GnuPG 2.3 Beta

Werner Koch wk at gnupg.org
Mon Feb 22 08:50:02 CET 2021


Hi!

We plan to soon start with a GnuPG 2.3 series to slightly modernize
GnuPG.  We will need a few releases to fix still open bugs and to learn
about new problems.  Before we release 2.3.0 we consider it useful to
have a wider beta tests to catch build problems etc.

2.3 is GnuPG Git master and is regulary used at least by us.  However,
building from Git is harder than building from a regular tarball or just
using a Windows installer.  Thus here is our Beta:

 https://gnupg.org/ftp/gcrypt/gnupg/unstable/gnupg-2.3.0-beta1598.tar.bz2
 https://gnupg.org/ftp/gcrypt/gnupg/unstable/gnupg-2.3.0-beta1598.tar.bz2.sig

You need the latest version of Libgcrypt and libgpg-error to build it.
Windows users may want to try the installer at 

 https://gnupg.org/ftp/gcrypt/binary/unstable/gnupg-w32-2.3.0-beta1598_20210221.exe
 https://gnupg.org/ftp/gcrypt/binary/unstable/gnupg-w32-2.3.0-beta1598_20210221.exe.sig

As usual no guarantee for not breaking things.  As long as no new
options are used in the config files there should be no problem to move
back to 2.2.27.

Here is a list of new things which you do not find in 2.2.27:

  * A new experimental key database daemon is provided.  To enable it
    put "use-keyboxd" into gpg.conf and gpgsm.conf.  Keys are stored in
    a SQLite database and make key lookup much faster.  [To test this
    you need to export your public keys to a file, then put the option
    into gpg.conf and gpgsm.conf and import the keys again.]

  * New tool gpg-card as a flexible frontend for all types of
    supported smartcards.

  * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and
    gpg-connect-agent.

  * The gpg-wks-client tool is now installed under bin; a wrapper for
    its old location at libexec is also installed.

  * gpg: Switch to ed25519/cv25519 as default public key algorithms.

  * gpg: Verification results now depend on the --sender option and
    the signer's UID subpacket.  [T4735]

  * gpg: Do not use any 64-bit block size cipher algorithm for
    encryption.  Use AES as last resort cipher preference instead of
    3DES.  This can be reverted using --allow-old-cipher-algos.

  * gpg: Support AEAD encryption mode using OCB or EAX.

  * gpg: Support v5 keys and signatures.

  * gpg: Support curve X448 (ed448, cv448).

  * gpg: Allow use of group names in key listings.  [e825aea2ba]

  * gpg: New option --full-timestrings to print date and time.

  * gpg: The legacy key discovery method PKA is no longer supported.
    The command --print-pka-records and the PKA related import and
    export options have been removed.

  * gpgsm: Add basic ECC support.

  * gpgsm: Support creation of EdDSA certificates.  [#4888]

  * agent: Allow the use of "Label:" in a key file to customize the
    pinentry prompt.  [5388537806]

  * agent: Support ssh-agent extensions for environment variables.
    With a patched version of OpenSSH this avoids the need for the
    "updatestartuptty" kludge.  [224e26cf7b]

  * scd: Improve support for multiple card readers and tokens.

  * scd: Support PIV cards.

  * scd: Support the Telesec Signature Card v2.0

  * scd: Support multiple application on certain smartcard.

  * scd: New option --application-priority.

  * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs.

  * The symcryptrun tool, a wrapper for the now obsolete external
    Chiasmus tool, has been removed.


Please send bug report to this list.  See https://dev.gnupg.org/T4417
for some work items we still want to address.



Happy hacking.

  Your GnuPG hackers.


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20210222/67bf4a27/attachment.sig>


More information about the Gnupg-devel mailing list