home.social

Search

1000 results for “GnuPG”

  1. #GnuPG 2.5.20-freepg has been released.

    It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

    Note that the FreePG project considers the 2.5.x branch to be experimental, and does not enable non-standard OpenPGP algorithms unless “--compliance=gnupg” is explicitly set.

    Release notes
    =============

    Noteworthy changes in version 2.5.20-freepg (2026-05-15)
    --------------------------------------------------------

    * No FreePG-specific changes.

    gitlab.com/freepg/gnupg/-/rele

    Upstream's release notes follow.

    ------

    Noteworthy changes in version 2.5.20 (2026-05-13)
    -------------------------------------------------

    * New and extended features:

    - gpgsm: Implement GCM encryption. Note that decryption works
    since version 2.3.2. [T3979]

    - gpgsm: New option --attribute and server command SETATTR to
    include arbitrary signed or unsigned attributes into a signature.
    Enable only with libksba 1.7.0 or later. [T4537]

    - gpgsm: Introduce system attribute _signingCertificateV2.
    [rG0335a9cb04]

    * Bug fixes:

    - gpg: Fix wrong assertion failure which could very rarely occur
    during key signature checking. [rG693f5642f6]

    - gpg: Consider certify-only keys for revocation signature check.
    [T8196]

    - gpgsm: Fix possible double free in the CMS parser. [T8240]

    - gpgsm: Fix possible too early removal of ephemeral keys. [T8236]

    - gpgsm: Avoid emitting a final FAILURE status line if --status-fd
    is not used. [rG69c27fe377]

    - gpgsm: Fix a regression in 2.5.19 for password encrypted GCM
    data. [rG60a823c97b]

    - agent: Fix not using cache for pinentry loopback. [rGd4b608a31f]

    - agent: Fix command PUT_SECRET by saving input line. [rG1875bc185e]

    - keyboxd: Mark keys searched but not imported via LDAP correctly
    as ephemeral. [T8048]

    - scdaemon: Avoid buffer overflow with SC-HSM cards providing RSA
    keys > 2k. [T8244]

    - dirmngr: Fix uninitialized use of the dns_any union in
    dns_rr_cmp. [T8251]

    Release-info: dev.gnupg.org/T7997

  2. Schreibt mir eine post-quantum Nachricht!
    Und steigt auf Post-Quantum um!

    #gnupg #sequoia #openpgp #aes #kyber #postquantum #cryptography #quantum

    -----BEGIN PGP PUBLIC KEY BLOCK-----

    mEkFagceSxYAAAA/AytlcQHI0TWUyLDWm/9brPLIjkBVEb9mu922wsirsFkfTiSj
    NH/Dytz45QGF8GmXb5gOqNzL44eHOqR6bRwAtBhTY2hudXIgPHNjaG51ckBtYWls
    LmkycD6I6QUTFgoAaSIhBUscQadL0Gfr51DPNfPs7eXIRGo3CAqKRSeG+VL49VKE
    BQJqBx5LGxSAAAAAAAQADm1hbnUyLDIuNSsxLjEyLDIsMgIbAwUJCpfdgAULCQgH
    AgIiAgYVCgkICwIEFgIDAQIeBwIXgAAA6RwBxA6kGXIK9eW+fxfbP61nqTcoucrd
    bYZ2GaA3xWb8aKuewghWZR5UiLMs/mg2BD84pwSmHuFjcpVVAAHIxU6LUwSj+O79
    mrA9L9pFSTYgIhANDVC0pcCTSfEToMeiNfMXnN7OuVqX6HLgc3miXutr3yuZTzoA
    tBtTY2hudXIgPHNjaG51ckBpMnBtYWlsLm9yZz6I6QUTFgoAaSIhBUscQadL0Gfr
    51DPNfPs7eXIRGo3CAqKRSeG+VL49VKEBQJqBx7/GxSAAAAAAAQADm1hbnUyLDIu
    NSsxLjEyLDIsMgIbAwUJCpfdgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAA
    g4kByOrTzFtDjQTQvJnTcp76u9ylX2b/RSYQRud5AMyF3Py3aKqbLK1/aMiBqR73
    6KPSFgbZ6CpooqpoAAHI55swsGUlNrkHHUQagWnklEWF30DtybTigM2t1di2fXYs
    8KIOFo4zZY8wee6m+HlWyawm5ZgvnzUAtB9TY2hudXIgPHNjaG51ckBob3JzZWZ1
    Y2tlci5vcmc+iOkFExYKAGkiIQVLHEGnS9Bn6+dQzzXz7O3lyERqNwgKikUnhvlS
    +PVShAUCagcfMxsUgAAAAAAEAA5tYW51MiwyLjUrMS4xMiwyLDICGwMFCQqX3YAF
    CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AAAIS8Aci/4qM4a3eIozLg7Zr+wnT8
    LP3Zj4Lexe92uyQF4pvB0NrA89MlVagPsyntdcvUYmiuS+ch/SZWugABxREs7rSN
    zii3nWftV5C6/SBcPGPulP+uY/0sOhqSs+8UvHhmjj8/dfhFGBIcFjEy3CxKKlPG
    m1UAALQiU2NobnVyIDxhbm9uc2NobnVyQHBhcmFub2lkLmVtYWlsPojpBRMWCgBp
    IiEFSxxBp0vQZ+vnUM818+zt5chEajcICopFJ4b5Uvj1UoQFAmoHH6cbFIAAAAAA
    BAAObWFudTIsMi41KzEuMTIsMiwyAhsDBQkKl92ABQsJCAcCAiICBhUKCQgLAgQW
    AgMBAh4HAheAAAB7/AHFEBSwAtD1T5bOW8YkHvcExBvzAGljd96L4Ww/Xjqr33Jv
    upx+JjFd+Dhy9r4azOMRbZlQ69OEjQWAAcd5lDUUeMYd3aQiFR885kJv70SgQUxi
    NOi9RRUmyAcchhSFRw3y021Iq94HbBRlDpCgW4w6xtUAGAC5BmwFagceSwgAAAZi
    AytlbwHAgGFSx/MUSL3W1Vwe14zyB6qODVlbqrkBeDy2yYVRdKrjCeNZZ7cCfBg6
    DJo3oUJCPfZwZbmPul0AAAYgqUYrC3WodTVkr5xXcgaQ8oGfQcNyPZWVVHcMUDF5
    0vd7ujh5idh+mMxkz8QEztWD1BCxB3UzcyKoVnhI+Tiu3veYdAVGhCs+UZGY7gOC
    K1WYM0CG2jNJu8V5aDS8WbjDoqPELPLMTMPOUhUKL2G1TghjjVBKKAxymViqA/rL
    sPFUJKXCV3gif6ZsnfwR8XGcxbJh8tl7HxB20iUxYKtpQljA/EFjOVQeVYJ6+5Wh
    tOYycbC906mHqZrIVYy6ojdju4KVyCzLnmGNcVkY58e7ChC3dMNpaFgARGFZ4YPB
    xOENmYFQr+sqjvAwrweMRza94XJ6wmoZ9aW/QdNhUgpNouxgkFgWPRkUAkVp7pV6
    URd/O5PAOhm141RnALRtdWOvHfKVlqcEPcxuCloQppeinGZhN+ALzeEPT2ucRrej
    o8Ei4BxDfmWkiHmtj5VM9nu54UhJNCdS8WtPJeRu68VmxNXHFmzGoGMuSjd9z8d5
    CeieimOYPxvJ9BunQ9toYVUHAKxIIzAN2ySQwQVlVnupdLQHXpIIxHInM9e7bWcU
    KUY4LJlXqeJZkzDFaNlvepDMu3iR+LpwCGs1ppFxu3h9pFOZx8BmOYGQS1WU65qf
    Phu08oVsmWVoBFZua4c762tzyQuNBLOYtMxPN+g/keE4xRbI5OFeQfh5TtmlEGV0
    pfGITMl2YZIQpAorxuAHutu/kad+lJEiHLGen9McD+TO0mfOI9iELOmfXJgOFbiG
    LHByj2ORozZzkTGqEmZYxLoO1bE4oMVKBJgGDTh66IJoVAeLSZed0ac39PILmnQi
    e9Bkwoe26Je49EVfVfgjovwImUuPFwG99phBfGQO8jIywcKNQCfOiwO82LOok/mT
    zTOcT3SASsWU6uypSTIRJiYdMAVdfXdIUeZ0i4h1JbcJCHgU/Qt+7RK+YCFPCPAE
    LyOuzoNjBMy9xXkELZyUHmRd0AuTpNA2VFsueeCeqqqFc3MTJ5lVbYSZVMrAZIA2
    LjEXflp9Hrk5KIC8uJMlQXJ8+fQTPodBibKts2iBkCsBlKKVHACm1jojKYd7oBAh
    RJawGRykj6mYPsHAWpa2BrBoWAmKz8rAjyoTaBwSOwTOMCEIGKiRygYTYpBRpHmU
    ZksP6UqNhDsx5zYeZlW853YXmXY5DIPDpmQFGYqUSRdqHlWHlkiGxpWFtWRMb4Ml
    uOhrjshueXUyy5yeFxOZnpVCA8nNe7t1nWtfIEh7JMelBkIGcFo3SDRWKFa/8pAg
    rGNvdhw5gzCNn2k/KQmZtyiBl1QqJ2DFZWoYeLtrwBBMiqcyuYbMp0EBnBB5aroM
    7FsRw+EKpaKzACmvuqeULze8gzUg8Zqjzyof9BZW8YiLUuw9QbKl9dfGzVwPOgW/
    IEIl+vZJScA60nOO/XFJ+TjJtYq2flLA98EUCAwtPCJYBqk8c4ghd6ItiXq8EoAk
    Sgo9bCEQI4ZFdCM5GZkT6EZBCxrP1IFFUVebOnUiQ9wh95VL+5Zk0pMu+4GYVSma
    z9oSY4tAYaiOH6poTKwhYbWf3tInA6AZhHagZpcEA9XOzpgTKBQjNKOspPpYwom7
    E6GHTEyI3EzF+oYF/ncqzdtP9kYXxxGIfxkzNrjAfDtwrowXLuRT8WWj7xogTVOe
    bDC71lamIaW+RuxqVgZndryctRqsZthfG1xswASboxof+Yu3gOFJh3BEy2Ipbchy
    rgSBLckIq7atMnnINayaq3miFrZby6V1iSueolS/IBx0N5VYm9x2IKXEohkjFOFH
    jqR3DKOS14erICCaIOjIoJPPuOodkMSXahComsqxamiJWho6qDEQQLlBS1k6bTyy
    bCeESqxU/whiSLJsh9doYvQA5DoG2Cat2fOwZGs2SwEjJtVDN9l1OmuzwUcoUZUd
    OdmffsKxDvuVQvzMtnc3myS23nRDYHK5g+xpx6F3jAKvp1aFzCW4BBN8UqsDWtWu
    nNGGHdlSj+pUg0nNjkANlrplVecqdPAhm5i8cINe+aJZyfgEOcp5/6m5drINylNq
    pMNOEdy+ImkvFmc11iKKmmcZuziOFUHu6cGDNTEV/y7kmPdXmJh3gV8LnwihNWD8
    ytKIzgUYFgoATiIhBUscQadL0Gfr51DPNfPs7eXIRGo3CAqKRSeG+VL49VKEBQJq
    Bx5LGxSAAAAAAAQADm1hbnUyLDIuNSsxLjEyLDIsMgIbDAUJCpfdgAAAsQgByOwk
    vYE/vYDHeXRWG7UPBUxCxAykZwOz2jqFBSD8e/riTzTx85nVkUIRXb4mmBhp73DT
    HLbhgOOwgAHI5TS2rCxCNqr/4u8wmf2ppt5mf68E/hwFODvRQKdIawFyu9hS8rGa
    ZInzyeVq1UkMl+EIy/jXEC4A
    =JLo6
    -----END PGP PUBLIC KEY BLOCK-----

  3. Schreibt mir eine post-quantum Nachricht!
    Und steigt auf Post-Quantum um!

    #gnupg #sequoia #openpgp #aes #kyber #postquantum #cryptography #quantum

    -----BEGIN PGP PUBLIC KEY BLOCK-----

    mEkFagceSxYAAAA/AytlcQHI0TWUyLDWm/9brPLIjkBVEb9mu922wsirsFkfTiSj
    NH/Dytz45QGF8GmXb5gOqNzL44eHOqR6bRwAtBhTY2hudXIgPHNjaG51ckBtYWls
    LmkycD6I6QUTFgoAaSIhBUscQadL0Gfr51DPNfPs7eXIRGo3CAqKRSeG+VL49VKE
    BQJqBx5LGxSAAAAAAAQADm1hbnUyLDIuNSsxLjEyLDIsMgIbAwUJCpfdgAULCQgH
    AgIiAgYVCgkICwIEFgIDAQIeBwIXgAAA6RwBxA6kGXIK9eW+fxfbP61nqTcoucrd
    bYZ2GaA3xWb8aKuewghWZR5UiLMs/mg2BD84pwSmHuFjcpVVAAHIxU6LUwSj+O79
    mrA9L9pFSTYgIhANDVC0pcCTSfEToMeiNfMXnN7OuVqX6HLgc3miXutr3yuZTzoA
    tBtTY2hudXIgPHNjaG51ckBpMnBtYWlsLm9yZz6I6QUTFgoAaSIhBUscQadL0Gfr
    51DPNfPs7eXIRGo3CAqKRSeG+VL49VKEBQJqBx7/GxSAAAAAAAQADm1hbnUyLDIu
    NSsxLjEyLDIsMgIbAwUJCpfdgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAA
    g4kByOrTzFtDjQTQvJnTcp76u9ylX2b/RSYQRud5AMyF3Py3aKqbLK1/aMiBqR73
    6KPSFgbZ6CpooqpoAAHI55swsGUlNrkHHUQagWnklEWF30DtybTigM2t1di2fXYs
    8KIOFo4zZY8wee6m+HlWyawm5ZgvnzUAtB9TY2hudXIgPHNjaG51ckBob3JzZWZ1
    Y2tlci5vcmc+iOkFExYKAGkiIQVLHEGnS9Bn6+dQzzXz7O3lyERqNwgKikUnhvlS
    +PVShAUCagcfMxsUgAAAAAAEAA5tYW51MiwyLjUrMS4xMiwyLDICGwMFCQqX3YAF
    CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AAAIS8Aci/4qM4a3eIozLg7Zr+wnT8
    LP3Zj4Lexe92uyQF4pvB0NrA89MlVagPsyntdcvUYmiuS+ch/SZWugABxREs7rSN
    zii3nWftV5C6/SBcPGPulP+uY/0sOhqSs+8UvHhmjj8/dfhFGBIcFjEy3CxKKlPG
    m1UAALQiU2NobnVyIDxhbm9uc2NobnVyQHBhcmFub2lkLmVtYWlsPojpBRMWCgBp
    IiEFSxxBp0vQZ+vnUM818+zt5chEajcICopFJ4b5Uvj1UoQFAmoHH6cbFIAAAAAA
    BAAObWFudTIsMi41KzEuMTIsMiwyAhsDBQkKl92ABQsJCAcCAiICBhUKCQgLAgQW
    AgMBAh4HAheAAAB7/AHFEBSwAtD1T5bOW8YkHvcExBvzAGljd96L4Ww/Xjqr33Jv
    upx+JjFd+Dhy9r4azOMRbZlQ69OEjQWAAcd5lDUUeMYd3aQiFR885kJv70SgQUxi
    NOi9RRUmyAcchhSFRw3y021Iq94HbBRlDpCgW4w6xtUAGAC5BmwFagceSwgAAAZi
    AytlbwHAgGFSx/MUSL3W1Vwe14zyB6qODVlbqrkBeDy2yYVRdKrjCeNZZ7cCfBg6
    DJo3oUJCPfZwZbmPul0AAAYgqUYrC3WodTVkr5xXcgaQ8oGfQcNyPZWVVHcMUDF5
    0vd7ujh5idh+mMxkz8QEztWD1BCxB3UzcyKoVnhI+Tiu3veYdAVGhCs+UZGY7gOC
    K1WYM0CG2jNJu8V5aDS8WbjDoqPELPLMTMPOUhUKL2G1TghjjVBKKAxymViqA/rL
    sPFUJKXCV3gif6ZsnfwR8XGcxbJh8tl7HxB20iUxYKtpQljA/EFjOVQeVYJ6+5Wh
    tOYycbC906mHqZrIVYy6ojdju4KVyCzLnmGNcVkY58e7ChC3dMNpaFgARGFZ4YPB
    xOENmYFQr+sqjvAwrweMRza94XJ6wmoZ9aW/QdNhUgpNouxgkFgWPRkUAkVp7pV6
    URd/O5PAOhm141RnALRtdWOvHfKVlqcEPcxuCloQppeinGZhN+ALzeEPT2ucRrej
    o8Ei4BxDfmWkiHmtj5VM9nu54UhJNCdS8WtPJeRu68VmxNXHFmzGoGMuSjd9z8d5
    CeieimOYPxvJ9BunQ9toYVUHAKxIIzAN2ySQwQVlVnupdLQHXpIIxHInM9e7bWcU
    KUY4LJlXqeJZkzDFaNlvepDMu3iR+LpwCGs1ppFxu3h9pFOZx8BmOYGQS1WU65qf
    Phu08oVsmWVoBFZua4c762tzyQuNBLOYtMxPN+g/keE4xRbI5OFeQfh5TtmlEGV0
    pfGITMl2YZIQpAorxuAHutu/kad+lJEiHLGen9McD+TO0mfOI9iELOmfXJgOFbiG
    LHByj2ORozZzkTGqEmZYxLoO1bE4oMVKBJgGDTh66IJoVAeLSZed0ac39PILmnQi
    e9Bkwoe26Je49EVfVfgjovwImUuPFwG99phBfGQO8jIywcKNQCfOiwO82LOok/mT
    zTOcT3SASsWU6uypSTIRJiYdMAVdfXdIUeZ0i4h1JbcJCHgU/Qt+7RK+YCFPCPAE
    LyOuzoNjBMy9xXkELZyUHmRd0AuTpNA2VFsueeCeqqqFc3MTJ5lVbYSZVMrAZIA2
    LjEXflp9Hrk5KIC8uJMlQXJ8+fQTPodBibKts2iBkCsBlKKVHACm1jojKYd7oBAh
    RJawGRykj6mYPsHAWpa2BrBoWAmKz8rAjyoTaBwSOwTOMCEIGKiRygYTYpBRpHmU
    ZksP6UqNhDsx5zYeZlW853YXmXY5DIPDpmQFGYqUSRdqHlWHlkiGxpWFtWRMb4Ml
    uOhrjshueXUyy5yeFxOZnpVCA8nNe7t1nWtfIEh7JMelBkIGcFo3SDRWKFa/8pAg
    rGNvdhw5gzCNn2k/KQmZtyiBl1QqJ2DFZWoYeLtrwBBMiqcyuYbMp0EBnBB5aroM
    7FsRw+EKpaKzACmvuqeULze8gzUg8Zqjzyof9BZW8YiLUuw9QbKl9dfGzVwPOgW/
    IEIl+vZJScA60nOO/XFJ+TjJtYq2flLA98EUCAwtPCJYBqk8c4ghd6ItiXq8EoAk
    Sgo9bCEQI4ZFdCM5GZkT6EZBCxrP1IFFUVebOnUiQ9wh95VL+5Zk0pMu+4GYVSma
    z9oSY4tAYaiOH6poTKwhYbWf3tInA6AZhHagZpcEA9XOzpgTKBQjNKOspPpYwom7
    E6GHTEyI3EzF+oYF/ncqzdtP9kYXxxGIfxkzNrjAfDtwrowXLuRT8WWj7xogTVOe
    bDC71lamIaW+RuxqVgZndryctRqsZthfG1xswASboxof+Yu3gOFJh3BEy2Ipbchy
    rgSBLckIq7atMnnINayaq3miFrZby6V1iSueolS/IBx0N5VYm9x2IKXEohkjFOFH
    jqR3DKOS14erICCaIOjIoJPPuOodkMSXahComsqxamiJWho6qDEQQLlBS1k6bTyy
    bCeESqxU/whiSLJsh9doYvQA5DoG2Cat2fOwZGs2SwEjJtVDN9l1OmuzwUcoUZUd
    OdmffsKxDvuVQvzMtnc3myS23nRDYHK5g+xpx6F3jAKvp1aFzCW4BBN8UqsDWtWu
    nNGGHdlSj+pUg0nNjkANlrplVecqdPAhm5i8cINe+aJZyfgEOcp5/6m5drINylNq
    pMNOEdy+ImkvFmc11iKKmmcZuziOFUHu6cGDNTEV/y7kmPdXmJh3gV8LnwihNWD8
    ytKIzgUYFgoATiIhBUscQadL0Gfr51DPNfPs7eXIRGo3CAqKRSeG+VL49VKEBQJq
    Bx5LGxSAAAAAAAQADm1hbnUyLDIuNSsxLjEyLDIsMgIbDAUJCpfdgAAAsQgByOwk
    vYE/vYDHeXRWG7UPBUxCxAykZwOz2jqFBSD8e/riTzTx85nVkUIRXb4mmBhp73DT
    HLbhgOOwgAHI5TS2rCxCNqr/4u8wmf2ppt5mf68E/hwFODvRQKdIawFyu9hS8rGa
    ZInzyeVq1UkMl+EIy/jXEC4A
    =JLo6
    -----END PGP PUBLIC KEY BLOCK-----

  4. #OpenPGP #LibrePGP #GnuPG
    昨年の記事だが,よいまとめ発見

    >OpenPGPとLibrePGP―GnuPGとそれ以外の実装での対立
    kris.fail/posts/opgpvslpgp/

  5. Exciting news from the coalface! The first beta of Hockeypuck 2.4 with PQC support is now live on test.pgpkeys.eu for public evaluation.

    #OpenPGP is going post-quantum in 2026, and the #Hockeypuck #keyserver software is prepared to distribute post-quantum-safe OpenPGP certificates.

    Hockeypuck 2.4-beta1 supports post-quantum-safe signing and encryption algorithms based on ML-DSA-65, ML-DSA-87, ML-KEM-768, and ML-KEM-1024, each used in hybrid mode with either curve25519 or curve448 ECC. These are the mandatory and recommended algorithms from the upcoming OpenPGP PQC spec [1].

    In order to distribute the new primary (signing) keys safely, without adversely impacting older client software, they are only distributed over the HKPv2 API. Hockeypuck implements the `certs`, `index` and `prefixlog` endpoints as defined in the latest HKP draft spec [2]. These enable upload, download, and querying of PQC-enabled primary keys.

    PQC encryption subkeys using ML-KEM-768 are also distributed over the legacy HKP interface if they are attached to a v4 primary key, because these are safely ignored by #GnuPG.

    (GnuPG’s “kyber” algorithms are unfortunately not supported due to interoperability issues)

    Hockeypuck 2.4 development has been kindly supported by @NGIZero Core.

    [1] datatracker.ietf.org/doc/html/
    [2] datatracker.ietf.org/doc/html/

  6. #GnuPG 2.5.19-freepg has been released.

    It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

    Note that the FreePG project considers the 2.5.x branch to be experimental, and does not enable non-standard OpenPGP algorithms unless “--compliance=gnupg” is explicitly set.

    Release Notes
    =============

    Noteworthy changes in version 2.5.19-freepg (2026-04-30)
    -------------------------------------------------

    * No FreePG-specific changes.

    gitlab.com/freepg/gnupg/-/rele

    Upstream's release notes follow.

    -----

    Noteworthy changes in version 2.5.19 (2026-04-24)
    -------------------------------------------------

    * New and extended features:

    - gpg: New option --use-ocb-sym. [rGccdcdfbb37]

    - gpg: New options --show-[only-]session-hash. [rGecd0f7afa1]

    - gpgsm: Allow cipher mode to be part of the algo given to the
    --cipher-algo option. [T3979]

    - gpgsm: Emit more details when failing to check a crlDP. [T8221]

    - agent: Improve pinentry behavior and texts in smartcard context.
    [T6425]

    - dirmngr: New keyword "clear" for --keyserver. [rG2ab4cba36c]

    * Bug fixes:

    - gpg: Fix edge case in --refresh-keys. [T8197]

    - gpg: Don't call gcry_kdf_derive with empty passphrase. [T7739]

    - gpgsm: Skip the optional PKCS#12 PBES2 keyLength parameter to
    allow import of recently issued certificates by the German
    Telekom. [rGc8c9604bba]

    - gpgsm: Fix a bug so that a certificate can be signed using a
    different algo. [rG66fdafab3c]

    - gpgsm: Make GCM fully compliant in de-vs mode. [rG04fd775fce]

    - gpgsm: Add a certificate chain check for de-vs compliance.
    [T8188]

    - gpgsm: Show rsaPSS certificates as de-vs compliant in listings.
    [T8222]

    - agent: Rework the trustlist reading code to finally allow a
    trustlist.txt with a missing trailing LF. [T8078]

    - ssh: Fix RSA padding in signature handling. [T7882,T8202]

    - gpgtar: Fix -C (--directory) to check the output directory.
    [T8159]

    * Other changes:

    - agent: Raise an error when p >= q for RSA keys to detect
    incorrect generated *PGP keys. [T8171]

    Release-info: dev.gnupg.org/T7998

  7. صدرت نسخة GnuPG 2.5.19 الجديدة، متضمنةً توافقاً مع الإصدارات السابقة وميزات جديدة وإصلاحات للأخطاء. أبرز ما يميز هذا التحديث هو إدخال خوارزمية Kyber (ML-KEM)، التي تُمكّن التشفير المقاوم للكم، مما يعزز الأمان بشكل كبير. كما شهد التحديث تحسينات في سلوك إدخال الرمز السري للبطاقات الذكية، وتوفير معلومات مفصلة عند فشل التحقق من قوائم إلغاء الشهادات. من المهم للمستخدمين الترقية، حيث ستتوقف سلسلة 2.4 عن الدعم قريباً.

    #GnuPG #Kyber #Encryption

  8. #GnuPG 2.5.19 is now also available for Debian based #Linux distros; e.g. for #ubuntu here
    repos.gnupg.org/deb/gnupg/ques and there is a menu to select the other distros.

  9. @kushal My OpenPGP private key ist stored on my two Yubikeys. I always sign with GnuPG when I commit with git. And, I check my release tarballs and zip files before I sign them:
    codeberg.org/duxsco/gentoo-ins

    I publish information on how to fetch my public key:
    duxsco.de/my_openpgp_public_ke

    I’d love to use only sequoia-pgp, but I think this will not happen in the foreseeable future due to the use of rust and the difficulties to package sequoia-keystore due to that:
    bugs.gentoo.org/965482

    #gnupg #sequoiapgp

  10. @kushal My OpenPGP private key ist stored on my two Yubikeys. I always sign with GnuPG when I commit with git. And, I check my release tarballs and zip files before I sign them:
    codeberg.org/duxsco/gentoo-ins

    I publish information on how to fetch my public key:
    duxsco.de/my_openpgp_public_ke

    I’d love to use only sequoia-pgp, but I think this will not happen in the foreseeable future due to the use of rust and the difficulties to package sequoia-keystore due to that:
    bugs.gentoo.org/965482

    #gnupg #sequoiapgp

  11. @kushal My OpenPGP private key ist stored on my two Yubikeys. I always sign with GnuPG when I commit with git. And, I check my release tarballs and zip files before I sign them:
    codeberg.org/duxsco/gentoo-ins

    I publish information on how to fetch my public key:
    duxsco.de/my_openpgp_public_ke

    I’d love to use only sequoia-pgp, but I think this will not happen in the foreseeable future due to the use of rust and the difficulties to package sequoia-keystore due to that:
    bugs.gentoo.org/965482

    #gnupg #sequoiapgp

  12. @kushal My OpenPGP private key ist stored on my two Yubikeys. I always sign with GnuPG when I commit with git. And, I check my release tarballs and zip files before I sign them:
    codeberg.org/duxsco/gentoo-ins

    I publish information on how to fetch my public key:
    duxsco.de/my_openpgp_public_ke

    I’d love to use only sequoia-pgp, but I think this will not happen in the foreseeable future due to the use of rust and the difficulties to package sequoia-keystore due to that:
    bugs.gentoo.org/965482

    #gnupg #sequoiapgp

  13. #GnuPG 2.2.54-freepg has been released.

    It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

    Release Notes
    =============

    ## Noteworthy changes in version 2.2.54-freepg (2026-04-24)

    * No FreePG-specific changes.

    gitlab.com/freepg/gnupg/-/rele

    Upstream's release notes follow.

    -------------

    ## Noteworthy changes in version 2.2.54 (2026-04-20)

    * gpg: Fix an edge case in --refresh-keys. [T8197]

    * gpgsm: Add a certificate chain check for de-vs compliance.
    [T8188]

    * gpgsm: Show rsaPSS certificates as de-vs compliant in listings.
    [T8222]

    * agent: Accept a trustlist with a missing LF at the end. [T8078]

    Release-info: dev.gnupg.org/T8170

  14. I'm getting quite annoyed with the state of #GnuPG as a packager.

    Upstream silently keeps releasing 2.2 versions to this day(!) and at the same time claims 2.4 will soon be EOL (also refuses to backport security fixes for it).

    Meanwhile, there are no good reasons to upgrade to 2.5, unless one wants incompatibility with the entire rest of the ecosystem (see wiki.archlinux.org/index.php?t).

    The move to #OpenPGP #RFC9580 compliant solutions can't happen early enough!
    Also, I'm glad we have @freepg

  15. I'm getting quite annoyed with the state of #GnuPG as a packager.

    Upstream silently keeps releasing 2.2 versions to this day(!) and at the same time claims 2.4 will soon be EOL (also refuses to backport security fixes for it).

    Meanwhile, there are no good reasons to upgrade to 2.5, unless one wants incompatibility with the entire rest of the ecosystem (see wiki.archlinux.org/index.php?t).

    The move to #OpenPGP #RFC9580 compliant solutions can't happen early enough!
    Also, I'm glad we have @freepg

  16. I'm getting quite annoyed with the state of #GnuPG as a packager.

    Upstream silently keeps releasing 2.2 versions to this day(!) and at the same time claims 2.4 will soon be EOL (also refuses to backport security fixes for it).

    Meanwhile, there are no good reasons to upgrade to 2.5, unless one wants incompatibility with the entire rest of the ecosystem (see wiki.archlinux.org/index.php?t).

    The move to #OpenPGP #RFC9580 compliant solutions can't happen early enough!
    Also, I'm glad we have @freepg

  17. I'm getting quite annoyed with the state of #GnuPG as a packager.

    Upstream silently keeps releasing 2.2 versions to this day(!) and at the same time claims 2.4 will soon be EOL (also refuses to backport security fixes for it).

    Meanwhile, there are no good reasons to upgrade to 2.5, unless one wants incompatibility with the entire rest of the ecosystem (see wiki.archlinux.org/index.php?t).

    The move to #OpenPGP #RFC9580 compliant solutions can't happen early enough!
    Also, I'm glad we have @freepg

  18. When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.

    Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)

    lists.gnupg.org/pipermail/gnup
    dev.gnupg.org/T7998

    #GnuPG #EndtoEndCrypto #FreeSoftware

  19. When looking at the changes towards the new 2.5.19 version of , there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.

    Not that exciting, but maintenance of the well known , OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)

    lists.gnupg.org/pipermail/gnup
    dev.gnupg.org/T7998

  20. When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.

    Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)

    lists.gnupg.org/pipermail/gnup
    dev.gnupg.org/T7998

    #GnuPG #EndtoEndCrypto #FreeSoftware

  21. When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.

    Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)

    lists.gnupg.org/pipermail/gnup
    dev.gnupg.org/T7998

    #GnuPG #EndtoEndCrypto #FreeSoftware

  22. When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.

    Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)

    lists.gnupg.org/pipermail/gnup
    dev.gnupg.org/T7998

    #GnuPG #EndtoEndCrypto #FreeSoftware

  23. Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.

    (GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)

    See lists.gnupg.org/pipermail/gnup for details.

    #GnuPG #EndtoEndCrypto #FreeSoftware #LibrePGP

  24. Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.

    (GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)

    See lists.gnupg.org/pipermail/gnup for details.

  25. Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.

    (GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)

    See lists.gnupg.org/pipermail/gnup for details.

    #GnuPG #EndtoEndCrypto #FreeSoftware #LibrePGP

  26. Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.

    (GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)

    See lists.gnupg.org/pipermail/gnup for details.

    #GnuPG #EndtoEndCrypto #FreeSoftware #LibrePGP

  27. Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.

    (GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)

    See lists.gnupg.org/pipermail/gnup for details.

    #GnuPG #EndtoEndCrypto #FreeSoftware #LibrePGP

  28. #GnuPG 2.2.53-freepg has been released.

    It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

    In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)

    gitlab.com/freepg/gnupg/-/rele

  29. #GnuPG 2.2.53-freepg has been released.

    It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

    In addition, a fix for the default filename path traversal issue identified by #gpgfail has been backported from upstream 2.5.16 (gpg.fail/filename)

    gitlab.com/freepg/gnupg/-/rele