mitigate a DoS due to keys flooded with |
|
faked key-signatures. The old behaviour can be achieved by adding |
|
keyserver-options no-self-sigs-only,no-import-clean |
|
to your gpg.conf. [#4607] |
|
|
|
* gpg: If an imported keyblocks is too large to be stored in the |
|
keybox (pubring.kbx) do not error out but fallback to an import |
|
using the options "self-sigs-only,import-clean". [#4591] |
|
|
|
* gpg: New command --locate-external-key which can be used to |
|
refresh keys from the Web Key Directory or via other methods |
|
configured with --auto-key-locate. |
|
|
|
* gpg: New import option "self-sigs-only". |
|
|
|
* gpg: In --auto-key-retrieve prefer WKD over keyservers. [#4595] |
|
|
|
* dirmngr: Support the "openpgpkey" subdomain feature from |
|
draft-koch-openpgp-webkey-service-07. [#4590]. |
|
|
|
* dirmngr: Add an exception for the "openpgpkey" subdomain to the |
|
CSRF protection. [#4603] |
|
|
|
* dirmngr: Fix endless loop due to http errors 503 and 504. [#4600] |
|
|
|
* dirmngr: Fix TLS bug during redirection of HKP requests. [#4566] |
|
|
|
* gpgconf: Fix a race condition when killing components. [#4577] |
|
|
|
Changes also found in 2.2.16: |
|
|
|
* gpg,gpgsm: Fix deadlock on Windows due to a keybox sharing |
|
violation. [#4505] |
|
|
|
* gpg: Allow deletion of subkeys with --delete-key. This finally |
|
makes the bang-suffix work as expected for that command. [#4457] |
|
|
|
* gpg: Replace SHA-1 by SHA-256 in self-signatures when updating |
|
them with --quick-set-expire or --quick-set-primary-uid. [#4508] |
|
|
|
* gpg: Improve the photo image viewer selection. [#4334] |
|
|
|
* gpg: Fix decryption with --use-embedded-filename. [#4500] |
|
|
|
* gpg: Remove hints on using the --keyserver option. [#4512] |
|
|
|
* gpg: Fix export of certain secret keys with comments. [#4490] |
|
|
|
* gpg: Reject too long user-ids in --quick-gen-key. [#4532] |
|
|
|
* gpg: Fix a double free in the best key selection code. [#4462] |
|
|
|
* gpg: Fix the key generation dialog for switching back from EdDSA |
|
to ECDSA. |
|
|
|
* gpg: Use AES-192 with SHA-384 to comply with RFC-6637. |
|
|
|
* gpg: Use only the addrspec from the Signer's UID subpacket to |
|
mitigate a problem with another implementation. |
|
|
|
* gpg: Skip invalid packets during a keyring listing and sync |
|
diagnostics with the output. |
|
|
|
* gpgsm: Avoid confusing diagnostic when signing with the default |
|
key. [#4535] |
|
|
|
* agent: Do not delete any secret key in --dry-run mode. |
|
|
|
* agent: Fix failures on 64 bit big-endian boxes related to URIs in |
|
a keyfile. [#4501] |
|
|
|
* agent: Stop scdaemon after a reload with disable-scdaemon newly |
|
configured. [#4326] |
|
|
|
* dirmngr: Improve caching algorithm for WKD domains. |
|
|
|
* dirmngr: Support other hash algorithms than SHA-1 for OCSP. [#3966] |
|
|
|
* gpgconf: Make --homedir work for --launch. [#4496] |
|
|
|
* gpgconf: Before --launch check for a valid config file. [#4497] |
|
|
|
* wkd: Do not import more than 5 keys from one WKD address. |
|
|
|
* wkd: Accept keys which are stored in armored format in the |
|
directory. |
|
|
|
* The installer for Windows now comes with signed binaries. |
|
|
|
Changes also found in 2.2.15: |
|
|
|
* sm: Fix --logger-fd and --status-fd on Windows for non-standard |
|
file descriptors. |
|
|
|
* sm: Allow decryption even if expired keys are configured. [#4431] |
|
|
|
* agent: Change command KEYINFO to print ssh fingerprints with other |
|
hash algos. |
|
|
|
* dirmngr: Fix build problems on Solaris due to the use of reserved |
|
symbol names. [#4420] |
|
|
|
* wkd: New commands --print-wkd-hash and --print-wkd-url for |
|
gpg-wks-client. |
|
|
|
Changes also found in 2.2.14: |
|
|
|
* gpg: Allow import of PGP desktop exported secret keys. Also avoid |
|
importing secret keys if the secret keyblock is not valid. [#4392] |
|
|
|
* gpg: Make invalid primary key algo obvious in key listings. |
|
|
|
* sm: Do not mark a certificate in a key listing as de-vs compliant |
|
if its use for a signature will not be possible. |
|
|
|
* sm: Fix certificate creation with key on card. |
|
|
|
* sm: Create rsa3072 bit certificates by default. |
|
|
|
* sm: Print Yubikey attestation extensions with --dump-cert. |
|
|
|
* agent: Fix cancellation handling for scdaemon. |
|
|
|
* agent: Support --mode=ssh option for CLEAR_PASSPHRASE. [#4340] |
|
|
|
* scd: Fix flushing of the CA-FPR DOs in app-openpgp. |
|
|
|
* scd: Avoid a conflict error with the "undefined" app. |
|
|
|
* dirmngr: Add CSRF protection exception for protonmail. |
|
|
|
* dirmngr: Fix build problems with gcc 9 in libdns. |
|
|
|
* gpgconf: New option --show-socket for use with --launch. |
|
|
|
* gpgtar: Make option -C work for archive creation. |
|
|
|
Changes also found in 2.2.13: |
|
|
|
* gpg: Implement key lookup via keygrip (using the & prefix). |
|
|
|
* gpg: Allow generating Ed25519 key from existing key. |
|
|
|
* gpg: Emit an ERROR status line if no key was found with -k. |
|
|
|
* gpg: Stop early when trying to create a primary Elgamal key. [#4329] |
|
|
|
* gpgsm: Print the card's key algorithms along with their keygrips |
|
in interactive key generation. |
|
|
|
* agent: Clear bogus pinentry cache in the error case. [#4348] |
|
|
|
* scd: Support "acknowledge button" feature. |
|
|
|
* scd: Fix for USB INTERRUPT transfer. [#4308] |
|
|
|
* wks: Do no use compression for the the encrypted challenge and |
|
response. |
|
|
|
Changes also found in 2.2.12: |
|
|
|
* tools: New commands --install-key and --remove-key for |
|
gpg-wks-client. This allows to prepare a Web Key Directory on a |
|
local file system for later upload to a web server. |
|
|
|
* gpg: New --list-option "show-only-fpr-mbox". This makes the use |
|
of the new gpg-wks-client --install-key command easier on Windows. |
|
|
|
* gpg: Improve processing speed when --skip-verify is used. |
|
|
|
* gpg: Fix a bug where a LF was accidentally written to the console. |
|
|
|
* gpg: --card-status now shows whether a card has the new KDF |
|
feature enabled. |
|
|
|
* agent: New runtime option --s2k-calibration=MSEC. New configure |
|
option --with-agent-s2k-calibration=MSEC. [#3399] |
|
|
|
* dirmngr: Try another keyserver from the pool on receiving a 502, |
|
503, or 504 error. [#4175] |
|
|
|
* dirmngr: Avoid possible CSRF attacks via http redirects. A HTTP |
|
query will not anymore follow a 3xx redirect unless the Location |
|
header gives the same host. If the host is different only the |
|
host and port is taken from the Location header and the original |
|
path and query parts are kept. |
|
|
|
* dirmngr: New command FLUSHCRL to flush all CRLS from disk and |
|
memory. [#3967] |
|
|
|
* New simplified Chinese translation (zh_CN). |
|
|
|
Changes also found in 2.2.11: |
|
|
|
* gpgsm: Fix CRL loading when intermediate certificates are not yet |
|
trusted. |
|
|
|
* gpgsm: Fix an error message about the digest algo. [#4219] |
|
|
|
* gpg: Fix a wrong warning due to new sign usage check introduced |
|
with 2.2.9. [#4014] |
|
|
|
* gpg: Print the "data source" even for an unsuccessful keyserver |
|
query. |
|
|
|
* gpg: Do not store the TOFU trust model in the trustdb. This |
|
allows to enable or disable a TOFO model without triggering a |
|
trustdb rebuild. [#4134] |
|
|
|
* scd: Fix cases of "Bad PIN" after using "forcesig". [#4177] |
|
|
|
* agent: Fix possible hang in the ssh handler. [#4221] |
|
|
|
* dirmngr: Tack the unmodified mail address to a WKD request. See |
|
commit a2bd4a64e5b057f291a60a9499f881dd47745e2f for details. |
|
|
|
* dirmngr: Tweak diagnostic about missing LDAP server file. |
|
|
|
* dirmngr: In verbose mode print the OCSP responder id. |
|
|
|
* dirmngr: Fix parsing of the LDAP port. [#4230] |
|
|
|
* wks: Add option --directory/-C to the server. Always build the |
|
server on Unix systems. |
|
|
|
* wks: Add option --with-colons to the client. Support sites which |
|
use the policy file instead of the submission-address file. |
|
|
|
* Fix EBADF when gpg et al. are called by broken CGI scripts. |
|
|
|
* Fix some minor memory leaks and bugs. |
|
|
|
Changes also found in 2.2.10: |
|
|
|
* gpg: Refresh expired keys originating from the WKD. [#2917] |
|
|
|
* gpg: Use a 256 KiB limit for a WKD imported key. |
|
|
|
* gpg: New option --known-notation. [#4060] |
|
|
|
* scd: Add support for the Trustica Cryptoucan reader. |
|
|
|
* agent: Speed up starting during on-demand launching. [#3490] |
|
|
|
* dirmngr: Validate SRV records in WKD queries. |
|
|
|
Changes also found in 2.2.9: |
|
|
|
* dirmngr: Fix recursive resolver mode and other bugs in the libdns |
|
code. [#3374,#3803,#3610] |
|
|
|
* dirmngr: When using libgpg-error 1.32 or later a GnuPG build with |
|
NTBTLS support (e.g. the standard Windows installer) does not |
|
anymore block for dozens of seconds before returning data. |
|
|
|
* gpg: Fix bug in --show-keys which actually imported revocation |
|
certificates. [#4017] |
|
|
|
* gpg: Ignore too long user-ID and comment packets. [#4022] |
|
|
|
* gpg: Fix crash due to bad German translation. Improved printf |
|
format compile time check. |
|
|
|
* gpg: Handle missing ISSUER sub packet gracefully in the presence of |
|
the new ISSUER_FPR. [#4046] |
|
|
|
* gpg: Allow decryption using several passphrases in most cases. |
|
[#3795,#4050] |
|
|
|
* gpg: Command --show-keys now enables the list options |
|
show-unusable-uids, show-unusable-subkeys, show-notations and |
|
show-policy-urls by default. |
|
|
|
* gpg: Command --show-keys now prints revocation certificates. [#4018] |
|
|
|
* gpg: Add revocation reason to the "rev" and "rvs" records of the |
|
option --with-colons. [#1173] |
|
|
|
* gpg: Export option export-clean does now remove certain expired |
|
subkeys; export-minimal removes all expired subkeys. [#3622] |
|
|
|
* gpg: New "usage" property for the drop-subkey filters. [#4019] |
|
|
|
Changes also found in 2.2.8: |
|
|
|
* gpg: Decryption of messages not using the MDC mode will now lead |
|
to a hard failure even if a legacy cipher algorithm was used. The |
|
option --ignore-mdc-error can be used to turn this failure into a |
|
warning. Take care: Never use that option unconditionally or |
|
without a prior warning. |
|
|
|
* gpg: The MDC encryption mode is now always used regardless of the |
|
cipher algorithm or any preferences. For testing --rfc2440 can be |
|
used to create a message without an MDC. |
|
|
|
* gpg: Sanitize the diagnostic output of the original file name in |
|
verbose mode. [#4012,CVE-2018-12020] |
|
|
|
* gpg: Detect suspicious multiple plaintext packets in a more |
|
reliable way. [#4000] |
|
|
|
* gpg: Fix the duplicate key signature detection code. [#3994] |
|
|
|
* gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc, |
|
--disable-mdc and --no-disable-mdc have no more effect. |
|
|
|
* gpg: New command --show-keys. |
|
|
|
* agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the |
|
list of startup environment variables. [#3947] |
|
|
|
Changes also found in 2.2.7: |
|
|
|
* gpg: New option --no-symkey-cache to disable the passphrase cache |
|
for symmetrical en- and decryption. |
|
|
|
* gpg: The ERRSIG status now prints the fingerprint if that is part |
|
of the signature. |
|
|
|
* gpg: Relax emitting of FAILURE status lines |
|
|
|
* gpg: Add a status flag to "sig" lines printed with --list-sigs. |
|
|
|
* gpg: Fix "Too many open files" when using --multifile. [#3951] |
|
|
|
* ssh: Return an error for unknown ssh-agent flags. [#3880] |
|
|
|
* dirmngr: Fix a regression since 2.1.16 which caused corrupted CRL |
|
caches under Windows. [#2448,#3923] |
|
|
|
* dirmngr: Fix a CNAME problem with pools and TLS. Also use a fixed |
|
mapping of keys.gnupg.net to sks-keyservers.net. [#3755] |
|
|
|
* dirmngr: Try resurrecting dead hosts earlier (from 3 to 1.5 hours). |
|
|
|
* dirmngr: Fallback to CRL if no default OCSP responder is configured. |
|
|
|
* dirmngr: Implement CRL fetching via https. Here a redirection to |
|
http is explicitly allowed. |
|
|
|
* dirmngr: Make LDAP searching and CRL fetching work under Windows. |
|
This stopped working with 2.1. [#3937] |
|
|
|
* agent,dirmngr: New sub-command "getenv" for "getinfo" to ease |
|
debugging. |
|
|
|
Changes also found in 2.2.6: |
|
|
|
* gpg,gpgsm: New option --request-origin to pretend requests coming |
|
from a browser or a remote site. |
|
|
|
* gpg: Fix race condition on trustdb.gpg updates due to too early |
|
released lock. [#3839] |
|
|
|
* gpg: Emit FAILURE status lines in almost all cases. [#3872] |
|
|
|
* gpg: Implement --dry-run for --passwd to make checking a key's |
|
passphrase straightforward. |
|
|
|
* gpg: Make sure to only accept a certification capable key for key |
|
signatures. [#3844] |
|
|
|
* gpg: Better user interaction in --card-edit for the factory-reset |
|
sub-command. |
|
|
|
* gpg: Improve changing key attributes in --card-edit by adding an |
|
explicit "key-attr" sub-command. [#3781] |
|
|
|
* gpg: Print the keygrips in the --card-status. |
|
|
|
* scd: Support KDF DO setup. [#3823] |
|
|
|
* scd: Fix some issues with PC/SC on Windows. [#3825] |
|
|
|
* scd: Fix suspend/resume handling in the CCID driver. |
|
|
|
* agent: Evict cached passphrases also via a timer. [#3829] |
|
|
|
* agent: Use separate passphrase caches depending on the request |
|
origin. [#3858] |
|
|
|
* ssh: Support signature flags. [#3880] |
|
|
|
* dirmngr: Handle failures related to missing IPv6 support |
|
gracefully. [#3331] |
|
|
|
* Fix corner cases related to specified home directory with |
|
drive letter on Windows. [#3720] |
|
|
|
* Allow the use of UNC directory names as homedir. [#3818] |
|
|
|
Changes also found in 2.2.5: |
|
|
|
* gpg: Allow the use of the "cv25519" and "ed25519" short names in |
|
addition to the canonical curve names in --batch --gen-key. |
|
|
|
* gpg: Make sure to print all secret keys with option --list-only |
|
and --decrypt. [#3718] |
|
|
|
* gpg: Fix the use of future-default with --quick-add-key for |
|
signing keys. [#3747] |
|
|
|
* gpg: Select a secret key by checking availability under gpg-agent. |
|
[#1967] |
|
|
|
* gpg: Fix reversed prompt texts for --only-sign-text-ids. [#3787] |
|
|
|
* gpg,gpgsm: Fix detection of bogus keybox blobs on 32 bit systems. |
|
[#3770] |
|
|
|
* gpgsm: Fix regression since 2.1 in --export-secret-key-raw which |
|
got $d mod (q-1)$ wrong. Note that most tools automatically fixup |
|
that parameter anyway. |
|
|
|
* ssh: Fix a regression in getting the client'd PID on *BSD and |
|
macOS. |
|
|
|
* scd: Support the KDF Data Object of the OpenPGP card 3.3. [#3152] |
|
|
|
* scd: Fix a regression in the internal CCID driver for certain card |
|
readers. [#3508] |
|
|
|
* scd: Fix a problem on NetBSD killing scdaemon on gpg-agent |
|
shutdown. [#3778] |
|
|
|
* dirmngr: Improve returned error description on failure of DNS |
|
resolving. [#3756] |
|
|
|
* wks: Implement command --install-key for gpg-wks-server. |
|
|
|
* Add option STATIC=1 to the Speedo build system to allow a build |
|
with statically linked versions of the core GnuPG libraries. Also |
|
use --enable-wks-tools by default by Speedo builds for Unix. |
|
|
|
Changes also found in 2.2.4: |
|
|
|
* gpg: Change default preferences to prefer SHA512. |
|
|
|
* gpg: Print a warning when more than 150 MiB are encrypted using a |
|
cipher with 64 bit block size. |
|
|
|
* gpg: Print a warning if the MDC feature has not been used for a |
|
message. |
|
|
|
* gpg: Fix regular expression of domain addresses in trust |
|
signatures. [#2923] |
|
|
|
* agent: New option --auto-expand-secmem to help with high numbers |
|
of concurrent connections. Requires libgcrypt 1.8.2 for having |
|
an effect. [#3530] |
|
|
|
* dirmngr: Cache responses of WKD queries. |
|
|
|
* gpgconf: Add option --status-fd. |
|
|
|
* wks: Add commands --check and --remove-key to gpg-wks-server. |
|
|
|
* Increase the backlog parameter of the daemons to 64 and add |
|
option --listen-backlog. |
|
|
|
* New configure option --enable-run-gnupg-user-socket to first try a |
|
socket directory which is not removed by systemd at session end. |
|
|
|
Changes also found in 2.2.3: |
|
|
|
* gpgsm: Fix initial keybox creation on Windows. [#3507] |
|
|
|
* dirmngr: Fix crash in case of a CRL loading error. [#3510] |
|
|
|
* Fix the name of the Windows registry key. [Git#4f5afaf1fd] |
|
|
|
* gpgtar: Fix wrong behaviour of --set-filename. [#3500] |
|
|
|
* gpg: Silence AKL retrieval messages. [#3504] |
|
|
|
* agent: Use clock or clock_gettime for calibration. [#3056] |
|
|
|
* agent: Improve robustness of the shutdown pending |
|
state. [Git#7ffedfab89] |
|
|
|
Changes also found in 2.2.2: |
|
|
|
* gpg: Avoid duplicate key imports by concurrently running gpg |
|
processes. [#3446] |
|
|
|
* gpg: Fix creating on-disk subkey with on-card primary key. [#3280] |
|
|
|
* gpg: Fix validity retrieval for multiple keyrings. [Debian#878812] |
|
|
|
* gpg: Fix --dry-run and import option show-only for secret keys. |
|
|
|
* gpg: Print "sec" or "sbb" for secret keys with import option |
|
import-show. [#3431] |
|
|
|
* gpg: Make import less verbose. [#3397] |
|
|
|
* gpg: Add alias "Key-Grip" for parameter "Keygrip" and new |
|
parameter "Subkey-Grip" to unattended key generation. [#3478] |
|
|
|
* gpg: Improve "factory-reset" command for OpenPGP cards. [#3286] |
|
|
|
* gpg: Ease switching Gnuk tokens into ECC mode by using the magic |
|
keysize value 25519. |
|
|
|
* gpgsm: Fix --with-colon listing in crt records for fields > 12. |
|
|
|
* gpgsm: Do not expect X.509 keyids to be unique. [#1644] |
|
|
|
* agent: Fix stuck Pinentry when using --max-passphrase-days. [#3190] |
|
|
|
* agent: New option --s2k-count. [#3276 (workaround)] |
|
|
|
* dirmngr: Do not follow https-to-http redirects. [#3436] |
|
|
|
* dirmngr: Reduce default LDAP timeout from 100 to 15 seconds. [#3487] |
|
|
|
* gpgconf: Ignore non-installed components for commands |
|
--apply-profile and --apply-defaults. [#3313] |
|
|
|
* Add configure option --enable-werror. [#2423] |
|
|
|
Changes also found in 2.2.1: |
|
|
|
* gpg: Fix formatting of the user id in batch mode key generation |
|
if only "name-email" is given. |
|
|
|
* gpgv: Fix annoying "not suitable for" warnings. |
|
|
|
* wks: Convey only the newest user id to the provider. This is the |
|
case if different names are used with the same addr-spec. |
|
|
|
* wks: Create a complying user id for provider policy mailbox-only. |
|
|
|
* wks: Add workaround for posteo.de. |
|
|
|
* scd: Fix the use of large ECC keys with an OpenPGP card. |
|
|
|
* dirmngr: Use system provided root certificates if no specific HKP |
|
certificates are configured. If build with GNUTLS, this was |
|
already the case. |
|
|
|
Release-info: https://dev.gnupg.org/T5343 |
|
See-also: gnupg-announce/2021q2/000458.html |
|
|
|
|
|
Release dates of 2.2 versions |
|
----------------------------- |
|
|
|
Version 2.2.34 (2022-02-07) https://dev.gnupg.org/T5703 |
|
Version 2.2.33 (2021-11-23) https://dev.gnupg.org/T5641 |
|
Version 2.2.32 (2021-10-06) https://dev.gnupg.org/T5601 |
|
Version 2.2.31 (2021-09-15) https://dev.gnupg.org/T5571 |
|
Version 2.2.30 (2021-08-26) https://dev.gnupg.org/T5519 |
|
Version 2.2.29 (2021-07-04) https://dev.gnupg.org/T5498 |
|
Version 2.2.28 (2021-06-10) https://dev.gnupg.org/T5482 |
|
Version 2.2.27 (2021-01-11) https://dev.gnupg.org/T5234 |
|
Version 2.2.26 (2020-12-21) https://dev.gnupg.org/T5153 |
|
Version 2.2.25 (2020-11-23) https://dev.gnupg.org/T5140 |
|
Version 2.2.24 (2020-11-17) https://dev.gnupg.org/T5052 |
|
Version 2.2.23 (2020-09-03) https://dev.gnupg.org/T5045 |
|
Version 2.2.22 (2020-08-27) https://dev.gnupg.org/T5030 |
|
Version 2.2.21 (2020-07-09) https://dev.gnupg.org/T4897 |
|
Version 2.2.20 (2020-03-20) https://dev.gnupg.org/T4860 |
|
Version 2.2.19 (2019-12-07) https://dev.gnupg.org/T4768 |
|
Version 2.2.18 (2019-11-25) https://dev.gnupg.org/T4684 |
|
Version 2.2.17 (2019-07-09) https://dev.gnupg.org/T4606 |
|
Version 2.2.16 (2019-05-28) https://dev.gnupg.org/T4509 |
|
Version 2.2.15 (2019-03-26) https://dev.gnupg.org/T4434 |
|
Version 2.2.14 (2019-03-19) https://dev.gnupg.org/T4412 |
|
Version 2.2.13 (2019-02-12) https://dev.gnupg.org/T4290 |
|
Version 2.2.12 (2018-12-14) https://dev.gnupg.org/T4289 |
|
Version 2.2.11 (2018-11-06) https://dev.gnupg.org/T4233 |
|
Version 2.2.10 (2018-08-30) https://dev.gnupg.org/T4112 |
|
Version 2.2.9 (2018-07-12) https://dev.gnupg.org/T4036 |
|
Version 2.2.8 (2018-06-08) |
|
Version 2.2.7 (2018-05-02) |
|
Version 2.2.6 (2018-04-09) |
|
Version 2.2.5 (2018-02-22) |
|
Version 2.2.4 (2017-12-20) |
|
Version 2.2.3 (2017-11-20) |
|
Version 2.2.2 (2017-11-07) |
|
Version 2.2.1 (2017-09-19) |
|
|
|
|
|
Noteworthy changes in version 2.2.0 (2017-08-28) |
|
------------------------------------------------ |
|
|
|
This is the new long term stable branch. This branch will only see |
|
bug fixes and no new features. |
|
|
|
* gpg: Reverted change in 2.1.23 so that --no-auto-key-retrieve is |
|
again the default. |
|
|
|
* Fixed a few minor bugs. |
|
|
|
See-also: gnupg-announce/2017q3/000413.html |
|
|
|
|
|
Noteworthy changes in version 2.1.23 (2017-08-09) |
|
------------------------------------------------- |
|
|
|
* gpg: "gpg" is now installed as "gpg" and not anymore as "gpg2". |
|
If needed, the new configure option --enable-gpg-is-gpg2 can be |
|
used to revert this. |
|
|
|
* gpg: Options --auto-key-retrieve and --auto-key-locate "local,wkd" |
|
are now used by default. Note: this enables keyserver and Web Key |
|
Directory operators to notice when a signature from a locally |
|
non-available key is being verified for the first time or when |
|
you intend to encrypt to a mail address without having the key |
|
locally. This new behaviour will eventually make key discovery |
|
much easier and mostly automatic. Disable this by adding |
|
no-auto-key-retrieve |
|
auto-key-locate local |
|
to your gpg.conf. |
|
|
|
* agent: Option --no-grab is now the default. The new option --grab |
|
allows to revert this. |
|
|
|
* gpg: New import option "show-only". |
|
|
|
* gpg: New option --disable-dirmngr to entirely disable network |
|
access for gpg. |
|
|
|
* gpg,gpgsm: Tweaked DE-VS compliance behaviour. |
|
|
|
* New configure flag --enable-all-tests to run more extensive tests |
|
during "make check". |
|
|
|
* gpgsm: The keygrip is now always printed in colon mode as |
|
documented in the man page. |
|
|
|
* Fixed connection timeout problem under Windows. |
|
|
|
See-also: gnupg-announce/2017q3/000412.html |
|
|
|
|
|
Noteworthy changes in version 2.1.22 (2017-07-28) |
|
------------------------------------------------- |
|
|
|
* gpg: Extend command --quick-set-expire to allow for setting the |
|
expiration time of subkeys. |
|
|
|
* gpg: By default try to repair keys during import. New sub-option |
|
no-repair-keys for --import-options. |
|
|
|
* gpg,gpgsm: Improved checking and reporting of DE-VS compliance. |
|
|
|
* gpg: New options --key-origin and --with-key-origin. Store the |
|
time of the last key update from keyservers, WKD, or DANE. |
|
|
|
* agent: New option --ssh-fingerprint-digest. |
|
|
|
* dimngr: Lower timeouts on keyserver connection attempts and made |
|
it configurable. |
|
|
|
* dirmngr: Tor will now automatically be detected and used. The |
|
option --no-use-tor disables Tor detection. |
|
|
|
* dirmngr: Now detects a changed /etc/resolv.conf. |
|
|
|
* agent,dirmngr: Initiate shutdown on removal of the GnuPG home |
|
directory. |
|
|
|
* gpg: Avoid caching passphrase for failed symmetric encryption. |
|
|
|
* agent: Support for unprotected ssh keys. |
|
|
|
* dirmngr: Fixed name resolving on systems using only v6 |
|
nameservers. |
|
|
|
* dirmngr: Allow the use of TLS over http proxies. |
|
|
|
* w32: Change directory of the daemons after startup. |
|
|
|
* wks: New man pages for client and server. |
|
|
|
* Many other bug fixes. |
|
|
|
See-also: gnupg-announce/2017q3/000411.html |
|
|
|
|
|
Noteworthy changes in version 2.1.21 (2017-05-15) |
|
------------------------------------------------- |
|
|
|
* gpg,gpgsm: Fix corruption of old style keyring.gpg files. This |
|
bug was introduced with version 2.1.20. Note that the default |
|
pubring.kbx format was not affected. |
|
|
|
* gpg,dirmngr: Removed the skeleton config file support. The |
|
system's standard methods for providing default configuration |
|
files should be used instead. |
|
|
|
* w32: The Windows installer now allows installation of GnuPG |
|
without Administrator permissions. |
|
|
|
* gpg: Fixed import filter property match bug. |
|
|
|
* scd: Removed Linux support for Cardman 4040 PCMCIA reader. |
|
|
|
* scd: Fixed some corner case bugs in resume/suspend handling. |
|
|
|
* Many minor bug fixes and code cleanup. |
|
|
|
See-also: gnupg-announce/2017q2/000405.html |
|
|
|
|
|
Noteworthy changes in version 2.1.20 (2017-04-03) |
|
------------------------------------------------- |
|
|
|
* gpg: New properties 'expired', 'revoked', and 'disabled' for the |
|
import and export filters. |
|
|
|
* gpg: New command --quick-set-primary-uid. |
|
|
|
* gpg: New compliance field for the --with-colon key listing. |
|
|
|
* gpg: Changed the key parser to generalize the processing of local |
|
meta data packets. |
|
|
|
* gpg: Fixed assertion failure in the TOFU trust model. |
|
|
|
* gpg: Fixed exporting of zero length user ID packets. |
|
|
|
* scd: Improved support for multiple readers. |
|
|
|
* scd: Fixed timeout handling for key generation. |
|
|
|
* agent: New option --enable-extended-key-format. |
|
|
|
* dirmngr: Do not add a keyserver to a new dirmngr.conf. Dirmngr |
|
uses a default keyserver. |
|
|
|
* dimngr: Do not treat TLS warning alerts as severe error when |
|
building with GNUTLS. |
|
|
|
* dirmngr: Actually take /etc/hosts in account. |
|
|
|
* wks: Fixed client problems on Windows. Published keys are now set |
|
to world-readable. |
|
|
|
* tests: Fixed creation of temporary directories. |
|
|
|
* A socket directory for a non standard GNUGHOME is now created on |
|
the fly under /run/user. Thus "gpgconf --create-socketdir" is now |
|
optional. The use of "gpgconf --remove-socketdir" to clean up |
|
obsolete socket directories is however recommended to avoid |
|
cluttering /run/user with useless directories. |
|
|
|
* Fixed build problems on some platforms. |
|
|
|
See-also: gnupg-announce/2017q2/000404.html |
|
|
|
|
|
Noteworthy changes in version 2.1.19 (2017-03-01) |
|
------------------------------------------------- |
|
|
|
* gpg: Print a warning if Tor mode is requested but the Tor daemon |
|
is not running. |
|
|
|
* gpg: New status code DECRYPTION_KEY to print the actual private |
|
key used for decryption. |
|
|
|
* gpgv: New options --log-file and --debug. |
|
|
|
* gpg-agent: Revamp the prompts to ask for card PINs. |
|
|
|
* scd: Support for multiple card readers. |
|
|
|
* scd: Removed option --debug-disable-ticker. Ticker is used |
|
only when it is required to watch removal of device/card. |
|
|
|
* scd: Improved detection of card inserting and removal. |
|
|
|
* dirmngr: New option --disable-ipv4. |
|
|
|
* dirmngr: New option --no-use-tor to explicitly disable the use of |
|
Tor. |
|
|
|
* dirmngr: The option --allow-version-check is now required even if |
|
the option --use-tor is also used. |
|
|
|
* dirmngr: Handle a missing nsswitch.conf gracefully. |
|
|
|
* dirmngr: Avoid PTR lookups for keyserver pools. The are only done |
|
for the debug command "keyserver --hosttable". |
|
|
|
* dirmngr: Rework the internal certificate cache to support classes |
|
of certificates. Load system provided certificates on startup. |
|
Add options --tls, --no-crl, and --systrust to the "VALIDATE" |
|
command. |
|
|
|
* dirmngr: Add support for the ntbtls library. |
|
|
|
* wks: Create mails with a "WKS-Phase" header. Fix detection of |
|
Draft-2 mode. |
|
|
|
* The Windows installer is now build with limited TLS support. |
|
|
|
* Many other bug fixes and new regression tests. |
|
|
|
See-also: gnupg-announce/2017q1/000402.html |
|
|
|
|
|
Noteworthy changes in version 2.1.18 (2017-01-23) |
|
------------------------------------------------- |
|
|
|
* gpg: Remove bogus subkey signature while cleaning a key (with |
|
export-clean, import-clean, or --edit-key's sub-command clean) |
|
|
|
* gpg: Allow freezing the clock with --faked-system-time. |
|
|
|
* gpg: New --export-option flag "backup", new --import-option flag |
|
"restore". |
|
|
|
* gpg-agent: Fixed long delay due to a regression in the progress |
|
callback code. |
|
|
|
* scd: Lots of code cleanup and internal changes. |
|
|
|
* scd: Improved the internal CCID driver. |
|
|
|
* dirmngr: Fixed problem with the DNS glue code (removal of the |
|
trailing dot in domain names). |
|
|
|
* dirmngr: Make sure that Tor is actually enabled after changing the |
|
conf file and sending SIGHUP or "gpgconf --reload dirmngr". |
|
|
|
* dirmngr: Fixed Tor access to IPv6 addresses. Note that current |
|
versions of Tor may require that the flag "IPv6Traffic" is used |
|
with the option "SocksPort" in torrc to actually allow IPv6 |
|
traffic. |
|
|
|
* dirmngr: Fixed HKP for literally given IPv6 addresses. |
|
|
|
* dirmngr: Enabled reverse DNS lookups via Tor. |
|
|
|
* dirmngr: Added experimental SRV record lookup for WKD. |
|
See commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10 for details. |
|
|
|
* dirmngr: For HKP use "pgpkey-hkps" and "pgpkey-hkp" in SRV record |
|
lookups. Avoid SRV record lookup when a port is explicitly |
|
specified. This fixes a regression from the 1.4 and 2.0 behavior. |
|
|
|
* dirmngr: Gracefully handle a missing /etc/nsswitch.conf. Ignore |
|
negation terms (e.g. "[!UNAVAIL=return]" instead of bailing out. |
|
|
|
* dirmngr: Better debug output for flags "dns" and "network". |
|
|
|
* dirmngr: On reload mark all known HKP servers alive. |
|
|
|
* gpgconf: Allow keyword "all" for --launch, --kill, and --reload. |
|
|
|
* tools: gpg-wks-client now ignores a missing policy file on the |
|
server. |
|
|
|
* Avoid unnecessary ambiguity error message in the option parsing. |
|
|
|
* Further improvements of the regression test suite. |
|
|
|
* Fixed building with --disable-libdns configure option. |
|
|
|
* Fixed a crash running the tests on 32 bit architectures. |
|
|
|
* Fixed spurious failures on BSD system in the spawn functions. |
|
This affected for example gpg-wks-client and gpgconf. |
|
|
|
See-also: gnupg-announce/2017q1/000401.html |
|
|
|
|
|
Noteworthy changes in version 2.1.17 (2016-12-20) |
|
------------------------------------------------- |
|
|
|
* gpg: By default new keys expire after 2 years. |
|
|
|
* gpg: New command --quick-set-expire to conveniently change the |
|
expiration date of keys. |
|
|
|
* gpg: Option and command names have been changed for easier |
|
comprehension. The old names are still available as aliases. |
|
|
|
* gpg: Improved the TOFU trust model. |
|
|
|
* gpg: New option --default-new-key-algo. |
|
|
|
* scd: Support OpenPGP card V3 for RSA. |
|
|
|
* dirmngr: Support for the ADNS library has been removed. Instead |
|
William Ahern's Libdns is now source included and used on all |
|
platforms. This enables Tor support on all platforms. The new |
|
option --standard-resolver can be used to disable this code at |
|
runtime. In case of build problems the new configure option |
|
--disable-libdns can be used to build without Libdns. |
|
|
|
* dirmngr: Lazily launch ldap reaper thread. |
|
|
|
* tools: New options --check and --status-fd for gpg-wks-client. |
|
|
|
* The UTF-8 byte order mark is now skipped when reading conf files. |
|
|
|
* Fixed many bugs and regressions. |
|
|
|
* Major improvements to the test suite. For example it is possible |
|
to run the external test suite of GPGME. |
|
|
|
See-also: gnupg-announce/2016q4/000400.html |
|
|
|
|
|
Noteworthy changes in version 2.1.16 (2016-11-18) |
|
------------------------------------------------- |
|
|
|
* gpg: New algorithm for selecting the best ranked public key when |
|
using a mail address with -r, -R, or --locate-key. |
|
|
|
* gpg: New option --with-tofu-info to print a new "tfs" record in |
|
colon formatted key listings. |
|
|
|
* gpg: New option --compliance as an alternative way to specify |
|
options like --rfc2440, --rfc4880, et al. |
|
|
|
* gpg: Many changes to the TOFU implementation. |
|
|
|
* gpg: Improve usability of --quick-gen-key. |
|
|
|
* gpg: In --verbose mode print a diagnostic when a pinentry is |
|
launched. |
|
|
|
* gpg: Remove code which warns for old versions of gnome-keyring. |
|
|
|
* gpg: New option --override-session-key-fd. |
|
|
|
* gpg: Option --output does now work with --verify. |
|
|
|
* gpgv: New option --output to allow saving the verified data. |
|
|
|
* gpgv: New option --enable-special-filenames. |
|
|
|
* agent, dirmngr: New --supervised mode for use by systemd and alike. |
|
|
|
* agent: By default listen on all available sockets using standard |
|
names. |
|
|
|
* agent: Invoke scdaemon with --homedir. |
|
|
|
* dirmngr: On Linux now detects the removal of its own socket and |
|
terminates. |
|
|
|
* scd: Support ECC key generation. |
|
|
|
* scd: Support more card readers. |
|
|
|
* dirmngr: New option --allow-version-check to download a software |
|
version database in the background. |
|
|
|
* dirmngr: Use system provided CAs if no --hkp-cacert is given. |
|
|
|
* dirmngr: Use a default keyserver if none is explicitly set |
|
|
|
* gpgconf: New command --query-swdb to check software versions |
|
against an copy of an online database. |
|
|
|
* gpgconf: Print the socket directory with --list-dirs. |
|
|
|
* tools: The WKS tools now support draft version -02. |
|
|
|
* tools: Always build gpg-wks-client and install under libexec. |
|
|
|
* tools: New option --supported for gpg-wks-client. |
|
|
|
* The log-file option now accepts a value "socket://" to log to the |
|
socket named "S.log" in the standard socket directory. |
|
|
|
* Provide fake pinentries for use by tests cases of downstream |
|
developers. |
|
|
|
* Fixed many bugs and regressions. |
|
|
|
* Many changes and improvements for the test suite. |
|
|
|
See-also: gnupg-announce/2016q4/000398.html |
|
|
|
|
|
Noteworthy changes in version 2.1.15 (2016-08-18) |
|
------------------------------------------------- |
|
|
|
* gpg: Remove the --tofu-db-format option and support for the split |
|
TOFU database. |
|
|
|
* gpg: Add option --sender to prepare for coming features. |
|
|
|
* gpg: Add option --input-size-hint to help progress indicators. |
|
|
|
* gpg: Extend the PROGRESS status line with the counted unit. |
|
|
|
* gpg: Avoid publishing the GnuPG version by default with --armor. |
|
|
|
* gpg: Properly ignore legacy keys in the keyring cache. |
|
|
|
* gpg: Always print fingerprint records in --with-colons mode. |
|
|
|
* gpg: Make sure that keygrips are printed for each subkey in |
|
--with-colons mode. |
|
|
|
* gpg: New import filter "drop-sig". |
|
|
|
* gpgsm: Fix a bug in the machine-readable key listing. |
|
|
|
* gpg,gpgsm: Block signals during keyring updates to limits the |
|
effects of a Ctrl-C at the wrong time. |
|
|
|
* g13: Add command --umount and other fixes for dm-crypt. |
|
|
|
* agent: Fix regression in SIGTERM handling. |
|
|
|
* agent: Cleanup of the ssh-agent code. |
|
|
|
* agent: Allow import of overly long keys. |
|
|
|
* scd: Fix problems with card removal. |
|
|
|
* dirmngr: Remove all code for running as a system service. |
|
|
|
* tools: Make gpg-wks-client conforming to the specs. |
|
|
|
* tests: Improve the output of the new regression test tool. |
|
|
|
* tests: Distribute the standalone test runner. |
|
|
|
* tests: Run each test in a clean environment. |
|
|
|
* Spelling and grammar fixes. |
|
|
|
See-also: gnupg-announce/2016q3/000396.html |
|
|
|
|
|
Noteworthy changes in version 2.1.14 (2016-07-14) |
|
------------------------------------------------- |
|
|
|
* gpg: Removed options --print-dane-records and --print-pka-records. |
|
The new export options "export-pka" and "export-dane" can instead |
|
be used with the export command. |
|
|
|
* gpg: New options --import-filter and --export-filter. |
|
|
|
* gpg: New import options "import-show" and "import-export". |
|
|
|
* gpg: New option --no-keyring. |
|
|
|
* gpg: New command --quick-revuid. |
|
|
|
* gpg: New options -f/--recipient-file and -F/--hidden-recipient-file |
|
to directly specify encryption keys. |
|
|
|
* gpg: New option --mimemode to indicate that the content is a MIME |
|
part. Does only enable --textmode right now. |
|
|
|
* gpg: New option --rfc4880bis to allow experiments with proposed |
|
changes to the current OpenPGP specs. |
|
|
|
* gpg: Fix regression in the "fetch" sub-command of --card-edit. |
|
|
|
* gpg: Fix regression since 2.1 in option --try-all-secrets. |
|
|
|
* gpgv: Change default options for extra security. |
|
|
|
* gpgsm: No more root certificates are installed by default. |
|
|
|
* agent: "updatestartuptty" does now affect more environment |
|
variables. |
|
|
|
* scd: The option --homedir does now work with scdaemon. |
|
|
|
* scd: Support some more GEMPlus card readers. |
|
|
|
* gpgtar: Fix handling of '-' as file name. |
|
|
|
* gpgtar: New commands --create and --extract. |
|
|
|
* gpgconf: Tweak for --list-dirs to better support shell scripts. |
|
|
|
* tools: Add programs gpg-wks-client and gpg-wks-server to implement |
|
a Web Key Service. The configure option --enable-wks-tools is |
|
required to build them; they should be considered Beta software. |
|
|
|
* tests: Complete rework of the openpgp part of the test suite. The |
|
test scripts have been changed from Bourne shell scripts to Scheme |
|
programs. A customized scheme interpreter (gpgscm) is included. |
|
This change was triggered by the need to run the test suite on |
|
non-Unix platforms. |
|
|
|
* The rendering of the man pages has been improved. |
|
|
|
See-also: gnupg-announce/2016q3/000393.html |
|
|
|
|
|
Noteworthy changes in version 2.1.13 (2016-06-16) |
|
------------------------------------------------- |
|
|
|
* gpg: New command --quick-addkey. Extend the --quick-gen-key |
|
command. |
|
|
|
* gpg: New --keyid-format "none" which is now also the default. |
|
|
|
* gpg: New option --with-subkey-fingerprint. |
|
|
|
* gpg: Include Signer's UID subpacket in signatures if the secret key |
|
has been specified using a mail address and the new option |
|
--disable-signer-uid is not used. |
|
|
|
* gpg: Allow unattended deletion of a secret key. |
|
|
|
* gpg: Allow export of non-passphrase protected secret keys. |
|
|
|
* gpg: New status lines KEY_CONSIDERED and NOTATION_FLAGS. |
|
|
|
* gpg: Change status line TOFU_STATS_LONG to use '~' as |
|
a non-breaking-space character. |
|
|
|
* gpg: Speedup key listings in Tofu mode. |
|
|
|
* gpg: Make sure that the current and total values of a PROGRESS |
|
status line are small enough. |
|
|
|
* gpgsm: Allow the use of AES192 and SERPENT ciphers. |
|
|
|
* dirmngr: Adjust WKD lookup to current specs. |
|
|
|
* dirmngr: Fallback to LDAP v3 if v2 is is not supported. |
|
|
|
* gpgconf: New commands --create-socketdir and --remove-socketdir, |
|
new option --homedir. |
|
|
|
* If a /run/user/$UID directory exists, that directory is now used |
|
for IPC sockets instead of the GNUPGHOME directory. This fixes |
|
problems with NFS and too long socket names and thus avoids the |
|
need for redirection files. |
|
|
|
* The Speedo build systems now uses the new versions.gnupg.org server |
|
to retrieve the default package versions. |
|
|
|
* Fix detection of libusb on FreeBSD. |
|
|
|
* Speedup fd closing after a fork. |
|
|
|
See-also: gnupg-announce/2016q2/000390.html |
|
|
|
|
|
Noteworthy changes in version 2.1.12 (2016-05-04) |
|
------------------------------------------------- |
|
|
|
* gpg: New --edit-key sub-command "change-usage" for testing |
|
purposes. |
|
|
|
* gpg: Out of order key-signatures are now systematically detected |
|
and fixed by --edit-key. |
|
|
|
* gpg: Improved detection of non-armored messages. |
|
|
|
* gpg: Removed the extra prompt needed to create Curve25519 keys. |
|
|
|
* gpg: Improved user ID selection for --quick-sign-key. |
|
|
|
* gpg: Use the root CAs provided by the system with --fetch-key. |
|
|
|
* gpg: Add support for the experimental Web Key Directory key |
|
location service. |
|
|
|
* gpg: Improve formatting of Tofu messages and emit new Tofu specific |
|
status lines. |
|
|
|
* gpgsm: Add option --pinentry-mode to support a loopback pinentry. |
|
|
|
* gpgsm: A new pubring.kbx is now created with the header blob so |
|
that gpg can detect that the keybox format needs to be used. |
|
|
|
* agent: Add read support for the new private key protection format |
|
openpgp-s2k-ocb-aes. |
|
|
|
* agent: Add read support for the new extended private key format. |
|
|
|
* agent: Default to --allow-loopback-pinentry and add option |
|
--no-allow-loopback-pinentry. |
|
|
|
* scd: Changed to use the new libusb 1.0 API for the internal CCID |
|
driver. |
|
|
|
* dirmngr: The dirmngr-client does now auto-detect the PEM format. |
|
|
|
* g13: Add experimental support for dm-crypt. |
|
|
|
* w32: Tofu support is now available with the Speedo build method. |
|
|
|
* w32: Removed the need for libiconv.dll. |
|
|
|
* The man pages for gpg and gpgv are now installed under the correct |
|
name (gpg2 or gpg - depending on a configure option). |
|
|
|
* Lots of internal cleanups and bug fixes. |
|
|
|
See-also: gnupg-announce/2016q2/000387.html |
|
|
|
|
|
Noteworthy changes in version 2.1.11 (2016-01-26) |
|
------------------------------------------------- |
|
|
|
* gpg: New command --export-ssh-key to replace the gpgkey2ssh tool. |
|
|
|
* gpg: Allow to generate mail address only keys with --gen-key. |
|
|
|
* gpg: "--list-options show-usage" is now the default. |
|
|
|
* gpg: Make lookup of DNS CERT records holding an URL work. |
|
|
|
* gpg: Emit PROGRESS status lines during key generation. |
|
|
|
* gpg: Don't check for ambiguous or non-matching key specification in |
|
the config file or given to --encrypt-to. This feature will return |
|
in 2.3.x. |
|
|
|
* gpg: Lock keybox files while updating them. |
|
|
|
* gpg: Solve rare error on Windows during keyring and Keybox updates. |
|
|
|
* gpg: Fix possible keyring corruption. (bug#2193) |
|
|
|
* gpg: Fix regression of "bkuptocard" sub-command in --edit-key and |
|
remove "checkbkupkey" sub-command introduced with 2.1. (bug#2169) |
|
|
|
* gpg: Fix internal error in gpgv when using default keyid-format. |
|
|
|
* gpg: Fix --auto-key-retrieve to work with dirmngr.conf configured |
|
keyservers. (bug#2147). |
|
|
|
* agent: New option --pinentry-timeout. |
|
|
|
* scd: Improve unplugging of USB readers under Windows. |
|
|
|
* scd: Fix regression for generating RSA keys on card. |
|
|
|
* dirmmgr: All configured keyservers are now searched. |
|
|
|
* dirmngr: Install CA certificate for hkps.pool.sks-keyservers.net. |
|
Use this certificate even if --hkp-cacert is not used. |
|
|
|
* gpgtar: Add actual encryption code. gpgtar does now fully replace |
|
gpg-zip. |
|
|
|
* gpgtar: Fix filename encoding problem on Windows. |
|
|
|
* Print a warning if a GnuPG component is using an older version of |
|
gpg-agent, dirmngr, or scdaemon. |
|
|
|
See-also: gnupg-announce/2016q1/000383.html |
|
|
|
|
|
Noteworthy changes in version 2.1.10 (2015-12-04) |
|
------------------------------------------------- |
|
|
|
* gpg: New trust models "tofu" and "tofu+pgp". |
|
|
|
* gpg: New command --tofu-policy. New options --tofu-default-policy |
|
and --tofu-db-format. |
|
|
|
* gpg: New option --weak-digest to specify hash algorithms which |
|
should be considered weak. |
|
|
|
* gpg: Allow the use of multiple --default-key options; take the last |
|
available key. |
|
|
|
* gpg: New option --encrypt-to-default-key. |
|
|
|
* gpg: New option --unwrap to only strip the encryption layer. |
|
|
|
* gpg: New option --only-sign-text-ids to exclude photo IDs from key |
|
signing. |
|
|
|
* gpg: Check for ambiguous or non-matching key specification in the |
|
config file or given to --encrypt-to. |
|
|
|
* gpg: Show the used card reader with --card-status. |
|
|
|
* gpg: Print export statistics and an EXPORTED status line. |
|
|
|
* gpg: Allow selecting subkeys by keyid in --edit-key. |
|
|
|
* gpg: Allow updating the expiration time of multiple subkeys at |
|
once. |
|
|
|
* dirmngr: New option --use-tor. For full support this requires |
|
libassuan version 2.4.2 and a patched version of libadns |
|
(e.g. adns-1.4-g10-7 as used by the standard Windows installer). |
|
|
|
* dirmngr: New option --nameserver to specify the nameserver used in |
|
Tor mode. |
|
|
|
* dirmngr: Keyservers may again be specified by IP address. |
|
|
|
* dirmngr: Fixed problems in resolving keyserver pools. |
|
|
|
* dirmngr: Fixed handling of premature termination of TLS streams so |
|
that large numbers of keys can be refreshed via hkps. |
|
|
|
* gpg: Fixed a regression in --locate-key [since 2.1.9]. |
|
|
|
* gpg: Fixed another bug for keyrings with legacy keys. |
|
|
|
* gpgsm: Allow combinations of usage flags in --gen-key. |
|
|
|
* Make tilde expansion work with most options. |
|
|
|
* Many other cleanups and bug fixes. |
|
|
|
See-also: gnupg-announce/2015q4/000381.html |
|
|
|
|
|
Noteworthy changes in version 2.1.9 (2015-10-09) |
|
------------------------------------------------ |
|
|
|
* gpg: Allow fetching keys via OpenPGP DANE (--auto-key-locate). New |
|
option --print-dane-records. [Update: --print-dane-records replaced |
|
in 2.1.4.] |
|
|
|
* gpg: Fix for a problem with PGP-2 keys in a keyring. |
|
|
|
* gpg: Fail with an error instead of a warning if a modern cipher |
|
algorithm is used without a MDC. |
|
|
|
* agent: New option --pinentry-invisible-char. |
|
|
|
* agent: Always do a RSA signature verification after creation. |
|
|
|
* agent: Fix a regression in ssh-add-ing Ed25519 keys. |
|
|
|
* agent: Fix ssh fingerprint computation for nistp384 and EdDSA. |
|
|
|
* agent: Fix crash during passphrase entry on some platforms. |
|
|
|
* scd: Change timeout to fix problems with some 2.1 cards. |
|
|
|
* dirmngr: Displayed name is now Key Acquirer. |
|
|
|
* dirmngr: Add option --keyserver. Deprecate that option for gpg. |
|
Install a dirmngr.conf file from a skeleton for new installations. |
|
|
|
See-also: gnupg-announce/2015q4/000380.html |
|
|
|
|
|
Noteworthy changes in version 2.1.8 (2015-09-10) |
|
------------------------------------------------ |
|
|
|
* gpg: Sending very large keys to the keyservers works again. |
|
|
|
* gpg: Validity strings in key listings are now again translatable. |
|
|
|
* gpg: Emit FAILURE status lines to help GPGME. |
|
|
|
* gpg: Does not anymore link to Libksba to reduce dependencies. |
|
|
|
* gpgsm: Export of secret keys via Assuan is now possible. |
|
|
|
* agent: Raise the maximum passphrase length from 100 to 255 bytes. |
|
|
|
* agent: Fix regression using EdDSA keys with ssh. |
|
|
|
* Does not anymore use a build timestamp by default. |
|
|
|
* The fallback encoding for broken locale settings changed |
|
from Latin-1 to UTF-8. |
|
|
|
* Many code cleanups and improved internal documentation. |
|
|
|
* Various minor bug fixes. |
|
|
|
See-also: gnupg-announce/2015q3/000379.html |
|
|
|
|
|
Noteworthy changes in version 2.1.7 (2015-08-11) |
|
------------------------------------------------ |
|
|
|
* gpg: Support encryption with Curve25519 if Libgcrypt 1.7 is used. |
|
|
|
* gpg: In the --edit-key menu: Removed the need for "toggle", changed |
|
how secret keys are indicated, new commands "fpr *" and "grip". |
|
|
|
* gpg: More fixes related to legacy keys in a keyring. |
|
|
|
* gpgv: Does now also work with a "trustedkeys.kbx" file. |
|
|
|
* scd: Support some feature from the OpenPGP card 3.0 specs. |
|
|
|
* scd: Improved ECC support |
|
|
|
* agent: New option --force for the DELETE_KEY command. |
|
|
|
* w32: Look for the Pinentry at more places. |
|
|
|
* Dropped deprecated gpgsm-gencert.sh |
|
|
|
* Various other bug fixes. |
|
|
|
See-also: gnupg-announce/2015q3/000371.html |
|
|
|
|
|
Noteworthy changes in version 2.1.6 (2015-07-01) |
|
------------------------------------------------ |
|
|
|
* agent: New option --verify for the PASSWD command. |
|
|
|
* gpgsm: Add command option "offline" as an alternative to |
|
--disable-dirmngr. |
|
|
|
* gpg: Do not prompt multiple times for a password in pinentry |
|
loopback mode. |
|
|
|
* Allow the use of debug category names with --debug. |
|
|
|
* Using gpg-agent and gpg/gpgsm with different locales will now show |
|
the correct translations in Pinentry. |
|
|
|
* gpg: Improve speed of --list-sigs and --check-sigs. |
|
|
|
* gpg: Make --list-options show-sig-subpackets work again. |
|
|
|
* gpg: Fix an export problem for old keyrings with PGP-2 keys. |
|
|
|
* scd: Support PIN-pads on more readers. |
|
|
|
* dirmngr: Properly cleanup zombie LDAP helper processes and avoid |
|
hangs on dirmngr shutdown. |
|
|
|
* Various other bug fixes. |
|
|
|
See-also: gnupg-announce/2015q3/000370.html |
|
|
|
|
|
Noteworthy changes in version 2.1.5 (2015-06-11) |
|
------------------------------------------------ |
|
|
|
* Support for an external passphrase cache. |
|
|
|
* Support for the forthcoming version 3 OpenPGP smartcard. |
|
|
|
* Manuals now show the actual used file names. |
|
|
|
* Prepared for improved integration with Emacs. |
|
|
|
* Code cleanups and minor bug fixes. |
|
|
|
See-also: gnupg-announce/2015q2/000369.html |
|
|
|
|
|
Noteworthy changes in version 2.1.4 (2015-05-12) |
|
------------------------------------------------ |
|
|
|
* gpg: Add command --quick-adduid to non-interactively add a new user |
|
id to an existing key. |
|
|
|
* gpg: Do no enable honor-keyserver-url by default. Make it work if |
|
enabled. |
|
|
|
* gpg: Display the serial number in the --card-status output again. |
|
|
|
* agent: Support for external password managers. |
|
Add option --no-allow-external-cache. |
|
|
|
* scdaemon: Improved handling of extended APDUs. |
|
|
|
* Make HTTP proxies work again. |
|
|
|
* All network access including DNS as been moved to Dirmngr. |
|
|
|
* Allow building without LDAP support. |
|
|
|
* Fixed lots of smaller bugs. |
|
|
|
See-also: gnupg-announce/2015q2/000366.html |
|
|
|
|
|
Noteworthy changes in version 2.1.3 (2015-04-11) |
|
------------------------------------------------ |
|
|
|
* gpg: LDAP keyservers are now supported by 2.1. |
|
|
|
* gpg: New option --with-icao-spelling. |
|
|
|
* gpg: New option --print-pka-records. Changed the PKA method to use |
|
CERT records and hashed names. [Update: --print-pka-records |
|
replaced in 2.1.14.] |
|
|
|
* gpg: New command --list-gcrypt-config. New parameter "curve" |
|
for --list-config. |
|
|
|
* gpg: Print a NEWSIG status line like gpgsm always did. |
|
|
|
* gpg: Print MPI values with --list-packets and --verbose. |
|
|
|
* gpg: Write correct MPI lengths with ECC keys. |
|
|
|
* gpg: Skip legacy PGP-2 keys while searching. |
|
|
|
* gpg: Improved searching for mail addresses when using a keybox. |
|
|
|
* gpgsm: Changed default algos to AES-128 and SHA-256. |
|
|
|
* gpgtar: Fixed extracting files with sizes of a multiple of 512. |
|
|
|
* dirmngr: Fixed SNI handling for hkps pools. |
|
|
|
* dirmngr: extra-certs and trusted-certs are now always loaded from |
|
the sysconfig dir instead of the homedir. |
|
|
|
* Fixed possible problems due to compiler optimization, two minor |
|
regressions, and other bugs. |
|
|
|
See-also: gnupg-announce/2015q2/000365.html |
|
|
|
|
|
Noteworthy changes in version 2.1.2 (2015-02-11) |
|
------------------------------------------------ |
|
|
|
* gpg: The parameter 'Passphrase' for batch key generation works |
|
again. |
|
|
|
* gpg: Using a passphrase option in batch mode now has the expected |
|
effect on --quick-gen-key. |
|
|
|
* gpg: Improved reporting of unsupported PGP-2 keys. |
|
|
|
* gpg: Added support for algo names when generating keys using |
|
--command-fd. |
|
|
|
* gpg: Fixed DoS based on bogus and overlong key packets. |
|
|
|
* agent: When setting --default-cache-ttl the value |
|
for --max-cache-ttl is adjusted to be not lower than the former. |
|
|
|
* agent: Fixed problems with the new --extra-socket. |
|
|
|
* agent: Made --allow-loopback-pinentry changeable with gpgconf. |
|
|
|
* agent: Fixed importing of unprotected openpgp keys. |
|
|
|
* agent: Now tries to use a fallback pinentry if the standard |
|
pinentry is not installed. |
|
|
|
* scd: Added support for ECDH. |
|
|
|
* Fixed several bugs related to bogus keyrings and improved some |
|
other code. |
|
|
|
See-also: gnupg-announce/2015q1/000361.html |
|
|
|
|
|
Noteworthy changes in version 2.1.1 (2014-12-16) |
|
------------------------------------------------ |
|
|
|
* gpg: Detect faulty use of --verify on detached signatures. |
|
|
|
* gpg: New import option "keep-ownertrust". |
|
|
|
* gpg: New sub-command "factory-reset" for --card-edit. |
|
|
|
* gpg: A stub key for smartcards is now created by --card-status. |
|
|
|
* gpg: Fixed regression in --refresh-keys. |
|
|
|
* gpg: Fixed regression in %g and %p codes for --sig-notation. |
|
|
|
* gpg: Fixed best matching hash algo detection for ECDSA and EdDSA. |
|
|
|
* gpg: Improved perceived speed of secret key listisngs. |
|
|
|
* gpg: Print number of skipped PGP-2 keys on import. |
|
|
|
* gpg: Removed the option aliases --throw-keyid and --notation-data; |
|
use --throw-keyids and --set-notation instead. |
|
|
|
* gpg: New import option "keep-ownertrust". |
|
|
|
* gpg: Skip too large keys during import. |
|
|
|
* gpg,gpgsm: New option --no-autostart to avoid starting gpg-agent or |
|
dirmngr. |
|
|
|
* gpg-agent: New option --extra-socket to provide a restricted |
|
command set for use with remote clients. |
|
|
|
* gpgconf --kill does not anymore start a service only to kill it. |
|
|
|
* gpg-pconnect-agent: Add convenience option --uiserver. |
|
|
|
* Fixed keyserver access for Windows. |
|
|
|
* Fixed build problems on Mac OS X |
|
|
|
* The Windows installer does now install development files |
|
|
|
* More translations (but most of them are not complete). |
|
|
|
* To support remotely mounted home directories, the IPC sockets may |
|
now be redirected. This feature requires Libassuan 2.2.0. |
|
|
|
* Improved portability and the usual bunch of bug fixes. |
|
|
|
See-also: gnupg-announce/2014q4/000360.html |
|
|
|
|
|
Noteworthy changes in version 2.1.0 (2014-11-06) |
|
------------------------------------------------ |
|
|
|
This release introduces a lot of changes. Most of them are internal |
|
and thus not user visible. However, some long standing behavior has |
|
slightly changed and it is strongly suggested that an existing |
|
"~/.gnupg" directory is backed up before this version is used. |
|
|
|
A verbose description of the major new features and changes can be |
|
found in the file doc/whats-new-in-2.1.txt. |
|
|
|
* gpg: All support for v3 (PGP 2) keys has been dropped. All |
|
signatures are now created as v4 signatures. v3 keys will be |
|
removed from the keyring. |
|
|
|
* gpg: With pinentry-0.9.0 the passphrase "enter again" prompt shows |
|
up in the same window as the "new passphrase" prompt. |
|
|
|
* gpg: Allow importing keys with duplicated long key ids. |
|
|
|
* dirmngr: May now be build without support for LDAP. |
|
|
|
* For a complete list of changes see the lists of changes for the |
|
2.1.0 beta versions below. Note that all relevant fixes from |
|
versions 2.0.14 to 2.0.26 are also applied to this version. |
|
|
|
|
|
[Noteworthy changes in version 2.1.0-beta864 (2014-10-03)] |
|
|
|
* gpg: Removed the GPG_AGENT_INFO related code. GnuPG does now |
|
always use a fixed socket name in its home directory. |
|
|
|
* gpg: Renamed --gen-key to --full-gen-key and re-added a --gen-key |
|
command with less choices. |
|
|
|
* gpg: Use SHA-256 for all signature types also on RSA keys. |
|
|
|
* gpg: Default keyring is now created with a .kbx suffix. |
|
|
|
* gpg: Add a shortcut to the key capabilities menu (e.g. "=e" sets the |
|
encryption capabilities). |
|
|
|
* gpg: Fixed obsolete options parsing. |
|
|
|
* Further improvements for the alternative speedo build system. |
|
|
|
|
|
[Noteworthy changes in version 2.1.0-beta834 (2014-09-18)] |
|
|
|
* gpg: Improved passphrase caching. |
|
|
|
* gpg: Switched to algorithm number 22 for EdDSA. |
|
|
|
* gpg: Removed CAST5 from the default preferences. |
|
|
|
* gpg: Order SHA-1 last in the hash preferences. |
|
|
|
* gpg: Changed default cipher for --symmetric to AES-128. |
|
|
|
* gpg: Fixed export of ECC keys and import of EdDSA keys. |
|
|
|
* dirmngr: Fixed the KS_FETCH command. |
|
|
|
* The speedo build system now downloads related packages and works |
|
for non-Windows platforms. |
|
|
|
|
|
[Noteworthy changes in version 2.1.0-beta783 (2014-08-14)] |
|
|
|
* gpg: Add command --quick-gen-key. |
|
|
|
* gpg: Make --quick-sign-key promote local key signatures. |
|
|
|
* gpg: Added "show-usage" sub-option to --list-options. |
|
|
|
* gpg: Screen keyserver responses to avoid importing unwanted keys |
|
from rogue servers. |
|
|
|
* gpg: Removed the option --pgp2 and --rfc1991 and the ability to |
|
create PGP-2 compatible messages. |
|
|
|
* gpg: Removed options --compress-keys and --compress-sigs. |
|
|
|
* gpg: Cap attribute packets at 16MB. |
|
|
|
* gpg: Improved output of --list-packets. |
|
|
|
* gpg: Make with-colons output of --search-keys work again. |
|
|
|
* gpgsm: Auto-create the ".gnupg" directory like gpg does. |
|
|
|
* agent: Fold new passphrase warning prompts into one. |
|
|
|
* scdaemon: Add support for the Smartcard-HSM card. |
|
|
|
* scdaemon: Remove the use of the pcsc-wrapper. |
|
|
|
|
|
[Noteworthy changes in version 2.1.0-beta751 (2014-07-03)] |
|
|
|
* gpg: Create revocation certificates during key generation. |
|
|
|
* gpg: Create exported secret keys and revocation certifciates with |
|
mode 0700 |
|
|
|
* gpg: The validity of user ids is now shown by default. To revert |
|
this add "list-options no-show-uid-validity" to gpg.conf. |
|
|
|
* gpg: Make export of secret keys work again. |
|
|
|
* gpg: The output of --list-packets does now print the offset of the |
|
packet and information about the packet header. |
|
|
|
* gpg: Avoid DoS due to garbled compressed data packets. [CVE-2014-4617] |
|
|
|
* gpg: Print more specific reason codes with the INV_RECP status. |
|
|
|
* gpg: Cap RSA and Elgamal keysize at 4096 bit also for unattended |
|
key generation. |
|
|
|
* scdaemon: Support reader Gemalto IDBridge CT30 and pinpad of SCT |
|
cyberJack go. |
|
|
|
* The speedo build system has been improved. It is now also possible |
|
to build a partly working installer for Windows. |
|
|
|
|
|
[Noteworthy changes in version 2.1.0-beta442 (2014-06-05)] |
|
|
|
* gpg: Changed the format of key listings. To revert to the old |
|
format the option --legacy-list-mode is available. |
|
|
|
* gpg: Add experimental signature support using curve Ed25519 and |
|
with a patched Libgcrypt also encryption support with Curve25519. |
|
[Update: this encryption support has been removed from 2.1.0 until |
|
we have agreed on a suitable format.] |
|
|
|
* gpg: Allow use of Brainpool curves. |
|
|
|
* gpg: Accepts a space separated fingerprint as user ID. This |
|
allows to copy and paste the fingerprint from the key listing. |
|
|
|
* gpg: The hash algorithm is now printed for signature records in key |
|
listings. |
|
|
|
* gpg: Reject signatures made using the MD5 hash algorithm unless the |
|
new option --allow-weak-digest-algos or --pgp2 are given. |
|
|
|
* gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the |
|
communication with the gpg-agent. |
|
|
|
* gpg: New option --pinentry-mode. |
|
|
|
* gpg: Fixed decryption using an OpenPGP card. |
|
|
|
* gpg: Fixed bug with deeply nested compressed packets. |
|
|
|
* gpg: Only the major version number is by default included in the |
|
armored output. |
|
|
|
* gpg: Do not create a trustdb file if --trust-model=always is used. |
|
|
|
* gpg: Protect against rogue keyservers sending secret keys. |
|
|
|
* gpg: The format of the fallback key listing ("gpg KEYFILE") is now |
|
more aligned to the regular key listing ("gpg -k"). |
|
|
|
* gpg: The option--show-session-key prints its output now before the |
|
decryption of the bulk message starts. |
|
|
|
* gpg: New %U expando for the photo viewer. |
|
|
|
* gpg,gpgsm: New option --with-secret. |
|
|
|
* gpgsm: By default the users are now asked via the Pinentry whether |
|
they trust an X.509 root key. To prohibit interactive marking of |
|
such keys, the new option --no-allow-mark-trusted may be used. |
|
|
|
* gpgsm: New commands to export a secret RSA key in PKCS#1 or PKCS#8 |
|
format. |
|
|
|
* gpgsm: Improved handling of re-issued CA certificates. |
|
|
|
* agent: The included ssh agent does now support ECDSA keys. |
|
|
|
* agent: New option --enable-putty-support to allow gpg-agent on |
|
Windows to act as a Pageant replacement with full smartcard support. |
|
|
|
* scdaemon: New option --enable-pinpad-varlen. |
|
|
|
* scdaemon: Various fixes for pinpad equipped card readers. |
|
|
|
* scdaemon: Rename option --disable-pinpad (was --disable-keypad). |
|
|
|
* scdaemon: Better support for CCID readers. Now, internal CCID |
|
driver supports readers with no auto configuration feature. |
|
|
|
* dirmngr: Removed support for the original HKP keyserver which is |
|
not anymore used by any site. |
|
|
|
* dirmngr: Improved support for keyserver pools. |
|
|
|
* tools: New option --dirmngr for gpg-connect-agent. |
|
|
|
* The GNU Pth library has been replaced by the new nPth library. |
|
|
|
* Support installation as portable application under Windows. |
|
|
|
* All kind of other improvements - see the git log. |
|
|
|
|
|
[Noteworthy changes in version 2.1.0beta3 (2011-12-20)] |
|
|
|
* gpg: Fixed regression in the secret key export function. |
|
|
|
* gpg: Allow generation of card keys up to 4096 bit. |
|
|
|
* gpgsm: Preliminary support for the validation model "steed". |
|
|
|
* gpgsm: Improved certificate creation. |
|
|
|
* agent: Support the SSH confirm flag. |
|
|
|
* agent: New option to select a passphrase mode. The loopback |
|
mode may be used to bypass Pinentry. |
|
|
|
* agent: The Assuan commands KILLAGENT and KILLSCD are working again. |
|
|
|
* scdaemon: Does not anymore block after changing a card (regression |
|
fix). |
|
|
|
* tools: gpg-connect-agent does now properly display the help output |
|
for "SCD HELP" commands. |
|
|
|
|
|
[Noteworthy changes in version 2.1.0beta2 (2011-03-08)] |
|
|
|
* gpg: ECC support as described by draft-jivsov-openpgp-ecc-06.txt |
|
[Update: now known as RFC-6637]. |
|
|
|
* gpg: Print "AES128" instead of "AES". This change introduces a |
|
little incompatibility for tools using "gpg --list-config". We |
|
hope that these tools are written robust enough to accept this new |
|
algorithm name as well. |
|
|
|
* gpgsm: New feature to create certificates from a parameter file. |
|
Add prompt to the --gen-key UI to create self-signed certificates. |
|
|
|
* agent: TMPDIR is now also honored when creating a socket using |
|
the --no-standard-socket option and with symcryptrun's temp files. |
|
|
|
* scdaemon: Fixed a bug where scdaemon sends a signal to gpg-agent |
|
running in non-daemon mode. |
|
|
|
* dirmngr: Fixed CRL loading under W32 (bug#1010). |
|
|
|
* Dirmngr has taken over the function of the keyserver helpers. Thus |
|
we now have a specified direct interface to keyservers via Dirmngr. |
|
LDAP, DNS and mail backends are not yet implemented. |
|
|
|
* Fixed TTY management for pinentries and session variable update |
|
problem. |
|
|
|
|
|
[Noteworthy changes in version 2.1.0beta1 (2010-10-26)] |
|
|
|
* gpg: secring.gpg is not anymore used but all secret key operations |
|
are delegated to gpg-agent. The import command moves secret keys |
|
to the agent. |
|
|
|
* gpg: The OpenPGP import command is now able to merge secret keys. |
|
|
|
* gpg: Encrypted OpenPGP messages with trailing data (e.g. other |
|
OpenPGP packets) are now correctly parsed. |
|
|
|
* gpg: Given sufficient permissions Dirmngr is started automagically. |
|
|
|
* gpg: Fixed output of "gpgconf --check-options". |
|
|
|
* gpg: Removed options --export-options(export-secret-subkey-passwd) |
|
and --simple-sk-checksum. |
|
|
|
* gpg: New options --try-secret-key. |
|
|
|
* gpg: Support DNS lookups for SRV, PKA and CERT on W32. |
|
|
|
* gpgsm: The --audit-log feature is now more complete. |
|
|
|
* gpgsm: The default for --include-cert is now to include all |
|
certificates in the chain except for the root certificate. |
|
|
|
* gpgsm: New option --ignore-cert-extension. |
|
|
|
* g13: The G13 tool for disk encryption key management has been |
|
added. |
|
|
|
* agent: If the agent's --use-standard-socket option is active, all |
|
tools try to start and daemonize the agent on the fly. In the past |
|
this was only supported on W32; on non-W32 systems the new |
|
configure option --disable-standard-socket may now be used to |
|
disable this new default. |
|
|
|
* agent: New and changed passphrases are now created with an |
|
iteration count requiring about 100ms of CPU work. |
|
|
|
* dirmngr: Dirmngr is now a part of this package. It is now also |
|
expected to run as a system service and the configuration |
|
directories are changed to the GnuPG name space. [Update: 2.1.0 |
|
starts dirmngr on demand as user daemon.] |
|
|
|
* Support for Windows CE. [Update: This has not been tested for the |
|
2.1.0 release] |
|
|
|
* Numerical values may now be used as an alternative to the |
|
debug-level keywords. |
|
|
|
See-also: gnupg-announce/2014q4/000358.html |
|
|
|
|
|
Version 2.0.28 (2015-06-02) |
|
Version 2.0.27 (2015-02-18) |
|
Version 2.0.26 (2014-08-12) |
|
Version 2.0.25 (2014-06-30) |
|
Version 2.0.24 (2014-06-24) |
|
Version 2.0.23 (2014-06-03) |
|
Version 2.0.22 (2013-10-04) |
|
Version 2.0.21 (2013-08-19) |
|
Version 2.0.20 (2013-05-10) |
|
Version 2.0.19 (2012-03-27) |
|
Version 2.0.18 (2011-08-04) |
|
Version 2.0.17 (2011-01-13) |
|
Version 2.0.16 (2010-07-19) |
|
Version 2.0.15 (2010-03-09) |
|
Version 2.0.14 (2009-12-21) |
|
|
|
|
|
Noteworthy changes in version 2.0.13 (2009-09-04) |
|
------------------------------------------------- |
|
|
|
* GPG now generates 2048 bit RSA keys by default. The default hash |
|
algorithm preferences has changed to prefer SHA-256 over SHA-1. |
|
2048 bit DSA keys are now generated to use a 256 bit hash algorithm |
|
|
|
* The envvars XMODIFIERS, GTK_IM_MODULE and QT_IM_MODULE are now |
|
passed to the Pinentry to make SCIM work. |
|
|
|
* The GPGSM command --gen-key features a --batch mode and implements |
|
all features of gpgsm-gencert.sh in standard mode. |
|
|
|
* New option --re-import for GPGSM's IMPORT server command. |
|
|
|
* Enhanced writing of existing keys to OpenPGP v2 cards. |
|
|
|
* Add hack to the internal CCID driver to allow the use of some |
|
Omnikey based card readers with 2048 bit keys. |
|
|
|
* GPG now repeatedly asks the user to insert the requested OpenPGP |
|
card. This can be disabled with --limit-card-insert-tries=1. |
|
|
|
* Minor bug fixes. |
|
|
|
See-also: gnupg-announce/2009q3/000294.html |
|
|
|
|
|
Noteworthy changes in version 2.0.12 (2009-06-17) |
|
------------------------------------------------- |
|
|
|
* GPGSM now always lists ephemeral certificates if specified by |
|
fingerprint or keygrip. |
|
|
|
* New command "KEYINFO" for GPG_AGENT. GPGSM now also returns |
|
information about smartcards. |
|
|
|
* Made sure not to leak file descriptors if running gpg-agent with a |
|
command. Restore the signal mask to solve a problem in Mono. |
|
|
|
* Changed order of the confirmation questions for root certificates |
|
and store negative answers in trustlist.txt. |
|
|
|
* Better synchronization of concurrent smartcard sessions. |
|
|
|
* Support 2048 bit OpenPGP cards. |
|
|
|
* Support Telesec Netkey 3 cards. |
|
|
|
* The gpg-protect-tool now uses gpg-agent via libassuan. Under |
|
Windows the Pinentry will now be put into the foreground. |
|
|
|
* Changed code to avoid a possible Mac OS X system freeze. |
|
|
|
See-also: gnupg-announce/2009q2/000288.html |
|
|
|
|
|
Noteworthy changes in version 2.0.11 (2009-03-03) |
|
------------------------------------------------- |
|
|
|
* Fixed a problem in SCDAEMON which caused unexpected card resets. |
|
|
|
* SCDAEMON is now aware of the Geldkarte. |
|
|
|
* The SCDAEMON option --allow-admin is now used by default. |
|
|
|
* GPGCONF now restarts SCdaemon if necessary. |
|
|
|
* The default cipher algorithm in GPGSM is now again 3DES. This is |
|
due to interoperability problems with Outlook 2003 which still |
|
can't cope with AES. |
|
|
|
See-also: gnupg-announce/2009q1/000287.html |
|
|
|
|
|
Noteworthy changes in version 2.0.10 (2009-01-12) |
|
------------------------------------------------- |
|
|
|
* [gpg] New keyserver helper gpg2keys_kdns as generic DNS CERT |
|
lookup. Run with --help for a short description. Requires the |
|
ADNS library. |
|
|
|
* [gpg] New mechanisms "local" and "nodefault" for --auto-key-locate. |
|
Fixed a few problems with this option. |
|
|
|
* [gpg] New command --locate-keys. |
|
|
|
* [gpg] New options --with-sig-list and --with-sig-check. |
|
|
|
* [gpg] The option "-sat" is no longer an alias for --clearsign. |
|
|
|
* [gpg] The option --fixed-list-mode is now implicitly used and obsolete. |
|
|
|
* [gpg] New control statement %ask-passphrase for the unattended key |
|
generation. |
|
|
|
* [gpg] The algorithm to compute the SIG_ID status has been changed. |
|
|
|
* [gpgsm] Now uses AES by default. |
|
|
|
* [gpgsm] Made --output option work with --export-secret-key-p12. |
|
|
|
* [gpg-agent] Terminate process if the own listening socket is not |
|
anymore served by ourself. |
|
|
|
* [scdaemon] Made it more robust on W32. |
|
|
|
* [gpg-connect-agent] Accept commands given as command line arguments. |
|
|
|
* [w32] Initialized the socket subsystem for all keyserver helpers. |
|
|
|
* [w32] The sysconf directory has been moved from a subdirectory of |
|
the installation directory to %CSIDL_COMMON_APPDATA%/GNU/etc/gnupg. |
|
|
|
* [w32] The gnupg2.nls directory is not anymore used. The standard |
|
locale directory is now used. |
|
|
|
* [w32] Fixed a race condition between gpg and gpgsm in the use of |
|
temporary file names. |
|
|
|
* The gpg-preset-passphrase mechanism works again. An arbitrary |
|
string may now be used for a custom cache ID. |
|
|
|
* Admin PINs are cached again (bug in 2.0.9). |
|
|
|
* Support for version 2 OpenPGP cards. |
|
|
|
* Libgcrypt 1.4 is now required. |
|
|
|
See-also: gnupg-announce/2009q1/000284.html |
|
|
|
|
|
Noteworthy changes in version 2.0.9 (2008-03-26) |
|
------------------------------------------------ |
|
|
|
* Gpgsm always tries to locate missing certificates from a running |
|
Dirmngr's cache. |
|
|
|
* Tweaks for Windows. |
|
|
|
* The Admin PIN for OpenPGP cards may now be entered with the pinpad. |
|
|
|
* Improved certificate chain construction. |
|
|
|
* Extended the PKITS framework. |
|
|
|
* Fixed a bug in the ambiguous name detection. |
|
|
|
* Fixed possible memory corruption while importing OpenPGP keys (bug |
|
introduced with 2.0.8). [CVE-2008-1530] |
|
|
|
* Minor bug fixes. |
|
|
|
|
|
|
|
Noteworthy changes in version 2.0.8 (2007-12-20) |
|
------------------------------------------------ |
|
|
|
* Enhanced gpg-connect-agent with a small scripting language. |
|
|
|
* New option --list-config for gpgconf. |
|
|
|
* Fixed a crash in gpgconf. |
|
|
|
* Gpg-agent now supports the passphrase quality bar of the latest |
|
Pinentry. |
|
|
|
* The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the |
|
Pinentry. |
|
|
|
* Fixed the auto creation of the key stub for smartcards. |
|
|
|
* Fixed a rare bug in decryption using the OpenPGP card. |
|
|
|
* Creating DSA2 keys is now possible. |
|
|
|
* New option --extra-digest-algo for gpgsm to allow verification of |
|
broken signatures. |
|
|
|
* Allow encryption with legacy Elgamal sign+encrypt keys with option |
|
--rfc2440. |
|
|
|
* Windows is now a supported platform. |
|
|
|
* Made sure that under Windows the file permissions of the socket are |
|
taken into account. This required a change of our socket emulation |
|
code and changed the IPC protocol under Windows. |
|
|
|
See-also: gnupg-announce/2007q4/000267.html |
|
|
|
|
|
Noteworthy changes in version 2.0.7 (2007-09-10) |
|
------------------------------------------------ |
|
|
|
* Fixed encryption problem if duplicate certificates are in the |
|
keybox. |
|
|
|
* Made it work on Windows Vista. Note that the entire Windows port |
|
is still considered Beta. |
|
|
|
* Add new options min-passphrase-nonalpha, check-passphrase-pattern, |
|
enforce-passphrase-constraints and max-passphrase-days to |
|
gpg-agent. |
|
|
|
* Add command --check-components to gpgconf. Gpgconf now uses the |
|
installed versions of the programs and does not anymore search via |
|
PATH for them. |
|
|
|
See-also: gnupg-announce/2007q3/000259.html |
|
|
|
|
|
Noteworthy changes in version 2.0.6 (2007-08-16) |
|
------------------------------------------------ |
|
|
|
* GPGSM does now grok --default-key. |
|
|
|
* GPGCONF is now aware of --default-key and --encrypt-to. |
|
|
|
* GPGSM does again correctly print the serial number as well the the |
|
various keyids. This was broken since 2.0.4. |
|
|
|
* New option --validation-model and support for the chain-model. |
|
|
|
* Improved Windows support. |
|
|
|
See-also: gnupg-announce/2007q3/000258.html |
|
|
|
|
|
Noteworthy changes in version 2.0.5 (2007-07-05) |
|
------------------------------------------------ |
|
|
|
* Switched license to GPLv3. |
|
|
|
* Basic support for Windows. Run "./autogen.sh --build-w32" to build |
|
it. As usual the mingw cross compiling toolchain is required. |
|
|
|
* Fixed bug when using the --p12-charset without --armor. |
|
|
|
* The command --gen-key may now be used instead of the |
|
gpgsm-gencert.sh script. |
|
|
|
* Changed key generation to reveal less information about the |
|
machine. Bug fixes for gpg2's card key generation. |
|
|
|
See-also: gnupg-announce/2007q3/000255.html |
|
|
|
|
|
Noteworthy changes in version 2.0.4 (2007-05-09) |
|
------------------------------------------------ |
|
|
|
* The server mode key listing commands are now also working for |
|
systems without the funopen/fopencookie API. |
|
|
|
* PKCS#12 import now tries several encodings in case the passphrase |
|
was not utf-8 encoded. New option --p12-charset for gpgsm. |
|
|
|
* Improved the libgcrypt logging support in all modules. |
|
|
|
See-also: gnupg-announce/2007q2/000254.html |
|
|
|
|
|
Noteworthy changes in version 2.0.3 (2007-03-08) |
|
------------------------------------------------ |
|
|
|
* By default, do not allow processing multiple plaintexts in a single |
|
stream. Many programs that called GnuPG were assuming that GnuPG |
|
did not permit this, and were thus not using the plaintext boundary |
|
status tags that GnuPG provides. This change makes GnuPG reject |
|
such messages by default which makes those programs safe again. |
|
--allow-multiple-messages returns to the old behavior. [CVE-2007-1263]. |
|
|
|
* New --verify-option show-primary-uid-only. |
|
|
|
* gpgconf may now reads a global configuration file to select which |
|
options are changeable by a frontend. The new applygnupgdefaults |
|
tool may be used by an admin to set default options for all users. |
|
|
|
* The PIN pad of the Cherry XX44 keyboard is now supported. The |
|
DINSIG and the NKS applications are now also aware of PIN pads. |
|
|
|
See-also: gnupg-announce/2007q1/000252.html |
|
|
|
|
|
Noteworthy changes in version 2.0.2 (2007-01-31) |
|
------------------------------------------------ |
|
|
|
* Fixed a serious and exploitable bug in processing encrypted |
|
packages. [CVE-2006-6235]. |
|
|
|
* Added --passphrase-repeat to set the number of times GPG will |
|
prompt for a new passphrase to be repeated. This is useful to help |
|
memorize a new passphrase. The default is 1 repetition. |
|
|
|
* Using a PIN pad does now also work for the signing key. |
|
|
|
* A warning is displayed by gpg-agent if a new passphrase is too |
|
short. New option --min-passphrase-len defaults to 8. |
|
|
|
* The status code BEGIN_SIGNING now shows the used hash algorithms. |
|
|
|
See-also: gnupg-announce/2007q1/000249.html |
|
|
|
|
|
Noteworthy changes in version 2.0.1 (2006-11-28) |
|
------------------------------------------------ |
|
|
|
* Experimental support for the PIN pads of the SPR 532 and the Kaan |
|
Advanced card readers. Add "disable-keypad" scdaemon.conf if you |
|
don't want it. Does currently only work for the OpenPGP card and |
|
its authentication and decrypt keys. |
|
|
|
* Fixed build problems on some some platforms and crashes on amd64. |
|
|
|
* Fixed a buffer overflow in gpg2. [bug#728,CVE-2006-6169] |
|
|
|
See-also: gnupg-announce/2006q4/000242.html |
|
|
|
|
|
Noteworthy changes in version 2.0.0 (2006-11-11) |
|
------------------------------------------------ |
|
|
|
* First stable version of a GnuPG integrating OpenPGP and S/MIME. |
|
|
|
See-also: gnupg-announce/2006q4/000239.html |
|
|
|
|
|
Noteworthy changes in version 1.9.95 (2006-11-06) |
|
------------------------------------------------- |
|
|
|
* Minor bug fixes. |
|
|
|
|
|
Noteworthy changes in version 1.9.94 (2006-10-24) |
|
------------------------------------------------- |
|
|
|
* Keys for gpgsm may now be specified using a keygrip. A keygrip is |
|
indicated by a prefixing it with an ampersand. |
|
|
|
* gpgconf now supports switching the CMS cipher algo (e.g. to AES). |
|
|
|
* New command --gpgconf-test for all major tools. This may be used to |
|
check whether the configuration file is sane. |
|
|
|
|
|
Noteworthy changes in version 1.9.93 (2006-10-18) |
|
------------------------------------------------- |
|
|
|
* In --with-validation mode gpgsm will now also ask whether a root |
|
certificate should be trusted. |
|
|
|
* Link to Pth only if really necessary. |
|
|
|
* Fixed a pubring corruption bug in gpg2 occurring when importing |
|
signatures or keys with insane lengths. |
|
|
|
* Fixed v3 keyID calculation bug in gpg2. |
|
|
|
* More tweaks for certificates without extensions. |
|
|
|
|
|
Noteworthy changes in version 1.9.92 (2006-10-11) |
|
------------------------------------------------- |
|
|
|
* Bug fixes. |
|
|
|
See-also: gnupg-announce/2006q4/000236.html |
|
|
|
|
|
Noteworthy changes in version 1.9.91 (2006-10-04) |
|
------------------------------------------------- |
|
|
|
* New "relax" flag for trustlist.txt to allow root CA certificates |
|
without BasicContraints. |
|
|
|
* [gpg2] Removed the -k PGP 2 compatibility hack. -k is now an |
|
alias for --list-keys. |
|
|
|
* [gpg2] Print a warning if "-sat" is used instead of "--clearsign". |
|
|
|
|
|
Noteworthy changes in version 1.9.90 (2006-09-25) |
|
------------------------------------------------- |
|
|
|
* Made readline work for gpg. |
|
|
|
* Cleanups und minor bug fixes. |
|
|
|
* Included translations from gnupg 1.4.5. |
|
|
|
|
|
Noteworthy changes in version 1.9.23 (2006-09-18) |
|
------------------------------------------------- |
|
|
|
* Regular man pages for most tools are now build directly from the |
|
Texinfo source. |
|
|
|
* The gpg code from 1.4.5 has been fully merged into this release. |
|
The configure option --enable-gpg is still required to build this |
|
gpg part. For production use of OpenPGP the gpg version 1.4.5 is |
|
still recommended. Note, that gpg will be installed under the name |
|
gpg2 to allow coexisting with an 1.4.x gpg. |
|
|
|
* API change in gpg-agent's pkdecrypt command. Thus an older gpgsm |
|
may not be used with the current gpg-agent. |
|
|
|
* The scdaemon will now call a script on reader status changes. |
|
|
|
* gpgsm now allows file descriptor passing for "INPUT", "OUTPUT" and |
|
"MESSAGE". |
|
|
|
* The gpgsm server may now output a key listing to the output file |
|
handle. This needs to be enabled using "OPTION list-to-output=1". |
|
|
|
* The --output option of gpgsm has now an effect on list-keys. |
|
|
|
* New gpgsm commands --dump-chain and list-chain. |
|
|
|
* gpg-connect-agent has new options to utilize descriptor passing. |
|
|
|
* A global trustlist may now be used. See doc/examples/trustlist.txt. |
|
|
|
* When creating a new pubring.kbx keybox common certificates are |
|
imported. |
|
|
|
|
|
Noteworthy changes in version 1.9.22 (2006-07-27) |
|
------------------------------------------------- |
|
|
|
* Enhanced pkcs#12 support to allow import from simple keyBags. |
|
|
|
* Exporting to pkcs#12 now create bag attributes so that Mozilla is |
|
able to import the files. |
|
|
|
* Fixed uploading of certain keys to the smart card. |
|
|
|
|
|
Noteworthy changes in version 1.9.21 (2006-06-20) |
|
------------------------------------------------- |
|
|
|
* New command APDU for scdaemon to allow using it for general card |
|
access. Might be used through gpg-connect-agent by using the SCD |
|
prefix command. |
|
|
|
* Support for the CardMan 4040 PCMCIA reader (Linux 2.6.15 required). |
|
|
|
* Scdaemon does not anymore reset cards at the end of a connection. |
|
|
|
* Kludge to allow use of Bundesnetzagentur issued X.509 certificates. |
|
|
|
* Added --hash=xxx option to scdaemon's PKSIGN command. |
|
|
|
* Pkcs#12 files are now created with a MAC. This is for better |
|
interoperability. |
|
|
|
* Collected bug fixes and minor other changes. |
|
|
|
|
|
Noteworthy changes in version 1.9.20 (2005-12-20) |
|
------------------------------------------------- |
|
|
|
* Importing pkcs#12 files created be recent versions of Mozilla works |
|
again. |
|
|
|
* Basic support for qualified signatures. |
|
|
|
* New debug tool gpgparsemail. |
|
|
|
|
|
Noteworthy changes in version 1.9.19 (2005-09-12) |
|
------------------------------------------------- |
|
|
|
* The Belgian eID card is now supported for signatures and ssh. |
|
Other pkcs#15 cards should work as well. |
|
|
|
* Fixed bug in --export-secret-key-p12 so that certificates are again |
|
included. |
|
|
|
|
|
Noteworthy changes in version 1.9.18 (2005-08-01) |
|
------------------------------------------------- |
|
|
|
* [gpgsm] Now allows for more than one email address as well as URIs |
|
and dnsNames in certificate request generation. A keygrip may be |
|
given to create a request from an existing key. |
|
|
|
* A couple of minor bug fixes. |
|
|
|
|
|
Noteworthy changes in version 1.9.17 (2005-06-20) |
|
------------------------------------------------- |
|
|
|
* gpg-connect-agent has now features to handle Assuan INQUIRE |
|
commands. |
|
|
|
* Internal changes for OpenPGP cards. New Assuan command WRITEKEY. |
|
|
|
* GNU Pth is now a hard requirement. |
|
|
|
* [scdaemon] Support for OpenSC has been removed. Instead a new and |
|
straightforward pkcs#15 modules has been written. As of now it |
|
does allows only signing using TCOS cards but we are going to |
|
enhance it to match all the old capabilities. |
|
|
|
* [gpg-agent] New option --write-env-file and Assuan command |
|
UPDATESTARTUPTTY. |
|
|
|
* [gpg-agent] New option --default-cache-ttl-ssh to set the TTL for |
|
SSH passphrase caching independent from the other passphrases. |
|
|
|
|
|
Noteworthy changes in version 1.9.16 (2005-04-21) |
|
------------------------------------------------- |
|
|
|
* gpg-agent does now support the ssh-agent protocol and thus allows |
|
to use the pinentry as well as the OpenPGP smartcard with ssh. |
|
|
|
* New tool gpg-connect-agent as a general client for the gpg-agent. |
|
|
|
* New tool symcryptrun as a wrapper for certain encryption tools. |
|
|
|
* The gpg tool is not anymore build by default because those gpg |
|
versions available in the gnupg 1.4 series are far more matured. |
|
|
|
|
|
Noteworthy changes in version 1.9.15 (2005-01-13) |
|
------------------------------------------------- |
|
|
|
* Fixed passphrase caching bug. |
|
|
|
* Better support for CCID readers; the reader from Cherry RS 6700 USB |
|
does now work. |
|
|
|
|
|
Noteworthy changes in version 1.9.14 (2004-12-22) |
|
------------------------------------------------- |
|
|
|
* [gpg-agent] New option --use-standard-socket to allow the use of a |
|
fixed socket. gpgsm falls back to this socket if GPG_AGENT_INFO |
|
has not been set. |
|
|
|
* Ported to MS Windows with some functional limitations. |
|
|
|
* New tool gpg-preset-passphrase. |
|
|
|
|
|
Noteworthy changes in version 1.9.13 (2004-12-03) |
|
|