three and a half years after the formation of a last significant branch is presented new Release tools GnuPG 2.3.0 (GNU Privacy Guard) compatible with OpenPGP standards ( RFC-4880 ) and S / MIME, and providing a data encryption utility, working with electronic signatures, key management and access to public key storage.
GNUPG 2.3.0 is positioned as the first The release of a new code base, which includes the latest developments. GNUPG 2.2 is considered as a stable branch, optimal for ubiquitous use, which will be maintained at least until 2024. GNUPG 1.4 continues to be accompanied as a classic series that consumes minimal resources suitable for embedded systems and compatible with outdated encryption algorithms.
Basic innovations GNUPG 2.3.0:
- An experimental background process with the implementation of the keys database is proposed using SQLite DBMS and demonstrate a faster key search. To enable a new storage, you should activate in gpg.conf and gpgsm.conf option “Use-KeyBoxD”.
- Added a new GPG-Card utility, which can be used as a flexible interface for all supported types of smart.
- Added new background process TPM2D , allowing you to use TPM 2.0 chips to protect Closed keys and performing encryption operations or creating digital signatures on the TPM-module side.
- as the default algorithms for open keys are used by ED25519 and CV25519.
- GPG is discontinued to encrypt algorithms with a block size of 64 bits. Using 3DES is prohibited, and as the minimum
Supported algorithm declared AES. To disable the restriction, you can use the “–allow-old-cipher-algos” option. - In GPG, the check results are now dependent on the option “–Sender” and the identifier of the creator of the signature.
- Added support for AEAD modes of block encryption OCB and EAX.
- supported 5 key and digital signature support.
- Added support for X448 curves (ED448, CV448).
- Allowed to use names of groups in key lists.
- in GPG, GPGSM, GPGCONF, GPG-Card and GPG-Connect-Agent Added option “–Chuid” to change the user ID.
- GPG Added options “–full-timestrings” (Date and Time), “–Force-Sign-Key” and “–no-auto-trust-new-key”.
- stopped supporting the outdated PKA key detection method and removed related options.
- in GPG Added the ability to export keys ED448 for SSH.
- GPGSM has a basic ECC support and the ability to create EDDSA certificates.