Details about the (ongoing) response to https://gpg.fail/ from GnuPG's side:
* https://www.gnupg.org/blog/20251226-cleartext-signatures.html
* https://dev.gnupg.org/T7906 Memory Corruption in ASCII-Armor Parsing
* https://dev.gnupg.org/T7900 (overview)
Please upgrade to GnuPG 2.5.16, 2.4.9 or #Gpg4win 5.0.0-beta479 which already have the fix for what (currently) is seen to be the only major defect: T7906.
(Researchers - Thanks! - found defects in GnuPG, Sequoia-PG, Minisign and age.)
#GnuPG v2.5.14 is here to try.
A no-brainer upgrade for those who use the 2.5 series already. You'd get some defects fixed and a new secret key export-import for the Post quantum cryptography (#PQC) algorithm "Kyber". RCF8332 for ssh is now supported.
For others: the 2.5 series is good for Windows 64 and PQC. #LibrePGP #OpenPGPv4 #EndtoEndCrypto
https://lists.gnupg.org/pipermail/gnupg-announce/2025q4/000499.html
@fdroidorg @Tutanota the original claim was protecting data and notification patterns. So that Google and Apple cannot see them. IMAPS and SMTPS is enough for this, only the network operators and the server operators can then see notifications and the data.
If you want to do more, a standardized #endtoendcrypto solution for email is a good next step. Coming with some work. Like using OpenPGPv4/MIME (or LibrePGP/MIME, S/MIME). That protects even against the server provider to some extend.
Back from the summer, #GnuPG 2.5.12 is now ready for production usage.
And this includes the post-quantum cryptography encryption (#PQC) support which is the main feature of the 2.5 series. (Okay, there is also better support for 64bit Windows.)
So give it a spin or point your favourite GNU/Linux distribution to it for packaging.
https://lists.gnupg.org/pipermail/gnupg-announce/2025q3/000497.html
#GnuPG's "public testing release series" has a new version 2.5.7.
https://lists.gnupg.org/pipermail/gnupg-announce/2025q2/000493.html
Remember:
* It is for you, if you want to test the new
post-quantum cryptography (PQC) features
or the 64 Bit Windows support.
* The series features Kyber (FIPS-203) as PQC encryption algorithm.
A new Gpg4win 5 Beta is forthcoming in the next days.
Technical details: https://dev.gnupg.org/T7671
If you are using the PDF viewer #Okular_from #Gpg4win, please upgrade to version 4.4.1 as this version fixes a severe vulnerability in the freetype library.
https://www.gpg4win.org/download.html
Vulnerability details:
https://euvd.enisa.europa.eu/enisa/EUVD-2025-6367 🛡️
There are other good things in Gpg4win 4.4.1, for example
* improvements in the Outlook Add-in (GpgOL)
* a better Kleopatra
* GnuPG upgraded to v2.4.8
Better handling of certificates and public keys
with #Gpg4win v4.4.0's improved crypto manager _Kleopatra_.
It also comes with #GnuPG v2.4.7 for Windows. Workflows that profit from several signatures on a file
profit as well.
https://gpg4win.org/version4.4.html <-- see what else is new.
GnuPG
Bernhard E. Reiter