GNUPG 2.3.0 release

three and a half years after the formation of a last significant branch is presented new Release tools GnuPG 2.3.0 (GNU Privacy Guard) compatible with OpenPGP standards ( RFC-4880 ) and S / MIME, and providing a data encryption utility, working with electronic signatures, key management and access to public key storage.

GNUPG 2.3.0 is positioned as the first The release of a new code base, which includes the latest developments. GNUPG 2.2 is considered as a stable branch, optimal for ubiquitous use, which will be maintained at least until 2024. GNUPG 1.4 continues to be accompanied as a classic series that consumes minimal resources suitable for embedded systems and compatible with outdated encryption algorithms.

Basic innovations GNUPG 2.3.0:

  • An experimental background process with the implementation of the keys database is proposed using SQLite DBMS and demonstrate a faster key search. To enable a new storage, you should activate in gpg.conf and gpgsm.conf option “Use-KeyBoxD”.
  • Added a new GPG-Card utility, which can be used as a flexible interface for all supported types of smart.
  • Added new background process TPM2D , allowing you to use TPM 2.0 chips to protect Closed keys and performing encryption operations or creating digital signatures on the TPM-module side.
  • as the default algorithms for open keys are used by ED25519 and CV25519.
  • GPG is discontinued to encrypt algorithms with a block size of 64 bits. Using 3DES is prohibited, and as the minimum
    Supported algorithm declared AES. To disable the restriction, you can use the “–allow-old-cipher-algos” option.
  • In GPG, the check results are now dependent on the option “–Sender” and the identifier of the creator of the signature.
  • Added support for AEAD modes of block encryption OCB and EAX.
  • supported 5 key and digital signature support.
  • Added support for X448 curves (ED448, CV448).
  • Allowed to use names of groups in key lists.
  • in GPG, GPGSM, GPGCONF, GPG-Card and GPG-Connect-Agent Added option “–Chuid” to change the user ID.
  • GPG Added options “–full-timestrings” (Date and Time), “–Force-Sign-Key” and “–no-auto-trust-new-key”.
  • stopped supporting the outdated PKA key detection method and removed related options.
  • in GPG Added the ability to export keys ED448 for SSH.
  • GPGSM has a basic ECC support and the ability to create EDDSA certificates.
/Media reports.