Search
1000 results for “GnuPG”
-
#GnuPG 2.5.20-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
Note that the FreePG project considers the 2.5.x branch to be experimental, and does not enable non-standard OpenPGP algorithms unless “--compliance=gnupg” is explicitly set.
Release notes
=============Noteworthy changes in version 2.5.20-freepg (2026-05-15)
--------------------------------------------------------* No FreePG-specific changes.
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.5.20-freepg
Upstream's release notes follow.
------
Noteworthy changes in version 2.5.20 (2026-05-13)
-------------------------------------------------* New and extended features:
- gpgsm: Implement GCM encryption. Note that decryption works
since version 2.3.2. [T3979]- gpgsm: New option --attribute and server command SETATTR to
include arbitrary signed or unsigned attributes into a signature.
Enable only with libksba 1.7.0 or later. [T4537]- gpgsm: Introduce system attribute _signingCertificateV2.
[rG0335a9cb04]* Bug fixes:
- gpg: Fix wrong assertion failure which could very rarely occur
during key signature checking. [rG693f5642f6]- gpg: Consider certify-only keys for revocation signature check.
[T8196]- gpgsm: Fix possible double free in the CMS parser. [T8240]
- gpgsm: Fix possible too early removal of ephemeral keys. [T8236]
- gpgsm: Avoid emitting a final FAILURE status line if --status-fd
is not used. [rG69c27fe377]- gpgsm: Fix a regression in 2.5.19 for password encrypted GCM
data. [rG60a823c97b]- agent: Fix not using cache for pinentry loopback. [rGd4b608a31f]
- agent: Fix command PUT_SECRET by saving input line. [rG1875bc185e]
- keyboxd: Mark keys searched but not imported via LDAP correctly
as ephemeral. [T8048]- scdaemon: Avoid buffer overflow with SC-HSM cards providing RSA
keys > 2k. [T8244]- dirmngr: Fix uninitialized use of the dns_any union in
dns_rr_cmp. [T8251]Release-info: https://dev.gnupg.org/T7997
-
Schreibt mir eine post-quantum Nachricht!
Und steigt auf Post-Quantum um!#gnupg #sequoia #openpgp #aes #kyber #postquantum #cryptography #quantum
-----BEGIN PGP PUBLIC KEY BLOCK-----
mEkFagceSxYAAAA/AytlcQHI0TWUyLDWm/9brPLIjkBVEb9mu922wsirsFkfTiSj
NH/Dytz45QGF8GmXb5gOqNzL44eHOqR6bRwAtBhTY2hudXIgPHNjaG51ckBtYWls
LmkycD6I6QUTFgoAaSIhBUscQadL0Gfr51DPNfPs7eXIRGo3CAqKRSeG+VL49VKE
BQJqBx5LGxSAAAAAAAQADm1hbnUyLDIuNSsxLjEyLDIsMgIbAwUJCpfdgAULCQgH
AgIiAgYVCgkICwIEFgIDAQIeBwIXgAAA6RwBxA6kGXIK9eW+fxfbP61nqTcoucrd
bYZ2GaA3xWb8aKuewghWZR5UiLMs/mg2BD84pwSmHuFjcpVVAAHIxU6LUwSj+O79
mrA9L9pFSTYgIhANDVC0pcCTSfEToMeiNfMXnN7OuVqX6HLgc3miXutr3yuZTzoA
tBtTY2hudXIgPHNjaG51ckBpMnBtYWlsLm9yZz6I6QUTFgoAaSIhBUscQadL0Gfr
51DPNfPs7eXIRGo3CAqKRSeG+VL49VKEBQJqBx7/GxSAAAAAAAQADm1hbnUyLDIu
NSsxLjEyLDIsMgIbAwUJCpfdgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAA
g4kByOrTzFtDjQTQvJnTcp76u9ylX2b/RSYQRud5AMyF3Py3aKqbLK1/aMiBqR73
6KPSFgbZ6CpooqpoAAHI55swsGUlNrkHHUQagWnklEWF30DtybTigM2t1di2fXYs
8KIOFo4zZY8wee6m+HlWyawm5ZgvnzUAtB9TY2hudXIgPHNjaG51ckBob3JzZWZ1
Y2tlci5vcmc+iOkFExYKAGkiIQVLHEGnS9Bn6+dQzzXz7O3lyERqNwgKikUnhvlS
+PVShAUCagcfMxsUgAAAAAAEAA5tYW51MiwyLjUrMS4xMiwyLDICGwMFCQqX3YAF
CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AAAIS8Aci/4qM4a3eIozLg7Zr+wnT8
LP3Zj4Lexe92uyQF4pvB0NrA89MlVagPsyntdcvUYmiuS+ch/SZWugABxREs7rSN
zii3nWftV5C6/SBcPGPulP+uY/0sOhqSs+8UvHhmjj8/dfhFGBIcFjEy3CxKKlPG
m1UAALQiU2NobnVyIDxhbm9uc2NobnVyQHBhcmFub2lkLmVtYWlsPojpBRMWCgBp
IiEFSxxBp0vQZ+vnUM818+zt5chEajcICopFJ4b5Uvj1UoQFAmoHH6cbFIAAAAAA
BAAObWFudTIsMi41KzEuMTIsMiwyAhsDBQkKl92ABQsJCAcCAiICBhUKCQgLAgQW
AgMBAh4HAheAAAB7/AHFEBSwAtD1T5bOW8YkHvcExBvzAGljd96L4Ww/Xjqr33Jv
upx+JjFd+Dhy9r4azOMRbZlQ69OEjQWAAcd5lDUUeMYd3aQiFR885kJv70SgQUxi
NOi9RRUmyAcchhSFRw3y021Iq94HbBRlDpCgW4w6xtUAGAC5BmwFagceSwgAAAZi
AytlbwHAgGFSx/MUSL3W1Vwe14zyB6qODVlbqrkBeDy2yYVRdKrjCeNZZ7cCfBg6
DJo3oUJCPfZwZbmPul0AAAYgqUYrC3WodTVkr5xXcgaQ8oGfQcNyPZWVVHcMUDF5
0vd7ujh5idh+mMxkz8QEztWD1BCxB3UzcyKoVnhI+Tiu3veYdAVGhCs+UZGY7gOC
K1WYM0CG2jNJu8V5aDS8WbjDoqPELPLMTMPOUhUKL2G1TghjjVBKKAxymViqA/rL
sPFUJKXCV3gif6ZsnfwR8XGcxbJh8tl7HxB20iUxYKtpQljA/EFjOVQeVYJ6+5Wh
tOYycbC906mHqZrIVYy6ojdju4KVyCzLnmGNcVkY58e7ChC3dMNpaFgARGFZ4YPB
xOENmYFQr+sqjvAwrweMRza94XJ6wmoZ9aW/QdNhUgpNouxgkFgWPRkUAkVp7pV6
URd/O5PAOhm141RnALRtdWOvHfKVlqcEPcxuCloQppeinGZhN+ALzeEPT2ucRrej
o8Ei4BxDfmWkiHmtj5VM9nu54UhJNCdS8WtPJeRu68VmxNXHFmzGoGMuSjd9z8d5
CeieimOYPxvJ9BunQ9toYVUHAKxIIzAN2ySQwQVlVnupdLQHXpIIxHInM9e7bWcU
KUY4LJlXqeJZkzDFaNlvepDMu3iR+LpwCGs1ppFxu3h9pFOZx8BmOYGQS1WU65qf
Phu08oVsmWVoBFZua4c762tzyQuNBLOYtMxPN+g/keE4xRbI5OFeQfh5TtmlEGV0
pfGITMl2YZIQpAorxuAHutu/kad+lJEiHLGen9McD+TO0mfOI9iELOmfXJgOFbiG
LHByj2ORozZzkTGqEmZYxLoO1bE4oMVKBJgGDTh66IJoVAeLSZed0ac39PILmnQi
e9Bkwoe26Je49EVfVfgjovwImUuPFwG99phBfGQO8jIywcKNQCfOiwO82LOok/mT
zTOcT3SASsWU6uypSTIRJiYdMAVdfXdIUeZ0i4h1JbcJCHgU/Qt+7RK+YCFPCPAE
LyOuzoNjBMy9xXkELZyUHmRd0AuTpNA2VFsueeCeqqqFc3MTJ5lVbYSZVMrAZIA2
LjEXflp9Hrk5KIC8uJMlQXJ8+fQTPodBibKts2iBkCsBlKKVHACm1jojKYd7oBAh
RJawGRykj6mYPsHAWpa2BrBoWAmKz8rAjyoTaBwSOwTOMCEIGKiRygYTYpBRpHmU
ZksP6UqNhDsx5zYeZlW853YXmXY5DIPDpmQFGYqUSRdqHlWHlkiGxpWFtWRMb4Ml
uOhrjshueXUyy5yeFxOZnpVCA8nNe7t1nWtfIEh7JMelBkIGcFo3SDRWKFa/8pAg
rGNvdhw5gzCNn2k/KQmZtyiBl1QqJ2DFZWoYeLtrwBBMiqcyuYbMp0EBnBB5aroM
7FsRw+EKpaKzACmvuqeULze8gzUg8Zqjzyof9BZW8YiLUuw9QbKl9dfGzVwPOgW/
IEIl+vZJScA60nOO/XFJ+TjJtYq2flLA98EUCAwtPCJYBqk8c4ghd6ItiXq8EoAk
Sgo9bCEQI4ZFdCM5GZkT6EZBCxrP1IFFUVebOnUiQ9wh95VL+5Zk0pMu+4GYVSma
z9oSY4tAYaiOH6poTKwhYbWf3tInA6AZhHagZpcEA9XOzpgTKBQjNKOspPpYwom7
E6GHTEyI3EzF+oYF/ncqzdtP9kYXxxGIfxkzNrjAfDtwrowXLuRT8WWj7xogTVOe
bDC71lamIaW+RuxqVgZndryctRqsZthfG1xswASboxof+Yu3gOFJh3BEy2Ipbchy
rgSBLckIq7atMnnINayaq3miFrZby6V1iSueolS/IBx0N5VYm9x2IKXEohkjFOFH
jqR3DKOS14erICCaIOjIoJPPuOodkMSXahComsqxamiJWho6qDEQQLlBS1k6bTyy
bCeESqxU/whiSLJsh9doYvQA5DoG2Cat2fOwZGs2SwEjJtVDN9l1OmuzwUcoUZUd
OdmffsKxDvuVQvzMtnc3myS23nRDYHK5g+xpx6F3jAKvp1aFzCW4BBN8UqsDWtWu
nNGGHdlSj+pUg0nNjkANlrplVecqdPAhm5i8cINe+aJZyfgEOcp5/6m5drINylNq
pMNOEdy+ImkvFmc11iKKmmcZuziOFUHu6cGDNTEV/y7kmPdXmJh3gV8LnwihNWD8
ytKIzgUYFgoATiIhBUscQadL0Gfr51DPNfPs7eXIRGo3CAqKRSeG+VL49VKEBQJq
Bx5LGxSAAAAAAAQADm1hbnUyLDIuNSsxLjEyLDIsMgIbDAUJCpfdgAAAsQgByOwk
vYE/vYDHeXRWG7UPBUxCxAykZwOz2jqFBSD8e/riTzTx85nVkUIRXb4mmBhp73DT
HLbhgOOwgAHI5TS2rCxCNqr/4u8wmf2ppt5mf68E/hwFODvRQKdIawFyu9hS8rGa
ZInzyeVq1UkMl+EIy/jXEC4A
=JLo6
-----END PGP PUBLIC KEY BLOCK----- -
Schreibt mir eine post-quantum Nachricht!
Und steigt auf Post-Quantum um!#gnupg #sequoia #openpgp #aes #kyber #postquantum #cryptography #quantum
-----BEGIN PGP PUBLIC KEY BLOCK-----
mEkFagceSxYAAAA/AytlcQHI0TWUyLDWm/9brPLIjkBVEb9mu922wsirsFkfTiSj
NH/Dytz45QGF8GmXb5gOqNzL44eHOqR6bRwAtBhTY2hudXIgPHNjaG51ckBtYWls
LmkycD6I6QUTFgoAaSIhBUscQadL0Gfr51DPNfPs7eXIRGo3CAqKRSeG+VL49VKE
BQJqBx5LGxSAAAAAAAQADm1hbnUyLDIuNSsxLjEyLDIsMgIbAwUJCpfdgAULCQgH
AgIiAgYVCgkICwIEFgIDAQIeBwIXgAAA6RwBxA6kGXIK9eW+fxfbP61nqTcoucrd
bYZ2GaA3xWb8aKuewghWZR5UiLMs/mg2BD84pwSmHuFjcpVVAAHIxU6LUwSj+O79
mrA9L9pFSTYgIhANDVC0pcCTSfEToMeiNfMXnN7OuVqX6HLgc3miXutr3yuZTzoA
tBtTY2hudXIgPHNjaG51ckBpMnBtYWlsLm9yZz6I6QUTFgoAaSIhBUscQadL0Gfr
51DPNfPs7eXIRGo3CAqKRSeG+VL49VKEBQJqBx7/GxSAAAAAAAQADm1hbnUyLDIu
NSsxLjEyLDIsMgIbAwUJCpfdgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAA
g4kByOrTzFtDjQTQvJnTcp76u9ylX2b/RSYQRud5AMyF3Py3aKqbLK1/aMiBqR73
6KPSFgbZ6CpooqpoAAHI55swsGUlNrkHHUQagWnklEWF30DtybTigM2t1di2fXYs
8KIOFo4zZY8wee6m+HlWyawm5ZgvnzUAtB9TY2hudXIgPHNjaG51ckBob3JzZWZ1
Y2tlci5vcmc+iOkFExYKAGkiIQVLHEGnS9Bn6+dQzzXz7O3lyERqNwgKikUnhvlS
+PVShAUCagcfMxsUgAAAAAAEAA5tYW51MiwyLjUrMS4xMiwyLDICGwMFCQqX3YAF
CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AAAIS8Aci/4qM4a3eIozLg7Zr+wnT8
LP3Zj4Lexe92uyQF4pvB0NrA89MlVagPsyntdcvUYmiuS+ch/SZWugABxREs7rSN
zii3nWftV5C6/SBcPGPulP+uY/0sOhqSs+8UvHhmjj8/dfhFGBIcFjEy3CxKKlPG
m1UAALQiU2NobnVyIDxhbm9uc2NobnVyQHBhcmFub2lkLmVtYWlsPojpBRMWCgBp
IiEFSxxBp0vQZ+vnUM818+zt5chEajcICopFJ4b5Uvj1UoQFAmoHH6cbFIAAAAAA
BAAObWFudTIsMi41KzEuMTIsMiwyAhsDBQkKl92ABQsJCAcCAiICBhUKCQgLAgQW
AgMBAh4HAheAAAB7/AHFEBSwAtD1T5bOW8YkHvcExBvzAGljd96L4Ww/Xjqr33Jv
upx+JjFd+Dhy9r4azOMRbZlQ69OEjQWAAcd5lDUUeMYd3aQiFR885kJv70SgQUxi
NOi9RRUmyAcchhSFRw3y021Iq94HbBRlDpCgW4w6xtUAGAC5BmwFagceSwgAAAZi
AytlbwHAgGFSx/MUSL3W1Vwe14zyB6qODVlbqrkBeDy2yYVRdKrjCeNZZ7cCfBg6
DJo3oUJCPfZwZbmPul0AAAYgqUYrC3WodTVkr5xXcgaQ8oGfQcNyPZWVVHcMUDF5
0vd7ujh5idh+mMxkz8QEztWD1BCxB3UzcyKoVnhI+Tiu3veYdAVGhCs+UZGY7gOC
K1WYM0CG2jNJu8V5aDS8WbjDoqPELPLMTMPOUhUKL2G1TghjjVBKKAxymViqA/rL
sPFUJKXCV3gif6ZsnfwR8XGcxbJh8tl7HxB20iUxYKtpQljA/EFjOVQeVYJ6+5Wh
tOYycbC906mHqZrIVYy6ojdju4KVyCzLnmGNcVkY58e7ChC3dMNpaFgARGFZ4YPB
xOENmYFQr+sqjvAwrweMRza94XJ6wmoZ9aW/QdNhUgpNouxgkFgWPRkUAkVp7pV6
URd/O5PAOhm141RnALRtdWOvHfKVlqcEPcxuCloQppeinGZhN+ALzeEPT2ucRrej
o8Ei4BxDfmWkiHmtj5VM9nu54UhJNCdS8WtPJeRu68VmxNXHFmzGoGMuSjd9z8d5
CeieimOYPxvJ9BunQ9toYVUHAKxIIzAN2ySQwQVlVnupdLQHXpIIxHInM9e7bWcU
KUY4LJlXqeJZkzDFaNlvepDMu3iR+LpwCGs1ppFxu3h9pFOZx8BmOYGQS1WU65qf
Phu08oVsmWVoBFZua4c762tzyQuNBLOYtMxPN+g/keE4xRbI5OFeQfh5TtmlEGV0
pfGITMl2YZIQpAorxuAHutu/kad+lJEiHLGen9McD+TO0mfOI9iELOmfXJgOFbiG
LHByj2ORozZzkTGqEmZYxLoO1bE4oMVKBJgGDTh66IJoVAeLSZed0ac39PILmnQi
e9Bkwoe26Je49EVfVfgjovwImUuPFwG99phBfGQO8jIywcKNQCfOiwO82LOok/mT
zTOcT3SASsWU6uypSTIRJiYdMAVdfXdIUeZ0i4h1JbcJCHgU/Qt+7RK+YCFPCPAE
LyOuzoNjBMy9xXkELZyUHmRd0AuTpNA2VFsueeCeqqqFc3MTJ5lVbYSZVMrAZIA2
LjEXflp9Hrk5KIC8uJMlQXJ8+fQTPodBibKts2iBkCsBlKKVHACm1jojKYd7oBAh
RJawGRykj6mYPsHAWpa2BrBoWAmKz8rAjyoTaBwSOwTOMCEIGKiRygYTYpBRpHmU
ZksP6UqNhDsx5zYeZlW853YXmXY5DIPDpmQFGYqUSRdqHlWHlkiGxpWFtWRMb4Ml
uOhrjshueXUyy5yeFxOZnpVCA8nNe7t1nWtfIEh7JMelBkIGcFo3SDRWKFa/8pAg
rGNvdhw5gzCNn2k/KQmZtyiBl1QqJ2DFZWoYeLtrwBBMiqcyuYbMp0EBnBB5aroM
7FsRw+EKpaKzACmvuqeULze8gzUg8Zqjzyof9BZW8YiLUuw9QbKl9dfGzVwPOgW/
IEIl+vZJScA60nOO/XFJ+TjJtYq2flLA98EUCAwtPCJYBqk8c4ghd6ItiXq8EoAk
Sgo9bCEQI4ZFdCM5GZkT6EZBCxrP1IFFUVebOnUiQ9wh95VL+5Zk0pMu+4GYVSma
z9oSY4tAYaiOH6poTKwhYbWf3tInA6AZhHagZpcEA9XOzpgTKBQjNKOspPpYwom7
E6GHTEyI3EzF+oYF/ncqzdtP9kYXxxGIfxkzNrjAfDtwrowXLuRT8WWj7xogTVOe
bDC71lamIaW+RuxqVgZndryctRqsZthfG1xswASboxof+Yu3gOFJh3BEy2Ipbchy
rgSBLckIq7atMnnINayaq3miFrZby6V1iSueolS/IBx0N5VYm9x2IKXEohkjFOFH
jqR3DKOS14erICCaIOjIoJPPuOodkMSXahComsqxamiJWho6qDEQQLlBS1k6bTyy
bCeESqxU/whiSLJsh9doYvQA5DoG2Cat2fOwZGs2SwEjJtVDN9l1OmuzwUcoUZUd
OdmffsKxDvuVQvzMtnc3myS23nRDYHK5g+xpx6F3jAKvp1aFzCW4BBN8UqsDWtWu
nNGGHdlSj+pUg0nNjkANlrplVecqdPAhm5i8cINe+aJZyfgEOcp5/6m5drINylNq
pMNOEdy+ImkvFmc11iKKmmcZuziOFUHu6cGDNTEV/y7kmPdXmJh3gV8LnwihNWD8
ytKIzgUYFgoATiIhBUscQadL0Gfr51DPNfPs7eXIRGo3CAqKRSeG+VL49VKEBQJq
Bx5LGxSAAAAAAAQADm1hbnUyLDIuNSsxLjEyLDIsMgIbDAUJCpfdgAAAsQgByOwk
vYE/vYDHeXRWG7UPBUxCxAykZwOz2jqFBSD8e/riTzTx85nVkUIRXb4mmBhp73DT
HLbhgOOwgAHI5TS2rCxCNqr/4u8wmf2ppt5mf68E/hwFODvRQKdIawFyu9hS8rGa
ZInzyeVq1UkMl+EIy/jXEC4A
=JLo6
-----END PGP PUBLIC KEY BLOCK----- -
#OpenPGP #LibrePGP #GnuPG
昨年の記事だが,よいまとめ発見>OpenPGPとLibrePGP―GnuPGとそれ以外の実装での対立
https://kris.fail/posts/opgpvslpgp/ -
Exciting news from the coalface! The first beta of Hockeypuck 2.4 with PQC support is now live on https://test.pgpkeys.eu for public evaluation.
#OpenPGP is going post-quantum in 2026, and the #Hockeypuck #keyserver software is prepared to distribute post-quantum-safe OpenPGP certificates.
Hockeypuck 2.4-beta1 supports post-quantum-safe signing and encryption algorithms based on ML-DSA-65, ML-DSA-87, ML-KEM-768, and ML-KEM-1024, each used in hybrid mode with either curve25519 or curve448 ECC. These are the mandatory and recommended algorithms from the upcoming OpenPGP PQC spec [1].
In order to distribute the new primary (signing) keys safely, without adversely impacting older client software, they are only distributed over the HKPv2 API. Hockeypuck implements the `certs`, `index` and `prefixlog` endpoints as defined in the latest HKP draft spec [2]. These enable upload, download, and querying of PQC-enabled primary keys.
PQC encryption subkeys using ML-KEM-768 are also distributed over the legacy HKP interface if they are attached to a v4 primary key, because these are safely ignored by #GnuPG.
(GnuPG’s “kyber” algorithms are unfortunately not supported due to interoperability issues)
Hockeypuck 2.4 development has been kindly supported by @NGIZero Core.
[1] https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc
[2] https://datatracker.ietf.org/doc/html/draft-gallagher-openpgp-hkp -
#GnuPG 2.5.19-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
Note that the FreePG project considers the 2.5.x branch to be experimental, and does not enable non-standard OpenPGP algorithms unless “--compliance=gnupg” is explicitly set.
Release Notes
=============Noteworthy changes in version 2.5.19-freepg (2026-04-30)
-------------------------------------------------* No FreePG-specific changes.
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.5.19-freepg
Upstream's release notes follow.
-----
Noteworthy changes in version 2.5.19 (2026-04-24)
-------------------------------------------------* New and extended features:
- gpg: New option --use-ocb-sym. [rGccdcdfbb37]
- gpg: New options --show-[only-]session-hash. [rGecd0f7afa1]
- gpgsm: Allow cipher mode to be part of the algo given to the
--cipher-algo option. [T3979]- gpgsm: Emit more details when failing to check a crlDP. [T8221]
- agent: Improve pinentry behavior and texts in smartcard context.
[T6425]- dirmngr: New keyword "clear" for --keyserver. [rG2ab4cba36c]
* Bug fixes:
- gpg: Fix edge case in --refresh-keys. [T8197]
- gpg: Don't call gcry_kdf_derive with empty passphrase. [T7739]
- gpgsm: Skip the optional PKCS#12 PBES2 keyLength parameter to
allow import of recently issued certificates by the German
Telekom. [rGc8c9604bba]- gpgsm: Fix a bug so that a certificate can be signed using a
different algo. [rG66fdafab3c]- gpgsm: Make GCM fully compliant in de-vs mode. [rG04fd775fce]
- gpgsm: Add a certificate chain check for de-vs compliance.
[T8188]- gpgsm: Show rsaPSS certificates as de-vs compliant in listings.
[T8222]- agent: Rework the trustlist reading code to finally allow a
trustlist.txt with a missing trailing LF. [T8078]- ssh: Fix RSA padding in signature handling. [T7882,T8202]
- gpgtar: Fix -C (--directory) to check the output directory.
[T8159]* Other changes:
- agent: Raise an error when p >= q for RSA keys to detect
incorrect generated *PGP keys. [T8171]Release-info: https://dev.gnupg.org/T7998
-
صدرت نسخة GnuPG 2.5.19 الجديدة، متضمنةً توافقاً مع الإصدارات السابقة وميزات جديدة وإصلاحات للأخطاء. أبرز ما يميز هذا التحديث هو إدخال خوارزمية Kyber (ML-KEM)، التي تُمكّن التشفير المقاوم للكم، مما يعزز الأمان بشكل كبير. كما شهد التحديث تحسينات في سلوك إدخال الرمز السري للبطاقات الذكية، وتوفير معلومات مفصلة عند فشل التحقق من قوائم إلغاء الشهادات. من المهم للمستخدمين الترقية، حيث ستتوقف سلسلة 2.4 عن الدعم قريباً.
-
#GnuPG 2.5.19 is now also available for Debian based #Linux distros; e.g. for #ubuntu here
https://repos.gnupg.org/deb/gnupg/questing/ and there is a menu to select the other distros. -
@kushal My OpenPGP private key ist stored on my two Yubikeys. I always sign with GnuPG when I commit with git. And, I check my release tarballs and zip files before I sign them:
https://codeberg.org/duxsco/gentoo-installation/src/branch/main/assets/check_sign_release.shI publish information on how to fetch my public key:
https://www.duxsco.de/my_openpgp_public_key/I’d love to use only sequoia-pgp, but I think this will not happen in the foreseeable future due to the use of rust and the difficulties to package sequoia-keystore due to that:
https://bugs.gentoo.org/965482 -
@kushal My OpenPGP private key ist stored on my two Yubikeys. I always sign with GnuPG when I commit with git. And, I check my release tarballs and zip files before I sign them:
https://codeberg.org/duxsco/gentoo-installation/src/branch/main/assets/check_sign_release.shI publish information on how to fetch my public key:
https://www.duxsco.de/my_openpgp_public_key/I’d love to use only sequoia-pgp, but I think this will not happen in the foreseeable future due to the use of rust and the difficulties to package sequoia-keystore due to that:
https://bugs.gentoo.org/965482 -
@kushal My OpenPGP private key ist stored on my two Yubikeys. I always sign with GnuPG when I commit with git. And, I check my release tarballs and zip files before I sign them:
https://codeberg.org/duxsco/gentoo-installation/src/branch/main/assets/check_sign_release.shI publish information on how to fetch my public key:
https://www.duxsco.de/my_openpgp_public_key/I’d love to use only sequoia-pgp, but I think this will not happen in the foreseeable future due to the use of rust and the difficulties to package sequoia-keystore due to that:
https://bugs.gentoo.org/965482 -
@kushal My OpenPGP private key ist stored on my two Yubikeys. I always sign with GnuPG when I commit with git. And, I check my release tarballs and zip files before I sign them:
https://codeberg.org/duxsco/gentoo-installation/src/branch/main/assets/check_sign_release.shI publish information on how to fetch my public key:
https://www.duxsco.de/my_openpgp_public_key/I’d love to use only sequoia-pgp, but I think this will not happen in the foreseeable future due to the use of rust and the difficulties to package sequoia-keystore due to that:
https://bugs.gentoo.org/965482 -
GnuPG – post-quantum crypto landing in mainline
https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000504.html
#HackerNews #GnuPG #postquantum #crypto #cybersecurity #cryptography #open-source
-
#GnuPG 2.2.54-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
Release Notes
=============## Noteworthy changes in version 2.2.54-freepg (2026-04-24)
* No FreePG-specific changes.
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.2.54-freepg
Upstream's release notes follow.
-------------
## Noteworthy changes in version 2.2.54 (2026-04-20)
* gpg: Fix an edge case in --refresh-keys. [T8197]
* gpgsm: Add a certificate chain check for de-vs compliance.
[T8188]* gpgsm: Show rsaPSS certificates as de-vs compliant in listings.
[T8222]* agent: Accept a trustlist with a missing LF at the end. [T8078]
Release-info: https://dev.gnupg.org/T8170
-
I'm getting quite annoyed with the state of #GnuPG as a packager.
Upstream silently keeps releasing 2.2 versions to this day(!) and at the same time claims 2.4 will soon be EOL (also refuses to backport security fixes for it).
Meanwhile, there are no good reasons to upgrade to 2.5, unless one wants incompatibility with the entire rest of the ecosystem (see https://wiki.archlinux.org/index.php?title=GnuPG&oldid=860217#OpenPGP_compatibility).
The move to #OpenPGP #RFC9580 compliant solutions can't happen early enough!
Also, I'm glad we have @freepg -
I'm getting quite annoyed with the state of #GnuPG as a packager.
Upstream silently keeps releasing 2.2 versions to this day(!) and at the same time claims 2.4 will soon be EOL (also refuses to backport security fixes for it).
Meanwhile, there are no good reasons to upgrade to 2.5, unless one wants incompatibility with the entire rest of the ecosystem (see https://wiki.archlinux.org/index.php?title=GnuPG&oldid=860217#OpenPGP_compatibility).
The move to #OpenPGP #RFC9580 compliant solutions can't happen early enough!
Also, I'm glad we have @freepg -
I'm getting quite annoyed with the state of #GnuPG as a packager.
Upstream silently keeps releasing 2.2 versions to this day(!) and at the same time claims 2.4 will soon be EOL (also refuses to backport security fixes for it).
Meanwhile, there are no good reasons to upgrade to 2.5, unless one wants incompatibility with the entire rest of the ecosystem (see https://wiki.archlinux.org/index.php?title=GnuPG&oldid=860217#OpenPGP_compatibility).
The move to #OpenPGP #RFC9580 compliant solutions can't happen early enough!
Also, I'm glad we have @freepg -
I'm getting quite annoyed with the state of #GnuPG as a packager.
Upstream silently keeps releasing 2.2 versions to this day(!) and at the same time claims 2.4 will soon be EOL (also refuses to backport security fixes for it).
Meanwhile, there are no good reasons to upgrade to 2.5, unless one wants incompatibility with the entire rest of the ecosystem (see https://wiki.archlinux.org/index.php?title=GnuPG&oldid=860217#OpenPGP_compatibility).
The move to #OpenPGP #RFC9580 compliant solutions can't happen early enough!
Also, I'm glad we have @freepg -
When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.
Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)
https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000504.html
https://dev.gnupg.org/T7998 -
When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.
Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)
https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000504.html
https://dev.gnupg.org/T7998 -
When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.
Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)
https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000504.html
https://dev.gnupg.org/T7998 -
When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.
Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)
https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000504.html
https://dev.gnupg.org/T7998 -
When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.
Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)
https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000504.html
https://dev.gnupg.org/T7998 -
Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.
(GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)
See https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html for details.
-
Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.
(GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)
See https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html for details.
-
Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.
(GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)
See https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html for details.
-
Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.
(GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)
See https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html for details.
-
Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.
(GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)
See https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html for details.
-
#GnuPG 2.2.53-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.2.53-freepg
-
#GnuPG 2.2.53-freepg has been released.
It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.
In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)
https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.2.53-freepg