After three and a half years of the formation of the last significant branch a new version of GnuPG 2.3.0 has been released (GNU Privacy Guard), which is compatible with the OpenPGP and S / MIME standards and which provides utilities for data encryption, working with electronic signatures, key management and access to public key stores.
This new version of GnuPG 2.3.0 is positioned as the first version of a new code base which includes the latest developments.
GnuPG 2.2 is considered a stable branch, optimal for general use and will be supported until at least until 2024, while for the version of GnuPG 1.4, this continues to ship as the classic series Low-resource, suitable for embedded systems, and compatible with legacy encryption algorithms.
Main new features of GnuPG 2.3.0
In this new version of GnuPG 2.3.0 it is proposed an experimental background process with implementing a key database using SQLite to store and demonstrate faster key search. To enable the new repository, enable the “use-keyboxd” option in gpg.conf and gpgsm.conf.
Another change that stands out is that the agent can use the “label:” value in the key file to customize the PIN request, in addition to the implementation of support for ssh-agent extensions for environment variables.
Also, we can find that scd support for multiple card and token readers has been improvedas the ability to use multiple applications with a specific smart card was implemented and support for PIV cards, Telesec Signature Cards v2.0 and Rohde & Schwarz Cybersecurity was also added.
What’s more a new gpg utility card has been added, what can be used as a flexible interface for all types of smart cards supported along with a new background process, tpm2d, to enable the use of TPM 2.0 chips to protect private keys and perform encryption or digital signature operations on the TPM side.
Gpg has stopped using 64-bit algorithms for encryption. The use of 3DES is prohibited and AES is declared as the minimum supported algorithm. The “–allow-old-cipher-algos” option can be used to disable the constraint.
Of the other changes that are integrated in this new version:
- New options “–application-priority” and “–pcsc-shared” have been added.
- The default algorithms for public keys are ed25519 and cv25519.
- Added support for AEAD OCB and EAX block cipher modes.
- Fifth version support (with identifier based on SHA256 instead of SHA1) for keys and digital signatures is provided.
- Added support for X448 curves (ed448, cv448).
- The use of group names in key lists is allowed.
- In gpg, the verification results now depend on the “–sender” option and the identifier of the signature creator.
- Added “–chuid” option to gpg, gpgsm, gpgconf, gpg-card and gpg-connect-agent to change user ID.
- Added options to gpg “–full-timestrings” (show date and time), “–force-sign-key” and “–no-auto-trust-new-key”.
- Support for the legacy PKA key discovery method has been removed and its related options removed.
- Added ability to export Ed448 keys for SSH to gpg.
- Gpgsm adds basic ECC support and the ability to create EdDSA certificates.
- Removed symcryptrun utility (obsolete link on Chiasmus external utility.
- Full Unicode command line support is available on the Windows platform.
How to install GnuPG on Ubuntu and derivatives?
Currently the new version of GnuPG is not available in the official Ubuntu repositories, so those who prefer this installation medium will have to wait for the package to be updated, possibly during the course of this week and the package is available.
For those who already need to perform the update to solve the problems, they should download the source code of GnuPG from its official website, the link is this.
After that they will have to unzip the downloaded package and position themselves in a terminal within the resulting folder.
This you can do typing in the terminal:
tar xvzf gnupg-2.3.0.tar.bz2
After that we will enter the folder created with:
Already in the terminal they will only have to type the following commands:
./configure make make check make install