Thema: GnuPG/Gpg4win/OpenPGP ...

[SiLæncer]

Changelog

    GpgOL: Fixed a possible plaintext leak to the mail server, which could occur when opening and closing mails while the mail was also visible in the message list. (T4622 T4621)
    GnuPG: Ignore all key-signatures received from keyservers. This change is required to mitigate a DoS due to keys flooded with faked key-signatures. The old behaviour can be achieved by adding keyserver-options no-self-sigs-only,no-import-clean to your gpg.conf. (T4607) See: https://wiki.gnupg.org/WKD for an alternative to the keyservers.
    GnuPG: Updated to Version 2.2.17. (See: https://gnupg.org for News.)

[close]

http://www.gpg4win.org/

[SiLæncer]

Changelog

  * gpg: Changed the way keys are detected on a smartcards; this
    allows the use of non-OpenPGP cards.  In the case of a not very
    likely regression the new option --use-only-openpgp-card is
    available.  [#4681]

  * gpg: The commands --full-gen-key and --quick-gen-key now allow
    direct key generation from supported cards.  [#4681]

  * gpg: Prepare against chosen-prefix SHA-1 collisions in key
    signatures.  This change removes all SHA-1 based key signature
    newer than 2019-01-19 from the web-of-trust.  Note that this
    includes all key signature created with dsa1024 keys.  The new
    option --allow-weak-key-signatues can be used to override the new
    and safer behaviour.  [#4755,CVE-2019-14855]

  * gpg: Improve performance for import of large keyblocks.  [#4592]

  * gpg: Implement a keybox compression run.  [#4644]

  * gpg: Show warnings from dirmngr about redirect and certificate
    problems (details require --verbose as usual).

  * gpg: Allow to pass the empty string for the passphrase if the
    '--passphase=' syntax is used.  [#4633]

  * gpg: Fix printing of the KDF object attributes.

  * gpg: Avoid surprises with --locate-external-key and certain
    --auto-key-locate settings.  [#4662]

  * gpg: Improve selection of best matching key.  [#4713]

  * gpg: Delete key binding signature when deletring a subkey.
    [#4665,#4457]

  * gpg: Fix a potential loss of key sigantures during import with
    self-sigs-only active.  [#4628]

  * gpg: Silence "marked as ultimately trusted" diagnostics if
    option --quiet is used.  [#4634]

  * gpg: Silence some diagnostics during in key listsing even with
    option --verbose.  [#4627]

  * gpg, gpgsm: Change parsing of agent's pkdecrypt results.  [#4652]

  * gpgsm: Support AES-256 keys.

  * gpgsm: Fix a bug in triggering a keybox compression run if
    --faked-system-time is used.

  * dirmngr: System CA certificates are no longer used for the SKS
    pool if GNUTLS instead of NTBTLS is used as TLS library.  [#4594]

  * dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces
    to avoid long timeouts.  [#4165]

  * scd: Fix BWI value for APDU level transfers to make Gemalto Ezio
    Shield and Trustica Cryptoucan work.  [#4654,#4566]

  * wkd: gpg-wks-client --install-key now installs the required policy
    file.

  Release-info: https://dev.gnupg.org/T4684
  See-also: gnupg-announce/2019q4/000442.html

[close]

http://www.gnupg.org

[SiLæncer]

Changelog

    gpg: Fix double free when decrypting for hidden recipients. Regression in 2.2.18. [#4762].
    gpg: Use auto-key-locate for encryption even for mail addressed given with angle brackets. [#4726]
    gpgsm: Add special case for certain expired intermediate certificates. [#4696]

[close]

http://www.gnupg.org

[SiLæncer]

Changelog

    GpgOL: Improved compatibility with other clients for S/MIME e.g. the Outlook web interface. (T4543 T4525)
    GpgOL: E-Mails which are too large to fully decrypt / verify on a Server with E-Mail size limits are now handled with a proper error. (T4731)
    GpgOL / Kleopatra: The GnuPG-System config page can now be hidden.
    GpgOL: There is now an additional configuration option to always show the security approval dialog, even with full automation.
    GpgOL: E-Mails are no longer always classified as HTML.
    GpgOL: Saving E-Mails as files now also works when the mail is opened in its own Window.
    GpgOL: Fixed a rare case where GpgOL could crash when opening a Mail from the file system.
    GpgOL: The security approval dialog now has additional info buttons to show extended information.
    Kleopatra: The certify dialog has been reworked to be more user friendly and require less clicks. (T4649)
    Kleopatra: New Feature "Search Tags": When certifying a user identity you can now add additional "Tags". Tags are shown which are made by any user that has full ceritification trust. They can be used to group or search keys by additional information. (T4734)
    Kleopatra: There is now an error message when a key could not be found during file encryption.
    Kleopatra: The Smartcard Management now also works for OpenPGP 3 cards e.g. newer Yubikeys.
    GnuPG: Network access is now much faster if IPv6 is not available. (T4165)
    GnuPG: Prepare against chosen-prefix SHA-1 collisions in key signatures. This change removes all SHA-1 based key signature newer than 2019-01-19 from the web-of-trust. Note that this includes all key signature created with DSA-1024 keys. The new option --allow-weak-key-signatues can be used to override the new and safer behaviour. (T4755, CVE-2019-14855)
    GnuPG: Updated to Version 2.2.19. (See: https://gnupg.org for additional News.)

[close]

http://www.gpg4win.org/

[SiLæncer]

Changelog

    GpgOL: Improved handling of mails with encrypted subjects. (T4796)
    GpgOL: Improved integration with Web Key Services to automatically provide public keys. (T4839)
    GpgOL: The addressbook integration is now more visible. (T4874)
    GpgOL: Group accounts are now properly considered when preselecting the signing key. (T4090)
    GpgOL: During signature verification a preview of the content is now displayed. (T4944)
    GpgOL: Printing of encrypted mails now works correctly after changing the printer. (T4890)
    GpgOL: Security level of keys obtained from a Web Key Directory is now properly shown as Level 2.
    GpgOL: Permanently decrypt now works more reliably and should no longer lead to "No Data" errors. (T4718)
    GpgOL: Long lines in plaintext mails should no longer be displayed as multiple lines after decryption. (T4987)
    GpgOL: Attachments with filenames that are not allowed on Windows can now be handled. (T4835)
    GpgOL: Mails with exactly one attachment and no body are now displayed correctly.
    GnuPG: Symmetric encryption now uses only one password dialog. (T4971)
    GnuPG: Improved certificate import for S/MIME certificates. (T4847)
    GnuPG: Added support for CardOS 5 Smartcards based on the D-Trust 3.1 card.
    GnuPG: Support for rsaPSS signatures has been added. (T4538)
    GnuPG: The "Quality" of a new passphrase is no longer incorrectly displayed. (T2103)
    Kleopatra: Overwriting secret key exports now works correctly. (T4709)
    Kleopatra: Fixed a case where file sign & encrypt dialogs would not be shown on high DPI systems. (T4819)
    Kleopatra: The sorting of multiple tabs has been fixed.
    Kleopatra: The minimal lenght of the Name has been reduced to better support non latin names. (T4745)
    Kleopatra: The filename suggestion for key exports has been improved to avoid confusion between public and private key exports. (T4995)
    Kleopatra: Authentication subkeys can now be exported in the OpenSSH format.
    Kleopatra: Markup is now automatically removed when pasting into the notepad. (T4969)
    Kleopatra: "updating..." as key validity is no longer displayed incorrectly when doing a keyserver search. (T4948)
    Gpg4win: The file and URL connections with Kleopatra now properly split arguments and potential external data like filenames and the search query. This prevents a security issue where Kleopatra could be triggered to load a library from a filename provided through an unescaped URL.

[close]

http://www.gpg4win.org/

[SiLæncer]

Changelog

  * gpg: Fix AEAD preference list overflow.  [#5050]
  * gpg: Fix a possible segv in the key cleaning code.
  * gpgsm: Fix a minor RFC2253 parser bug.  [#5037]
  * scdaemon: Fix a PIN verify failure on certain OpenPGP card
    implementations.  Regression in 2.2.22.  [#5039]
  * po: Fix bug in the Hungarian translation.  Updates for the Czech,
    Polish, and Ukrainian translations.

[close]

http://www.gnupg.org

[SiLæncer]

Changelog

    GnuPG: Updated to 2.2.23 to fix CVE-2020-25125. ( https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html )
    GpgOL: Fixed an issue where unencrypted drafts of mails were stored on the an Exchange Server and could be restored through the "recently deleted items" option. Especially if the draft encryption, introduced in Gpg4win-3.1.8, is used this can be a security issue. (T5022) Gpg4win cannot offer guarantees that Outlook does not send data which is entered *before* the encryption to Microsoft or an Exchange Server. Under Windows with Outlook this is impossible to control. The draft encryption option is our best effort to avoid this.

    GnuPG: 2.2.23
    Kleopatra: 3.1.12
    GPA: 0.10.0
    GpgOL: 2.4.7
    GpgEX: 1.0.6
    Kompendium DE: 4.0.1
    Compendium EN: 3.0.0

[close]

http://www.gpg4win.org/

[SiLæncer]

Changelog

    Kleopatra: It is now possible to revoke certifications with Kleopatra. (T5094)
    Kleopatra / GnuPG: Unicode home directories are now supported. (T5055)
    Kleopatra: Directories for encryption may now contain unicode filenames. (T4083)
    Kleopatra: Improved Smartcard support, preshadowing the full multicard support with GnuPG 2.3. (T5066)
    Pinentry: The dialog should now receive input focus in more scenarios. (T4123)
    GpgOL: Plain text mails without attachments are properly displayed again.
    GpgOL: Plain text e-mails without attachments are displayed correctly again.
    GnuPG: Updated to 2.2.25 ( https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000450.html )

[close]

http://www.gpg4win.org/

[SiLæncer]

Changelog

    The dialog to create new keys has been simplified and makes it easier to create keys without protection. This can be disabled by setting "enforce-passphrase-constraints" in the gpg-agent configuration. (T5181)
    Name and e-mail for new keys are now obtained through active directory if they are available. (T5181)
    Creating S/MIME CSRs for OpenPGP Smartcards has been further improved. (T5127)
    Tag support for certifications has been greatly improved and is now also available when adding keys in the file encrypt dialog. (T5174)
    Elevated execution of Kleopatra (run as Administrator) is now prevented to avoid accidental permission problems in the GnuPG data folder. (T5212)
    Setting the initial SigG PIN for NetKey cards now also works if the generic PIN is not set. (T5220)

[close]

http://www.gpg4win.org/

[SiLæncer]

Changelog

    GpgOL: Added support for encrypting Outlook elements such as forwarded mails or contacts and events. (T4184)
    GpgOL: The "conflicting crypto preferences" warning now ignores more undocumented states. (T5335)
    Kleopatra: Added a "Groups" feature where you can define recipient groups that can then be selected as a whole when doing operations. (T5175 T5241)
    Kleopatra: Encryption works again with Windows shared file system paths. (T5216)
    Kleopatra: The check for elevated execution is now only a warning and no longer a hard error. (T5248)
    Kleopatra: The combined export of S/MIME and OpenPGP certificates has been improved. (T5002)
    Kleopatra: Search no longer shows all results as uncertified. (T5388)
    Kleopatra: Added support for additional CardOS Smartcards. (T4876)
    Kleopatra: Automatically imports public keys for the inserted Smartcard from an Active Directory / LDAP Server. (T4876)
    Kleopatra: The certify dialog now allows to certify a key as the certification authority for a specific domain. This enables Public Key Infrastructures where the certification is delegated. (T5245)
    Kleopatra: The Smartcard view has been improved for better usability. (T4876)
    Kleopatra: Complex LDAP Keyserver entries can now be entered without corruption. (T5404)
    Kleopatra: Very large Archives no longer lead to crashes on decryption. (T5475)
    Kleopatra: The performance when decrypting archives has been improved. (T5478)
    Kleopatra: Encrypting folders with files larger then 4GB no longer leads to truncated archives. (T5475)
    Kleopatra: Searching on LDAP / Active Directory for OpenPGP keys can now show multiple keys and shows details. (T5441)
    GnuPG: Importing OpenPGP keys from LDAP no longer strips third party signatures. (T5387)
    GnuPG: Files encrypted with S/MIME (CMS) but only with a password can now be decrypted.
    GnuPG: Special characters (non 7bit) are now handled again. (T4398)
    GnuPG: Updated to 2.2.28 See: https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000460.html

[close]

http://www.gpg4win.org/