Page MenuHome GnuPG

Release GnuPG 2.3.0
Closed, ResolvedPublic


Noteworthy changes in version 2.3.0 (2021-04-07)

  • A new experimental key database daemon is provided. To enable it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored in a SQLite database and make key lookup much faster.
  • New tool gpg-card as a flexible frontend for all types of supported smartcards.
  • New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and gpg-connect-agent.
  • The gpg-wks-client tool is now installed under bin; a wrapper for its old location at libexec is also installed.
  • tpm2d: New daemon to physically bind keys to the local machine.
  • gpg: Switch to ed25519/cv25519 as default public key algorithms.
  • gpg: Verification results now depend on the --sender option and the signer's UID subpacket. [T4735]
  • gpg: Do not use any 64-bit block size cipher algorithm for encryption. Use AES as last resort cipher preference instead of 3DES. This can be reverted using --allow-old-cipher-algos.
  • gpg: Support AEAD encryption mode using OCB or EAX.
  • gpg: Support v5 keys and signatures.
  • gpg: Support curve X448 (ed448, cv448).
  • gpg: Allow use of group names in key listings. [rGe825aea2ba]
  • gpg: New option --full-timestrings to print date and time.
  • gpg: New option --force-sign-key. [T4584]
  • gpg: New option --no-auto-trust-new-key.
  • gpg: The legacy key discovery method PKA is no longer supported. The command --print-pka-records and the PKA related import and export options have been removed.
  • gpg: Support export of Ed448 Secure Shell keys.
  • gpgsm: Add basic ECC support.
  • gpgsm: Support creation of EdDSA certificates. [T4888]
  • agent: Allow the use of "Label:" in a key file to customize the pinentry prompt. [rG5388537806]
  • agent: Support ssh-agent extensions for environment variables. With a patched version of OpenSSH this avoids the need for the "updatestartuptty" kludge. [rG224e26cf7b]
  • scd: Improve support for multiple card readers and tokens.
  • scd: Support PIV cards.
  • scd: Support for Rohde&Schwarz Cybersecurity cards.
  • scd: Support Telesec Signature Cards v2.0
  • scd: Support multiple application on certain smartcard.
  • scd: New option --application-priority.
  • scd: New option --pcsc-shared; see man page for important notes.
  • dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs.
  • The symcryptrun tool, a wrapper for the now obsolete external Chiasmus tool, has been removed.
  • Full Unicode support for the command line. [T4398]

(next: T5386)