English README file for Gpg4win =============================== This is Gpg4win, version 3.1.15 (2021-01-12). Content: 1. Important notes 2. Changes 3. Additional notes 4. Version history 5. Version numbers of included software 6. Legal notices 1. Important notes ================== At release date, the English version of the ebook `Gpg4win Compendium` has not been updated for Gpg4win 3, but still is useful as documentation of some general background how to use the product. You will find it on your system (depending on the version of Windows) or online at https://www.gpg4win.org/doc/en/gpg4win-compendium.html Note that the German version 4.0.0 is up-to-date and only available as pdf. Please read the section `3. Additional notes` of this README before you start working with Gpg4win. The Compendium has more hints for manual or automated installation. System requirements ------------------- Gpg4win runs on Windows versions 7 or newer (up to Windows 10). Both 32 and 64bit systems are supported. If you have at least Windows XP, some parts of Gpg4win can be used, but are not officially supported. The Outlook plugin GpgOL is compatible with Microsoft Outlook 2010, 2013 and 2016 (both 32 and 64bit) and supports transporting emails via SMTP/IMAP and MS Exchange Server (version 2010 or newer). With Gpg4win version 3.1.2 Outlook 2003 and 2007 support was removed for security reasons. (See https://www.gpg4win.org/system-requirements.html for updates.) 2. Changes ========== Included Gpg4win components in version 3.1.15 are: GnuPG: 2.2.27 Kleopatra: 3.1.15 GPA: 0.10.0 GpgOL: 2.4.10 GpgEX: 1.0.6 Kompendium DE: 4.0.1 Compendium EN: 3.0.0 New in Gpg4win version 3.1.15 (2021-01-12) ----------------------------------------- - GpgOL: Fixed a critical issue since Gpg4win-3.1.12 where the selection of "No Key" for a recipient could lead to arbitrary keys selected instead. (T5223) - GpgOL: auto-key-retrieve in the GnuPG config now no longer leads to "No Data" errors when viewing signed mails. (T5164) - GpgOL: The error "No Data" now leads to more useful output in the mail view. (T5164) - GpgOL: The name for VS-NfD compliance is now configurable through libkleopatrarc. - Kleopatra: The dialog to create new keys has been simplified and makes it easier to create keys without protection. This can be disabled by setting "enforce-passphrase-constraints" in the gpg-agent configuration. (T5181) - Kleopatra: Name and e-mail for new keys are now obtained through active directory if they are available. (T5181) - Kleopatra: Creating S/MIME CSRs for OpenPGP Smartcards has been further improved. (T5127) - Kleopatra: Tag support for certifications has been greatly improved and is now also available when adding keys in the file encrypt dialog. (T5174) - Kleopatra: Elevated execution of Kleopatra (run as Administrator) is now prevented to avoid accidental permission problems in the GnuPG data folder. (T5212) - Kleopatra: Setting the initial SigG PIN for NetKey cards now also works if the generic PIN is not set. (T5220) - GnuPG: Now supports system wide configuration files in "%ProgramData%\GNU\etc\gnupg" so Administrators can both set defaults and enforce a specific configuration. The Format is the same as the user configuration under "%AppData%\gnupg" with additional syntax to enforce some options and ignore other options. (T4788) - GnuPG: OpenPGP certificates can no be obtained automatically over Active Directory. - GnuPG: The scheme for LDAP access has been improved. - GnuPG: Updated to 2.2.27 See: https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000452.html Announcement for 2.2.26: https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000451.html 3. Additional notes =================== - GpgOL * Crypto mails forwarded as attachment are not properly handled. * Integrated Microsoft only OLE Objects are not supported. * Localization is only complete for Dutch, German and Portugese. - General * For a future Version we plan to, optionally, further automate GpgOL. This would set the GnuPG-Option: trust-model tofu+pgp As this is not properly handled everywhere (especially Kleopatra's file verification dialog) this is not default. You can add it manually to your gpg.conf. The trust-model is already supported by GpgOL. 4. Version history ================== Listed below are the changes as recorded in the source distribution's NEWS file. An up-to-date list of changes is also available at: https://www.gpg4win.org/change-history.html Noteworthy changes in Version 3.1.15 (2021-01-12) ------------------------------------------------ * GpgOL: Fixed a critical issue since Gpg4win-3.1.12 where the selection of "No Key" for a recipient could lead to arbitrary keys selected instead. (T5223) * GpgOL: auto-key-retrieve in the GnuPG config now no longer leads to "No Data" errors when viewing signed mails. (T5164) * GpgOL: The error "No Data" now leads to more useful output in the mail view. (T5164) * GpgOL: The name for VS-NfD compliance is now configurable through libkleopatrarc. * Kleopatra: The dialog to create new keys has been simplified and makes it easier to create keys without protection. This can be disabled by setting "enforce-passphrase-constraints" in the gpg-agent configuration. (T5181) * Kleopatra: Name and e-mail for new keys are now obtained through active directory if they are available. (T5181) * Kleopatra: Creating S/MIME CSRs for OpenPGP Smartcards has been further improved. (T5127) * Kleopatra: Tag support for certifications has been greatly improved and is now also available when adding keys in the file encrypt dialog. (T5174) * Kleopatra: Elevated execution of Kleopatra (run as Administrator) is now prevented to avoid accidental permission problems in the GnuPG data folder. (T5212) * Kleopatra: Setting the initial SigG PIN for NetKey cards now also works if the generic PIN is not set. (T5220) * GnuPG: Now supports system wide configuration files in "%ProgramData%\GNU\etc\gnupg" so Administrators can both set defaults and enforce a specific configuration. The Format is the same as the user configuration under "%AppData%\gnupg" with additional syntax to enforce some options and ignore other options. (T4788) * GnuPG: OpenPGP certificates can no be obtained automatically over Active Directory. * GnuPG: The scheme for LDAP access has been improved. * GnuPG: Updated to 2.2.27 See: https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000452.html Announcement for 2.2.26: https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000451.html ~~~~~~~~~~~~~~~ GnuPG: 2.2.27 Kleopatra: 3.1.15 GPA: 0.10.0 GpgOL: 2.4.10 GpgEX: 1.0.6 Kompendium DE: 4.0.1 Compendium EN: 3.0.0 ~~~~~~~~~~~~~~~ Noteworthy changes in Version 3.1.14 (2020-11-25) ------------------------------------------------ * Kleopatra: It is now possible to revoke certifications with Kleopatra. (T5094) * Kleopatra / GnuPG: Unicode home directories are now supported. (T5055) * Kleopatra: Directories for encryption may now contain unicode filenames. (T4083) * Kleopatra: Improved Smartcard support, preshadowing the full multicard support with GnuPG 2.3. (T5066) * Pinentry: The dialog should now receive input focus in more scenarios. (T4123) * GpgOL: Plain text mails without attachments are properly displayed again. * GpgOL: Plain text e-mails without attachments are displayed correctly again. * GnuPG: Updated to 2.2.25 ( https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000450.html ) ~~~~~~~~~~~~~~~ GnuPG: 2.2.25 Kleopatra: 3.1.14 GPA: 0.10.0 GpgOL: 2.4.8 GpgEX: 1.0.6 Kompendium DE: 4.0.1 Compendium EN: 3.0.0 ~~~~~~~~~~~~~~~ Noteworthy changes in Version 3.1.13 (2020-09-04) ------------------------------------------------ * GnuPG: Updated to 2.2.23 to fix CVE-2020-25125. ( https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html ) * GpgOL: Fixed an issue where unencrypted drafts of mails were stored on the an Exchange Server and could be restored through the "recently deleted items" option. Especially if the draft encryption, introduced in Gpg4win-3.1.8, is used this can be a security issue. (T5022) Gpg4win cannot offer guarantees that Outlook does not send data which is entered *before* the encryption to Microsoft or an Exchange Server. Under Windows with Outlook this is impossible to control. The draft encryption option is our best effort to avoid this. ~~~~~~~~~~~~~~~ GnuPG: 2.2.23 Kleopatra: 3.1.12 GPA: 0.10.0 GpgOL: 2.4.7 GpgEX: 1.0.6 Kompendium DE: 4.0.1 Compendium EN: 3.0.0 ~~~~~~~~~~~~~~~ Noteworthy changes in Version 3.1.12 (2020-07-24) ------------------------------------------------ * GpgOL: Improved handling of mails with encrypted subjects. (T4796) * GpgOL: Improved integration with Web Key Services to automatically provide public keys. (T4839) * GpgOL: The addressbook integration is now more visible. (T4874) * GpgOL: Group accounts are now properly considered when preselecting the signing key. (T4090) * GpgOL: During signature verification a preview of the content is now displayed. (T4944) * GpgOL: Printing of encrypted mails now works correctly after changing the printer. (T4890) * GpgOL: Security level of keys obtained from a Web Key Directory is now properly shown as Level 2. * GpgOL: Permanently decrypt now works more reliably and should no longer lead to "No Data" errors. (T4718) * GpgOL: Long lines in plaintext mails should no longer be displayed as multiple lines after decryption. (T4987) * GpgOL: Attachments with filenames that are not allowed on Windows can now be handled. (T4835) * GpgOL: Mails with exactly one attachment and no body are now displayed correctly. * GnuPG: Symmetric encryption now uses only one password dialog. (T4971) * GnuPG: Improved certificate import for S/MIME certificates. (T4847) * GnuPG: Added support for CardOS 5 Smartcards based on the D-Trust 3.1 card. * GnuPG: Support for rsaPSS signatures has been added. (T4538) * GnuPG: The "Quality" of a new passphrase is no longer incorrectly displayed. (T2103) * Kleopatra: Overwriting secret key exports now works correctly. (T4709) * Kleopatra: Fixed a case where file sign & encrypt dialogs would not be shown on high DPI systems. (T4819) * Kleopatra: The sorting of multiple tabs has been fixed. * Kleopatra: The minimal lenght of the Name has been reduced to better support non latin names. (T4745) * Kleopatra: The filename suggestion for key exports has been improved to avoid confusion between public and private key exports. (T4995) * Kleopatra: Authentication subkeys can now be exported in the OpenSSH format. * Kleopatra: Markup is now automatically removed when pasting into the notepad. (T4969) * Kleopatra: "updating..." as key validity is no longer displayed incorrectly when doing a keyserver search. (T4948) * Gpg4win: The file and URL connections with Kleopatra now properly split arguments and potential external data like filenames and the search query. This prevents a security issue where Kleopatra could be triggered to load a library from a filename provided through an unescaped URL. ~~~~~~~~~~~~~~~ GnuPG: 2.2.21 Kleopatra: 3.1.12 GPA: 0.10.0 GpgOL: 2.4.6 GpgEX: 1.0.6 Kompendium DE: 4.0.1 Compendium EN: 3.0.0 ~~~~~~~~~~~~~~~ Noteworthy changes in Version 3.1.11 (2019-12-17) ------------------------------------------------ * GpgOL: Improved compatibility with other clients for S/MIME e.g. the Outlook web interface. (T4543 T4525) * GpgOL: E-Mails which are too large to fully decrypt / verify on a Server with E-Mail size limits are now handled with a proper error. (T4731) * GpgOL / Kleopatra: The GnuPG-System config page can now be hidden. * GpgOL: There is now an additional configuration option to always show the security approval dialog, even with full automation. * GpgOL: E-Mails are no longer always classified as HTML. * GpgOL: Saving E-Mails as files now also works when the mail is opened in its own Window. * GpgOL: Fixed a rare case where GpgOL could crash when opening a Mail from the file system. * GpgOL: The security approval dialog now has additional info buttons to show extended information. * Kleopatra: The certify dialog has been reworked to be more user friendly and require less clicks. (T4649) * Kleopatra: New Feature "Search Tags": When certifying a user identity you can now add additional "Tags". Tags are shown which are made by any user that has full ceritification trust. They can be used to group or search keys by additional information. (T4734) * Kleopatra: There is now an error message when a key could not be found during file encryption. * Kleopatra: The Smartcard Management now also works for OpenPGP 3 cards e.g. newer Yubikeys. * GnuPG: Network access is now much faster if IPv6 is not available. (T4165) * GnuPG: Prepare against chosen-prefix SHA-1 collisions in key signatures. This change removes all SHA-1 based key signature newer than 2019-01-19 from the web-of-trust. Note that this includes all key signature created with DSA-1024 keys. The new option --allow-weak-key-signatues can be used to override the new and safer behaviour. (T4755, CVE-2019-14855) * GnuPG: Updated to Version 2.2.19. (See: https://gnupg.org for additional News.) ~~~~~~~~~~~~~~~ GnuPG: 2.2.19 Kleopatra: 3.1.11 GPA: 0.10.0 GpgOL: 2.4.4 GpgEX: 1.0.6 Kompendium DE: 4.0.1 Compendium EN: 3.0.0 ~~~~~~~~~~~~~~~ Noteworthy changes in Version 3.1.10 (2019-07-14) ------------------------------------------------ * GpgOL: Fixed a possible plaintext leak to the mail server, which could occur when opening and closing mails while the mail was also visible in the message list. (T4622 T4621) * GnuPG: Ignore all key-signatures received from keyservers. This change is required to mitigate a DoS due to keys flooded with faked key-signatures. The old behaviour can be achieved by adding keyserver-options no-self-sigs-only,no-import-clean to your gpg.conf. (T4607) See: https://wiki.gnupg.org/WKD for an alternative to the keyservers. * GnuPG: Updated to Version 2.2.17. (See: https://gnupg.org for News.) ~~~~~~~~~~~~~~~ GnuPG: 2.2.17 Kleopatra: 3.1.8 GPA: 0.10.0 GpgOL: 2.4.2 GpgEX: 1.0.6 Kompendium DE: 4.0.1 Compendium EN: 3.0.0 ~~~~~~~~~~~~~~~ Noteworthy changes in Version 3.1.9 (2019-06-15) ------------------------------------------------ * Kleopatra: Fixed autocompletion of recipients. (T4569) funktioniert nun wieder. (T4569) * GpgOL: Printing of crypto mails now fully works. (T4560) * GpgOL: File -> Save As does now work. (T4318) ~~~~~~~~~~~~~~~ GnuPG: 2.2.16 Kleopatra: 3.1.8 GPA: 0.10.0 GpgOL: 2.4.0 GpgEX: 1.0.6 Kompendium DE: 4