Version 0.18.1

Security

• Fixed critical issue where PKESK (public-key encrypted) session keys were
  generated as all-zero, allowing trivial decryption of messages encrypted with
  public keys only (CVE-2025-13470, CVE-2025-13402,
  https://bugzilla.redhat.com/show_bug.cgi?id=2415863).

OpenPGP signing key

Fingerprint: 31AF5A24D861EFCB7CB79A1924900CE0AEFB5417

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEYOUN0RYJKwYBBAHaRw8BAQdA3FRB/1WGnBDheAOEENZ1jnwOlzWyCGTmZi7u
d824hiW0LFJOUEdQIFJlbGVhc2UgU2lnbmluZyBLZXkgPHJucGdwQHJpYm9zZS5j
b20+iJYEExYIAD4WIQQxr1ok2GHvy3y3mhkkkAzgrvtUFwUCYOUN0QIbAQUJbeHV
gAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAkkAzgrvtUF42MAQDXfgjYWWqR
PkCvVhDQEjJVETNmwSgfhG/q3pMmGSlJFQD/ZJI9KhowbzGU0/qDXDERPoR2FYB5
xx4BwotTOwketw64MwRjGxr6FgkrBgEEAdpHDwEBB0B5WpvGuJLXoMdAAIyNfOjd
Z7ittaBksxh/mfCPKcXrPoj1BBgWCAAmAhsCFiEEMa9aJNhh78t8t5oZJJAM4K77
VBcFAmg90F0FCQcD6OMAgXYgBBkWCAAdFiEEUNpZ1bkTT6LbHrIM+4KatdD+AX8F
AmMbGvoACgkQ+4KatdD+AX9mLgD9HARnXtmtfKfSSJj8M/oFIi2n/pKT2EbsqmRG
oLdppawBAPY/p5lXqlZuFCnUL+RBi2AFss4xSqYCD7l8x26GZrAECRAkkAzgrvtU
F3UaAP4ibyzghsJdIpg5XHwa/4azW29Lzjnjl8KcSyeG98g6EwD/UhyV15eM8Drj
P6KdjUPYFEJFxgEEhCH5HvA8/RkbWw8=
=/0Ub
-----END PGP PUBLIC KEY BLOCK-----

Version 0.18.0 (RETRACTED)

WARNING: The 0.18.0 release is subject to a public key generated session key vulnerability, and is hence retracted as of 2025-11-20.

WARNING: Please upgrade to 0.18.1 immediately.

General

• Discourage use of EAX AEAD mode
• Generate RSA 3072-bit keys by default
• Support dearmoring of GnuPG-armored files (with ARMORED FILE header)
• Generate rnp_ver.h header
• Support DSA 4096 bit keys as some entities use them
• Mark signatures, produced by encrypt-only key or subkey, as invalid
• Allow extra spaces during armored key import
• Better support of Botan 3.5.0+
• Compatibility fixes for different systems
• Update hash function from the weak one on change of the key expiration
• Do not allow 64-bit ciphers for encryption without explicit option
• Internal refactoring and performance updates

FFI

• Added functions rnp_signature_error_count()/rnp_signature_error_at() to check why signature validation failed.
• Added functions to create and customize key certifications: rnp_key_certification_create(), rnp_key_signature_set_*/rnp_key_signature_get_*

OpenPGP signing key

Fingerprint: 31AF5A24D861EFCB7CB79A1924900CE0AEFB5417

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEYOUN0RYJKwYBBAHaRw8BAQdA3FRB/1WGnBDheAOEENZ1jnwOlzWyCGTmZi7u
d824hiW0LFJOUEdQIFJlbGVhc2UgU2lnbmluZyBLZXkgPHJucGdwQHJpYm9zZS5j
b20+iJYEExYIAD4WIQQxr1ok2GHvy3y3mhkkkAzgrvtUFwUCYOUN0QIbAQUJbeHV
gAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAkkAzgrvtUF42MAQDXfgjYWWqR
PkCvVhDQEjJVETNmwSgfhG/q3pMmGSlJFQD/ZJI9KhowbzGU0/qDXDERPoR2FYB5
xx4BwotTOwketw64MwRjGxr6FgkrBgEEAdpHDwEBB0B5WpvGuJLXoMdAAIyNfOjd
Z7ittaBksxh/mfCPKcXrPoj1BBgWCAAmAhsCFiEEMa9aJNhh78t8t5oZJJAM4K77
VBcFAmg90F0FCQcD6OMAgXYgBBkWCAAdFiEEUNpZ1bkTT6LbHrIM+4KatdD+AX8F
AmMbGvoACgkQ+4KatdD+AX9mLgD9HARnXtmtfKfSSJj8M/oFIi2n/pKT2EbsqmRG
oLdppawBAPY/p5lXqlZuFCnUL+RBi2AFss4xSqYCD7l8x26GZrAECRAkkAzgrvtU
F3UaAP4ibyzghsJdIpg5XHwa/4azW29Lzjnjl8KcSyeG98g6EwD/UhyV15eM8Drj
P6KdjUPYFEJFxgEEhCH5HvA8/RkbWw8=
=/0Ub
-----END PGP PUBLIC KEY BLOCK-----

Version 0.17.1

General

• Added support for Botan 3.
• Updated support for OpenSSL 3.
• Added support for mimemode in literal data packet.
• Relaxed Base64 decoding to allow spaces after the checksum.

FFI

• Added functions rnp_key_set_features() and rnp_signature_get_features().

OpenPGP signing key

Fingerprint: 31AF5A24D861EFCB7CB79A1924900CE0AEFB5417

Version 0.17.0

General

• Added support for hidden recipient during decryption.
• Added support for AEAD-OCB for OpenSSL backend.
• Improve support for offline secret keys during default key selection.
• Support for GnuPG 2.3+ secret key store format.
• SExp parsing code is moved to separate library, https://github.com/rnpgp/sexp.
• Mark subkeys as expired instead of invalid if primary key is expired.
• AEAD: use OCB by default instead of EAX.
• Do not attempt to validate signatures of unexpected types.
• Use thread-safe time and date handling functions.
• Added ENABLE_BLOWFISH, ENABLE_CAST5 and ENABLE_RIPEMD160 build time options.
• Do not use EVP_PKEY_CTX_set_dsa_paramgen_q_bits() if OpenSSL backend version is < 1.1.1e.
• Corrected usage of CEK/KEK algorithms if those differs.

FFI

• Added function rnp_signature_export().
• Added flag RNP_VERIFY_ALLOW_HIDDEN_RECIPIENT to rnp_op_verify_set_flags().

CLI

• Added default armor message type for --enarmor command.
• Added command --set-filename to specify which file name should be stored in message.
• Added --add-subkey subcommand to the --edit-key.
• Added set-expire subcommand to the --edit-key.
• Added --s2k-iterations and --s2k-msec options to the rnp.
• Added --allow-weak-hash command to allow usage of weak hash algorithms.
• Report number of new/updated keys during the key import.

OpenPGP signing key

Fingerprint: 31AF5A24D861EFCB7CB79A1924900CE0AEFB5417

Version 0.16.3

Security

• Fixed issue with possible hang on malformed inputs (CVE-2023-29479).
• Fixed issue where in some cases, secret keys remain unlocked after use (CVE-2023-29480).

OpenPGP signing key

Fingerprint: 31AF5A24D861EFCB7CB79A1924900CE0AEFB5417

Version 0.16.2

General

• Fixed CMake issues with ENABLE_IDEA and ENABLE_BRAINPOOL

OpenPGP signing key

Fingerprint: 31AF5A24D861EFCB7CB79A1924900CE0AEFB5417

Version 0.16.1

General

• Ensure support for RHEL9/CentOS Stream 9/Fedora 36, updating OpenSSL backend support for v3.0.
• Optional import and export of base64-encoded keys.
• Optional raw encryption of the data.
• Optional overriding of the current timestamp.
• Do not fail completely on unknown signature versions.
• Do not fail completely on unknown PKESK/SKESK packet versions.
• Support armored messages without empty line after the headers.
• Added automatic feature detection based on backend.

Security

• Separate security rules for the data and key signatures, extending SHA1 key signature support till the Jan, 19 2024.
• Set default key expiration time to 2 years.
• Limit maximum AEAD chunk bits to 16.

FFI

• Changed behaviour of rnp_op_verify_execute(): now it requires single valid signature to succeed.
• Added function rnp_op_verify_set_flags() to override default behaviour of verification.
• Added function rnp_key_is_expired().
• Added function rnp_op_encrypt_set_flags() and flag RNP_ENCRYPT_NOWRAP to allow raw encryption.
• Added flag RNP_LOAD_SAVE_BASE64 to the function rnp_import_keys().
• Added flag RNP_KEY_EXPORT_BASE64 to the function rnp_key_export_autocrypt().
• Added function rnp_set_timestamp() to allow to override current time.
• Update security rules functions with flags RNP_SECURITY_VERIFY_KEY and RNP_SECURITY_VERIFY_DATA.

CLI

• Make password request more verbose.
• Print RSA instead of RSA (Encrypt and Sign) in the key listing to avoid confusion.
• Added option --source to specify detached signature's source file.
• Added option --no-wrap to allow raw data encryption.
• Added option --current-time to allow to override current timestamp.
• Strip known extensions (like .pgp, .asc, etc.) when decrypting or verifying data.
• Display key and signature validity status in the key listing.
• Do not attempt to use GnuPG's config to set default key.

Known issues

This release accidentally broke IDEA support, disabling it completely. Please see the issue #1901 for details.
This would be fixed in the next minor update.

OpenPGP signing key

Fingerprint: 31AF5A24D861EFCB7CB79A1924900CE0AEFB5417

Version 0.16.0

General

• Added support for OpenSSL cryptography backend so RNP may be built and used on systems without the Botan installed.
• Added compile-time switches to disable certain features (AEAD, Brainpool curves, SM2/SM3/SM4 algorithms, Twofish)
• Fixed possible incompatibility with GnuPG on x25519 secret key export from RNP to GnuPG.
• Fixed building if Git is not available.
• Fixed export of non-FFI symbols from the rnp.so/rnp.dylib.
• Fixed support for Gnu/Hurd (absence of PATH_MAX).
• Added support for None compression algorithm.
• Added support for the dumping of notation data signature subpackets.
• Fixed key expiration time calculation in the case with newer non-primary self-certification.
• Improved performance of key import (no key material checks)

Security

• Added initial support for customizable security profiles.
• Mark SHA1 signatures produced later than 2019-01-19, as invalid.
• Mark MD5 signatures produced later than 2012-01-01, as invalid.
• Remove SHA1 and 3DES from the default key preferences.
• Use SHA1 collision detection code when using SHA1.
• Mark signatures with unknown critical notation as invalid.
• Do not prematurely mark secret keys as valid.
• Validate secret key material before the first operation.
• Limit the number of possible message recipients/signatures to a reasonable value (16k).
• Limit the number of signature subpackets during parsing.

FFI

• Added functions rnp_backend_string() and rnp_backend_version().
• Added functions rnp_key_25519_bits_tweaked() and rnp_key_25519_bits_tweak() to check and fix x25519 secret key bits.
• Added security profile manipulation functions: rnp_add_security_rule(), rnp_get_security_rule(), rnp_remove_security_rule().
• Added function rnp_signature_get_expiration().
• Deprecate functions rnp_enable_debug()/rnp_disable_debug().

CLI

• Write new detailed help messages for rnp and rnpkeys.
• Added - (stdin) and env:VAR_NAME input specifiers, as well as - (stdout) output specifier.
• Do not fail with empty keyrings if those are not needed for the operation.
• Added algorithm aliases for better usability (i.e. SHA-256, SHA256, etc.).
• Added option --notty to print everything to stdout instead of TTY.
• Added command --edit-key with subcommands --check-cv25519-bits and --fix-cv25519-bits.
• Remove support for -o someoption=somevalue, which is unused.
• Remove no longer used support for additional debug dumping via --debug source.c.

OpenPGP signing key

Fingerprint: BEDBA05C1E6EE2DFB4BA72E1EC5D520AD90A7262

Version 0.15.2

General

• Be less strict in userid validation: allow to use userids with self-signature, which has key expiration in the past.
• Do not mark signature as invalid if key which produced it is expired now, but was valid during signing.
• Fix incorrect key expiration calculation in some cases.
• Fix incorrect version number in the version.txt.

FFI

• Add function rnp_key_get_default_key() to pick the default key/subkey for the specific operation.
• Allow to pass NULL hash parameter to rnp_key_add_uid() to pick the default one.
• Use the same approach as in rnp_op_encrypt_add_recipient() for encryption subkey selection in rnp_key_export_autocrypt().

CLI

• rnp: Show error message if encryption failed.
• rnpkeys : Add --expiration option to specify expiration time during key generation.

OpenPGP signing key

Fingerprint: BEDBA05C1E6EE2DFB4BA72E1EC5D520AD90A7262

Version 0.15.1

General

• Make man pages building optional.
• Fixed updating of expiration time for a key with multiple user ids.
• Fixed key expiry check for keys valid after the year 2038.
• Pick up key expiration time from direct-key signature or primary userid certification if available.

FFI

• Added function rnp_key_valid_till64() to correctly handle keys which expire after the year 2038.
• Added RNP_FEATURE_* defines to be used instead of raw strings.

Security

• Fixed issue with cleartext key data after the rnp_key_unprotect()/rnp_key_protect() calls (CVE-2021-33589).

OpenPGP signing key

Fingerprint: BEDBA05C1E6EE2DFB4BA72E1EC5D520AD90A7262