GPG4Win 4.0.0 (December 21, 2021) Website What's New in GPG4Win 4? Download Spoiler: Change History https://www.gpg4win.org/change-history.html Version 4.0.0 released 2021-12-21 Kleopatra: The group configuration has been extended so that groups can now be exported and imported. (T5638) Kleopatra: Now shows the used GnuPG version in the about dialog. (T5652) Kleopatra: Added an option under crypto operations to only use symmetric encryption. (T5661) Kleopatra: Available Smartcard readers can now be listed under settings. (T5662) Kleopatra: The update notification has been fixed. (T5663) Kleopatra: Checks for RESTRICTED / VS-NfD compliance now take underlying library configurations into account. (T5362) Kleopatra: Added error handling for operations which are not allowed in the configured compliance mode. (T5653) Kleopatra: Configuration of Keyservers is now shown correctly even when done through dirmngr.conf. (T5672) Kleopatra: Smartcard reader can now be selected through a menu which shows all available readers. This is found under the GnuPG System Smartcard configuration. (T5666) Kleopatra: When searching for certificates in the available list, a following "Search on Server" is now prefilled with the search string. (T5624) Kleopatra: Both S/MIME and OpenPGP certificates can now be imported from a single file. (T5638) Kleopatra: Configuration pages can now be hidden. (T5689) Kleopatra: The key creation wizard can now be customized with custom placeholders and expiry times. (T5690 T5708) Kleopatra: It is now possible to hide S/MIME (CMS) actions for an OpenPGP only mode. (T5688) Kleopatra: The GnuPG-System configuration has received minor cleanups. (T5677) Kleopatra: A crash related to circular certificate chains has been fixed. (T5697) Kleopatra: Ask GnuPG for the correct path for the uiserver socket (T5619). Kleopatra: Fix a problem with smartcard detection on startup. (rKd2338373ab41) Kleopatra: Enable the "create openpgp key from card" command only for GnuPG >= 2.3. (rK107abfdb1a41) Kleopatra: Windows no longer appear in the background when Kleopatra is not the active foreground process. (T5533) Kleopatra: The directory services configuration for LDAP servers has been extended. (T5465) Kleopatra: It is now possible to set an expiration date for a certification. (T5336) Kleopatra: It is now possible to update subkey expiration dates with Kleopatra. (T4717) Kleopatra: The default keyserver is now queried from GnuPG. (T5514) Kleopatra: Users are now prompted to set the ownertrust when certifying with an untrusted key. (T5511) Kleopatra: Symmetric encryption is now preselected if no keys are present. (T5545) Kleopatra: Every action in the file encryption dialow is now accessible through a shortcut. (T5544) Kleopatra: Accessibility, especially for encryption, has been greatly improved. (T5535) GpgOL: Contents are no longer hidden if plain text only is configured through group policies. (T5681) Pinentry: Symmetric passwords are now formatted when visible if the corresponding gpg-agent option "pinentry-formatted-passphrase" has been set. (T5517) Pinentry: It is now possible to generate secure passwords for symmetric encryption through gpg-agent. (T5517) Pinentry: It is now possible to add custom help text files to explain passphrase constraints. (T5517) Pinentry: Passphrase constraints are now better checked and violations no longer clear the entered passphrase. (T5532) Pinentry: A capslock warning is now shown. (T4950) Pinentry: The dialog is now more accessible and constraints are shown in a way that screenreaders can handle. GnuPG: Passphrase constraint handling has been improved with a new syntax for constraints. (T5517) GnuPG: The socket files are now located under Appdata/Local. (T5537) GnuPG: A new, optional, configuration syntax has been implemented which allows conditional configuration based on variables. Variables can be read from the Windows registry and controlled by Group Policies. GnuPG: The configured "trusted-key" options can now be properly changed. (T5685) GnuPG: The default selection for smartcard reader now tries to ignore virtual smartcard readers. (T5644) GnuPG: With "gpgconf --show-configs" the configuration of the system can now be listed. GnuPG: A new experimental key database daemon is provided. To enable it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored in a SQLite database and make key lookup much faster. GnuPG: Major update to Version 2.3.4. GnuPG: 2.3.4 Kleopatra: 3.1.20 GPA: 0.10.0 GpgOL: 2.5.1 GpgEX: 1.0.8 Kompendium DE: 4.0.1 Compendium EN: 3.0.0
GPG4Win 4.0.3 Released (July 12, 2022) Website Announcement Download Spoiler: Change History https://www.gpg4win.org/change-history.html Version 4.0.3 released 2022-07-12 Kleopatra: A crash that occured when exiting the Application has been fixed. (T5962) GnuPG: Security update to 2.3.7 to fix CVE-2022-34903. (T6027) GnuPG: Improved import of PKCS#12 containers. (T6037,T5793,T4921,T4757) GnuPG: 2.3.7 Kleopatra: 3.1.22 GPA: 0.10.0 GpgOL: 2.5.3 GpgEX: 1.0.9 Kompendium DE: 4.0.1 Compendium EN: 3.0.0
GPG4Win 4.0.4 Released (October 17, 2022) Website Announcement Change History Download Spoiler: Change History 4.0.4 Version 4.0.4 released 2022-10-17 GnuPG: Avoids "invalid hash method" errors by using SHA-256 for certificates with implicit SHA-1 preferences in de-vs mode. (T6043) GnuPG: In de-vs mode use AES-128 instead of 3-DES as implicit preference. This avoids problems with software considering 3-DES as non-compliant but does only announce 3-DES as supported algorithm. (T6063) GnuPG: Add new LDAP server flag "areconly" (A-record-only) to help against long delays on some AD installations. GnuPG: New feature to mirror an LDAP keyserver to a Web key Directory. (T6224) GnuPG: Improve reporting of bad passphrase errors during PKCS#11 import. (T5713,T6037) GnuPG: It is now possible to forbid users to trust additional root certificates. The option for this is "no-user-trustlist". (T5990) GnuPG: It is now possible to change the default filename (trustlist.txt) for the list of S/MIME root certificates. The option for this is "sys-trustlist-name" or on Windows it can be configured in the registry. This allows admins to change the S/MIME root certificates from the packaged default without having it overwritten with each update. (T5990) GnuPG: The "display serial number" is now used for card insert prompts. This should match the serial number printed on smart cards. (T6135) GnuPG: New "common.conf" option "no-autostart". (rG203dcc19eb) GpgOL: Groups configured in Kleopatra can now be used for mail encryption. Groups must contain only keys of one protocol (either S/MIME or OpenPGP) and be named like the mail address. (T5967) GpgOL: An exclamation mark at the end of the GpgOL config registry values under "Local machine" now disallows the user to change that setting. (T5827) Kleopatra: Any configuration settings in kleopatrarc are now configurable through the Windows Registry / Group Policies, too. (T5707) Kleopatra: Automatic extraction of tar archives can now be disabled in the Kleopatra settings. (T6057) Kleopatra: The original filename is now embedded in encrypted files. (T6056) Kleopatra: In case the embedded filename does not match the filename of the encrypted file, the user is asked after decryption if the file should be renamed to the embedded name. This only works for files encrypted with GnuPG VS-Desktop 3.1.24 or later. (T6056) Kleopatra: The user is now asked which file should be verified if the signed data for a detached signature (.sig) could not be found automatically. (T6062) Kleopatra: Queries containing just a single character are now allowed when searching in remote directories. This should make it easier to list all certificates in a directory. (T6064) Kleopatra: When a user specific trustlist.txt is created by Kleopatra it now adds the "include-default" keyword, so that the system wide trustlist.txt is still included. (T6096) Kleopatra: The storage location is now displayed per subkey to better support offline keys and multiple smart cards. (T6108) Kleopatra: The certificate details now have an explicit update button to refresh a key from the configured directory services. (T5903) Kleopatra: The fingerprint with the suffix .rev is now used as suggested filename for revocation certificates. (T6121) Kleopatra: Several more file dialogs now save the last used directory. (T6121) Kleopatra: When withdrawing certifications, the own certifications on the certificate are now automatically determined. (T6115) GnuPG: Update the X.509/CMS parsing library Libksba to version 1.6.2 to fix a severe security problem. (T6230) GnuPG: Do not consider unknown public keys as non-compliant while decrypting. (T6205) GnuPG: Fix CRL Distribution Point fallback to other schemes. GnuPG: Fix upload of multiple keys for an LDAP server specified using the colon format. GnuPG: Fix a key upload problem when a BaseDN is specified for an LDAP server. (T6047) GnuPG: YubiKeys with firmware versions 5.4 and above are correctly detected again. (T6070) GnuPG: Combined symmetric and asymmetric encryption / decryption is now displayed as VS-NfD compliant, if appropriate. (T6119) GnuPG: A misleading error message when transferring keys to a smart card was changed. (T6122) GnuPG: The options "auto-key-import" and "include-key-block" are changeable through Kleopatra, again. (T6138) GnuPG: A possible path traversal security issue regarding "gpg-wks-server" has been fixed. This only affects users of "gpg-wks-server" in a WKS deployment. (T6098) GnuPG: Fix a regression in "READKEY --format=ssh". (T6012) GpgOL: Fixed some encoding issues. GpgOL: Issue with sender resolution for draft mails fixed. GpgOL: A hang and performance problem when displaying unencrypted mails with a specific structure has been fixed. (#8917) GpgOL: Stale temporary files created by GpgOL are now deleted to avoid clutter on systems that do not clean the temporary files. (T5926) GpgOL: Fix a regression in IMAP access to encrypted mails. (T6203) Kleopatra: No longer reports success when adding an empty userid. (T5997) Kleopatra: The maximum expiration date is now 2106-02-05. (T5991) Kleopatra: S/MIME certificate trees are no longer collapsed when details are opened by double click. (T6055) Kleopatra: Minor improvements to the encrypt / sign recipient selection dialog. (T6080) Kleopatra: Canceling the password entry when exporting a secret key now correctly aborts the operation. (T6090) Kleopatra: A family of startup crashes has been fixed. The crashes would show up in the event log as crashes in libstdc++6.dll. (T6131) Kleopatra: Fixed a very rare hang when archiving files. This caused Kleopatra never to finish an archiving operation. (T6139) Kleopatra: When only a single OpenPGP certificate is imported, the question about weather to certify it has been restored. (T6144) Kleopatra: Problems of "Failed to move directory" when decrypting archives on systems where the users TEMP directory was placed on Microsoft virtual hard disks have been resolved. (T6147) Kleopatra: The following dialogs have been changed so that they are usable: * with keyboard only * with a screenreader (tested NVDA and ORCA) * with 400% magnification * with high contrast color scheme (T6073) * with inverted color scheme (T6073) - OpenPGP certificate creation (T5969, T5832) - The main window toolbar (T6026) - Certificate Details (T5843) - Certificate certification (T6046) - Expiration date change (T6080) - Group configuration (T6095) - DN Attribute Order configuration (T6089) - Subkey details (T6104) - Certifications view (T6102) - Self Test (T6101) Kleopatra: Generating a new OpenPGP certificate is reduced to a single dialog. (T5832) Kleopatra: Creating an S/MIME Certificate Signing Request (CSR) is now a standalone action in Kleopatras file menu. (T5832) Kleopatra: Links used in Kleopatra texts are now accessible for screenreaders. (T6034) Kleopatra: Text parts (labels) are now selectable and the selection is highlighted. This is easier to control with a Screenreader. (T6036) Kleopatra: Tooltip pop-ups are now read out by screenreaders. (T6044) Kleopatra: All icon-only buttons should now have a description which can be read by Screenreaders. (T6088) Kleopatra: Navigating the certificate list with the keyboard is improved. (T5841) Kleopatra: Validity period labels have been unified to "Valid from" and "Valid until" respectively. (T6120) Kleopatra: Compliance display has been simplified by removing the "communication is possible" part. (T5855) GnuPG: 2.3.8 Kleopatra: 3.1.24 GPA: 0.10.0 GpgOL: 2.5.5 GpgEX: 1.0.9 Kompendium DE: 4.0.1 Compendium EN: 3.0.0
GPG4Win 4.1.0 Released (December 20, 2022) Website Announcement Change History Download Spoiler: Change History 4.1.0 Version 4.1.0 released 2022-12-20 GPA: So long, and thanks for all the fish. To reduce maintenance and overall quality of Gpg4win we have decided to retire GPA. Over the last decade Kleopatra has made large improvements in quality and is very well maintained and the focus of our development. [rW3f7ed3834f] GnuPG: Improve signature verification speed by a factor of more than four. Double detached signing speed. [T5826] GnuPG: Import stray revocation certificates to improve WKD usability. GnuPG: New option --add-revocs for gpg-wks-client. [rG2f4492f3be] GnuPG: Ignore expired user-ids in gpg-wks-client. [T6292] GnuPG: Support the Telesec Signature Card v2.0 in OpenPGP. [T6252] GnuPG: For the new AEAD Format we now only allow the fast OCB mode. The EAX mode may still be used for decryption. [rG5a2cef801d] Kleopatra: Support the import of non-standard conforming UTF-16 encoded text files with certificates. [T6298] Kleopatra: New Option to delete the locally stored secret key after a transfer to a smart card. [T5836] Kleopatra: Improve the display of keys in the group edit dialog. [T6295] Kleopatra: Simplify changing the owner trust of keys. [T6148] Kleopatra: Allow selecting ECC with supported curves when generating new keys for smart cards. [T4429] GnuPG: Update the X.509/CMS library Libksba to version 1.6.3 to fix a security problem in the CRL signature parser. [T6230] GnuPG: Fix trusted introducer for mbox only user-ids. [T6238] GpgOL: IMAP access to encrypted mails works again. [T6203] Kleopatra: Don't report success if the key signing job was canceled. [T6305] Kleopatra: Report failed imports immediately when receiving the result. [T6302] Kleopatra: Do not offer invalid S/MIME certificates for signing or encryption. [T6216] Kleopatra: Don't ask user to certify an imported expired or revoked OpenPGP key. [T6155] Kleopatra: Do not crash when closing details widget while certificate dump is shown. [T6180] Kleopatra: Improve usability and accessibility of the notepad operations. [T6188] GnuPG: 2.4.0 Kleopatra: 3.1.26 GpgOL: 2.5.6 GpgEX: 1.0.9 Kompendium DE: 4.0.1 Compendium EN: 3.0.0
