Version 0.14.0

Major FFI, CLI and security improvements and compatibility fixes, and Windows support.

General

• Improved key validation: require to have at least one valid, non-expiring self signature.
• Added support for 'stripped' keys without userids and certifications but with valid subkey binding signature.
• Added support for Windows via MinGW/MSYS2.
• Added support for Windows via MSVC.
• Fixed secret key locking when it is updated with new signatures/subkeys.
• Fixed key expiry/flags calculation (take in account only the latest valid self-signature/subkey binding).
• Fixed MDC reading if it appears on 8k boundary.
• Disabled logging by default in release builds and added support for environment variable RNP_LOG_CONSOLE to enable it back.
• Fixed leading zeroes for secp521r1 b & n field constants.
• Allowed keys and signatures with invalid MPI bit count.
• Added support for private/experimental signature subpackets, used by GnuPG and other implementations.
• Added support for reserved/placeholder signatures.
• Added support for zero-size userid/attr packet.
• Relaxed packet dumping, ignoring invalid packets and allowing to find wrong packet easier.
• Improved logging of errored keys/subkeys information for easier debugging.
• Fixed support for old RSA sign-only/encrypt-only and ElGamal encrypt-and-sign keys.
• Fixed support for ElGamal keys larger then 3072 bits.
• Fixed symbol visibility so only FFI functions are exposed outside of the library.
• Added support for unwrapping of raw literal packets.
• Fixed crash with non-detached signature input, fed into the rnp_op_verify_detached_create().
• Significantly reduced memory usage for the keys large number of signatures.
• Fixed long armor header lines processing.
• Added basic support for GnuPG's offline primary keys (gnupg --export-secret-subkeys) and secret keys, stored on card.
• Fixed primary key binding signature validation when hash algorithm differs from the one used in the subkey binding signature.
• Fixed multiple memory leaks related to invalid algorithms/versions/etc.
• Fixed possible crashes during processing of malformed armored input.
• Limited allowed nesting levels for OpenPGP packets.
• Fixed support for text-mode signatures.
• Replaced strcpy calls with std::string and memcpy where applicable.
• Removed usage of mktemp, replacing it with mkstemp.
• Replaced usage of deprecated botan_pbkdf() with botan_pwdhash().
• Added support for the marker packet, issued by some implementations.
• Added support for unknown experimental s2ks.
• Fixed armored message contents detection (so armored revocation signature is not more reported as the public key).
• Changed behaviour to use latest encryption subkey by default.
• Fixed support for widechar parameters/file names on Windows.
• Implemented userid validity checks so only certified/non-expired/non-revoked userid may be searched.
• Fixed GnuPG compatibility issues with CR (\r) characters in text-mode and cleartext-signed documents.
• Improved performance of the key/uid signatures access.
• Migrated tests to the Python 3.
• Migrated most of the internal code to C++.

CLI

• Do not load keyring when it is not required, avoiding extra keyring not found output.
• Input/output data via the tty, if available, instead of stdin/stdout.
• Fixed possible crash when HOME variable is not set.
• rnpkeys: Added --import-sigs and changed behavior of --import to check whether input is key or signature.
• rnpkeys: Added --export-rev command to export key's revocation, parameters --rev-type, --rev-reason.
• rnpkeys: Added --revoke-key command.
• rnpkeys: Added --permissive parameter to --import-keys command.
• rnpkeys: Added --password options, allowing to specify password and/or generate unprotected key.

FFI

• Added keystore type constants RNP_KEYSTORE_*.
• Added rnp_import_signatures.
• Added rnp_key_export_revocation.
• Added rnp_key_revoke.
• Added rnp_request_password.
• Added rnp_key_set_expiration to update key's/subkey's expiration time.
• Added flag RNP_LOAD_SAVE_PERMISSIVE to rnp_import_keys, allowing to skip erroneous packets.
• Added flag RNP_LOAD_SAVE_SINGLE, allowing to import keys one-by-one.
• Added rnp_op_verify_get_protection_info to check mode and cipher used to encrypt message.
• Added functions to retrieve recipients information (rnp_op_verify_get_recipient_count, rnp_op_verify_get_symenc_count, etc.).
• Added flag RNP_KEY_REMOVE_SUBKEYS to rnp_key_remove function.
• Added function rnp_output_pipe allowing to write data from input to the output.
• Added function rnp_output_armor_set_line_length allowing to change base64 encoding line length.
• Added function rnp_key_export_autocrypt to export public key in autocrypt-compatible format.
• Added functions to retrieve information about the secret key's protection (rnp_key_get_protection_type, etc.).
• Added functions rnp_uid_get_type, rnp_uid_get_data, rnp_uid_is_primary.
• Added function rnp_uid_is_valid.
• Added functions rnp_key_get_revocation_signature and rnp_uid_get_revocation_signature.
• Added function rnp_signature_get_type.
• Added function rnp_signature_is_valid.
• Added functions rnp_key_is_valid and rnp_key_valid_till.
• Added exception guard to FFI boundary.
• Fixed documentation for the rnp_unload_keys function.

Security

• Removed version header from armored messages (see https://mailarchive.ietf.org/arch/msg/openpgp/KikdJaxvdulxIRX_yxU2_i3lQ7A/ ).
• Enabled fuzzing via oss-fuzz and fixed reported issues.
• Fixed a bunch of issues reported by static analyzer.
• Require at least Botan 2.14.0.

OpenPGP signing key

Fingerprint: BEDBA05C1E6EE2DFB4BA72E1EC5D520AD90A7262