GnuPG 2.4.0 arrives with performance improvements, new utilities and more

Darkcrizt

4 minutes

GnuPG

GNU Privacy Guard is an encryption and digital signature tool that is a replacement for PGP

After a year and a half since the release of the previous version, GnuPG 2.4.0 release was announced (GNU Privacy Guard). GnuPG 2.4.0 is positioned as the first release of a new stable branch which incorporates the changes accumulated during the preparation of the 2.3.x versions.

The 2.2 branch has been moved to the category of the old stable branch, which will be supported until the end of 2024. The GnuPG 1.4 branch continues to stand as a classic series that consumes minimal resources, is suitable for embedded systems, and supports legacy encryption algorithms.

Main new features of GnuPG 2.4.0

In this new version that is presented we can find that added a background process with the implementation of the key database using SQLite DBMS for storage and demonstrating much faster key lookup. To enable the new storage, the option use-keyboxd» must be enabled in common.conf.

Another change that stands out is that a tpm2d background process was added to allow the use of TPM 2.0 chips to protect private keys and perform encryption or digital signature operations on the TPM side, in addition to adding a new gpg-card utility which can be used as a flexible interface for all supported smart card types and also a new gpg-auth utility for authentication.

A new common configuration file, common.conf, which is used to enable the keyboxd background process without adding separate configurations to gpg.conf and gpgsm.conf, as well as being provided support for the fifth version of keys and digital signatures, which uses the SHA256 algorithm instead of SHA1.

En gpgsm basic ECC support is added and the ability to generate EdDSA certificates. Added support for decrypting data encrypted with a password. Added support for AES-GCM decryption. Added new options “–ldapserver” and “–show-certs”.

On the part of the GPG changes we can find that added “–list-filter” parameter to selectively generate a list of keys.

Besides it digital signature verification is 10 or more times faster, Added support for importing custom CRLs, as well as the ability to export Ed448 keys for SSH and allowing decryption without a public key if a smart card is inserted.

GPG has stopped using 64-bit algorithms for encryption, the use of 3DES is prohibited and AES is declared as the minimum supported algorithm and the option can be used “–allow-old-cipher-somethings” to disable the restriction.

Of the other changes that stand out of this new version:

  • Verification results now depend on the --sender option and the signature creator ID.
  • Only OCB mode is allowed for AEAD encryption.
  • The ed448 and cv448 algorithms are now forced to enable version 5 key generation
  • When importing from an LDAP server, the automatic signatures only option is disabled by default.
  • The default algorithms for public keys are ed25519 and cv25519.
  • Added support for AEAD OCB and EAX block cipher modes
  • Added support for X448 elliptic curves ( ed448, cv448).
  • The use of group names in key lists is allowed.
  • Added Win32-OpenSSH emulation via gpg-agent.
  • By default, the SHA-256 algorithm is used to create SSH key fingerprints. Added “–pinentry-formatted-passphrase” and “–check-sym-passphrase-pattern” options.
  • Improved support for multiple card readers and tokens in scd.
  • The ability to use multiple applications with a specific smart card has been implemented.
  • Added support for PIV cards, Telesec Signature Cards v2.0 and Rohde&Schwarz Cybersecurity. Added new options “–application-priority” and “–pcsc-shared”.
  • Added the “–show-configs” option to the gpgconf utility.

How to install GnuPG on Ubuntu and derivatives?

Currently the new version of GnuPG is not available in the official Ubuntu repositories, so those who prefer this installation medium will have to wait for the package to be updated, possibly during the course of this week and the package is available.

For those who already need to perform the update to solve the problems, they should download the source code of GnuPG from its official website, the link is this.

After that they will have to unzip the downloaded package and position themselves in a terminal within the resulting folder.

This you can do typing in the terminal:

tar xvzf gnupg-2.4.0.tar.bz2

After that we will enter the folder created with:

cd gnupg-2.4.0

Already in the terminal they will only have to type the following commands:

./configure
make
make check
make install

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.