GnuPG News for November and December 2015

Werner Koch wk at
Sat Dec 26 10:36:28 CET 2015


here comes the plaintext copy of Neal's status update for November and




                          December 24th, 2015

Table of Contents

1 GnuPG News for November and December 2015
.. 1.1 See us at 32C3
.. 1.2 Press
.. 1.3 Development
.. 1.4 Contact
.. 1.5 Discussions
.. 1.6 Donations
2 About this news posting

1 GnuPG News for November and December 2015

1.1 See us at 32C3

  Werner and Neal will each give a talk at 32C3 as part of the [FSFE
  Assembly].  Both talks are on Monday, December 28th.  Neal's
  presentation is at 16:00 in Hall A.1.  He'll present "An Advanced
  Introduction to GnuPG."  Werner follows immediately at 17:00 with
  "GnuPG and its current state of development."

  If you want to chat, we (Justus, Kai, Neal & Werner) will be around
  during the congress.  (Neal will be mostly hanging out at the Kidspace
  and thus will probably be the easiest to find.)  If you want to
  arrange a chat, send us an email.  If you see one of us, don't
  hesitate to ask for a business card with a list of the keys we use to
  sign GnuPG releases!

  [FSFE Assembly]

1.2 Press

  [Werner was interviewed] (in German) by Jürgen Asbeck from Germany's
  Pirate Party.

  [Werner was interviewed]

1.3 Development

  There have been two new releases of GnuPG: version [2.1.10] and
  version [1.4.20].

  Version 2.1.10 is the first GnuPG version to include support for TOFU.
  TOFU stands for trust on first use and should be familiar to anyone
  who uses ssh.  Basically, TOFU is a mechanism to detect when the
  binding between an identity and a key changes.  This can prevent or
  detect active man-in-the-middle (MitM) attacks and forgeries.
  Although this protection is weaker than the Web of Trust's theoretical
  guarantees, we have observed that most people don't bother to sign
  keys or set owner trust.  The practical result is that most users
  don't make use of the web of trust and, as such, GnuPG only protects
  them from passive MitM attacks.  TOFU provides protection against
  active MitM as long as they are not sustained while not requiring any
  user support.  Happily, the web of trust and TOFU can be combined.  To
  read more about how to use TOFU, see this [email].  A more theoretical
  handling of how TOFU works is described in our forthcoming [paper].
  (Feedback is welcome.)

  Another noteworthy addition to 2.1.10 is Tor support.  To enable this,
  simple add the following to your dirmngr.conf file:

  | use-tor
  | keyserver hkp://jirk5u4osbsr34t5.onion

  (`hkp://jirk5u4osbsr34t5.onion' is the .onion address for [SKS
  Keyserver Pool].)  Note: for this to work, you'll need to be running
  Tor.  On Debian, you just need to install the Tor package; there is
  nothing more to configure.

  2.1.10 also includes a number of small additions.  It is now possible
  to use `--default-key' multiple times and GnuPG will use the last key
  that is available for signing (this is good when using a configuration
  file shared among multiple hosts).  `--encrypt-to-default-key' will
  causes all messages to also be encrypted to the key specified in
  `--default-key'.  `--unwrap' will strip an OpenPGP message of its
  encryption layer (and everyone thing outside of it).  Since most
  messages are signed and then encrypted, this preserves the signature
  (unlike `--decrypt').  `--only-sign-text-ids' causes `--sign' to not
  sign photo IDs.

  In 2.1.10, Neal added code to detect ambiguous key specifications.
  This code proved to be incomplete and has since been removed from git.
  Given that it will take some time to ensure that the code is stable,
  this feature will return in 2.3.x.  (2.2 is planned for the beginning
  of 2016.)

  2.1.10 also includes a number of bug fixes for dirmngr.  In
  particular, there was a bug that prevented fetching a large number of
  keys over TLS streams.

  Both 2.1.10 and 1.4.20 include support for the new `--weak-digest'
  option, which can be used to explicitly mark a digest as deprecated.
  (You should consider doing this for SHA-1, which is no longer
  considered safe.)

  Andre published [version 2.3.0 of gpg2win].  He's also been working on
  GpgOL (a GnuPG plug-in for Outlook).  The latest test version includes
  support for sending PGP/MIME mails.  If you are interested in helping
  to test it, read the [wiki] and follow the [gpg4win-devel mailing
  list] for details.

  Jussi has continued his work on libgcrypt.  He recently added a
  variable length output interface for the digest API, which was needed
  for new SHAKE algorithms.  He has also worked on some new
  optimizations for the hash-algorithms; fine-tuned existing SHA-3/SHAKE
  and Tiger implementations and added an ARMv7/NEON implementation of

  Niibe fixed an important long standing bug in scdaemon whereby users
  cannot access their smartcard after reinsertion.  Another minor bug
  that he fixed is that the removal of smartcards was not always
  correctly detected.  These bugs are fixed in 2.1.10 and will be
  backported to 2.0.x.

  Niibe also did a major change in libgcrypt for Curve25519, which
  changes the point format of the curve by adding the 0x40 prefix (this
  is the same as Ed25519).  New private keys and encrypted messages
  created with the new libgcrypt will always have the prefix 0x40.  Any
  users of Curve25519 encryption should update their libgcrypt.
  Existing keys should continue to be handled correctly.

  For those interested in Werner's work on g13 (a LUKS replacement,
  which allows using a smartcard to decrypt the master key), he has
  pushed his current work to the `wk/g13work' branch.





  [SKS Keyserver Pool]

  [version 2.3.0 of gpg2win]


  [gpg4win-devel mailing list]

1.4 Contact

  Werner announced the official [chat room] for developers.  Note: for
  general questions, #gnupg on freenode remains the better real-time
  chat forum.

  [chat room]

1.5 Discussions

  Guilhem Moulin discussed using [OpenPGP notations to limit the scope
  of subkeys].

  James asked about [best practices for creating keys] and got a number
  of helpful responses.

  The Nitrokey developers [announced an effort to develop a new USB
  Security Key] with hidden storage (for plausible deniability).
  Nitrokey is 100% free software and open hardware.  Their [crowdfunding
  campaign] runs until the end of December.

  Robert J. Hansen shared a link to an MIT Technology Review article on
  how [user error subverts communication security].

  Matthias Apitz asked about [why private keys are stored differently in
  GnuPG 2.1] and Werner provided a detailed explanation.

  [OpenPGP notations to limit the scope of subkeys]

  [best practices for creating keys]

  [announced an effort to develop a new USB Security Key]

  [crowdfunding campaign]

  [user error subverts communication security]

  [why private keys are stored differently in GnuPG 2.1]

1.6 Donations

  At the beginning of 2015, the Linux Foundation, as part of their core
  infrastructure initiative, made a one-time USD60,000 donation.  We are
  pleased to report that the Linux Foundation has decided to renew their
  support for 2016 and have donated another USD60,000.  Thanks!

  Unfortunately, [although Facebook initially announced that they would
  provide USD50,000 of support per year], they have since rescinded.

  [although Facebook initially announced that they would provide
  USD50,000 of support per year]'

2 About this news posting

  We try to write a news posting each month.  However, other work may
  have a higher priority (e.g. security fixes) and thus there is no
  promise for a fixed publication date.  If you have an interesting
  topic for a news posting, please send it to us.  A regular summary of
  the mailing list discussions would make a nice column on this news.

Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list