Thema: GnuPG/Gpg4win/OpenPGP ...

[SiLæncer]

Changelog

    GpgOL: Fixed a possible plaintext leak to the mail server, which could occur when opening and closing mails while the mail was also visible in the message list. (T4622 T4621)
    GnuPG: Ignore all key-signatures received from keyservers. This change is required to mitigate a DoS due to keys flooded with faked key-signatures. The old behaviour can be achieved by adding keyserver-options no-self-sigs-only,no-import-clean to your gpg.conf. (T4607) See: https://wiki.gnupg.org/WKD for an alternative to the keyservers.
    GnuPG: Updated to Version 2.2.17. (See: https://gnupg.org for News.)

[close]

http://www.gpg4win.org/

[SiLæncer]

Changelog

  * gpg: Changed the way keys are detected on a smartcards; this
    allows the use of non-OpenPGP cards.  In the case of a not very
    likely regression the new option --use-only-openpgp-card is
    available.  [#4681]

  * gpg: The commands --full-gen-key and --quick-gen-key now allow
    direct key generation from supported cards.  [#4681]

  * gpg: Prepare against chosen-prefix SHA-1 collisions in key
    signatures.  This change removes all SHA-1 based key signature
    newer than 2019-01-19 from the web-of-trust.  Note that this
    includes all key signature created with dsa1024 keys.  The new
    option --allow-weak-key-signatues can be used to override the new
    and safer behaviour.  [#4755,CVE-2019-14855]

  * gpg: Improve performance for import of large keyblocks.  [#4592]

  * gpg: Implement a keybox compression run.  [#4644]

  * gpg: Show warnings from dirmngr about redirect and certificate
    problems (details require --verbose as usual).

  * gpg: Allow to pass the empty string for the passphrase if the
    '--passphase=' syntax is used.  [#4633]

  * gpg: Fix printing of the KDF object attributes.

  * gpg: Avoid surprises with --locate-external-key and certain
    --auto-key-locate settings.  [#4662]

  * gpg: Improve selection of best matching key.  [#4713]

  * gpg: Delete key binding signature when deletring a subkey.
    [#4665,#4457]

  * gpg: Fix a potential loss of key sigantures during import with
    self-sigs-only active.  [#4628]

  * gpg: Silence "marked as ultimately trusted" diagnostics if
    option --quiet is used.  [#4634]

  * gpg: Silence some diagnostics during in key listsing even with
    option --verbose.  [#4627]

  * gpg, gpgsm: Change parsing of agent's pkdecrypt results.  [#4652]

  * gpgsm: Support AES-256 keys.

  * gpgsm: Fix a bug in triggering a keybox compression run if
    --faked-system-time is used.

  * dirmngr: System CA certificates are no longer used for the SKS
    pool if GNUTLS instead of NTBTLS is used as TLS library.  [#4594]

  * dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces
    to avoid long timeouts.  [#4165]

  * scd: Fix BWI value for APDU level transfers to make Gemalto Ezio
    Shield and Trustica Cryptoucan work.  [#4654,#4566]

  * wkd: gpg-wks-client --install-key now installs the required policy
    file.

  Release-info: https://dev.gnupg.org/T4684
  See-also: gnupg-announce/2019q4/000442.html

[close]

http://www.gnupg.org

[SiLæncer]

Changelog

    gpg: Fix double free when decrypting for hidden recipients. Regression in 2.2.18. [#4762].
    gpg: Use auto-key-locate for encryption even for mail addressed given with angle brackets. [#4726]
    gpgsm: Add special case for certain expired intermediate certificates. [#4696]

[close]

http://www.gnupg.org

[SiLæncer]

Changelog

    GpgOL: Improved compatibility with other clients for S/MIME e.g. the Outlook web interface. (T4543 T4525)
    GpgOL: E-Mails which are too large to fully decrypt / verify on a Server with E-Mail size limits are now handled with a proper error. (T4731)
    GpgOL / Kleopatra: The GnuPG-System config page can now be hidden.
    GpgOL: There is now an additional configuration option to always show the security approval dialog, even with full automation.
    GpgOL: E-Mails are no longer always classified as HTML.
    GpgOL: Saving E-Mails as files now also works when the mail is opened in its own Window.
    GpgOL: Fixed a rare case where GpgOL could crash when opening a Mail from the file system.
    GpgOL: The security approval dialog now has additional info buttons to show extended information.
    Kleopatra: The certify dialog has been reworked to be more user friendly and require less clicks. (T4649)
    Kleopatra: New Feature "Search Tags": When certifying a user identity you can now add additional "Tags". Tags are shown which are made by any user that has full ceritification trust. They can be used to group or search keys by additional information. (T4734)
    Kleopatra: There is now an error message when a key could not be found during file encryption.
    Kleopatra: The Smartcard Management now also works for OpenPGP 3 cards e.g. newer Yubikeys.
    GnuPG: Network access is now much faster if IPv6 is not available. (T4165)
    GnuPG: Prepare against chosen-prefix SHA-1 collisions in key signatures. This change removes all SHA-1 based key signature newer than 2019-01-19 from the web-of-trust. Note that this includes all key signature created with DSA-1024 keys. The new option --allow-weak-key-signatues can be used to override the new and safer behaviour. (T4755, CVE-2019-14855)
    GnuPG: Updated to Version 2.2.19. (See: https://gnupg.org for additional News.)

[close]

http://www.gpg4win.org/

[SiLæncer]

Changelog

    GpgOL: Improved handling of mails with encrypted subjects. (T4796)
    GpgOL: Improved integration with Web Key Services to automatically provide public keys. (T4839)
    GpgOL: The addressbook integration is now more visible. (T4874)
    GpgOL: Group accounts are now properly considered when preselecting the signing key. (T4090)
    GpgOL: During signature verification a preview of the content is now displayed. (T4944)
    GpgOL: Printing of encrypted mails now works correctly after changing the printer. (T4890)
    GpgOL: Security level of keys obtained from a Web Key Directory is now properly shown as Level 2.
    GpgOL: Permanently decrypt now works more reliably and should no longer lead to "No Data" errors. (T4718)
    GpgOL: Long lines in plaintext mails should no longer be displayed as multiple lines after decryption. (T4987)
    GpgOL: Attachments with filenames that are not allowed on Windows can now be handled. (T4835)
    GpgOL: Mails with exactly one attachment and no body are now displayed correctly.
    GnuPG: Symmetric encryption now uses only one password dialog. (T4971)
    GnuPG: Improved certificate import for S/MIME certificates. (T4847)
    GnuPG: Added support for CardOS 5 Smartcards based on the D-Trust 3.1 card.
    GnuPG: Support for rsaPSS signatures has been added. (T4538)
    GnuPG: The "Quality" of a new passphrase is no longer incorrectly displayed. (T2103)
    Kleopatra: Overwriting secret key exports now works correctly. (T4709)
    Kleopatra: Fixed a case where file sign & encrypt dialogs would not be shown on high DPI systems. (T4819)
    Kleopatra: The sorting of multiple tabs has been fixed.
    Kleopatra: The minimal lenght of the Name has been reduced to better support non latin names. (T4745)
    Kleopatra: The filename suggestion for key exports has been improved to avoid confusion between public and private key exports. (T4995)
    Kleopatra: Authentication subkeys can now be exported in the OpenSSH format.
    Kleopatra: Markup is now automatically removed when pasting into the notepad. (T4969)
    Kleopatra: "updating..." as key validity is no longer displayed incorrectly when doing a keyserver search. (T4948)
    Gpg4win: The file and URL connections with Kleopatra now properly split arguments and potential external data like filenames and the search query. This prevents a security issue where Kleopatra could be triggered to load a library from a filename provided through an unescaped URL.

[close]

http://www.gpg4win.org/

[SiLæncer]

Changelog

  * gpg: Fix AEAD preference list overflow.  [#5050]
  * gpg: Fix a possible segv in the key cleaning code.
  * gpgsm: Fix a minor RFC2253 parser bug.  [#5037]
  * scdaemon: Fix a PIN verify failure on certain OpenPGP card
    implementations.  Regression in 2.2.22.  [#5039]
  * po: Fix bug in the Hungarian translation.  Updates for the Czech,
    Polish, and Ukrainian translations.

[close]

http://www.gnupg.org

[SiLæncer]

Changelog

    GnuPG: Updated to 2.2.23 to fix CVE-2020-25125. ( https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html )
    GpgOL: Fixed an issue where unencrypted drafts of mails were stored on the an Exchange Server and could be restored through the "recently deleted items" option. Especially if the draft encryption, introduced in Gpg4win-3.1.8, is used this can be a security issue. (T5022) Gpg4win cannot offer guarantees that Outlook does not send data which is entered *before* the encryption to Microsoft or an Exchange Server. Under Windows with Outlook this is impossible to control. The draft encryption option is our best effort to avoid this.

    GnuPG: 2.2.23
    Kleopatra: 3.1.12
    GPA: 0.10.0
    GpgOL: 2.4.7
    GpgEX: 1.0.6
    Kompendium DE: 4.0.1
    Compendium EN: 3.0.0

[close]

http://www.gpg4win.org/

[SiLæncer]

Changelog

    Kleopatra: It is now possible to revoke certifications with Kleopatra. (T5094)
    Kleopatra / GnuPG: Unicode home directories are now supported. (T5055)
    Kleopatra: Directories for encryption may now contain unicode filenames. (T4083)
    Kleopatra: Improved Smartcard support, preshadowing the full multicard support with GnuPG 2.3. (T5066)
    Pinentry: The dialog should now receive input focus in more scenarios. (T4123)
    GpgOL: Plain text mails without attachments are properly displayed again.
    GpgOL: Plain text e-mails without attachments are displayed correctly again.
    GnuPG: Updated to 2.2.25 ( https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000450.html )

[close]

http://www.gpg4win.org/

[SiLæncer]

Changelog

    The dialog to create new keys has been simplified and makes it easier to create keys without protection. This can be disabled by setting "enforce-passphrase-constraints" in the gpg-agent configuration. (T5181)
    Name and e-mail for new keys are now obtained through active directory if they are available. (T5181)
    Creating S/MIME CSRs for OpenPGP Smartcards has been further improved. (T5127)
    Tag support for certifications has been greatly improved and is now also available when adding keys in the file encrypt dialog. (T5174)
    Elevated execution of Kleopatra (run as Administrator) is now prevented to avoid accidental permission problems in the GnuPG data folder. (T5212)
    Setting the initial SigG PIN for NetKey cards now also works if the generic PIN is not set. (T5220)

[close]

http://www.gpg4win.org/

[SiLæncer]

Changelog

    GpgOL: Added support for encrypting Outlook elements such as forwarded mails or contacts and events. (T4184)
    GpgOL: The "conflicting crypto preferences" warning now ignores more undocumented states. (T5335)
    Kleopatra: Added a "Groups" feature where you can define recipient groups that can then be selected as a whole when doing operations. (T5175 T5241)
    Kleopatra: Encryption works again with Windows shared file system paths. (T5216)
    Kleopatra: The check for elevated execution is now only a warning and no longer a hard error. (T5248)
    Kleopatra: The combined export of S/MIME and OpenPGP certificates has been improved. (T5002)
    Kleopatra: Search no longer shows all results as uncertified. (T5388)
    Kleopatra: Added support for additional CardOS Smartcards. (T4876)
    Kleopatra: Automatically imports public keys for the inserted Smartcard from an Active Directory / LDAP Server. (T4876)
    Kleopatra: The certify dialog now allows to certify a key as the certification authority for a specific domain. This enables Public Key Infrastructures where the certification is delegated. (T5245)
    Kleopatra: The Smartcard view has been improved for better usability. (T4876)
    Kleopatra: Complex LDAP Keyserver entries can now be entered without corruption. (T5404)
    Kleopatra: Very large Archives no longer lead to crashes on decryption. (T5475)
    Kleopatra: The performance when decrypting archives has been improved. (T5478)
    Kleopatra: Encrypting folders with files larger then 4GB no longer leads to truncated archives. (T5475)
    Kleopatra: Searching on LDAP / Active Directory for OpenPGP keys can now show multiple keys and shows details. (T5441)
    GnuPG: Importing OpenPGP keys from LDAP no longer strips third party signatures. (T5387)
    GnuPG: Files encrypted with S/MIME (CMS) but only with a password can now be decrypted.
    GnuPG: Special characters (non 7bit) are now handled again. (T4398)
    GnuPG: Updated to 2.2.28 See: https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000460.html

[close]

http://www.gpg4win.org/

[SiLæncer]

Changelog

    Kleopatra: The group configuration has been extended so that groups can now be exported and imported. (T5638)
    Kleopatra: Now shows the used GnuPG version in the about dialog. (T5652)
    Kleopatra: Added an option under crypto operations to only use symmetric encryption. (T5661)
    Kleopatra: Available Smartcard readers can now be listed under settings. (T5662)
    Kleopatra: The update notification has been fixed. (T5663)
    Kleopatra: Checks for RESTRICTED / VS-NfD compliance now take underlying library configurations into account. (T5362)
    Kleopatra: Added error handling for operations which are not allowed in the configured compliance mode. (T5653)
    Kleopatra: Configuration of Keyservers is now shown correctly even when done through dirmngr.conf. (T5672)
    Kleopatra: Smartcard reader can now be selected through a menu which shows all available readers. This is found under the GnuPG System Smartcard configuration. (T5666)
    Kleopatra: When searching for certificates in the available list, a following "Search on Server" is now prefilled with the search string. (T5624)
    Kleopatra: Both S/MIME and OpenPGP certificates can now be imported from a single file. (T5638)
    Kleopatra: Configuration pages can now be hidden. (T5689)
    Kleopatra: The key creation wizard can now be customized with custom placeholders and expiry times. (T5690 T5708)
    Kleopatra: It is now possible to hide S/MIME (CMS) actions for an OpenPGP only mode. (T5688)
    Kleopatra: The GnuPG-System configuration has received minor cleanups. (T5677)
    Kleopatra: A crash related to circular certificate chains has been fixed. (T5697)
    Kleopatra: Ask GnuPG for the correct path for the uiserver socket (T5619).
    Kleopatra: Fix a problem with smartcard detection on startup. (rKd2338373ab41)
    Kleopatra: Enable the "create openpgp key from card" command only for GnuPG >= 2.3. (rK107abfdb1a41)
    Kleopatra: Windows no longer appear in the background when Kleopatra is not the active foreground process. (T5533)
    Kleopatra: The directory services configuration for LDAP servers has been extended. (T5465)
    Kleopatra: It is now possible to set an expiration date for a certification. (T5336)
    Kleopatra: It is now possible to update subkey expiration dates with Kleopatra. (T4717)
    Kleopatra: The default keyserver is now queried from GnuPG. (T5514)
    Kleopatra: Users are now prompted to set the ownertrust when certifying with an untrusted key. (T5511)
    Kleopatra: Symmetric encryption is now preselected if no keys are present. (T5545)
    Kleopatra: Every action in the file encryption dialow is now accessible through a shortcut. (T5544)
    Kleopatra: Accessibility, especially for encryption, has been greatly improved. (T5535)
    GpgOL: Contents are no longer hidden if plain text only is configured through group policies. (T5681)
    Pinentry: Symmetric passwords are now formatted when visible if the corresponding gpg-agent option "pinentry-formatted-passphrase" has been set. (T5517)
    Pinentry: It is now possible to generate secure passwords for symmetric encryption through gpg-agent. (T5517)
    Pinentry: It is now possible to add custom help text files to explain passphrase constraints. (T5517)
    Pinentry: Passphrase constraints are now better checked and violations no longer clear the entered passphrase. (T5532)
    Pinentry: A capslock warning is now shown. (T4950)
    Pinentry: The dialog is now more accessible and constraints are shown in a way that screenreaders can handle.
    GnuPG: Passphrase constraint handling has been improved with a new syntax for constraints. (T5517)
    GnuPG: The socket files are now located under Appdata/Local. (T5537)
    GnuPG: A new, optional, configuration syntax has been implemented which allows conditional configuration based on variables. Variables can be read from the Windows registry and controlled by Group Policies.
    GnuPG: The configured "trusted-key" options can now be properly changed. (T5685)
    GnuPG: The default selection for smartcard reader now tries to ignore virtual smartcard readers. (T5644)
    GnuPG: With "gpgconf --show-configs" the configuration of the system can now be listed.
    GnuPG: A new experimental key database daemon is provided. To enable it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored in a SQLite database and make key lookup much faster.
    GnuPG: Major update to Version 2.3.4.

[close]

http://www.gpg4win.org/

[SiLæncer]

Changelog

    Kleopatra: OpenPGP and S/MIME key generation are now optimized for accessibility. (T5832)
    Kleopatra: The tab bar for different certificate views is now always shown. (T5841)
    Kleopatra: The certificate view can now be navigated by arrow keys to make it more accessible by keyboard. (T5841)
    Kleopatra: Empty cells in the certificate view now have screen reader specific annotations to make them readable. e.g.: "no name" or "no email". (T5841)
    Kleopatra: Key-IDs and Fingerprints are now read by screen readers in groups of four characters. (T5841)
    Kleopatra: The file encryption dialog has been optimized for accessibility. (T5845)
    Kleopatra: The certificate selection dialog, which can be accessed through the file encryption dialog, has been optimized for accessibility. (T5876)
    Kleopatra: The dialog for adding a User-ID has been rewritten for full accessibility. (T5916)
    Kleopatra: The GnuPG backend can now be restarted through an action in the Extras menu. (T5775)
    Kleopatra: A tooltip highlights why subkeys are needed in the advanced key generation dialog. (T5781)
    Kleopatra: There is now a button in certificate details to copy the fingerprint via clipboard without spaces. (T5776)
    Kleopatra: The smartcard reader settings are now on their own configuration page. (T5857)
    Kleopatra: It is now possible to revoke your own key. (T5859)
    Kleopatra: The dialog for adding a User-ID has been rewritten and now also accepts names starting with numbers. (T5916)
    Kleopatra: It is now possible to configure a minimal and maximal validity period for new keys. (T5864)
    Kleopatra: Configuration of default-new-key-algo is simplified for ECC curves. (T5717)
    Kleopatra: The key creation wizard can now hide advanced settings through configuration. (T5690)
    Kleopatra: When searching for keys a Web Key Directory is also searched if this is available for the searched domain. (T5334)
    Kleopatra: A new setting in group [Smartcard] "AlwaysSearchCardOnKeyserver" enables the query of any configured keyserver for certificates of a smartcard if set to true. (T5735)
    Kleopatra: Additional dialogs have file endings preset when saving crypto files. (T5736)
    Kleopatra: Error handling for failed PKCS#12 imports is improved. (T5713)
    Kleopatra: An information is now shown if keyserver return invalid search results. (T5725)
    Kleopatra: Additional help documents, for GnuPG VS-Desktop, are now added in the help menu.
    Kleopatra: Secret subkeys can now be exported and imported. (T5755)
    Kleopatra: Config settings which are forced in global configuration are now properly greyed out. (T5791)
    Kleopatra: Automatic detection of new smartcards has been improved. (T5782)
    Kleopatra: Configuring both an OpenPGP and X.509 keyservers has been improved. (T5801)
    Kleopatra: Opening external links can now be administratively prohibited. (T5777)
    Kleopatra: When opening outlook attachments the default output path is now in the documents folder of the user. (T5774)
    Kleopatra: In the certificate details certification view it is now possible to retrieve all certifier certificates. (T5805)
    Kleopatra: It is now possible to fetch the keys of certifiers automatically on import. This can be enabled through the setting "RetrieveSignerKeysAfterImport" in the "Import" group. (T5805)
    GpgEX: It is now possible to configure the default command through the Windows registry. (T5915)
    GnuPG: Massive performance improvements: - Doubled detached signing speed. - Up to five times faster verification of detached signatures. - Threefold decryption speedup for large files. - Nearly double the AES256.OCB encryption speed. (T5826, T5820) For full use of these improvements use GnuPG on the command line.
    GnuPG: New Option "--require-compliance" to create an error if an Operation did not comply to the compliance setting.
    GnuPG: Tar archives now support longer filenames larger then MAX_PATH. (T5754)
    GnuPG: ECDSA is now supported for CRLs and OCSP.
    GnuPG: WKD lookups now also work for resolvers not handling SRV records. (T4729)
    GnuPG: Updated to 2.3.6. For full details see: https://lists.gnupg.org/pipermail/gnupg-announce/2022q2/000472.html
    Kleopatra: Keyserver configuration now properly resets to default value on empty configuration. (T5711)
    Kleopatra: Several places where the application name was written in lowercase have been fixed. (T5833)
    Kleopatra: A crash has been fixed that occurred when revoking a certification without a selected key. (T5858)
    Kleopatra: The keylist filter for not certified certificates now only shows not certified keys and not all invalid certificates. (T5850)
    Kleopatra: Forcing the key type through configuration now also forces correct usage flags. (T5856)
    GpgOL: Fixed a double free error which could lead to random crashes. This double free was not exploitable as a security issue.
    GpgOL: A Problem has been fixed which could cause cleartext to be sent to the Exchange Server. This occurred when modifying an encrypted draft. (T5564)
    GpgOL: Draft Encryption can now be enabled through the registry by setting the value "auto" for "draftKey". (T5564)
    GnuPG: Windows account names with special characters are handled again.
    GnuPG: Config values from the windows registry are now properly shown with gpgconf --show-configs. (T5724)

[close]

http://www.gpg4win.org/

[SiLæncer]

Whats new:>>

    Kleopatra: A crash that occured when exiting the Application has been fixed. (T5962)
    GnuPG: Security update to 2.3.7 to fix CVE-2022-34903. (T6027)
    GnuPG: Improved import of PKCS#12 containers. (T6037,T5793,T4921,T4757)

http://www.gpg4win.org/

[SiLæncer]

Changelog

    GnuPG: Avoids "invalid hash method" errors by using SHA-256 for certificates with implicit SHA-1 preferences in de-vs mode. (T6043)
    GnuPG: In de-vs mode use AES-128 instead of 3-DES as implicit preference. This avoids problems with software considering 3-DES as non-compliant but does only announce 3-DES as supported algorithm. (T6063)
    GnuPG: Add new LDAP server flag "areconly" (A-record-only) to help against long delays on some AD installations.
    GnuPG: New feature to mirror an LDAP keyserver to a Web key Directory. (T6224)
    GnuPG: Improve reporting of bad passphrase errors during PKCS#11 import. (T5713,T6037)
    GnuPG: It is now possible to forbid users to trust additional root certificates. The option for this is "no-user-trustlist". (T5990)
    GnuPG: It is now possible to change the default filename (trustlist.txt) for the list of S/MIME root certificates. The option for this is "sys-trustlist-name" or on Windows it can be configured in the registry. This allows admins to change the S/MIME root certificates from the packaged default without having it overwritten with each update. (T5990)
    GnuPG: The "display serial number" is now used for card insert prompts. This should match the serial number printed on smart cards. (T6135)
    GnuPG: New "common.conf" option "no-autostart". (rG203dcc19eb)
    GpgOL: Groups configured in Kleopatra can now be used for mail encryption. Groups must contain only keys of one protocol (either S/MIME or OpenPGP) and be named like the mail address. (T5967)
    GpgOL: An exclamation mark at the end of the GpgOL config registry values under "Local machine" now disallows the user to change that setting. (T5827)
    Kleopatra: Any configuration settings in kleopatrarc are now configurable through the Windows Registry / Group Policies, too. (T5707)
    Kleopatra: Automatic extraction of tar archives can now be disabled in the Kleopatra settings. (T6057)
    Kleopatra: The original filename is now embedded in encrypted files. (T6056)
    Kleopatra: In case the embedded filename does not match the filename of the encrypted file, the user is asked after decryption if the file should be renamed to the embedded name. This only works for files encrypted with GnuPG VS-Desktop 3.1.24 or later. (T6056)
    Kleopatra: The user is now asked which file should be verified if the signed data for a detached signature (.sig) could not be found automatically. (T6062)
    Kleopatra: Queries containing just a single character are now allowed when searching in remote directories. This should make it easier to list all certificates in a directory. (T6064)
    Kleopatra: When a user specific trustlist.txt is created by Kleopatra it now adds the "include-default" keyword, so that the system wide trustlist.txt is still included. (T6096)
    Kleopatra: The storage location is now displayed per subkey to better support offline keys and multiple smart cards. (T6108)
    Kleopatra: The certificate details now have an explicit update button to refresh a key from the configured directory services. (T5903)
    Kleopatra: The fingerprint with the suffix .rev is now used as suggested filename for revocation certificates. (T6121)
    Kleopatra: Several more file dialogs now save the last used directory. (T6121)
    Kleopatra: When withdrawing certifications, the own certifications on the certificate are now automatically determined. (T6115)
    GnuPG: Update the X.509/CMS parsing library Libksba to version 1.6.2 to fix a severe security problem. (T6230)
    GnuPG: Do not consider unknown public keys as non-compliant while decrypting. (T6205)
    GnuPG: Fix CRL Distribution Point fallback to other schemes.
    GnuPG: Fix upload of multiple keys for an LDAP server specified using the colon format.
    GnuPG: Fix a key upload problem when a BaseDN is specified for an LDAP server. (T6047)
    GnuPG: YubiKeys with firmware versions 5.4 and above are correctly detected again. (T6070)
    GnuPG: Combined symmetric and asymmetric encryption / decryption is now displayed as VS-NfD compliant, if appropriate. (T6119)
    GnuPG: A misleading error message when transferring keys to a smart card was changed. (T6122)
    GnuPG: The options "auto-key-import" and "include-key-block" are changeable through Kleopatra, again. (T6138)
    GnuPG: A possible path traversal security issue regarding "gpg-wks-server" has been fixed. This only affects users of "gpg-wks-server" in a WKS deployment. (T6098)
    GnuPG: Fix a regression in "READKEY --format=ssh". (T6012)
    GpgOL: Fixed some encoding issues.
    GpgOL: Issue with sender resolution for draft mails fixed.
    GpgOL: A hang and performance problem when displaying unencrypted mails with a specific structure has been fixed. (#8917)
    GpgOL: Stale temporary files created by GpgOL are now deleted to avoid clutter on systems that do not clean the temporary files. (T5926)
    GpgOL: Fix a regression in IMAP access to encrypted mails. (T6203)
    Kleopatra: No longer reports success when adding an empty userid. (T5997)
    Kleopatra: The maximum expiration date is now 2106-02-05. (T5991)
    Kleopatra: S/MIME certificate trees are no longer collapsed when details are opened by double click. (T6055)
    Kleopatra: Minor improvements to the encrypt / sign recipient selection dialog. (T6080)
    Kleopatra: Canceling the password entry when exporting a secret key now correctly aborts the operation. (T6090)
    Kleopatra: A family of startup crashes has been fixed. The crashes would show up in the event log as crashes in libstdc++6.dll. (T6131)
    Kleopatra: Fixed a very rare hang when archiving files. This caused Kleopatra never to finish an archiving operation. (T6139)
    Kleopatra: When only a single OpenPGP certificate is imported, the question about weather to certify it has been restored. (T6144)
    Kleopatra: Problems of "Failed to move directory" when decrypting archives on systems where the users TEMP directory was placed on Microsoft virtual hard disks have been resolved. (T6147)
    Kleopatra: The following dialogs have been changed so that they are usable: * with keyboard only * with a screenreader (tested NVDA and ORCA) * with 400% magnification * with high contrast color scheme (T6073) * with inverted color scheme (T6073) - OpenPGP certificate creation (T5969, T5832) - The main window toolbar (T6026) - Certificate Details (T5843) - Certificate certification (T6046) - Expiration date change (T6080) - Group configuration (T6095) - DN Attribute Order configuration (T6089) - Subkey details (T6104) - Certifications view (T6102) - Self Test (T6101)
    Kleopatra: Generating a new OpenPGP certificate is reduced to a single dialog. (T5832)
    Kleopatra: Creating an S/MIME Certificate Signing Request (CSR) is now a standalone action in Kleopatras file menu. (T5832)
    Kleopatra: Links used in Kleopatra texts are now accessible for screenreaders. (T6034)
    Kleopatra: Text parts (labels) are now selectable and the selection is highlighted. This is easier to control with a Screenreader. (T6036)
    Kleopatra: Tooltip pop-ups are now read out by screenreaders. (T6044)
    Kleopatra: All icon-only buttons should now have a description which can be read by Screenreaders. (T6088)
    Kleopatra: Navigating the certificate list with the keyboard is improved. (T5841)
    Kleopatra: Validity period labels have been unified to "Valid from" and "Valid until" respectively. (T6120)
    Kleopatra: Compliance display has been simplified by removing the "communication is possible" part. (T5855)

[close]

http://www.gpg4win.org/

[SiLæncer]

Changelog

    GPA: So long, and thanks for all the fish. To reduce maintenance and overall quality of Gpg4win we have decided to retire GPA. Over the last decade Kleopatra has made large improvements in quality and is very well maintained and the focus of our development. [rW3f7ed3834f]
    GnuPG: Improve signature verification speed by a factor of more than four. Double detached signing speed. [T5826]
    GnuPG: Import stray revocation certificates to improve WKD usability.
    GnuPG: New option --add-revocs for gpg-wks-client. [rG2f4492f3be]
    GnuPG: Ignore expired user-ids in gpg-wks-client. [T6292]
    GnuPG: Support the Telesec Signature Card v2.0 in OpenPGP. [T6252]
    GnuPG: For the new AEAD Format we now only allow the fast OCB mode. The EAX mode may still be used for decryption. [rG5a2cef801d]
    Kleopatra: Support the import of non-standard conforming UTF-16 encoded text files with certificates. [T6298]
    Kleopatra: New Option to delete the locally stored secret key after a transfer to a smart card. [T5836]
    Kleopatra: Improve the display of keys in the group edit dialog. [T6295]
    Kleopatra: Simplify changing the owner trust of keys. [T6148]
    Kleopatra: Allow selecting ECC with supported curves when generating new keys for smart cards. [T4429]
    GnuPG: Update the X.509/CMS library Libksba to version 1.6.3 to fix a security problem in the CRL signature parser. [T6230]
    GnuPG: Fix trusted introducer for mbox only user-ids. [T6238]
    GpgOL: IMAP access to encrypted mails works again. [T6203]
    Kleopatra: Don't report success if the key signing job was canceled. [T6305]
    Kleopatra: Report failed imports immediately when receiving the result. [T6302]
    Kleopatra: Do not offer invalid S/MIME certificates for signing or encryption. [T6216]
    Kleopatra: Don't ask user to certify an imported expired or revoked OpenPGP key. [T6155]
    Kleopatra: Do not crash when closing details widget while certificate dump is shown. [T6180]
    Kleopatra: Improve usability and accessibility of the notepad operations. [T6188]

[close]

http://www.gpg4win.org/