Releases: rnpgp/rnp
Releases · rnpgp/rnp
Version 0.17.1
General
- Added support for Botan 3.
- Updated support for OpenSSL 3.
- Added support for mimemode in literal data packet.
- Relaxed Base64 decoding to allow spaces after the checksum.
FFI
- Added functions
rnp_key_set_features()
andrnp_signature_get_features()
.
OpenPGP signing key
Version 0.17.0
General
- Added support for hidden recipient during decryption.
- Added support for AEAD-OCB for OpenSSL backend.
- Improve support for offline secret keys during default key selection.
- Support for GnuPG 2.3+ secret key store format.
- SExp parsing code is moved to separate library, https://github.com/rnpgp/sexp.
- Mark subkeys as expired instead of invalid if primary key is expired.
- AEAD: use OCB by default instead of EAX.
- Do not attempt to validate signatures of unexpected types.
- Use thread-safe time and date handling functions.
- Added ENABLE_BLOWFISH, ENABLE_CAST5 and ENABLE_RIPEMD160 build time options.
- Do not use
EVP_PKEY_CTX_set_dsa_paramgen_q_bits()
if OpenSSL backend version is < 1.1.1e. - Corrected usage of CEK/KEK algorithms if those differs.
FFI
- Added function
rnp_signature_export()
. - Added flag
RNP_VERIFY_ALLOW_HIDDEN_RECIPIENT
tornp_op_verify_set_flags()
.
CLI
- Added default armor message type for
--enarmor
command. - Added command
--set-filename
to specify which file name should be stored in message. - Added
--add-subkey
subcommand to the--edit-key
. - Added
set-expire
subcommand to the--edit-key
. - Added
--s2k-iterations
and--s2k-msec
options to thernp
. - Added
--allow-weak-hash
command to allow usage of weak hash algorithms. - Report number of new/updated keys during the key import.
OpenPGP signing key
Version 0.16.3
Security
- Fixed issue with possible hang on malformed inputs (CVE-2023-29479).
- Fixed issue where in some cases, secret keys remain unlocked after use (CVE-2023-29480).
OpenPGP signing key
Version 0.16.2
General
- Fixed CMake issues with ENABLE_IDEA and ENABLE_BRAINPOOL
OpenPGP signing key
Version 0.16.1
General
- Ensure support for RHEL9/CentOS Stream 9/Fedora 36, updating OpenSSL backend support for v3.0.
- Optional import and export of base64-encoded keys.
- Optional raw encryption of the data.
- Optional overriding of the current timestamp.
- Do not fail completely on unknown signature versions.
- Do not fail completely on unknown PKESK/SKESK packet versions.
- Support armored messages without empty line after the headers.
- Added automatic feature detection based on backend.
Security
- Separate security rules for the data and key signatures, extending SHA1 key signature support till the Jan, 19 2024.
- Set default key expiration time to 2 years.
- Limit maximum AEAD chunk bits to 16.
FFI
- Changed behaviour of
rnp_op_verify_execute()
: now it requires single valid signature to succeed. - Added function
rnp_op_verify_set_flags()
to override default behaviour of verification. - Added function
rnp_key_is_expired()
. - Added function
rnp_op_encrypt_set_flags()
and flagRNP_ENCRYPT_NOWRAP
to allow raw encryption. - Added flag
RNP_LOAD_SAVE_BASE64
to the functionrnp_import_keys()
. - Added flag
RNP_KEY_EXPORT_BASE64
to the functionrnp_key_export_autocrypt()
. - Added function
rnp_set_timestamp()
to allow to override current time. - Update security rules functions with flags
RNP_SECURITY_VERIFY_KEY
andRNP_SECURITY_VERIFY_DATA
.
CLI
- Make password request more verbose.
- Print
RSA
instead ofRSA (Encrypt and Sign)
in the key listing to avoid confusion. - Added option
--source
to specify detached signature's source file. - Added option
--no-wrap
to allow raw data encryption. - Added option
--current-time
to allow to override current timestamp. - Strip known extensions (like
.pgp
,.asc
, etc.) when decrypting or verifying data. - Display key and signature validity status in the key listing.
- Do not attempt to use GnuPG's config to set default key.
Known issues
This release accidentally broke IDEA support, disabling it completely. Please see the issue #1901 for details.
This would be fixed in the next minor update.
OpenPGP signing key
Version 0.16.0
General
- Added support for OpenSSL cryptography backend so RNP may be built and used on systems without the Botan installed.
- Added compile-time switches to disable certain features (AEAD, Brainpool curves, SM2/SM3/SM4 algorithms, Twofish)
- Fixed possible incompatibility with GnuPG on x25519 secret key export from RNP to GnuPG.
- Fixed building if Git is not available.
- Fixed export of non-FFI symbols from the rnp.so/rnp.dylib.
- Fixed support for Gnu/Hurd (absence of PATH_MAX).
- Added support for
None
compression algorithm. - Added support for the dumping of notation data signature subpackets.
- Fixed key expiration time calculation in the case with newer non-primary self-certification.
- Improved performance of key import (no key material checks)
Security
- Added initial support for customizable security profiles.
- Mark SHA1 signatures produced later than 2019-01-19, as invalid.
- Mark MD5 signatures produced later than 2012-01-01, as invalid.
- Remove SHA1 and 3DES from the default key preferences.
- Use SHA1 collision detection code when using SHA1.
- Mark signatures with unknown critical notation as invalid.
- Do not prematurely mark secret keys as valid.
- Validate secret key material before the first operation.
- Limit the number of possible message recipients/signatures to a reasonable value (16k).
- Limit the number of signature subpackets during parsing.
FFI
- Added functions
rnp_backend_string()
andrnp_backend_version()
. - Added functions
rnp_key_25519_bits_tweaked()
andrnp_key_25519_bits_tweak()
to check and fix x25519 secret key bits. - Added security profile manipulation functions:
rnp_add_security_rule()
,rnp_get_security_rule()
,rnp_remove_security_rule()
. - Added function
rnp_signature_get_expiration()
. - Deprecate functions
rnp_enable_debug()
/rnp_disable_debug()
.
CLI
- Write new detailed help messages for
rnp
andrnpkeys
. - Added
-
(stdin) andenv:VAR_NAME
input specifiers, as well as-
(stdout) output specifier. - Do not fail with empty keyrings if those are not needed for the operation.
- Added algorithm aliases for better usability (i.e.
SHA-256
,SHA256
, etc.). - Added option
--notty
to print everything to stdout instead of TTY. - Added command
--edit-key
with subcommands--check-cv25519-bits
and--fix-cv25519-bits
. - Remove support for
-o someoption=somevalue
, which is unused. - Remove no longer used support for additional debug dumping via
--debug source.c
.
OpenPGP signing key
Version 0.15.2
General
- Be less strict in userid validation: allow to use userids with self-signature, which has key expiration in the past.
- Do not mark signature as invalid if key which produced it is expired now, but was valid during signing.
- Fix incorrect key expiration calculation in some cases.
- Fix incorrect version number in the
version.txt
.
FFI
- Add function
rnp_key_get_default_key()
to pick the default key/subkey for the specific operation. - Allow to pass NULL hash parameter to
rnp_key_add_uid()
to pick the default one. - Use the same approach as in
rnp_op_encrypt_add_recipient()
for encryption subkey selection inrnp_key_export_autocrypt()
.
CLI
rnp
: Show error message if encryption failed.rnpkeys
: Add--expiration
option to specify expiration time during key generation.
OpenPGP signing key
Version 0.15.1
General
- Make man pages building optional.
- Fixed updating of expiration time for a key with multiple user ids.
- Fixed key expiry check for keys valid after the year 2038.
- Pick up key expiration time from direct-key signature or primary userid certification if available.
FFI
- Added function
rnp_key_valid_till64()
to correctly handle keys which expire after the year 2038. - Added RNP_FEATURE_* defines to be used instead of raw strings.
Security
- Fixed issue with cleartext key data after the
rnp_key_unprotect()
/rnp_key_protect()
calls (CVE-2021-33589).
OpenPGP signing key
Version 0.15.0
API, CLI and FFI improvements.
General
- Added CMake options to allow offline builds, i.e. without Googletest/ruby-rnp downloads.
- Removed major library version from the library name (librnp-0.so/dll -> librnp.so/dll).
- Improved handling of cleartext signatures, when empty line between headers and contents contains some whitespace characters.
- Relaxed requirements for the armored messages CRC (allow absence of the CRC, and issue warning instead of complete failure).
- Updated build instructions for MSVC.
- Improved support of 32-bit platforms (year 2038 problem).
CLI
- Added up-to-date manual pages for
rnp
andrnpkeys
. - rnpkeys: added
--remove-key
command.
FFI
- Added up-to-date manual page for
librnp
. - Added function
rnp_signature_remove
- Added function
rnp_uid_remove
- Added function
rnp_key_remove_signatures
for batch signature removal and filtering.
OpenPGP signing key
Version 0.14.0
Major FFI, CLI and security improvements and compatibility fixes, and Windows support.
General
- Improved key validation: require to have at least one valid, non-expiring self signature.
- Added support for 'stripped' keys without userids and certifications but with valid subkey binding signature.
- Added support for Windows via MinGW/MSYS2.
- Added support for Windows via MSVC.
- Fixed secret key locking when it is updated with new signatures/subkeys.
- Fixed key expiry/flags calculation (take in account only the latest valid self-signature/subkey binding).
- Fixed MDC reading if it appears on 8k boundary.
- Disabled logging by default in release builds and added support for environment variable
RNP_LOG_CONSOLE
to enable it back. - Fixed leading zeroes for secp521r1 b & n field constants.
- Allowed keys and signatures with invalid MPI bit count.
- Added support for private/experimental signature subpackets, used by GnuPG and other implementations.
- Added support for reserved/placeholder signatures.
- Added support for zero-size userid/attr packet.
- Relaxed packet dumping, ignoring invalid packets and allowing to find wrong packet easier.
- Improved logging of errored keys/subkeys information for easier debugging.
- Fixed support for old RSA sign-only/encrypt-only and ElGamal encrypt-and-sign keys.
- Fixed support for ElGamal keys larger then 3072 bits.
- Fixed symbol visibility so only FFI functions are exposed outside of the library.
- Added support for unwrapping of raw literal packets.
- Fixed crash with non-detached signature input, fed into the
rnp_op_verify_detached_create()
. - Significantly reduced memory usage for the keys large number of signatures.
- Fixed long armor header lines processing.
- Added basic support for GnuPG's offline primary keys (
gnupg --export-secret-subkeys
) and secret keys, stored on card. - Fixed primary key binding signature validation when hash algorithm differs from the one used in the subkey binding signature.
- Fixed multiple memory leaks related to invalid algorithms/versions/etc.
- Fixed possible crashes during processing of malformed armored input.
- Limited allowed nesting levels for OpenPGP packets.
- Fixed support for text-mode signatures.
- Replaced strcpy calls with std::string and memcpy where applicable.
- Removed usage of mktemp, replacing it with mkstemp.
- Replaced usage of deprecated
botan_pbkdf()
withbotan_pwdhash()
. - Added support for the marker packet, issued by some implementations.
- Added support for unknown experimental s2ks.
- Fixed armored message contents detection (so armored revocation signature is not more reported as the public key).
- Changed behaviour to use latest encryption subkey by default.
- Fixed support for widechar parameters/file names on Windows.
- Implemented userid validity checks so only certified/non-expired/non-revoked userid may be searched.
- Fixed GnuPG compatibility issues with CR (
\r
) characters in text-mode and cleartext-signed documents. - Improved performance of the key/uid signatures access.
- Migrated tests to the Python 3.
- Migrated most of the internal code to C++.
CLI
- Do not load keyring when it is not required, avoiding extra
keyring not found
output. - Input/output data via the tty, if available, instead of stdin/stdout.
- Fixed possible crash when HOME variable is not set.
- rnpkeys: Added
--import-sigs
and changed behavior of--import
to check whether input is key or signature. - rnpkeys: Added
--export-rev
command to export key's revocation, parameters--rev-type
,--rev-reason
. - rnpkeys: Added
--revoke-key
command. - rnpkeys: Added
--permissive
parameter to--import-keys
command. - rnpkeys: Added
--password
options, allowing to specify password and/or generate unprotected key.
FFI
- Added keystore type constants
RNP_KEYSTORE_*
. - Added
rnp_import_signatures
. - Added
rnp_key_export_revocation
. - Added
rnp_key_revoke
. - Added
rnp_request_password
. - Added
rnp_key_set_expiration
to update key's/subkey's expiration time. - Added flag
RNP_LOAD_SAVE_PERMISSIVE
tornp_import_keys
, allowing to skip erroneous packets. - Added flag
RNP_LOAD_SAVE_SINGLE
, allowing to import keys one-by-one. - Added
rnp_op_verify_get_protection_info
to check mode and cipher used to encrypt message. - Added functions to retrieve recipients information (
rnp_op_verify_get_recipient_count
,rnp_op_verify_get_symenc_count
, etc.). - Added flag
RNP_KEY_REMOVE_SUBKEYS
tornp_key_remove
function. - Added function
rnp_output_pipe
allowing to write data from input to the output. - Added function
rnp_output_armor_set_line_length
allowing to change base64 encoding line length. - Added function
rnp_key_export_autocrypt
to export public key in autocrypt-compatible format. - Added functions to retrieve information about the secret key's protection (
rnp_key_get_protection_type
, etc.). - Added functions
rnp_uid_get_type
,rnp_uid_get_data
,rnp_uid_is_primary
. - Added function
rnp_uid_is_valid
. - Added functions
rnp_key_get_revocation_signature
andrnp_uid_get_revocation_signature
. - Added function
rnp_signature_get_type
. - Added function
rnp_signature_is_valid
. - Added functions
rnp_key_is_valid
andrnp_key_valid_till
. - Added exception guard to FFI boundary.
- Fixed documentation for the
rnp_unload_keys
function.
Security
- Removed version header from armored messages (see https://mailarchive.ietf.org/arch/msg/openpgp/KikdJaxvdulxIRX_yxU2_i3lQ7A/ ).
- Enabled fuzzing via oss-fuzz and fixed reported issues.
- Fixed a bunch of issues reported by static analyzer.
- Require at least Botan 2.14.0.