Release Notes: The detection of keyrings specified multiple times was improved. Changes were made to cope better with broken keyservers. The "--openpgp" mode was updated to match the final OpenPGP standard RFC-4880. The older behavior is supported with "--rfc2440". A rare bug in decryption using the OpenPGP card was fixed. Several other minor enhancements and bugfixes were made. The license was changed to the GPLv3.
Release Notes: Several modules now handle "--default-key". New commands "--gen-key" and "--validation-model" were added. Bugs in card key generation were fixed. An encryption problem with duplicate certificates in the keybox was solved. Key generation now reveals less information about the host. Logging support in libgcrypt was improved. The license was changed to GPLv3.
Release Notes: A serious and exploitable bug in processing encrypted packages, as reported in CVE-2006-6235, was fixed. A vulnerability when using GnuPG in streaming mode, which made it possible to insert additional text before or after a signed message if GnuPG was not used correctly, was fixed. A PIN pad can now also be used for the signing key. The PIN pad of the Cherry XX44 keyboard is now supported.
Release Notes: A vulnerability when using GnuPG in streaming mode, which made it possible to insert additional text before or after a signed message if GnuPG was not used correctly, was fixed.
Release Notes: The user session daemon "gpg-agent" was implemented as the central place to maintain private keys and to cache passphrases. The application "gpgsm" was added as an implementation of the X.509 and CMS standards and the cryptographic core of the S/MIME protocol, helping to add S/MIME to applications currently supporting OpenPGP. Several other tools and daemons were added, such as "scdaemon" (for smart cards), "gpg-connect-agent", and "gpgconf". Support for the Secure Shell Agent protocol was added, allowing gpg-agent to be used as a full replacement for ssh-agent.
Release Notes: A serious and exploitable bug in processing encrypted packages, as reported in CVE-2006-6235, was fixed. A buffer overflow as reported in CVE-2006-6169 was fixed. A bug while decrypting certain compressed and encrypted messages was fixed. The option --s2k-count was added to set the number of times passphrase mangling is repeated. The option --passphrase-repeat was added to set the number of times to prompt for a new passphrase to be repeated. The license was adjusted with regards to helper programs indirectly linked to OpenSSL.
Release Notes: Two more possible memory allocation attacks, allowing denial of service attacks and possibly remote code execution, were fixed. More DSA2 tweaks were implemented. A Norwegian translation was added.
Release Notes: User IDs are now capped at 2048 bytes to avoid memory allocation attacks (as reported in CVE-2006-3082). Support for the SHA-224 hash has been added for better DSS compatibility. Support for the latest update to DSA keys and signatures has been added, allowing for larger keys than 1024 bits and hashes other than SHA-1 and RIPEMD/160.
Release Notes: Support for cURL based keyserver helpers was added. Public Key Association (PKA) signature verification was implemented. The "gpg-zip" program, to interact with PGP Zip files, was added. A new "minimize" command was added. A new "fetch-keys" command for retrieving keys from an HTTP, finger, or cURL supported URI was added. Support for fetching keys from DNS CERT records according to RFC2538bis was added.
Release Notes: Countermeasures against the Mister/Zuccherato CFB attack were added. Several card related options were added and bugs were fixed. A new experimental HTTP, HTTPS, FTP, and FTPS keyserver helper as well as an HKP keyserver using the cURL library were added. Options were added to control the import and export of unusable signatures, and for cleaning signatures from a key.