forked from pool/dkgpg
a518057089
- Update to version 1.0.8: First of all, passive support for ECDSA, ECDH, and EdDSA (cf. RFC 6637 and Werner Koch's draft RFC 4880bis) has been added by relying on the most recent version of LibTMCG. The threshold signature scheme and the threshold encryption are still limited to finite field cryptography (i.e. DSA and ElGamal). Moreover, the programs generate and recognize a few other new OpenPGP features (e.g. issuer fingerprint subpackets) from RFC 4880bis. Compressed messages are now decompressed by the program dkg-decrypt using zlib Compression Library (and optionally by library routines from libbzip2). This completes DKGPG's compatibility with other OpenPGP software, however, the prefered compression algorithm (i.e. "no compression") in self-signatures of generated keys is kept for now. Support for symmetric-key decryption by dkg-decrypt has been added too. The program dkg-verify now reads the signature from a file, if option "-s" is used. To keep track of later protocol changes, all interactive programs include a version identifier in their common ID of the reliable broadcast channel. Thus programs from previous releases will not communicate with those of this release. With the new programs dkg-timestamp and dkg-timestamp-verify a OpenPGP timestamp signature can be generated and verified, respectively. Last but not least, by the new option "-y" some programs (dkg-generate, dkg-decrypt, dkg-sign, dkg-keysign, and dkg-timestamp) will work with regular OpenPGP keys too. The README file contains a configuration sample showing how to replace classic PGP by DKGPG in the famous mail user agent mutt based on this option. Please note that this feature is experimental and semantics may be changed later. - Added new build requirements: * zlib * bzip2 OBS-URL: https://build.opensuse.org/request/show/635471 OBS-URL: https://build.opensuse.org/package/show/security:privacy/dkgpg?expand=0&rev=10
105 lines
5.5 KiB
Plaintext
105 lines
5.5 KiB
Plaintext
-------------------------------------------------------------------
|
|
Thu Sep 13 07:13:51 UTC 2018 - Karol Babioch <kbabioch@suse.com>
|
|
|
|
- Update to version 1.0.8:
|
|
First of all, passive support for ECDSA, ECDH, and EdDSA (cf. RFC 6637
|
|
and Werner Koch's draft RFC 4880bis) has been added by relying on the
|
|
most recent version of LibTMCG. The threshold signature scheme and the
|
|
threshold encryption are still limited to finite field cryptography
|
|
(i.e. DSA and ElGamal). Moreover, the programs generate and recognize
|
|
a few other new OpenPGP features (e.g. issuer fingerprint subpackets)
|
|
from RFC 4880bis. Compressed messages are now decompressed by the
|
|
program dkg-decrypt using zlib Compression Library (and optionally by
|
|
library routines from libbzip2). This completes DKGPG's compatibility
|
|
with other OpenPGP software, however, the prefered compression algorithm
|
|
(i.e. "no compression") in self-signatures of generated keys is kept
|
|
for now. Support for symmetric-key decryption by dkg-decrypt has been
|
|
added too. The program dkg-verify now reads the signature from a file,
|
|
if option "-s" is used. To keep track of later protocol changes, all
|
|
interactive programs include a version identifier in their common ID of
|
|
the reliable broadcast channel. Thus programs from previous releases
|
|
will not communicate with those of this release. With the new programs
|
|
dkg-timestamp and dkg-timestamp-verify a OpenPGP timestamp signature
|
|
can be generated and verified, respectively. Last but not least, by the
|
|
new option "-y" some programs (dkg-generate, dkg-decrypt, dkg-sign,
|
|
dkg-keysign, and dkg-timestamp) will work with regular OpenPGP keys too.
|
|
The README file contains a configuration sample showing how to replace
|
|
classic PGP by DKGPG in the famous mail user agent mutt based on this
|
|
option. Please note that this feature is experimental and semantics
|
|
may be changed later.
|
|
- Added new build requirements:
|
|
* zlib
|
|
* bzip2
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 9 05:33:30 UTC 2018 - kbabioch@suse.com
|
|
|
|
- Update to 1.0.7:
|
|
* Small improvments due to the new OpenPGP structures from libTMCG
|
|
* "-k" option has been added to further programs
|
|
* OpenPGP cleartext signatures can be generated with the "-t" option
|
|
* Output of potentially malicious user IDs has been sanitized in
|
|
dkg-keycheck, dkg-keyinfo, and dkg-keysign
|
|
- Applied spec-cleaner
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 21 08:25:45 UTC 2018 - kbabioch@suse.com
|
|
|
|
- Update to version 1.0.6:
|
|
* dkg-keysign: added option "-k" (keyring with external keys)
|
|
* dkg-encrypt: added option "-k" (keyring with external keys)
|
|
* dkg-verify: added option "-k" (keyring with external keys)
|
|
* dkg-keycheck: added option "-k" (keyring with external keys)
|
|
* dkg-keycheck: added output of allowed external revocation keys
|
|
* dkg-encrypt: added option "-s" to select appropriate subkey
|
|
* dkg-encrypt: renamed option "-z" to "-t" for convenience
|
|
* dkg-keysign: include only exportable signatures to output
|
|
* check and set strict permissions (0600) for private key file
|
|
* dkg-sign: added option "-U" (policy URI) and improved manpage
|
|
* dkg-refresh: support generic verification and public key parsing
|
|
* dkg-keysign: added options "-1" through "-3" (validation level)
|
|
* dkg-keysign: added option "-u" (select user IDs) for CLT18
|
|
* dkg-keysign: support generic verification and public key parsing
|
|
* dkg-verify: support generic verification and public key parsing
|
|
* dkg-encrypt: support generic encryption and public key parsing
|
|
* dkg-generate: added no-modify key server preferences (0x80)
|
|
* improved error handling for unrecognized OpenPGP (sub)packets
|
|
* dkg-keycheck: changed semantics of option "-r" (reduce subkeys)
|
|
* dkg-keycheck: uses new public-key block parser from LibTMCG
|
|
* new default domain parameter set (CRS) due to LibTMCG changes
|
|
* raised the requirement of libgcrypt version to >= 1.7.0
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Feb 10 13:32:34 UTC 2018 - jengelh@inai.de
|
|
|
|
- Trim/compact long description for size, and wrap at 70 cols.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 8 22:13:12 UTC 2018 - kbabioch@suse.com
|
|
|
|
- Update to version 1.0.5
|
|
* added secure memory allocation from libgcrypt for some parts
|
|
* dkg-verify: added options "-f" and "-t" for a validity period
|
|
* added simple initalization procedure for memory locking
|
|
* added basic check on signature strength in parse_signature()
|
|
* added some basic checks on key strength in parse_public_key()
|
|
* added check for revocation signatures in parse_public_key()
|
|
* dkg-encrypt: added option "-z" for improved privacy (zero key ID)
|
|
* dkg-verify: added validity checks on key and signature
|
|
* dkg-keycheck: added ROCA vulnerability detector (Infineon RSALib)
|
|
* added option "-U" for dkg-keysign (policy URI)
|
|
* added option "-r" for dkg-keysign (revocation signature)
|
|
* added option "-r" for dkg-keycheck (support for RSA keys)
|
|
* added program dkg-keysign for creating certification signatures
|
|
* dkg-decrypt: removed support for not integrity protected messages
|
|
* dkg-keycheck: added test for small/same k in DSA signatures
|
|
* dkg-refresh: added cache for very strong randomness
|
|
|
|
- Use https instead of http
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 15 15:23:49 UTC 2018 - kbabioch@suse.com
|
|
|
|
- Initial packaging of version 1.0.4
|
|
|