Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Tuesday December 08 2015, @07:29PM   Printer-friendly
from the getting-better-all-the-time dept.

The GnuPG team is pleased to announce the availability of a new release
of GnuPG modern: Version 2.1.10. The main features of this release are
support for TOFU (Trust-On-First-Use) and anonymous key retrieval via
Tor.
...
Noteworthy changes in version 2.1.10
====================================

[More after the break.]

  * gpg: New trust models "tofu" and "tofu+pgp".

  * gpg: New command --tofu-policy. New options --tofu-default-policy
      and --tofu-db-format.

  * gpg: New option --weak-digest to specify hash algorithms which
      should be considered weak.

  * gpg: Allow the use of multiple --default-key options; take the last
      available key.

  * gpg: New option --encrypt-to-default-key.

  * gpg: New option --unwrap to only strip the encryption layer.

  * gpg: New option --only-sign-text-ids to exclude photo IDs from key
      signing.

  * gpg: Check for ambigious or non-matching key specification in the
      config file or given to --encrypt-to.

  * gpg: Show the used card reader with --card-status.

  * gpg: Print export statistics and an EXPORTED status line.

  * gpg: Allow selecting subkeys by keyid in --edit-key.

  * gpg: Allow updating the expiration time of multiple subkeys at
      once.

  * dirmngr: New option --use-tor. For full support this requires
      libassuan version 2.4.2 and a patched version of libadns
      (e.g. adns-1.4-g10-7 as used by the standard Windows installer).

  * dirmngr: New option --nameserver to specify the nameserver used in
      Tor mode.

  * dirmngr: Keyservers may again be specified by IP address.

  * dirmngr: Fixed problems in resolving keyserver pools.

  * dirmngr: Fixed handling of premature termination of TLS streams so
      that large numbers of keys can be refreshed via hkps.

  * gpg: Fixed a regression in --locate-key [since 2.1.9].

  * gpg: Fixed another bug for keyrings with legacy keys.

  * gpgsm: Allow combinations of usage flags in --gen-key.

  * Make tilde expansion work with most options.

  * Many other cleanups and bug fixes.

A detailed description of the changes found in the 2.1 branch can be
found at https://gnupg.org/faq/whats-new-in-2.1.html.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by Freebirth Toad on Wednesday December 09 2015, @06:51AM

    by Freebirth Toad (4486) on Wednesday December 09 2015, @06:51AM (#273836)

    The only part I found hard to understand is TOFU.

    From the GnuPG mailing list [gnupg.org]:

    TOFU stands for Trust on First Use and is a concept that will be familiar to anyone who regularly uses ssh. When you ssh to a host for the first time, ssh asks you to verify the host's key (most people just say yes here). When connecting to the same host in the future, ssh checks that the key hasn't changed. If it has, ssh displays a warning.