#GnuPG 2.5.20-freepg has been released.

It contains all the latest bug fixes from upstream GnuPG, plus the usual FreePG patches.

Note that the FreePG project considers the 2.5.x branch to be experimental, and does not enable non-standard OpenPGP algorithms unless “--compliance=gnupg” is explicitly set.

Release notes
=============

Noteworthy changes in version 2.5.20-freepg (2026-05-15)
--------------------------------------------------------

* No FreePG-specific changes.

https://gitlab.com/freepg/gnupg/-/releases/gnupg-2.5.20-freepg

Upstream's release notes follow.

------

Noteworthy changes in version 2.5.20 (2026-05-13)
-------------------------------------------------

* New and extended features:

- gpgsm: Implement GCM encryption. Note that decryption works
since version 2.3.2. [T3979]

- gpgsm: New option --attribute and server command SETATTR to
include arbitrary signed or unsigned attributes into a signature.
Enable only with libksba 1.7.0 or later. [T4537]

- gpgsm: Introduce system attribute _signingCertificateV2.
[rG0335a9cb04]

* Bug fixes:

- gpg: Fix wrong assertion failure which could very rarely occur
during key signature checking. [rG693f5642f6]

- gpg: Consider certify-only keys for revocation signature check.
[T8196]

- gpgsm: Fix possible double free in the CMS parser. [T8240]

- gpgsm: Fix possible too early removal of ephemeral keys. [T8236]

- gpgsm: Avoid emitting a final FAILURE status line if --status-fd
is not used. [rG69c27fe377]

- gpgsm: Fix a regression in 2.5.19 for password encrypted GCM
data. [rG60a823c97b]

- agent: Fix not using cache for pinentry loopback. [rGd4b608a31f]

- agent: Fix command PUT_SECRET by saving input line. [rG1875bc185e]

- keyboxd: Mark keys searched but not imported via LDAP correctly
as ephemeral. [T8048]

- scdaemon: Avoid buffer overflow with SC-HSM cards providing RSA
keys > 2k. [T8244]

- dirmngr: Fix uninitialized use of the dns_any union in
dns_rr_cmp. [T8251]

Release-info: https://dev.gnupg.org/T7997

Schreibt mir eine post-quantum Nachricht!
Und steigt auf Post-Quantum um!

#gnupg #sequoia #openpgp #aes #kyber #postquantum #cryptography #quantum

-----BEGIN PGP PUBLIC KEY BLOCK-----

mEkFagceSxYAAAA/AytlcQHI0TWUyLDWm/9brPLIjkBVEb9mu922wsirsFkfTiSj
NH/Dytz45QGF8GmXb5gOqNzL44eHOqR6bRwAtBhTY2hudXIgPHNjaG51ckBtYWls
LmkycD6I6QUTFgoAaSIhBUscQadL0Gfr51DPNfPs7eXIRGo3CAqKRSeG+VL49VKE
BQJqBx5LGxSAAAAAAAQADm1hbnUyLDIuNSsxLjEyLDIsMgIbAwUJCpfdgAULCQgH
AgIiAgYVCgkICwIEFgIDAQIeBwIXgAAA6RwBxA6kGXIK9eW+fxfbP61nqTcoucrd
bYZ2GaA3xWb8aKuewghWZR5UiLMs/mg2BD84pwSmHuFjcpVVAAHIxU6LUwSj+O79
mrA9L9pFSTYgIhANDVC0pcCTSfEToMeiNfMXnN7OuVqX6HLgc3miXutr3yuZTzoA
tBtTY2hudXIgPHNjaG51ckBpMnBtYWlsLm9yZz6I6QUTFgoAaSIhBUscQadL0Gfr
51DPNfPs7eXIRGo3CAqKRSeG+VL49VKEBQJqBx7/GxSAAAAAAAQADm1hbnUyLDIu
NSsxLjEyLDIsMgIbAwUJCpfdgAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAA
g4kByOrTzFtDjQTQvJnTcp76u9ylX2b/RSYQRud5AMyF3Py3aKqbLK1/aMiBqR73
6KPSFgbZ6CpooqpoAAHI55swsGUlNrkHHUQagWnklEWF30DtybTigM2t1di2fXYs
8KIOFo4zZY8wee6m+HlWyawm5ZgvnzUAtB9TY2hudXIgPHNjaG51ckBob3JzZWZ1
Y2tlci5vcmc+iOkFExYKAGkiIQVLHEGnS9Bn6+dQzzXz7O3lyERqNwgKikUnhvlS
+PVShAUCagcfMxsUgAAAAAAEAA5tYW51MiwyLjUrMS4xMiwyLDICGwMFCQqX3YAF
CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AAAIS8Aci/4qM4a3eIozLg7Zr+wnT8
LP3Zj4Lexe92uyQF4pvB0NrA89MlVagPsyntdcvUYmiuS+ch/SZWugABxREs7rSN
zii3nWftV5C6/SBcPGPulP+uY/0sOhqSs+8UvHhmjj8/dfhFGBIcFjEy3CxKKlPG
m1UAALQiU2NobnVyIDxhbm9uc2NobnVyQHBhcmFub2lkLmVtYWlsPojpBRMWCgBp
IiEFSxxBp0vQZ+vnUM818+zt5chEajcICopFJ4b5Uvj1UoQFAmoHH6cbFIAAAAAA
BAAObWFudTIsMi41KzEuMTIsMiwyAhsDBQkKl92ABQsJCAcCAiICBhUKCQgLAgQW
AgMBAh4HAheAAAB7/AHFEBSwAtD1T5bOW8YkHvcExBvzAGljd96L4Ww/Xjqr33Jv
upx+JjFd+Dhy9r4azOMRbZlQ69OEjQWAAcd5lDUUeMYd3aQiFR885kJv70SgQUxi
NOi9RRUmyAcchhSFRw3y021Iq94HbBRlDpCgW4w6xtUAGAC5BmwFagceSwgAAAZi
AytlbwHAgGFSx/MUSL3W1Vwe14zyB6qODVlbqrkBeDy2yYVRdKrjCeNZZ7cCfBg6
DJo3oUJCPfZwZbmPul0AAAYgqUYrC3WodTVkr5xXcgaQ8oGfQcNyPZWVVHcMUDF5
0vd7ujh5idh+mMxkz8QEztWD1BCxB3UzcyKoVnhI+Tiu3veYdAVGhCs+UZGY7gOC
K1WYM0CG2jNJu8V5aDS8WbjDoqPELPLMTMPOUhUKL2G1TghjjVBKKAxymViqA/rL
sPFUJKXCV3gif6ZsnfwR8XGcxbJh8tl7HxB20iUxYKtpQljA/EFjOVQeVYJ6+5Wh
tOYycbC906mHqZrIVYy6ojdju4KVyCzLnmGNcVkY58e7ChC3dMNpaFgARGFZ4YPB
xOENmYFQr+sqjvAwrweMRza94XJ6wmoZ9aW/QdNhUgpNouxgkFgWPRkUAkVp7pV6
URd/O5PAOhm141RnALRtdWOvHfKVlqcEPcxuCloQppeinGZhN+ALzeEPT2ucRrej
o8Ei4BxDfmWkiHmtj5VM9nu54UhJNCdS8WtPJeRu68VmxNXHFmzGoGMuSjd9z8d5
CeieimOYPxvJ9BunQ9toYVUHAKxIIzAN2ySQwQVlVnupdLQHXpIIxHInM9e7bWcU
KUY4LJlXqeJZkzDFaNlvepDMu3iR+LpwCGs1ppFxu3h9pFOZx8BmOYGQS1WU65qf
Phu08oVsmWVoBFZua4c762tzyQuNBLOYtMxPN+g/keE4xRbI5OFeQfh5TtmlEGV0
pfGITMl2YZIQpAorxuAHutu/kad+lJEiHLGen9McD+TO0mfOI9iELOmfXJgOFbiG
LHByj2ORozZzkTGqEmZYxLoO1bE4oMVKBJgGDTh66IJoVAeLSZed0ac39PILmnQi
e9Bkwoe26Je49EVfVfgjovwImUuPFwG99phBfGQO8jIywcKNQCfOiwO82LOok/mT
zTOcT3SASsWU6uypSTIRJiYdMAVdfXdIUeZ0i4h1JbcJCHgU/Qt+7RK+YCFPCPAE
LyOuzoNjBMy9xXkELZyUHmRd0AuTpNA2VFsueeCeqqqFc3MTJ5lVbYSZVMrAZIA2
LjEXflp9Hrk5KIC8uJMlQXJ8+fQTPodBibKts2iBkCsBlKKVHACm1jojKYd7oBAh
RJawGRykj6mYPsHAWpa2BrBoWAmKz8rAjyoTaBwSOwTOMCEIGKiRygYTYpBRpHmU
ZksP6UqNhDsx5zYeZlW853YXmXY5DIPDpmQFGYqUSRdqHlWHlkiGxpWFtWRMb4Ml
uOhrjshueXUyy5yeFxOZnpVCA8nNe7t1nWtfIEh7JMelBkIGcFo3SDRWKFa/8pAg
rGNvdhw5gzCNn2k/KQmZtyiBl1QqJ2DFZWoYeLtrwBBMiqcyuYbMp0EBnBB5aroM
7FsRw+EKpaKzACmvuqeULze8gzUg8Zqjzyof9BZW8YiLUuw9QbKl9dfGzVwPOgW/
IEIl+vZJScA60nOO/XFJ+TjJtYq2flLA98EUCAwtPCJYBqk8c4ghd6ItiXq8EoAk
Sgo9bCEQI4ZFdCM5GZkT6EZBCxrP1IFFUVebOnUiQ9wh95VL+5Zk0pMu+4GYVSma
z9oSY4tAYaiOH6poTKwhYbWf3tInA6AZhHagZpcEA9XOzpgTKBQjNKOspPpYwom7
E6GHTEyI3EzF+oYF/ncqzdtP9kYXxxGIfxkzNrjAfDtwrowXLuRT8WWj7xogTVOe
bDC71lamIaW+RuxqVgZndryctRqsZthfG1xswASboxof+Yu3gOFJh3BEy2Ipbchy
rgSBLckIq7atMnnINayaq3miFrZby6V1iSueolS/IBx0N5VYm9x2IKXEohkjFOFH
jqR3DKOS14erICCaIOjIoJPPuOodkMSXahComsqxamiJWho6qDEQQLlBS1k6bTyy
bCeESqxU/whiSLJsh9doYvQA5DoG2Cat2fOwZGs2SwEjJtVDN9l1OmuzwUcoUZUd
OdmffsKxDvuVQvzMtnc3myS23nRDYHK5g+xpx6F3jAKvp1aFzCW4BBN8UqsDWtWu
nNGGHdlSj+pUg0nNjkANlrplVecqdPAhm5i8cINe+aJZyfgEOcp5/6m5drINylNq
pMNOEdy+ImkvFmc11iKKmmcZuziOFUHu6cGDNTEV/y7kmPdXmJh3gV8LnwihNWD8
ytKIzgUYFgoATiIhBUscQadL0Gfr51DPNfPs7eXIRGo3CAqKRSeG+VL49VKEBQJq
Bx5LGxSAAAAAAAQADm1hbnUyLDIuNSsxLjEyLDIsMgIbDAUJCpfdgAAAsQgByOwk
vYE/vYDHeXRWG7UPBUxCxAykZwOz2jqFBSD8e/riTzTx85nVkUIRXb4mmBhp73DT
HLbhgOOwgAHI5TS2rCxCNqr/4u8wmf2ppt5mf68E/hwFODvRQKdIawFyu9hS8rGa
ZInzyeVq1UkMl+EIy/jXEC4A
=JLo6
-----END PGP PUBLIC KEY BLOCK-----

#OpenPGP #LibrePGP #GnuPG
昨年の記事だが，よいまとめ発見

＞OpenPGPとLibrePGP―GnuPGとそれ以外の実装での対立
https://kris.fail/posts/opgpvslpgp/

📢 CryptoParty Istanbul 🪩

Dört yıllık bir aranın ardından yeniden; dijital ve kısmen fiziksel alanlarda kendimizi nasıl koruyabileceğimizi ve #GnuPG, #Tor, OMEMO ve #VPN gibi araçları nasıl kullanabileceğimizi konuşacağız.

Bilgisayarınızı getirmeyi unutmayın!

📅 16 Mayıs 2026 Cumartesi
🕝 14:30
🏛 Kadıköy Belediyesi Barış Manço Kültür Merkezi - 1. Kat Atölye

Exciting news from the coalface! The first beta of Hockeypuck 2.4 with PQC support is now live on https://test.pgpkeys.eu for public evaluation.

#OpenPGP is going post-quantum in 2026, and the #Hockeypuck #keyserver software is prepared to distribute post-quantum-safe OpenPGP certificates.

Hockeypuck 2.4-beta1 supports post-quantum-safe signing and encryption algorithms based on ML-DSA-65, ML-DSA-87, ML-KEM-768, and ML-KEM-1024, each used in hybrid mode with either curve25519 or curve448 ECC. These are the mandatory and recommended algorithms from the upcoming OpenPGP PQC spec [1].

In order to distribute the new primary (signing) keys safely, without adversely impacting older client software, they are only distributed over the HKPv2 API. Hockeypuck implements the `certs`, `index` and `prefixlog` endpoints as defined in the latest HKP draft spec [2]. These enable upload, download, and querying of PQC-enabled primary keys.

PQC encryption subkeys using ML-KEM-65 are also distributed over the legacy HKP interface if they are attached to a v4 primary key, because these are safely ignored by #GnuPG.

(GnuPG’s “kyber” algorithms are unfortunately not supported due to interoperability issues)

Hockeypuck 2.4 development has been kindly supported by @NGIZero Core.

[1] https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc
[2] https://datatracker.ietf.org/doc/html/draft-gallagher-openpgp-hkp