PGP / gpg スレ

PGP / gpg スレ (532ﾚｽ)
上下前次 1-新
通常表示 512ﾊﾞｲﾄ分割ﾚｽ栞

407: 名無しさん＠お腹いっぱい。 [sage] 2019/07/27(土) 02:02:02.54

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

>>406
このスレッドURLで10桁といったら・・・

-----BEGIN PGP SIGNATURE-----
Charset: UTF-8
Comment: http://shingetu.0g0.jp:8000/thread.cgi/PGP%E3%81%A7%E3%82%84%E3%82%8A%E3%81%A8%E3%82%8A

iQIcBAEBCAAGBQJdOy82AAoJEMDO6ufMfZ6akUoP+wcohq+VIMAxO1Y4RW/94Bg+
Yih2RVcHeD/Dgx2u/Oi9GhH9HGjjycrgtaGiHM/C8eECRicn8g6NkB0DS62rX08N
NbsCMZWJUF2hIOoEULdP1nQR0+cOzLbWh8LWC/W9EVqwYJ5vRO2niyE5/5tEZgWW
6E4BSDTemhrpch2yQzhQVi/avvPrkvgadMQnp5cYrB6TjOGFyqtaY5CioQL/55Se
gDIClSCyCwzLIhTUGtfKh8Jj98DAx7x1L8YD1Jt64pBjalmqzd6qYpX7ovHn+PNZ
yBP9rmRKvdDa6AglW+I5fBROEpyXd1Dbj9cqiORqv0Pd+XIb8QNHx3sqN4sH2Qnk
VeYFa81DxfUBzO8h8WUkE5VrComAVg5S5h4iUpDXOGKDCfIbWyldumoa+CDbpquK
5Qh/1dskJhdoGIQ1Iv/QgzcouJJt3xDfxCwi+l30R/kkqt/V3nL8kqBK9mSuMT1k
oHckW1TCuosW3ayCc5reG+6aMlDtN8oLa8EogVcPkq+BRFVPZEJLwwhKPeyhYOvv
+xSq4rQCHqHo9AuW2rVTQ+zd4kZvS1MSgBXyrrUkCgLx9Z8oj9morbZIL/84Kjpy
NSv4kXt9DaksucWm8l377iPGsR8DoxDxmUvxhYVZAfxOgtx9cmSqj8EjeLtOehvK
VEBGjLyUDt4EyqMXygji
=C1TX
-----END PGP SIGNATURE-----

http://mevius.5ch.net/test/read.cgi/unix/1007324740/407

439: 名無しさん＠お腹いっぱい。 [sage] 2020/10/12(月) 13:14:18.25

機密情報を共有する5カ国協定、いわゆる「ファイブアイズ」の参加国（米国、英国、カナダ、オーストラリア、ニュージーランド）が、日本およびインドの政府代表と連名で声明を発表した。テクノロジー企業に向けて、エンドツーエンドの暗号化された通信に法執行機関がアクセスすることを可能にする解決策の開発を要請している。

この声明は、暗号にバックドアを設けることをテクノロジー企業に同意させようとする、ファイブアイズの最新の取り組みだ。

各国の政府関係者はこれまでと同様、テクノロジー企業が製品にエンドツーエンド暗号化（E2EE）を組み込むことで犯罪捜査が困難になったと主張している。

7カ国の政府代表は、現在の主要なテクノロジープラットフォームでサポートされているE2EEの仕組みのために、法執行機関が犯罪組織を捜査できないばかりか、テクノロジープラットフォーム各社も、一般市民を守るためのサービス利用規約を守らせることができずにいると主張している。

声明では、「暗号化技術の特定の実装」によって、法執行機関の捜査に問題が生じているとしている。テクノロジープラットフォーム各社も一部の通信内容にアクセスできず、捜査当局に必要なデータを提供できないからだ。

これにより、犯罪活動にとって安全な避難場所の確保を許し、「性的に搾取されている児童など、われわれの社会の中でも特に弱い立場の人々」を危険にさらしてしまうという。

7カ国はテクノロジー業界と協力し、ユーザーが引き続き安全で暗号化された通信を利用できるだけでなく、法執行機関とテクノロジー企業も犯罪活動を取り締まれる解決策を開発するよう尽力していくとした。

暗号化されたインスタントメッセージアプリだけではなく、「デバイスの暗号化、カスタム暗号化アプリ、統合プラットフォーム全体の暗号化」も対象となるという。

2018年には、オーストラリアが主要な民主主義国家の中で初めて「反暗号化法」を導入した。同様の取り組みは米国や欧州でもあったが、そこまで成功しなかった。主な理由は、テクノロジー企業や非営利団体、一般市民からの反発だ。

しかし、西側の政府が機密情報の収集能力で中国と対等になろうとする中、オーストラリアと同様の対応を求める圧力が近年高まっている。

https://japan.cnet.com/article/35160775/

http://mevius.5ch.net/test/read.cgi/unix/1007324740/439

453: 名無しさん＠お腹いっぱい。 [sage] 2021/10/13(水) 08:13:42.53

2.3.3

2.2.32と同じくLet's Encryptの証明書周りの問題などを修正

Noteworthy changes in version 2.3.3 (2021-10-12)
===============================================
* agent: Fix segv in GET_PASSPHRASE (regression).  [#5577]
* dirmngr: Fix Let's Encrypt certificate chain validation.  [#5639]
* gpg: Change default and maximum AEAD chunk size to 4 MiB.  [ad3dabc9fb]
* gpg: Print a warning when importing a bad cv25519 secret key.  [#5464]
* gpg: Fix --list-packets for undecryptable AEAD packets.  [#5584]
* gpg: Verify backsigs for v5 keys correctly.  [#5628]
* keyboxd: Fix checksum computation for no UBID entry on disk.  [#5573]
* keyboxd: Fix "invalid object" error with cv448 keys.  [#5609]
* dirmngr: New option --ignore-cert.  [4b3e9a44b5]
* agent: Fix calibrate_get_time use of clock_gettime.  [#5623]
* Silence process spawning diagnostics on Windows. [f2b01025c3]
* Support a gpgconf.ctl file under Unix and use this for the regression tests.  [#5999]
* The Windows installer now also installs the new keyboxd.  (Put "use-keyboxd" into common.conf to use a fast SQLite database instead of the pubring.kbx file.)

http://mevius.5ch.net/test/read.cgi/unix/1007324740/453

454: 名無しさん＠お腹いっぱい。 [sage] 2021/11/24(水) 08:28:45.52

2.2.33

バグ修正と大規模利用向けのオプション追加

Noteworthy changes in version 2.2.33 (2021-11-23)
=================================================
* gpg: New option --min-rsa-length.  [rG6ee01c1d26]
* gpg: New option --forbid-gen-key.  [rG985fb25c46]
* gpg: New option --override-compliance-check.  [T5655]
* gpgconf: New command --show-configs.  [rG8fe3f57643]
* agent,dirmngr: New option --steal-socket.  [rG6507c6ab10]
* scd: Improve the selection of the default PC/SC reader.  [T5644]
* gpg: Fix printing of binary notations.  [T5667]
* gpg: Remove stale ultimately trusted keys from the trustdb.  [T5685]
* gpgsm: Detect circular chains in --list-chain.  [rGc9343bec83]
* gpgconf: Create the local option file even if the global file exists.  [T5650]
* dirmngr: Make reading resolv.conf more robust.  [T5657]
* gpg-wks-server: Fix created file permissions.  [rGf54feb4470]
* scd: Support longer data for ssh-agent authentication with openpgp cards.  [T5682]
* Support gpgconf.ctl for NetBSD and Solaris.  [T5656,T5671]
* Silence "Garbled console data" warning under Windows in most cases.
* Silence warning about the rootdir under Unices w/o a mounted /proc file system.
* Fix possible build problems about missing include files.  [T5592]
* i18n: Replace the term "PIN-Cache" by "Passswort-Cache" in the German translation. [rgf453d52e53]
* i18n: Update the Russian translation.

http://mevius.5ch.net/test/read.cgi/unix/1007324740/454

455: 名無しさん＠お腹いっぱい。 [sage] 2021/12/22(水) 08:18:33.20

2.3.4

Noteworthy changes in version 2.3.4 (2021-12-20)
================================================
* gpg: New option --min-rsa-length.  [rG5f39db70c0]
* gpg: New option --forbid-gen-key.  [rGc397ba3ac0]
* gpg: New option --override-compliance-check.  [T5655]
* gpgconf: New command --show-configs.  [rGa0fb78ee0f]
* agent,dirmngr,keyboxd: New option --steal-socket.  [rGb0079ab39d,rGdd708f60d5]
* gpg: Fix printing of binary notations.  [T5667]
* gpg: Remove stale ultimately trusted keys from the trustdb.  [T5685,T5742]
* gpg: Fix indentation of --print-mds and --print-md sha512.  [T5679]
* gpg: Emit gpg 2.2 compatible Ed25519 signature.  [T5331]
* gpgsm: Detect circular chains in --list-chain.  [rG74c5b35062]
* dirmngr: Make reading resolv.conf more robust.  [T5657]
* dirmngr: Ask keyservers to provide the key fingerprints.  [T5741]
* gpgconf: Allow changing gpg's deprecated keyserver option.  [T5462]
* gpg-wks-server: Fix created file permissions.  [rG60be00b033]
* scd: Support longer data for ssh-agent authentication with openpgp cards.  [T5682]
* scd: Modify DEVINFO behavior to support looping forever.  [T5359]
* Support gpgconf.ctl for NetBSD and Solaris.  [T5656,T5671]
* Silence "Garbled console data" warning under Windows in most cases.  [rGe293da3b21]
* Silence warning about the rootdir under Unices w/o a mounted /proc file system.  [T5656]
* Fix possible build problems about missing include files.  [T5592]
Release-info: https://dev.gnupg.org/T5654

http://mevius.5ch.net/test/read.cgi/unix/1007324740/455

457: 名無しさん＠お腹いっぱい。 [sage] 2021/12/25(土) 21:34:50.82

https://www.gnupg.org/donate/index.html
>  Fortunately, and this is still not common with free software, we have now established a way of financing the development while keeping all our software free and freely available for everyone.
>
>  Our model is similar to the way RedHat manages RHEL and Fedora: Except for the actual binary of the MSI installer for Windows and client specific configuration files, all the software is available under the GNU GPL and other Open Source licenses. Thus customers may even build and distribute their own version of the software as long as they do not use our trademark GnuPG VS-DesktopR.
>
>  Those with SEPA donations, please cancel them and redirect your funds to other projects which are more in need of financial support. The donations done via Stripe or PayPal have already been canceled.
>
>  All you supporters greatly helped us to keep GnuPG alive and to finally setup a sustainable development model. Stay tuned for a somewhat longer writeup on this.

RHELとFedoraの関係と同じようなモデルで（GnuPG VS-DesktopとGnuPG）、寄付に頼らずに開発のための資金を得ることができるようになった
ライセンスは今まで通りGPLおよびその他のオープンソースライセンス（MSIインストーラーとクライアント設定ファイルを除く）

定期寄付を設定してる人はキャンセルして、もっと支援を必要としている他のプロジェクトに振り替えてほしい。StripeとPayPalでの寄付はキャンセル済み

http://mevius.5ch.net/test/read.cgi/unix/1007324740/457

460: 名無しさん＠お腹いっぱい。 [sage] 2022/02/08(火) 10:22:07.52

2.2.34 (LTS)

Noteworthy changes in version 2.2.34
====================================
* gpgconf: Backport the improved option reading and writing code from 2.3.  [rG7a3a1ef370,T4788]
* gpgconf: Do not list ignored options and mark forced options as read-only.  [T5732]
* gpgconf: Correctly show registry entries with --show-configs. [T5724]
* gpgconf: Add command aliases -L, -K, and -R.  [rGf16c535eee]
* gpgconf: Tweak the use of the ldapserver option.  [T5801]
* gpgconf: Make "--launch gpg-agent" work again.  [rG5a7ed6dd8f]
* gpg: Accept Ed25519 private keys in modernized encoding.  [T5120]
* gpg: Fix adding the list of ultimate trusted keys.  [T5742]
* gpgsm: New option --ignore-cert-with-oid.  [rGbcf446b70c]
* dirmngr: Avoid initial delay on the first keyserver access in presence of --no-use-tor.  [rGdde88897e2]
* scdaemon: Also prefer Yubikeys if no reader port is given. [rG38c666ec3f]
* agent: Make missing strings translatable and update German and Japanese translations.  [T4777]
* ssh: Fix adding an ed25519 key with a zero length comment.  [T5794]
* gpgtar: Create and handle extended headers to support long file names.  [T5754]
* Fix the creation of socket directories under Windows for non-ascii account names.  [rG7d1215cb9c]
* Improve the registry HKCU->HKLM fallback.  [rG96db487a4d]
* Prettify the --help output of most commands.

Release-info: https://dev.gnupg.org/T5703

http://mevius.5ch.net/test/read.cgi/unix/1007324740/460

467: 名無しさん＠お腹いっぱい。 [sage] 2022/04/22(金) 10:00:24.99

GnuPG 2.3.5

Noteworthy changes in version 2.3.5 (2022-04-21)
================================================

* gpg: Up to five times faster verification of detached signatures. Doubled detached signing speed.  [T5826,rG4e27b9defc,rGf8943ce098]
* gpg: Threefold decryption speedup for large files. [T5820,rGab177eed51]
* gpg: Nearly double the AES256.OCB encryption speed.  [rG99e2c178c7]
* gpg: Removed EAX from the preference list.  [rG253fcb9777]
* gpg: Allow --dearmor to decode all kinds of armor files. [rG34ea19aff9]
* gpg: Remove restrictions for the name part of a user-id. [rG8945f1aedf]
* gpg: Allow decryption of symmetric encrypted data even for non-compliant cipher.  [rG8631d4cfe2]
* gpg,gpgsm: New option --require-compliance.  [rGee013c5350]
* gpgsm: New option --ignore-cert-with-oid.  [rGe23dc755fa]
* gpgtar: Create and handle extended headers to support long file names.  [T5754]
* gpgtar: Support file names longer than MAX_PATH on Windows. [rG70b738f93f]
* gpgtar: Use a pipe for decryption and thus avoid memory exhaustion.  [rGe5ef5e3b91]
* gpgtar: New option --with-log.  [rGed53d41b4c]
* agent: New flag "qual" for the trustlist.txt.  [rG7c8c606061]
* scdaemon: Add support for GeNUA cards.  [rG0dcc249852]
* scdaemon: Add --challenge-response option to PK_AUTH for OpenPGP cards.  [T5862]
* dirmngr: Support the use of ECDSA for CRLs and OCSP. [rGde87c8e1ea,rG890e9849b5]
* dirmngr: Map all gnupg.net addresses to the Ubuntu keyserver. [T5751]
* ssh: Return a faked response for the new session-bind extension. [T5931]
* gpgconf: Add command aliases -L -K -R.  [rGec4a1cffb8]
* gpg: Request keygrip of key to add via command interface.  [T5771]
* gpg: Print Yubikey version correctly.  [T5787]
* gpg: Always use version >= 4 to generate key signature.  [T5809]
* gpg: Fix generating AEAD packet.  [T5853]

http://mevius.5ch.net/test/read.cgi/unix/1007324740/467

468: 名無しさん＠お腹いっぱい。 [sage] 2022/04/22(金) 10:00:44.55

* gpg: Fix version on symmetric encrypted AEAD files if the force option is used.  [T5856]
* gpg: Fix adding the list of ultimate trusted keys.  [T5742]
* gpgsm: Fix parsing of certain PKCS#12 files.  [T5793]
* gpgsm: Print diagnostic about CRL problems due to Tor mode. [rG137e59a6a5]
* agent: Use "Created:" field for creation time.  [T5538]
* scdaemon Fix error handling for a PC/SC reader selected with reader-port.  [T5758]
* scdaemon: Fix DEVINFO with no --watch.  [rGc6dd9ff929]
* scdaemon: Fix socket resource leak on Windwos.  [T5029]
* scdaemon: Use extended mode for pkcs#15 already for rsa2048. [rG597253ca17]
* scdaemon: Enhance PASSWD command to accept KEYGRIP optionally. [T5862]
* scdaemon: Fix memory leak in ccid-driver.  [rG8ac92f0e80]
* tpm: Always use hexgrip when storing a key password. [rGaf2fbd9b01]
* dirmngr: Make WKD lookups work for resolvers not handling SRV records.  [T4729]
* dirmngr: Avoid initial delay on the first keyserver access in presence of --no-use-tor.  [rG57d546674d]
* dirmngr: Workaround for a certain broken LDAP URL.  [rG90caa7ad59]
* dirmngr: Escape more characters in WKD requests.  [T5902]
* dirmngr: Suppress error message on trial reading as PEM format. [T5531]
* gpgconf: Fix component table when not building without TPM support.  [T5701]
* gpgconf: Silence warnings from parsing the option files.  [T5874]
* gpgconf: Do not list ignored options and mark forced options as read-only.  [rG42785d7c8a]
* gpgconf: Tweak the use of the ldapserver option.  [T5801]
* ssh: Fix adding an ed25519 key with a zero length comment.  [T5794]
* kbx: Fix searching for FPR20 in version 2 blob.  [T5888]
* Fix early homedir creation.  [T5895]
* Improve removing of stale lockfiles under Unix.  [T5884]
Release-info: https://dev.gnupg.org/T5743

http://mevius.5ch.net/test/read.cgi/unix/1007324740/468

472: 名無しさん＠お腹いっぱい。 [sage] 2022/07/07(木) 08:39:46.47

GnuPG 2.2.36

Noteworthy changes in version 2.2.36 (2022-07-06)
-------------------------------------------------

* g10: Fix possibly garbled status messages in NOTATION_DATA.  This bug could trick GPGME and other parsers to accept faked status lines.  [T6027, CVE-2022-34903]
* gpg: Handle leading zeroes in Ed25519 private keys and reverse change regarding Ed25519 SOS encoding as introduced with 2.2.34.  [T5120]
* gpg: Allow Unicode file names for iobuf_cancel under Windows.
* gpgsm: Improve pkcs#12 import.  [T6037,T5793,T4921,T4757]
* scd,p15: Fix reading certificates w/o length info.
* scd,p15: Improve the displayed S/N for Technology Nexus cards.
* scd,openpgp: Add workaround for ECC attribute on Yubikey. [T5963]
* scd: Fix use of SCardListReaders for PC/SC.  [T5979]
* gpgconf: New short options -X and -V.
* Make sure to always set CONFIDENTIAL flag in Assuan.  [T5977]

2.3系列も近日中にアップデートが行われる予定

http://mevius.5ch.net/test/read.cgi/unix/1007324740/472

473: 名無しさん＠お腹いっぱい。 [sage] 2022/07/11(月) 23:14:13.10

GnuPG 2.3.7

Noteworthy changes in version 2.3.7 (2022-07-11)
------------------------------------------------

* gpg: Fix possibly garbled status messages in NOTATION_DATA.  This bug could trick GPGME and other parsers to accept faked status lines.  [T6027, CVE-2022-34903]
* gpg: Look up user ID to revoke by UID hash.  [T5936]
* gpg: Setup the 'usage' filter property for export.  [rG7aabd94b81]
* gpg,w32: Allow Unicode filenames for iobuf_cancel.  [rG4ee2009083]
* gpg: Fix reading AEAD preference.  [T6019]
* gpgsm: New option --compatibility-flags.  [rGf0b373cec9]
* gpgsm: Rework the PKCS#12 parser to support DFN issued keys.  [T6037]
* agent: New option --no-user-trustlist and --sys-trustlist-name.  [T5990]
* agent: Pop up dialog window for confirmation, when specified so.  [T5099]
* agent: Show "Label:" field of private key when prompt the insertion.  [T5986]
* agent: Handle USAGE information in KEYINFO.  [rG295a6a7591]
* agent,ssh: Make not-inserted OpenPGP.3 keys available for SSH.  [T5996]
* agent,ssh: Support "Use-for-ssh" flag in private key.  [T5985]
* agent: New field "Prompt" to prevent asking card key insertion.  [T5987]
* agent: Support --format=ssh option for READKEY.  [T6012]
* agent: Add KEYATTR command.  [T5988]
* agent: Flush before calling ftruncate.  [T6035]
* agent: Do not consider --min-passphrase-len for the magic wand.  [rGae2f1f0785]
* kbx: Fix a race condition which results no status report.  [T5948]
* scd:openpgp: Fix a segv for cards supporting unknown curves.  [T5963]
* scd:p15: Fix reading certificates without length info.
* scd:p15: Improve the displayed S/N for Technology Nexus cards.
* scd:openpgp: Add workaround for ECC attribute on Yubikey.  [T5963]
* scd,piv: Fix status report of KEYPAIRINFO.  [rG64c8786105]
* scd:nks: Support the Telesec ESIGN application.  [T5219, T4938]
* scd: Fix use of SCardListReaders for PC/SC.  [T5979]
* scd: Support automatic card selection for READCERT with keygrip.  [T6003]
* scd: Support specifying keygrip for learn command.  [T6002]
* dirmngr: Fix for Windows when build against GNUTLS.  [T5899]
* gpg-connect-agent: Add --unbuffered option.
* gpg-connect-agent: Add a way to cancel an INQUIRE.  [T6010]
* gpgconf: New short options -V and -X

http://mevius.5ch.net/test/read.cgi/unix/1007324740/473

476: 名無しさん＠お腹いっぱい。 [sage] 2022/09/09(金) 01:53:54.45

GnuPG 2.2.37

Noteworthy changes in version 2.2.37 (2022-08-24)

* gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit preference. [T6043]
* gpg: Actually show symmetric+pubkey encrypted data as de-vs compliant. Add extra compliance checks for symkey_enc packets. [T6119]
* gpg: Request keygrip of key to be added via command-fd interface. [T5771]
* gpg: Look up user ID to revoke by UID hash. [T5936]
* gpg: Fix wrong error message for "keytocard". [T6122]
* gpg: --card-status shows the application type for non-openpgp cards again. [rG8e393e2592]
* gpg: The options --auto-key-import and --include-key-block are again listed by gpgconf. [T6138]
* gpgsm: New option --compatibility-flags. [rG77b6896f7a]
* agent: New options --no-user-trustlist and --sys-trustlist-name. [T5990]
* agent: Track and update the Display-S/N of cards so that the "please insert card" prompt may now show more information. Use "gpg --card-status" to update stored card meta data. [T6135]
* scd:openpgp: Fix problem with ECC algorithm attributes on Yubikeys. [rG225c66f13b87]
* scd:openpgp: Fix problem with Yubikey 5.4 firmware. [T6070]
* dirmngr: Ask keyservers to provide the key fingerprints. [T5741]
* ssh: Allow authentication as used by OpenSSH's PQ crypto support. [T5935]
* wkd: Fix path traversal attack in gpg-wks-server. Add the mail address to the pending request data. [rGc1489ca0e1, T6098]
* gpgconf: Improve registry dumping. [rG6bc9592318]
* Silence warnings from AllowSetForegroundWindow. [rG6583abedf3]

http://mevius.5ch.net/test/read.cgi/unix/1007324740/476

482: 名無しさん＠お腹いっぱい。 [sage] 2022/12/20(火) 20:24:24.09

GnuPG 2.4.0
祝25周年！

Noteworthy changes in version 2.4.0
===================================
* The key database daemon is now a fully supported feature.  Keys are stored in a SQLite database to make key lookups much faster.  Enable it by adding "use-keyboxd" o common.conf.  See also the README file.
* gpg: New command --quick-update-pref.  [rGd40d23b233]
* gpg: New list-options show-pref and show-pref-verbose.  [rG811cfa34cb]
* gpg: New option --list-filter to restrict key listings like gpg -k --list-filter 'select=revoked-f && sub/algostr=ed25519'  [rG1324dc3490]
* gpg: New --export-filter export-revocs.  [rGc985b52e71]
* gpg: Also import stray revocation certificates.  [rG7aaedfb107]
* gpg: Add a notation to encryption subkeys in de-vs mode.  [T6279]
* gpg: Improve signature verification speed by a factor of more than four.  Double detached signing speed.  [T5826]
* gpg: Allow only OCB for AEAD encryption.  [rG5a2cef801d]
* gpg: Fix trusted introducer for mbox only user-ids.  [T6238]
* gpg: Report an error via status-fd for receiving a key from the agent.  [T5151]
* gpg: Make --require-compliance work without the --status-fd option.  [rG2aacd843ad]
* gpg: Fix verification of cleartext signatures with overlong lines.  [T6272]
* agent: Fix import of protected OpenPGP v5 keys.  [T6294]
* gpgsm: Change the default cipher algorithm from AES128 to AES256.  Also announce support for this in signatures.  [rG2d8ac55d26]
* gpgsm: Always use the chain validation model if the root-CA requests this.  [rG7fa1d3cc82]
* gpgsm: Print OCSP revocation date and reason in cert listings.  [rGb6abaed2b5]
* agent: Support Win32-OpenSSH emulation by gpg-agent.  [T3883]
* scd: Support the Telesec Signature Card v2.0.  [T6252]
* scd: Redact --debug cardio output of a VERIFY APDU.  [T5085]
* scd: Skip deleted pkcs#15 records in CARDOS 5.  [rG061efac03f]
* dirmngr: Fix build with no LDAP support.  [T6239]
* dirmngr: Fix verification of ECDSA signed CRLs.  [rG868dabb402]
* wkd: New option --add-revocs for gpg-wks-client.  [rGc3f9f2d497]
* wkd: Ignore expired user-ids in gpg-wks-client.  [T6292]
* card: New commands "gpg" and "gpgsm".  [rG9c4691c73e]
Release-info: https://dev.gnupg.org/T6303

http://mevius.5ch.net/test/read.cgi/unix/1007324740/482

483: 名無しさん＠お腹いっぱい。 [sage] 2022/12/20(火) 20:25:57.15

Gpg4win 4.1.0

Version 4.1.0 released 2022-12-20

GPA: So long, and thanks for all the fish. To reduce maintenance and overall quality of Gpg4win we have decided to retire GPA. Over the last decade Kleopatra has made large improvements in quality and is very well maintained and the focus of our development. [rW3f7ed3834f]
GnuPG: Improve signature verification speed by a factor of more than four. Double detached signing speed. [T5826]
GnuPG: Import stray revocation certificates to improve WKD usability.
GnuPG: New option --add-revocs for gpg-wks-client. [rG2f4492f3be]
GnuPG: Ignore expired user-ids in gpg-wks-client. [T6292]
GnuPG: Support the Telesec Signature Card v2.0 in OpenPGP. [T6252]
GnuPG: For the new AEAD Format we now only allow the fast OCB mode. The EAX mode may still be used for decryption. [rG5a2cef801d]
Kleopatra: Support the import of non-standard conforming UTF-16 encoded text files with certificates. [T6298]
Kleopatra: New Option to delete the locally stored secret key after a transfer to a smart card. [T5836]
Kleopatra: Improve the display of keys in the group edit dialog. [T6295]
Kleopatra: Simplify changing the owner trust of keys. [T6148]
Kleopatra: Allow selecting ECC with supported curves when generating new keys for smart cards. [T4429]
GnuPG: Update the X.509/CMS library Libksba to version 1.6.3 to fix a security problem in the CRL signature parser. [T6230]
GnuPG: Fix trusted introducer for mbox only user-ids. [T6238]
GpgOL: IMAP access to encrypted mails works again. [T6203]
Kleopatra: Don't report success if the key signing job was canceled. [T6305]
Kleopatra: Report failed imports immediately when receiving the result. [T6302]
Kleopatra: Do not offer invalid S/MIME certificates for signing or encryption. [T6216]
Kleopatra: Don't ask user to certify an imported expired or revoked OpenPGP key. [T6155]
Kleopatra: Do not crash when closing details widget while certificate dump is shown. [T6180]
Kleopatra: Improve usability and accessibility of the notepad operations. [T6188]

GnuPG:           2.4.0
Kleopatra:       3.1.26
GpgOL:           2.5.6
GpgEX:           1.0.9
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

http://mevius.5ch.net/test/read.cgi/unix/1007324740/483

485: 名無しさん＠お腹いっぱい。 [sage] 2022/12/20(火) 20:46:37.27

** Key database daemon

Since version 2.3.0 it is possible to store the keys in an SQLite
database instead of the keyring.kbx file.  This is in particular
useful for large keyrings or if many instances of gpg and gpgsm may
run concurrently.  This is implemented using another daemon process,
the "keyboxd".  To enable the use of the keyboxd put the option
"use-keyboxd" into the configuration file ~/.gnupg/common.conf or the
global /etc/gnupg/common.conf.  See also doc/examples/common.conf.
Only public keys and X.509 certificates are managed by the keyboxd;
private keys are still stored as separate files.

Note that there is no automatic migration; if the use-keyboxd option
is enabled keys are not taken from pubring.kbx.  To migrate existing
keys to the keyboxd do this:

1. Disable the keyboxd (remove use-keyboxd from common.conf)
2. Export all public keys
gpg --export --export-options backup  > allkeys.gpg
gpgsm --export --armor                > allcerts.gpg
3. Enable the keyboxd (add use-keyboxd to common.conf)
4. Import all public keys
gpg --import --import-options restore < allkeys.gpg
gpgsm --import                        < allcerts.crt

http://mevius.5ch.net/test/read.cgi/unix/1007324740/485

491: 名無しさん＠お腹いっぱい。 [sage] 2023/04/29(土) 10:41:34.09

GnuPG 2.4.1

Noteworthy changes in version 2.4.1
===================================

* If the ~/.gnupg directory does not exist, the keyboxd is now automagically enabled.  [rGd9e7488b17]
* gpg: New option --add-desig-revoker.  [rG3d094e2bcf]
* gpg: New option --assert-signer.  [rGc9e95b8dee]
* gpg: New command --quick-add-adsk and other ADSK features.  [T6395, https://gnupg.org/blog/20230321-adsk.html]
* gpg: New list-option "show-unusable-sigs".  Also show "[self-signature]" instead of the user-id in key signature listings.  [rG103acfe9ca]
* gpg: For symmetric encryption the default S2K hash is now SHA256.  [T6367]
* gpg: Detect already compressed data also when using a pipe.  Also detect JPEG and PNG file formats.  [T6332]
* gpg: New subcommand "openpgp" for --card-edit.  [T6462]
* gpgsm: Verification of detached signatures does now strip trailing zeroes from the input if --assume-binary is used.  [rG2a13f7f9dc]
* gpgsm: Non-armored detached signature are now created without using indefinite form length octets.  This improves compatibility with some PDF signature verification software.  [rG8996b0b655]
* gpgtar: Emit progress status lines in create mode.  [T6363]
* dirmngr: The LDAP modifyTimestamp is now returned by some keyserver commands.  [rG56d309133f]
* ssh: Allow specification of the order keys are presented to ssh. See the man page entry for --enable-ssh-support.  [T5996, T6212]
* gpg: Make list-options "show-sig-subpackets" work again. Fixes regression in 2.4.0.  [rG5a223303d7]
* gpg: Fix the keytocard command for Yubikeys.  [T6378]
* gpg: Do not continue an export after a cancel for the primary key.  [T6093]
* gpg: Replace the --override-compliance-check hack by a real fix.  [T5655]
* gpgtar: Fix decryption with input taken from stdin.  [T6355]

Release-info: https://dev.gnupg.org/T6454

http://mevius.5ch.net/test/read.cgi/unix/1007324740/491

500: 名無しさん＠お腹いっぱい。 [sage] 2023/07/11(火) 12:18:29.97

Noteworthy changes in version 2.4.3
===================================

* gpg: Set default expiration date to 3 years.  [T2701]
* gpg: Add --list-filter properties "key_expires" and "key_expires_d".  [T6529]
* gpg: Emit status line and proper diagnostics for write errors.  [T6528]
* gpg: Make progress work for large files on Windows.  [T6534]
* gpg: New option --no-compress as alias for -z0.
* gpgsm: Print PROGRESS status lines.  Add new --input-size-hint.  [T6534]
* gpgsm: Support SENDCERT_SKI for --call-dirmngr.  [rG701a8b30f0]
* gpgsm: Major rewrite of the PKCS#12 parser.  [T6536]
* gpgtar: New option --no-compress.
* dirmngr: Extend the AD_QUERY command.  [rG207c99567c]
* dirmngr: Disable the HTTP redirect rewriting.  [T6477]
* dirmngr: New option --compatibility-flags.  [rGbf04b07327]
* dirmngr: New option --ignore-crl-extensions.  [T6545]
* wkd: Use export-clean for gpg-wks-client's --mirror and --create commands.  [rG2c7f7a5a27]
* wkd: Make --add-revocs the default in gpg-wks-client.  New option --no-add-revocs.  [rG10c937ee68]
* scd: Make signing work for Nexus cards.  [rGb83d86b988]
* scd: Fix authentication with Administration Key for PIV.  [rG25b59cf6ce]

Release-info: https://dev.gnupg.org/T6509

http://mevius.5ch.net/test/read.cgi/unix/1007324740/500

506: 名無しさん＠お腹いっぱい。 [sage] 2024/03/13(水) 07:43:13.49

GnuPG 2.4.5

Noteworthy changes in version 2.4.5
===================================

* gpg,gpgv: New option --assert-pubkey-algo.  [T6946]
* gpg: Emit status lines for errors in the compression layer.   [T6977]
* gpg: Fix invocation with --trusted-keys and --no-options.  [T7025]
* gpgsm: Allow for a longer salt in PKCS#12 files.  [T6757]
* gpgtar: Make --status-fd=2 work on Windows.  [T6961]
* scd: Support for the ACR-122U NFC reader.  [rG1682ca9f01]
* scd: Suport D-TRUST ECC cards.  [T7000,T7001]
* scd: Allow auto detaching of kernel drivers; can be disabled with the new compatibility-flag ccid-no-auto-detach.  [rGa1ea3b13e0]
* scd: Allow setting a PIN length of 6 also with a reset code for openpgp cards.  [T6843]
* agent: Allow GET_PASSPHRASE in restricted mode.  [rGadf4db6e20]
* dirmngr: Trust system's root CAs for checking CRL issuers.   [T6963]
* dirmngr: Fix regression in 2.4.4 in fetching keys via hkps.   [T6997]
* gpg-wks-client: Make option --mirror work properly w/o specifying domains.  [rG37cc255e49]
* g13,gpg-wks-client: Allow command style options as in "g13 mount foo".  [rGa09157ccb2]
* Allow tilde expansion for the foo-program options.  [T7017]
* Make the getswdb.sh tool usable outside the GnuPG tree.

Release-info: https://dev.gnupg.org/T6960

http://mevius.5ch.net/test/read.cgi/unix/1007324740/506

513: 名無しさん＠お腹いっぱい。 [sage] 2024/09/13(金) 12:53:07.14

Changes which will also show up in the firthcoming 2.4.6:

* gpg: New command --quick-set-ownertrust.  [rG967678d972]
* gpg: Indicate disabled keys in key listings and add list option "show-ownertrust".  [rG2a0a706eb2]
* gpg: Make sure a DECRYPTION_OKAY is never issued for a bad OCB tag.  [T7042]
* gpg: Do not allow to accidently set the RENC usage.  [T7072]
* gpg: Accept armored files without CRC24 checksum.  [T7071]
* gpg: New --import-option "only-pubkeys".  [T7146]
* gpg: Repurpose the AKL mechanism "ldap" to work like the keyserver mechnism but only for LDAP keyservers.  [rG068ebb6f1e]
* gpg: ADSKs are now configurable for new keys.  [T6882]
* gpgsm: Emit user IDs with an empty Subject also in colon mode.  [T7171]
* agent: Consider an empty pattern file as valid.  [rGc27534de95]
* agent: Fix error handling of READKEY.  [T6012]
* agent: Avoid random errors when storing key in ephemeral mode.  [T7129, rGfdc5003956]
* agent: Make "SCD DEVINFO --watch" more robust.  [T7151]
* scd: Improve KDF data object handling for OpenPGP cards.  [T7058]
* scd: Avoid buffer overrun with more than 16 PC/SC readers.  [T7129, rG4c1b007035]
* scd: Fix how the scdaemon on its pipe connection finishes.  [T7160]
* gpgconf: Check readability of some files with -X and change its output format.  [rG98e287ba6d]
* gpg-mail-tube: New tool to apply PGP/MIME encryption to a mail.  [rG28a080bc9f]
* Fix some uninitialized variables and double frees in error code paths.  [T7129]

Release-info: https://dev.gnupg.org/T7189

http://mevius.5ch.net/test/read.cgi/unix/1007324740/513

514: 名無しさん＠お腹いっぱい。 [sage] 2024/09/13(金) 12:54:16.43

GnuPG 2.5.1 (2.6系に向けた公開テスト版)

Noteworthy changes in version 2.5.1 (2024-09-12)
================================================
[compared to version 2.5.0]
* gpg: The support for composite Kyber+ECC public key algorithms does now use the final FIPS-203 and LibrePGP specifications.  The experimental keys from 2.5.0 are no longer supported.  [T6815]
* gpg: New commands --add-recipients and --change-recipients.  [T1825]
* gpg: New option --proc-all-sigs.  [T7261]
* gpg: Fix a regression in 2.5.0 in gpgme's tests.  [T7195]
* gpg: Make --no-literal work again for -c and --store.  [T5852]
* gpg: Improve detection of input data read errors.  [T6528]
* gpg: Fix getting key by IPGP record (rfc-4398).  [T7288]
* gpgsm: New option --assert-signer.  [T7286]
* gpgsm: More improvements to PKCS#12 parsing to cope with latest IVBB changes.  [T7213]
* agent: Fix KEYTOCARD command when used with a loopback pinentry.  [T7283]
* gpg-mail-tube: Make sure GNUPGHOME is set in vsd mode.  New option --as-attach.  [rG4511997e9e1b]
* Now uses the process spawn API from libgpg-error.  [T7192,T7194]
* Removed the --enable-gpg-is-gpg2 configure time option.  [rG2125f228d36c]
* Die Windows version will now be build for 64-Bit Windows and with the corresponding changes to the installation directory and Registry keys.

Release-info: https://dev.gnupg.org/T7191

http://mevius.5ch.net/test/read.cgi/unix/1007324740/514

515: 名無しさん＠お腹いっぱい。 [sage] 2024/10/30(水) 08:33:32.03

GnuPG 2.4.6

Noteworthy changes in version 2.4.6
===================================
* gpg: New command --quick-set-ownertrust.  [rG967678d972]
* gpg: Indicate disabled keys in key listings and add list option "show-ownertrust".  [rG2a0a706eb2]
* gpg: Make sure a DECRYPTION_OKAY is never issued for a bad OCB tag.  [T7042]
* gpg: Do not allow to accidently set the RENC usage.  [T7072]
* gpg: Accept armored files without CRC24 checksum.  [T7071]
* gpg: New --import-option "only-pubkeys".  [T7146]
* gpg: Repurpose the AKL mechanism "ldap" to work like the keyserver mechnism but only for LDAP keyservers.  [rG6551281ca3]
* gpg: ADSKs are now configurable for new keys.  [T6882]
* gpg: New option --proc-all-sigs.  [T7261]
* gpg: Fix a wrong decryption failed status for signed and OCB encrypted messages without a signature verification key.  [T7042]
* gpg: Make --no-literal work again for -c and --store.  [T5852]
* gpg: Fix getting key by IPGP.  [T7288]
* gpg: Validate the trustdb after the import of a trusted key.  [T7200]
* gpg: Exclude expired trusted keys from the key validation process.  [T7200]
* gpgsm: New option --assert-signer.  [T7286]
* gpgsm: Emit user IDs with an empty Subject also in colon mode.  [T7171]
* keyboxd: Fix a race condition on the database handle.  [T7294]
* agent: Consider an empty pattern file as valid.  [rGc27534de95]
* agent: Fix error handling of READKEY.  [T6012]
* agent: Avoid random errors when storing key in ephemeral mode.  [T7129, rG19d93a239d]
* agent: Make "SCD DEVINFO --watch" more robust.  [T7151]
* agent: Fix detection of the yet unused trustflag de-vs.  [T5079]
* scd: Improve KDF data object handling for OpenPGP cards.  [T7058]
* scd: Avoid buffer overrun with more than 16 PC/SC readers.  [T7129, rG524e3a9345]
* scd: Fix how the scdaemon on its pipe connection finishes.  [T7160]
* gpgconf: Check readability of some files with -X and change its output format.  [rG759adb2493]
* gpg-mail-tube: New tool to apply PGP/MIME encryption to a mail.  [rGa564a9f66c]
* Fix a race condition in creating the socket directory.  [T7332]
* Fix some uninitialized variables and double frees in error code paths.  [T7129]

Release-info: https://dev.gnupg.org/T7030

http://mevius.5ch.net/test/read.cgi/unix/1007324740/515

519: 名無しさん＠お腹いっぱい。 [sage] 2024/12/06(金) 20:53:23.61

GnuPG 2.5.2（テスト版）

Noteworthy changes in version 2.5.2 (2024-12-05)
================================================
[compared to version 2.5.1]

* gpg: Add option 16 to --full-gen-key to create ECC+Kyber.  [T6638]
* gpg: For composite algos add the algo string to the colons listings.  [T6638]
* gpg: Validate the trustdb after the import of a trusted key.  [T7200]
* gpg: Exclude expired trusted keys from the key validation process.  [T7200]
* gpg: Fix a wrong decryption failed status for signed and OCB encrypted messages without a signature verification key.  [T7042]
* gpg: Retain binary representation for import->export with Ed25519 key signatures.  [T7426]
* gpg: Fix comparing ed448 to ed25519 with --assert-pubkey-algo.  [T7425]
* gpg: Avoid a failure exit code for expired ultimately trusted keys.  [T7351]
* gpg: Emit status error for an invalid ADSK.  [T7322]
* gpg: Allow the use of an ADSK subkey as ADSK subkey.  [T6882]
* gpg: Fix --quick-set-expire for V5 subkey fingerprints.  [T7298]
* gpg: Robust error handling for SCD READKEY.  [T7309]
* gpg: Fix cv25519 v5 export regression.  [T7316]
* gpgsm: Nearly fourfold speedup of validated certificate listings.  [T7308]
* gpgsm: Improvement for some rare P12 files.  [rGf50dde6269]
* gpgsm: Terminate key listing on output write error.  [T6185]
* agent: Add option --status to the LISTRUSTED command.  [rG4275d5fa7a]
* agent: Fix detection of the yet unused trustflag de-vs.  [T5079]
* agent: Allow ssh to sign data larger than the Assuan line length.  [T7436]
* keyboxd: Fix a race condition on the database handle.  [T7294]
* dirmngr: A list of used URLs for loaded CRLs is printed first in the output of the LISTCRL command.  [T7337]

http://mevius.5ch.net/test/read.cgi/unix/1007324740/519

522: 名無しさん＠お腹いっぱい。 [sage] 2025/02/13(木) 00:42:17.71

GnuPG 2.5.4 (テスト版)

Noteworthy changes in version 2.5.4 (2025-02-12)
================================================
[compared to version 2.5.3]

* gpg: New option --disable-pqc-encryption.  [rG00c31f8b04]
* gpg: Fix --quick-add-key for Weierstrass ECC with usage given.  [T7506]
* gpg: Fix handling with no CRC armor.  [T7071]
* gpg: New private Kyber keys are now cross-referenced using a new Link attribute.  [T6638]
* gpg: Fix an import problem with keys having another primary key as a subkey.  [T7527]
* gpgsm: Allow unattended PKCS#12 export without passphrase.  [rG159e801043]
* gpgsm: Allow CSR generation with an unprotected key.  [rG89055f24f4]
* agent: New option --change-std-env-name.  [T7522]
* agent: Fix ssh-agent's request_identities for skipped Brainpool keys.  [rG2469dc5aae]
* Do not package zlib and bzip2 object files in a Speedo release build.  [T7442]

Release-info: https://dev.gnupg.org/T7480

http://mevius.5ch.net/test/read.cgi/unix/1007324740/522

526: 名無しさん＠お腹いっぱい。 [sage] 2025/05/09(金) 22:20:00.42

GnuPG 2.5.6 (テスト版) & Gpg4win 5.0.0-beta190

Noteworthy changes in version 2.5.6 (2025-05-08)
================================================
[compared to version 2.5.5]

* gpg: Add a flag to the filter expressions for left anchored substring match.  [rGc12b7d047e]
* gpg: New list option "show-trustsig" to avoid resorting to colon mode for this info.  [rG41d6ae8f41]
* gpg: New command --quick-tsign-key to create a trust signature.  [rGd90b290f97]
* gpg: New keygen parameter "User-Id".  [rGcfd597c603]
* gpg: New list options "show-trustsig".  [rGrG41d6ae8f41]
* gpg: Fix double free of internal data in no-sig-cache mode [T7547]
* gpg: Signatures from revoked or expired keys do not anymore show up as missing keys.  Fixes regression in 2.5.5.  [T7583]
* gpgsm: Extend --learn-card by an optional s/n argument.  [T7379]
* gpgsm: Skip expired certificates when selection a certificate by subject.  [rG4cf83273e8]
* card: New command "ll" as alias for "list --cards".  [rGd6ee7adebe]
* scd: Fix posssible lockup on Windows due to a lost select result.  [rGa7ec3792c5]
* scd:p15: Accept P15 cards with a zero-length label.  [rGdb25aa9887]
* keyboxd: Use case-insensitive search for mail addresses.  [T7576]
* dirmngr: Fix a problem in libdns related to an address change from 127.0.0.1.  [T4021]
* gpgconf: Fix reload and kill of keyboxd.  [T7569]
* Fix logic for certain recsel conditions.  [rG8968e84903]
* Add Solaris support to get_signal_name.  [T7638]
* Fix build error of the test shell on AIX.  [T7632]

Release-info: https://dev.gnupg.org/T7586

http://mevius.5ch.net/test/read.cgi/unix/1007324740/526

528: 名無しさん＠お腹いっぱい。 [sage] 2025/06/03(火) 09:22:28.77

GnuPG 2.5.7 (テスト版)

Noteworthy changes in version 2.5.7 (2025-06-02)
================================================
[compared to version 2.5.6]

* gpg: Allow updating a SHA-1 key certification w/o using the --force-sign-key option.  [T7663]
* gpg: The group key flag has now been fully implemented.  [rG8833a34bf0]
* gpg: Make combination of show-only-fpr-mbox and show-unusable-uid work.  [rGd5a4a2dc89]
* gpg: Do not allow compressed key packets on import.  [T7014]
* gpgsm: Allow an empty subject DN also during import.  [T7171]
* agent: Recover the old behavior with max-cache-ttl=0.  [T6681]
* agent: Fix ECC key on smartcard for composite KEM with PQC.  [T7648]
* scd: Fix a harmless read buffer over-read in a function used by PKCS#15 cards.  [T7662]
* gpg-mail-tube,wks: Support templates for mail content.  [T7381]
* Use the KEM interface of Libgcrypt for encryption/decryption.  [T7649]
* Fix a glitch in socket handling in Windows in case of a nonce mismatch.  [rG645cf7d8fc]

Release-info: https://dev.gnupg.org/T7671

Gpg4win 最新ベータ版(5.0.0-beta190)に入ってるのはまだgpg 2.5.6

http://mevius.5ch.net/test/read.cgi/unix/1007324740/528

上下前次 1-新書関写板覧索設栞歴

ｽﾚ情報赤ﾚｽ抽出画像ﾚｽ抽出歴の未読ｽﾚ AAｻﾑﾈｲﾙ

ぬこの手ぬこTOP 1.133s*