Page MenuHome GnuPG

Release GnuPG 2.2.21
Closed, ResolvedPublic


  • gpg: Improve symmetric decryption speed by about 25%. See commit rG144b95cc9d.
  • gpg: Support decryption of AEAD encrypted data packets.
  • gpg: Add option --no-include-key-block. [T4856]
  • gpg: Allow for extra padding in ECDH. [T4908]
  • gpg: Only a single pinentry is shown for symmetric encryption if the pinentry supports this. [T4971]
  • gpg: Print a note if no keys are given to --delete-key. [T4959]
  • gpg,gpgsm: The ridiculous passphrase quality bar is not anymore shown. [T2103]
  • gpgsm: Certificates without a CRL distribution point are now considered valid without looking up a CRL. The new option --enable-issuer-based-crl-check can be used to revert to the former behaviour.
  • gpgsm: Support rsaPSS signature verification. [T4538]
  • gpgsm: Unless CRL checking is disabled lookup a missing issuer certificate using the certificate's authorityInfoAccess. [T4898]
  • gpgsm: Print the certificate's serial number also in decimal notation.
  • gpgsm: Fix possible NULL-deref in messages of --gen-key. [T4895]
  • scd: Support the CardOS 5 based D-Trust Card 3.1.
  • dirmngr: Allow http URLs with "LOOKUP --url".
  • wkd: Take name of sendmail from configure. Fixes an OpenBSD specific bug. [T4886]

(prev: T4860)

Event Timeline

werner updated the task description. (Show Details)
werner set External Link to

It turns out that a test case in GPGME fails with that version. This is due to a regression I introduced in the passphrase repetition code for symmetric encryption. This will be fixed with the next GnuPG version; in the meantime you may use the patch F1646254.