-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathNEWS
121 lines (116 loc) · 8.54 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
Copyright (C) 2017, 2018, 2019 Heiko Stamer <[email protected]>
Permission is granted to copy, distribute and/or modify this document under
the terms of the GNU Free Documentation License, Version 1.3 or any later
version published by the Free Software Foundation; with no Invariant Sections,
no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is
included in the sources of this package and additionally can be obtained from
the Internet <https://www.gnu.org/licenses>.
1.2.0
1.1.3 This is a bugfix release that includes only three minor improvements: a
direct-key signature (0x1f) for the primary key is added by default such
that restricting key servers (e.g. keys.openpgp.org) can deliver a
cryptographically checkable key without verification of any included
user ID or without appended subkey. The command line interface of
dkg-decrypt has been improved in order to give users an easy access to
the symmetric-key decryption mode. An additional option ("-5") for
dkg-sign allows to generate V5 signatures (cf. draft RFC 4880bis).
1.1.2 This release adds a lot of features to some programs: two new options
("-K" and "-f") allow dkg-keysign to read the certification key from a
keyring instead of a single key block file. Moreover, with option "-a"
an interactive confirmation by the user is required for each signature.
Passive support of V5 keys (cf. draft RFC 4880bis) has been added for
all programs, however, dkg-generate still generates V4 keys only,
because this new feature of the draft is not widely spread. There is
also a new encryption capability: an empty KEYSPEC tells dkg-encrypt to
create a symmetric-key encrypted session key, i.e., the user has to
supply a passphrase for encryption and decryption without any public-key
cryptography involved. Last but not least, two bugs have been fixed:
First, dkg-decrypt failed on many ZIP-compressed OpenPGP messages with
"ZLIB ERROR: -3 invalid block type" due to a bug in decompression logic.
Second, dkg-decrypt failed in a special case of symmetric-key encrypted
session keys. Finally, the non-installing program dkg-fuzzer (generates
fuzzy samples of somehow corrupted OpenPGP stuctures) has been added.
1.1.1 Some small improvements have been applied for dkg-generate: Two new
options ("-u" and "-N") allow providing the initial user ID and to
disable the passphrase at command line. Moreover, since this release
dkg-timestamp and dkg-timestamp-verify require a special key usage flag
from recent RFC 4880bis draft to select so-called timestamping keys.
Finally, the synchronization time of the internally used broadcast
protocol was reduced to a more reasonable amount and in dkg-decrypt the
detection of end of data for message and decryption shares was changed.
1.1.0 In this release AEAD support (cf. draft RFC 4880bis) has been added
for dkg-encrypt and dkg-decrypt. Please note that it requires LibTMCG
version >= 1.3.16 and at least libgcrypt version >= 1.7.0 for OCB mode.
Moreover, if dkg-generate is called with the new option "--timestamping"
then a corresponding key usage flag from draft RFC 4880bis is set.
1.0.9 This release improves the possibilities of DKGPG further. With the new
programs dkg-adduid and dkg-revuid an user ID can be added and revoked,
respectively. The program dkg-revoke now supports a human-readable
reason for revocation (by option "-R") and dkg-decrypt verifies an
included signature according to a given keyring (option "-k"). Last
but not least, by the program dkg-addrevoker an external revocation
key can be specified.
1.0.8 With this release a lot of improvements and new features are introduced.
First of all, passive support for ECDSA, ECDH, and EdDSA (cf. RFC 6637
and Werner Koch's draft RFC 4880bis) has been added by relying on the
most recent version of LibTMCG. The threshold signature scheme and the
threshold encryption are still limited to finite field cryptography
(i.e. DSA and ElGamal). Moreover, the programs generate and recognize
a few other new OpenPGP features (e.g. issuer fingerprint subpackets)
from RFC 4880bis. Compressed messages are now decompressed by the
program dkg-decrypt using zlib Compression Library (and optionally by
library routines from libbzip2). This completes DKGPG's compatibility
with other OpenPGP software, however, the prefered compression algorithm
(i.e. "no compression") in self-signatures of generated keys is kept
for now. Support for symmetric-key decryption by dkg-decrypt has been
added too. The program dkg-verify now reads the signature from a file,
if option "-s" is used. To keep track of later protocol changes, all
interactive programs include a version identifier in their common ID of
the reliable broadcast channel. Thus programs from previous releases
will not communicate with those of this release. With the new programs
dkg-timestamp and dkg-timestamp-verify a OpenPGP timestamp signature
can be generated and verified, respectively. Last but not least, by the
new option "-y" some programs (dkg-generate, dkg-decrypt, dkg-sign,
dkg-keysign, and dkg-timestamp) will work with regular OpenPGP keys too.
The README file contains a configuration sample showing how to replace
classic PGP by DKGPG in the famous mail user agent mutt based on this
option. Please note that this feature is experimental and semantics
may be changed later.
1.0.7 This release contains a lot of small improvements, in particular due to
the new OpenPGP structures from LibTMCG. The option "-k" (keyring) has
been added to further programs. OpenPGP cleartext signatures can now be
generated with dkg-sign by option "-t" and the output of potentially
malicious user IDs has been sanitized in dkg-keycheck, dkg-keyinfo, and
dkg-keysign. Finally, the source code has been cleaned up.
1.0.6 Again some important improvements have been introduced, e.g., the
support for external revocation keys when validating a public key
or new options for different signature types of dkg-keysign. The most
notable change is the usage of a new key block and signature parser
from LibTMCG. Thus code complexity has been reduced a little bit.
1.0.5 Major improvements have been achieved in this release: For signing
of an OpenPGP public key (certification) the program dkg-keysign is
contained. With dkg-keycheck and the option "-r" some basic checks on
RSA keys can be performed. Two new options ("-f" and "-t") enhance
the possibilities of dkg-verify. A new option for dkg-encrypt make
use of zero key ID encryption privacy. Last but not least, memory
locking and secure memory allocation have been implemented.
1.0.4 Since this release not required OpenPGP packets will be ignored.
1.0.3 Only small bugfixes are included in this release. However, the most
recent version of LibTMCG is required to recognize some important
library changes (e.g. increased S2K count for secret key encryption).
1.0.2 This release brings small improvements for dkg-keyinfo and fixes
some bugs and memory leaks. It also adjusts the flags of shared DSA
keys generated with dkg-generate due to a hidden RFC 4880 requirement.
Now DKGPG additionally contains the program dkg-keycheck for analyzing
other public DSA and ElGamal keys w.r.t. some basic properties.
1.0.1 Small improvements have been achieved in this maintenance release:
First, the program dkg-keyinfo now contains the option "-m" to migrate
an abandoned peer identity. However, the choice is limited in some
sense, because the new peer identity must have the same lexicographical
position within the canonicalized peer list as the old one. Moreover,
all active parties are required to do this migration in a coordinated
way since the peer list is stored as part of the private key. Second,
the echo of passphrase characters is removed when reading from STDIN.
Finally, some memory leaks found by Valgrind have been fixed. Please
note that this release requires LibTMCG version >= 1.3.5.
1.0.0 This is the initial release of Distributed Privacy Guard (DKGPG).