Page MenuHome GnuPG

Release GnuPG 2.2.18
Closed, ResolvedPublic


  • gpg: Changed the way keys are detected on a smartcards; this allows the use of non-OpenPGP cards. In the case of a not very likely regression the new option --use-only-openpgp-card is available. [T4681]
  • gpg: The commands --full-gen-key and --quick-gen-key now allow direct key generation from supported cards. [T4681]
  • gpg: Prepare against chosen-prefix SHA-1 collisions in key signatures. This change removes all SHA-1 based key signature newer than 2019-01-19 from the web-of-trust. Note that this includes all key signature created with dsa1024 keys. The new option --allow-weak-key-signatues can be used to override the new and safer behaviour. [T4755,CVE-2019-14855]
  • gpg: Improve performance for import of large keyblocks. [T4592]
  • gpg: Implement a keybox compression run. [T4644]
  • gpg: Show warnings from dirmngr about redirect and certificate problems (details require --verbose as usual).
  • gpg: Allow to pass the empty string for the passphrase if the '--passphase=' syntax is used. [T4633]
  • gpg: Fix printing of the KDF object attributes.
  • gpg: Avoid surprises with --locate-external-key and certain --auto-key-locate settings. [T4662]
  • gpg: Improve selection of best matching key. [T4713]
  • gpg: Delete key binding signature when deleting a subkey. [T4665,T4457]
  • gpg: Fix a potential loss of key signatures during import with self-sigs-only active. [T4628]
  • gpg: Silence "marked as ultimately trusted" diagnostics if option --quiet is used. [T4634]
  • gpg: Silence some diagnostics during in key listsing even with option --verbose. [T4627]
  • gpg, gpgsm: Change parsing of agent's pkdecrypt results. [T4652]
  • gpgsm: Support AES-256 keys.
  • gpgsm: Fix a bug in triggering a keybox compression run if --faked-system-time is used.
  • dirmngr: System CA certificates are no longer used for the SKS pool if GNUTLS instead of NTBTLS is used as TLS library. [T4594]
  • dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces to avoid long timeouts. [T4165]
  • scd: Fix BWI value for APDU level transfers to make Gemalto Ezio Shield and Trustica Cryptoucan work. [T4654,T4566]
  • wkd: gpg-wks-client --install-key now installs the required policy file.

Related Objects

Resolved werner

Event Timeline

werner raised the priority of this task from Normal to High.Nov 20 2019, 9:00 AM
werner moved this task from For next release to Ready for release on the gnupg (gpg22) board.
werner updated the task description. (Show Details)
werner set External Link to 26 2019, 7:26 AM
werner reopened this task as Open.EditedNov 29 2019, 5:01 PM

There is a regression in decryption with hidden recipients; see T4762.
Patch available