Commit 433d2e2d authored by Adam Weinberger's avatar Adam Weinberger
Browse files

security/gnupg: Update to 2.3.0 

Changes:
  * A new experimental key database daemon is provided.  To enable it
    put "use-keyboxd" into gpg.conf and gpgsm.conf.  Keys are stored
    in a SQLite database and make key lookup much faster.

  * New tool gpg-card as a flexible frontend for all types of
    supported smartcards.

  * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and
    gpg-connect-agent.

  * The gpg-wks-client tool is now installed under bin; a wrapper for
    its old location at libexec is also installed.

  * tpm2d: New daemon to physically bind keys to the local machine.
    See https://gnupg.org/blog/20210315-using-tpm-with-gnupg-2.3.html

  * gpg: Switch to ed25519/cv25519 as default public key algorithms.

  * gpg: Verification results now depend on the --sender option and
    the signer's UID subpacket.  [#4735]

  * gpg: Do not use any 64-bit block size cipher algorithm for
    encryption.  Use AES as last resort cipher preference instead of
    3DES.  This can be reverted using --allow-old-cipher-algos.

  * gpg: Support AEAD encryption mode using OCB or EAX.

  * gpg: Support v5 keys and signatures.

  * gpg: Support curve X448 (ed448, cv448).

  * gpg: Allow use of group names in key listings.  [e825aea2ba]

  * gpg: New option --full-timestrings to print date and time.

  * gpg: New option --force-sign-key.  [#4584]

  * gpg: New option --no-auto-trust-new-key.

  * gpg: The legacy key discovery method PKA is no longer supported.
    The command --print-pka-records and the PKA related import and
    export options have been removed.

  * gpg: Support export of Ed448 Secure Shell keys.

  * gpgsm: Add basic ECC support.

  * gpgsm: Support creation of EdDSA certificates.  [#4888]

  * agent: Allow the use of "Label:" in a key file to customize the
    pinentry prompt.  [5388537806]

  * agent: Support ssh-agent extensions for environment variables.
    With a patched version of OpenSSH this avoids the need for the
    "updatestartuptty" kludge.  [224e26cf7b]

  * scd: Improve support for multiple card readers and tokens.

  * scd: Support PIV cards.

  * scd: Support for Rohde&Schwarz Cybersecurity cards.

  * scd: Support Telesec Signature Cards v2.0

  * scd: Support multiple application on certain smartcard.

  * scd: New option --application-priority.

  * scd: New option --pcsc-shared; see man page for important notes.

  * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs.

  * The symcryptrun tool, a wrapper for the now obsolete external
    Chiasmus tool, has been removed.

  * Full Unicode support under Windows for the command line.  [#4398]

  Release-info: https://dev.gnupg.org/T5343
parent c8b5781d
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment