Marcus Meissner
b4e8b7fb1e
- upgrade to 2.1.0 (modern)
- The file "secring.gpg" is not anymore used to store the secret
keys. Merging of secret keys is now supported.
- All support for PGP-2 keys has been removed for security reasons.
- The standard key generation interface is now much leaner. This
will help a new user to quickly generate a suitable key.
- Support for Elliptic Curve Cryptography (ECC) is now available.
- Commands to create and sign keys from the command line without any
extra prompts are now available.
- The Pinentry may now show the new passphrase entry and the
passphrase confirmation entry in one dialog.
- There is no more need to manually start the gpg-agent. It is now
started by any part of GnuPG as needed.
- Problems with importing keys with the same long key id have been
addressed.
- The Dirmngr is now part of GnuPG proper and also takes care of
accessing keyserver.
- Keyserver pools are now handled in a smarter way.
- A new format for locally storing the public keys is now used.
This considerable speeds up operations on large keyrings.
- Revocation certificates are now created by default.
- Card support has been updated, new readers and token types are
supported.
- The format of the key listing has been changed to better identify
the properties of a key.
- The gpg-agent may now be used on Windows as a Pageant replacement
for Putty in the same way it is used for years on Unix as
ssh-agent replacement.
- Creation of X.509 certificates has been improved. It is now also
possible to export them directly in PKCS#8 and PEM format for use
OBS-URL: https://build.opensuse.org/request/show/260826
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=79
39 lines
1.8 KiB
Diff
39 lines
1.8 KiB
Diff
Index: gnupg-2.1.0/g10/encrypt.c
|
|
===================================================================
|
|
--- gnupg-2.1.0.orig/g10/encrypt.c 2014-11-06 18:27:35.176659675 +0100
|
|
+++ gnupg-2.1.0/g10/encrypt.c 2014-11-06 18:29:10.987883901 +0100
|
|
@@ -783,7 +783,10 @@ encrypt_filter (void *opaque, int contro
|
|
/* Because 3DES is implicitly in the prefs, this can
|
|
only happen if we do not have any public keys in
|
|
the list. */
|
|
- efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO;
|
|
+ /* Libgcrypt manual says that gcry_version_check must be called
|
|
+ before calling gcry_fips_mode_active. */
|
|
+ gcry_check_version (NULL);
|
|
+ efx->cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO;
|
|
}
|
|
|
|
/* In case 3DES has been selected, print a warning if
|
|
Index: gnupg-2.1.0/g10/mainproc.c
|
|
===================================================================
|
|
--- gnupg-2.1.0.orig/g10/mainproc.c 2014-11-06 18:27:33.243634973 +0100
|
|
+++ gnupg-2.1.0/g10/mainproc.c 2014-11-06 18:27:35.178659700 +0100
|
|
@@ -690,9 +690,15 @@ proc_plaintext( CTX c, PACKET *pkt )
|
|
often. There is no good way to specify what algorithms to
|
|
use in that case, so these three are the historical
|
|
answer. */
|
|
- gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
|
|
+
|
|
+ /* Libgcrypt manual says that gcry_version_check must be called
|
|
+ before calling gcry_fips_mode_active. */
|
|
+ gcry_check_version (NULL);
|
|
+ if( !gcry_fips_mode_active() )
|
|
+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
|
|
gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
|
|
- gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
|
|
+ if( !gcry_fips_mode_active() )
|
|
+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
|
|
}
|
|
if (opt.pgp2_workarounds && only_md5 && !opt.skip_verify
|
|
&& opt.flags.allow_weak_digest_algos) {
|