forked from pool/dkgpg
dc02f01798
- Update to version 1.1.2: This release adds a lot of features to some programs: two new options ("-K" and "-f") allow dkg-keysign to read the certification key from a keyring instead of a single key block file. Moreover, with option "-a" an interactive confirmation by the user is required for each signature. Passive support of V5 keys (cf. draft RFC 4880bis) has been added for all programs, however, dkg-generate still generates V4 keys only, because this new feature of the draft is not widely spread. There is also a new encryption capability: an empty KEYSPEC tells dkg-encrypt to create a symmetric-key encrypted session key, i.e., the user has to supply a passphrase for encryption and decryption without any public-key cryptography involved. Last but not least, two bugs have been fixed: First, dkg-decrypt failed on many ZIP-compressed OpenPGP messages with "ZLIB ERROR: -3 invalid block type" due to a bug in decompression logic. Second, dkg-decrypt failed in a special case of symmetric-key encrypted session keys. Finally, the non-installing program dkg-fuzzer (generates fuzzy samples of somehow corrupted OpenPGP stuctures) has been added. OBS-URL: https://build.opensuse.org/request/show/706876 OBS-URL: https://build.opensuse.org/package/show/security:privacy/dkgpg?expand=0&rev=19
162 lines
8.7 KiB
Plaintext
162 lines
8.7 KiB
Plaintext
-------------------------------------------------------------------
|
|
Sun Jun 2 08:25:15 UTC 2019 - Karol Babioch <kbabioch@suse.de>
|
|
|
|
- Update to version 1.1.2:
|
|
This release adds a lot of features to some programs: two new options
|
|
("-K" and "-f") allow dkg-keysign to read the certification key from a
|
|
keyring instead of a single key block file. Moreover, with option "-a"
|
|
an interactive confirmation by the user is required for each signature.
|
|
Passive support of V5 keys (cf. draft RFC 4880bis) has been added for
|
|
all programs, however, dkg-generate still generates V4 keys only,
|
|
because this new feature of the draft is not widely spread. There is
|
|
also a new encryption capability: an empty KEYSPEC tells dkg-encrypt to
|
|
create a symmetric-key encrypted session key, i.e., the user has to
|
|
supply a passphrase for encryption and decryption without any public-key
|
|
cryptography involved. Last but not least, two bugs have been fixed:
|
|
First, dkg-decrypt failed on many ZIP-compressed OpenPGP messages with
|
|
"ZLIB ERROR: -3 invalid block type" due to a bug in decompression logic.
|
|
Second, dkg-decrypt failed in a special case of symmetric-key encrypted
|
|
session keys. Finally, the non-installing program dkg-fuzzer (generates
|
|
fuzzy samples of somehow corrupted OpenPGP stuctures) has been added.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Apr 28 13:14:20 UTC 2019 - Karol Babioch <kbabioch@suse.de>
|
|
|
|
- Update to version 1.1.1:
|
|
Some small improvements have been applied for dkg-generate: Two new
|
|
options ("-u" and "-N") allow providing the initial user ID and to
|
|
disable the passphrase at command line. Moreover, since this release
|
|
dkg-timestamp and dkg-timestamp-verify require a special key usage flag
|
|
from recent RFC 4880bis draft to select so-called timestamping keys.
|
|
Finally, the synchronization time of the internally used broadcast
|
|
protocol was reduced to a more reasonable amount and in dkg-decrypt the
|
|
detection of end of data for message and decryption shares was changed.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 10 15:02:40 UTC 2018 - atoptsoglou@suse.com
|
|
|
|
- Update to version 1.1.0:
|
|
This release supports Authenticated Encryption with Associated Data (AEAD)
|
|
in accordance to RFC 4880bis (draft); this can be enforced with the new
|
|
added option "-a" when dkg-(d)encrypt is used. For using domain parameters,
|
|
as described in RFC 7919, one should specify the new option "-r", when
|
|
dkg-gencrs is used. Last, for key generation (dkg-generate) the timestamp
|
|
option was added ( "--timestamping") which sets a key usage flag.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 12 07:52:43 UTC 2018 - Karol Babioch <kbabioch@suse.com>
|
|
|
|
- Update to version 1.0.9
|
|
This release improves the possibilities of DKGPG further. With the new
|
|
programs dkg-adduid and dkg-revuid an user ID can be added and revoked,
|
|
respectively. The program dkg-revoke now supports a human-readable
|
|
reason for revocation (by option "-R") and dkg-decrypt verifies an
|
|
included signature according to a given key ring (option "-k"). Last
|
|
but not least, by the program dkg-addrevoker an external revocation
|
|
key can be specified.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 13 07:13:51 UTC 2018 - Karol Babioch <kbabioch@suse.com>
|
|
|
|
- Update to version 1.0.8:
|
|
First of all, passive support for ECDSA, ECDH, and EdDSA (cf. RFC 6637
|
|
and Werner Koch's draft RFC 4880bis) has been added by relying on the
|
|
most recent version of LibTMCG. The threshold signature scheme and the
|
|
threshold encryption are still limited to finite field cryptography
|
|
(i.e. DSA and ElGamal). Moreover, the programs generate and recognize
|
|
a few other new OpenPGP features (e.g. issuer fingerprint subpackets)
|
|
from RFC 4880bis. Compressed messages are now decompressed by the
|
|
program dkg-decrypt using zlib Compression Library (and optionally by
|
|
library routines from libbzip2). This completes DKGPG's compatibility
|
|
with other OpenPGP software, however, the prefered compression algorithm
|
|
(i.e. "no compression") in self-signatures of generated keys is kept
|
|
for now. Support for symmetric-key decryption by dkg-decrypt has been
|
|
added too. The program dkg-verify now reads the signature from a file,
|
|
if option "-s" is used. To keep track of later protocol changes, all
|
|
interactive programs include a version identifier in their common ID of
|
|
the reliable broadcast channel. Thus programs from previous releases
|
|
will not communicate with those of this release. With the new programs
|
|
dkg-timestamp and dkg-timestamp-verify a OpenPGP timestamp signature
|
|
can be generated and verified, respectively. Last but not least, by the
|
|
new option "-y" some programs (dkg-generate, dkg-decrypt, dkg-sign,
|
|
dkg-keysign, and dkg-timestamp) will work with regular OpenPGP keys too.
|
|
The README file contains a configuration sample showing how to replace
|
|
classic PGP by DKGPG in the famous mail user agent mutt based on this
|
|
option. Please note that this feature is experimental and semantics
|
|
may be changed later.
|
|
- Added new build requirements:
|
|
* zlib
|
|
* bzip2
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 9 05:33:30 UTC 2018 - kbabioch@suse.com
|
|
|
|
- Update to 1.0.7:
|
|
* Small improvments due to the new OpenPGP structures from libTMCG
|
|
* "-k" option has been added to further programs
|
|
* OpenPGP cleartext signatures can be generated with the "-t" option
|
|
* Output of potentially malicious user IDs has been sanitized in
|
|
dkg-keycheck, dkg-keyinfo, and dkg-keysign
|
|
- Applied spec-cleaner
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 21 08:25:45 UTC 2018 - kbabioch@suse.com
|
|
|
|
- Update to version 1.0.6:
|
|
* dkg-keysign: added option "-k" (keyring with external keys)
|
|
* dkg-encrypt: added option "-k" (keyring with external keys)
|
|
* dkg-verify: added option "-k" (keyring with external keys)
|
|
* dkg-keycheck: added option "-k" (keyring with external keys)
|
|
* dkg-keycheck: added output of allowed external revocation keys
|
|
* dkg-encrypt: added option "-s" to select appropriate subkey
|
|
* dkg-encrypt: renamed option "-z" to "-t" for convenience
|
|
* dkg-keysign: include only exportable signatures to output
|
|
* check and set strict permissions (0600) for private key file
|
|
* dkg-sign: added option "-U" (policy URI) and improved manpage
|
|
* dkg-refresh: support generic verification and public key parsing
|
|
* dkg-keysign: added options "-1" through "-3" (validation level)
|
|
* dkg-keysign: added option "-u" (select user IDs) for CLT18
|
|
* dkg-keysign: support generic verification and public key parsing
|
|
* dkg-verify: support generic verification and public key parsing
|
|
* dkg-encrypt: support generic encryption and public key parsing
|
|
* dkg-generate: added no-modify key server preferences (0x80)
|
|
* improved error handling for unrecognized OpenPGP (sub)packets
|
|
* dkg-keycheck: changed semantics of option "-r" (reduce subkeys)
|
|
* dkg-keycheck: uses new public-key block parser from LibTMCG
|
|
* new default domain parameter set (CRS) due to LibTMCG changes
|
|
* raised the requirement of libgcrypt version to >= 1.7.0
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Feb 10 13:32:34 UTC 2018 - jengelh@inai.de
|
|
|
|
- Trim/compact long description for size, and wrap at 70 cols.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 8 22:13:12 UTC 2018 - kbabioch@suse.com
|
|
|
|
- Update to version 1.0.5
|
|
* added secure memory allocation from libgcrypt for some parts
|
|
* dkg-verify: added options "-f" and "-t" for a validity period
|
|
* added simple initalization procedure for memory locking
|
|
* added basic check on signature strength in parse_signature()
|
|
* added some basic checks on key strength in parse_public_key()
|
|
* added check for revocation signatures in parse_public_key()
|
|
* dkg-encrypt: added option "-z" for improved privacy (zero key ID)
|
|
* dkg-verify: added validity checks on key and signature
|
|
* dkg-keycheck: added ROCA vulnerability detector (Infineon RSALib)
|
|
* added option "-U" for dkg-keysign (policy URI)
|
|
* added option "-r" for dkg-keysign (revocation signature)
|
|
* added option "-r" for dkg-keycheck (support for RSA keys)
|
|
* added program dkg-keysign for creating certification signatures
|
|
* dkg-decrypt: removed support for not integrity protected messages
|
|
* dkg-keycheck: added test for small/same k in DSA signatures
|
|
* dkg-refresh: added cache for very strong randomness
|
|
|
|
- Use https instead of http
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 15 15:23:49 UTC 2018 - kbabioch@suse.com
|
|
|
|
- Initial packaging of version 1.0.4
|
|
|