#GnuPG 2.2.54-freepg has been released.

It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

Release Notes
=============

## Noteworthy changes in version 2.2.54-freepg (2026-04-24)

* No FreePG-specific changes.

https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.2.54-freepg

Upstream's release notes follow.

-------------

## Noteworthy changes in version 2.2.54 (2026-04-20)

* gpg: Fix an edge case in --refresh-keys. [T8197]

* gpgsm: Add a certificate chain check for de-vs compliance.
[T8188]

* gpgsm: Show rsaPSS certificates as de-vs compliant in listings.
[T8222]

* agent: Accept a trustlist with a missing LF at the end. [T8078]

Release-info: https://dev.gnupg.org/T8170

I'm getting quite annoyed with the state of #GnuPG as a packager.

Upstream silently keeps releasing 2.2 versions to this day(!) and at the same time claims 2.4 will soon be EOL (also refuses to backport security fixes for it).

Meanwhile, there are no good reasons to upgrade to 2.5, unless one wants incompatibility with the entire rest of the ecosystem (see https://wiki.archlinux.org/index.php?title=GnuPG&oldid=860217#OpenPGP_compatibility).

The move to #OpenPGP #RFC9580 compliant solutions can't happen early enough!
Also, I'm glad we have @freepg

When looking at the changes towards the new 2.5.19 version of #GnuPG, there are many small things; like a way to use OCB for symmetric-only encryption, a few defect fixes and improvements.

Not that exciting, but maintenance of the well known #LibrePGP, OpenPGPv4 and CMS capable crypto engine.... you may want to know anyhow. ;)

https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000504.html
https://dev.gnupg.org/T7998

#GnuPG #EndtoEndCrypto #FreeSoftware

I just released version 0.1.8 of oct-git, a simple tool for Git signing and verification with #OpenPGP cards

https://crates.io/crates/openpgp-card-tool-git

This version implements automatic updating of certificates from keyservers (both for verification of signatures, usually by third parties, and for issuing signatures based on one's own signing certificate).

#GnuPG #PGP #Git #HSM

Title: P2: Emacs allow easely encrypt end decrypt ".gpg" files [2024-12-04 Wed]

if [ (tty) = "/dev/tty2" ] then # to disable tty2
stty -echo -icanon
while true do read -t 0 done
fi
export GPG_TTY=/dev/tty2
gpg-agent 2> /dev/null

Now you need to switch to TTY with Ctrl+Alt+F2 to enter
password.

If this is too complicated, you can always enter
password directly in Emacs:
(setopt epa-pinentry-mode 'loopback)
蠡 #dailyreport #emacs #security #gpg #gnupg #pgp #passwords #x11 #linux

Title: P1: Emacs allow easely encrypt end decrypt ".gpg" files [2024-12-04 Wed]

It is impossible actually but at least we can encrypt
file/files with all passwords and enter one password
outside of X. That is how most keystorages works.

For that, we need:
~/.gnupg/gpg-agent.conf: pinentry-program /usr/bin/pinentry-tty
/etc/inittab: c2:2345:respawn:/sbin/agetty -a user 38400 tty2 linux

in .bashrc: #dailyreport #emacs #security #gpg #gnupg #pgp #passwords #x11 #linux

Title: P0: Emacs allow easely encrypt end decrypt ".gpg" files [2024-12-04 Wed]

#x11 #linux
with
"EasyPG" - GnuPG interface:
(require 'epa-file)
(setopt epa-pinentry-mode 'ask)
(epa-file-enable)

I have encrypted my passwords with ability to enter
password outside of X11 window server. We all know that
X server is a one week point that hard to isolate. That
is why it's better to keep passwords outside of X. #x11 #linux #dailyreport #emacs #security #gpg #gnupg #pgp #passwords #x11 #linux

Loki подсказал, что часто не могу получить GPG ключи на одной из систем. Не обратил бы внимание, если бы эти ошибки не вышли в топ по логам. Неприятно, но решаемо.

В /etc/pacman.d/gnupg/gpg.conf добавил пару строк:

auto-key-locate keyserver
allow-weak-key-signatures

И обновление ключей: pacman-key --refresh-keys

#archlinux #gnupg

Dear GnuPG packagers and builders, please upgrade libgcrypt to v1.12.2 to remove a denial of service vulnerability (estimated CVSS 3.1: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H -- 7.5 (HIGH)) Releases of other stable versions of libgcrypt are available as well.

(GnuPG versions >= 2.5.7 are not affected due to the use of a different encryption API.)

See https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html for details.

#GnuPG #EndtoEndCrypto #FreeSoftware #LibrePGP