Looking into #GnuPG 2.4.3, which is available now: It is a typical small point release which fixes some minor defects and improves the performance on Windows, especially for for large files.

Noteworthy also: the default expiration time period for new public keys has been increased to 3 years and that there is a new PKCS#12 parser (yes GnuPG's gpgsm can do CMS for S/MiME ;) ).

Announcement: https://lists.gnupg.org/pipermail/gnupg-announce/2023q3/000480.html
Release Issue: https://dev.gnupg.org/T6509

#EndtoEndCrypto #FreeSoftware #OpenPGP

@fsf Thanks for promoting a decentral comunication solution - email and OpenPGP with GnuPG! As for the guide,: keyservers and the web of trust have lost quite a bit of relevance in recent years. What would be really cool is to select an email provider that offers the pubkeys via the web key directory. https://wiki.gnupg.org/WKD and bring your public key up there. #GnuPG #FreeSoftware #EndtoEndCrypto

Today it is to celebrate 25 years of #GnuPG 🎉 a #FreeSoftware implementation of the '#OpenPGP and #CMS standards for #endtoendcrypto . For this GnuPG 2.4.0 is announced and #Gpg4win 4.1.0, see https://lists.gnupg.org/pipermail/gnupg-announce/2022q4/000477.html and https://lists.wald.intevation.org/pipermail/gpg4win-announce/2022/000099.html

As #GnuPG user, get v2.2.36 (LTS), v2.3.7 or a fix from your GNU/Linux distribution! There is a nasty defect when transferring the verification status of a signature to the using application. With preconditions a signature can be forged.
https://lists.gnupg.org/pipermail/gnupg-announce/2022q3/000474.html
https://lists.gnupg.org/pipermail/gnupg-users/2022-July/066122.html
There is also a new #Gpg4win v4.0.3 release. #Security #EndtoEndCrypto #FreeSoftware

For a third party desrcription see https://ubuntu.com/security/CVE-2022-34903

#Gpg4win is just jumping two little numbers from 4.0.0 to 4.0.2, but there is a lot in store for users. The (expert) GUI Kleopatra got many detailed improvements and the crypto backend. See https://www.gpg4win.org/change-history.html
https://dev.gnupg.org/T5743 and https://dev.gnupg.org/T5937 for all changes. #OpenPGP #EndtoEndCrypto #FreeSoftware #CryptographicMessageSyntax

#GnuPG LTS 2.2.34 is available. It improves ed25519 handling, which is now the default
algorithms for new keypairs in the new 2.3. generation. Also fixes an important defect
for internationalised account names on Windows. (And some other fixes.)
https://lists.gnupg.org/pipermail/gnupg-announce/2022q1/000470.html
#FreeSoftware #EndtoEndCrypto #OpenPGP

#Gpg4win 4.0.0 is a major upgrade of the official #GnuPG build for Microsoft Windows. Coming with the modern GnuPG 2.3 line for the first time. GnuPG provides a future-ready foundation for the secure exchange of data and mails over the next years, by implementing the upcoming draft of the #OpenPGP protocol and making the switch to better default algorithms. https://www.gpg4win.org/version4.html #EndtoEndCrypto #OpenPGP #OpenStandard #FreeSoftware

#GnuPG 2.2.33 LTS brings a
few new options to ease user support and large scale installations (in addition of fixing a few minor problems as usual ;) ).
https://lists.gnupg.org/pipermail/gnupg-announce/2021q4/000467.html (GnuPG is a #FreeSoftware engine for #EndToEndCrypto wit email and files, it support both open standards #OpenPGP and #CryptographicMessageSyntax )

#GnuPG 2.2.32 (LTS) fixes an important piece of validation when using keyservers or WKD with websites that use Let's encrypt certificates. Either go to GnuPG 2.2.32 or remove an outdated intermediate certificate from Let's encrypt from your system cert store. See https://dev.gnupg.org/T5639 and https://lists.gnupg.org/pipermail/gnupg-announce/2021q4/000465.html #EndtoEndCrypto

Looking for #OpenPGP pub-keyservers? https://spider.pgpkeys.eu tries to list new active ones, now including those with the new hockeypuck software. Can be used with #GnuPG. (https://spider.pgpkeys.eu/graphs even has a graph). Done on a best-effort basis by https://andrewg.com, see https://lists.gnupg.org/pipermail/gnupg-devel/2021-September/034962.html #EndtoEndCrypto

#GnuPG 2.2.30 and 2.2.31 (LTS) mainly add support to check entered passwords against patterns. (Backported from the "news release series", it seems.)
https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000463.html
https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000464.html
#EndtoEndCrypto #FreeSoftware #EmailSecurity #FileSecurity #OpenPGP

Over the summer #GnuPG 2.3.2 (the new release series) pushed many smaller features further in August. Discovery of pubkeys is improved. So are the hardware tokens. Entered passwords can now be checked against patterns. https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000462.html #EndtoEndCrypto #FreeSoftware #EmailSecurity #FileSecurity #OpenPGP

#GnuPG 2.2.29 (LTS) is available. It has a few regessions from 2.2.28 fixed and changes the the default keyserver to keyserver.ubuntu.com (temporarily).
https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html As you may know the old SKS keyserver network was attacked and withers out. The future is for https://wiki.gnupg.org/WKD and upcoming new keyserver software like hockeypuck. E.g. there are some candidate public keyservers you could try
https://lists.gnupg.org/pipermail/gnupg-users/2021-June/065278.html #EndtoEndCrypto #FreeSoftware #EmailSecurity #FileSecurity

#Gpg4win 3.1.16 can be downloaded. A mixed bag of little, but important fixes and improvements for personal and organisational use, like for encrypted files. Comes with #GnuPG 2.2.28 LTS. https://www.gpg4win.de/change-history.html https://lists.wald.intevation.org/pipermail/gpg4win-announce/2021-June/000092.html File and email #EndToEndCrypto OpenPGP/MIME and S/MIME for MS Windows #FreeSoftware

#Gpg4win 3.1.15 is available. Features system wide config with #GnuPG. Allows Active Directory as internal keyserver. Improvements to Outlook-Addin and to smartcard support. https://www.gpg4win.org/get-gpg4win.html https://lists.wald.intevation.org/pipermail/gpg4win-announce/2021-January/000091.html #FreeSoftware #EndToEndCrypto

#GnuPG v2.2.27 fixes a defect relevant for S/MIME on windows so expect a #Gpg4win release within a few days (It also has progress towards reproducable builds on windows.) https://dev.gnupg.org/T5234 #EndtoEndCrypto (GnuPG is a #FreeSoftware implementation for file and email based encryption and signatures).

#Gpg4win 3.1.14 released. Improves on non-ASCII filenames and paths (which fixes a regression for account names). Betterments for smartcards and display of plain text mails in GpgOL. https://lists.wald.intevation.org/pipermail/gpg4win-announce/2020-November/000090.html https://gpg4win.org #FreeSoftware #EndToEndCrypto #GnuPG

#GnuPG 2.2.24 does an important step to internationalise on Windows, because it fixes a regression and allows unicode filenames and paths (in many places). I expect #Gpg4win to follow with a new release soon. (Of course #GnuPG 2.2.24 comes with a number of maintenance fixes making things more consistent and secure in the long run.) Details https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000449.html #FreeSoftware #Security #EndToEndCrypto

#Gpg4win 3.1.10 is available (since 2019-07-14) A strongly recommended update, as it uses the new GnuPG 2.2.17 that ignores third party signatures from keyservers by default and thus protects against sabotaged pubkeys. There is also an important security-fix for users of the Outlook "Add-in" (GpgOL). https://www.gpg4win.de/3.1.10-announcement.html #endtoendcrypto #security #FreeSoftware #GnuPG

#GnuPG v2.2.17 stays operational if pubkeys with many third party signatures are to be imported. And thus you get a choice to use distributed keyservers safely again - though the default is now to not use them.
https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html This protects against a potential denial of service attack if a pubkey is flooded with many third party signatures. Another reason to deploy more https://wiki.gnupg.org/WKD #EndtoEndCrypto #Security #OpenPGP