Stories
Slash Boxes
Comments

SoylentNews is people

GnuPG 2.1.10 Released

posted by martyb on Tuesday December 08 2015, @07:29PM   Printer-friendly
from the getting-better-all-the-time dept.

Phoenix666 writes:

The GnuPG team is pleased to announce the availability of a new release
of GnuPG modern: Version 2.1.10. The main features of this release are
support for TOFU (Trust-On-First-Use) and anonymous key retrieval via
Tor.
...
Noteworthy changes in version 2.1.10
====================================

[More after the break.]

  * gpg: New trust models "tofu" and "tofu+pgp".

  * gpg: New command --tofu-policy. New options --tofu-default-policy
      and --tofu-db-format.

  * gpg: New option --weak-digest to specify hash algorithms which
      should be considered weak.

  * gpg: Allow the use of multiple --default-key options; take the last
      available key.

  * gpg: New option --encrypt-to-default-key.

  * gpg: New option --unwrap to only strip the encryption layer.

  * gpg: New option --only-sign-text-ids to exclude photo IDs from key
      signing.

  * gpg: Check for ambigious or non-matching key specification in the
      config file or given to --encrypt-to.

  * gpg: Show the used card reader with --card-status.

  * gpg: Print export statistics and an EXPORTED status line.

  * gpg: Allow selecting subkeys by keyid in --edit-key.

  * gpg: Allow updating the expiration time of multiple subkeys at
      once.

  * dirmngr: New option --use-tor. For full support this requires
      libassuan version 2.4.2 and a patched version of libadns
      (e.g. adns-1.4-g10-7 as used by the standard Windows installer).

  * dirmngr: New option --nameserver to specify the nameserver used in
      Tor mode.

  * dirmngr: Keyservers may again be specified by IP address.

  * dirmngr: Fixed problems in resolving keyserver pools.

  * dirmngr: Fixed handling of premature termination of TLS streams so
      that large numbers of keys can be refreshed via hkps.

  * gpg: Fixed a regression in --locate-key [since 2.1.9].

  * gpg: Fixed another bug for keyrings with legacy keys.

  * gpgsm: Allow combinations of usage flags in --gen-key.

  * Make tilde expansion work with most options.

  * Many other cleanups and bug fixes.

A detailed description of the changes found in the 2.1 branch can be
found at https://gnupg.org/faq/whats-new-in-2.1.html.

Original Submission

 
This discussion has been archived. No new comments can be posted.
GnuPG 2.1.10 Released | Log In/Create an Account | Top | 36 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by melikamp on Wednesday December 09 2015, @12:05AM

    by melikamp (1886) on Wednesday December 09 2015, @12:05AM (#273717) Journal

    In practice that thing would be powned so fast you'd hear a sonic boom.

    Pwned how? I am curious to see a likely scenario. Let's say it has 2 hardware ins: the public end, which is used for plaintext, cyphertext, and public key exchange; and the private end, which is used for configuration. Let's say there is a hardware lock, too, to make the private end physically inaccessible during normal operation. I'd say the only practical way to "pwn" it is to steal it, but even that can be mitigated with additional physical security layers.

    Anyway, the point is to show that an imaginary smart-card-like device can be easy to use, but this ease could only manifest itself within a software ecosystem which supports such a device, and there's absolutely nothing GnuPG (or similar app) can add to the picture. I'd even say, it looks like GnuPG is the only part of this use case whose implementation is up to par.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2