8.74. gnupg2


Updated gnupg2 packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard.

Bug Fixes

BZ#638635
Previously, the secret key management daemon for GnuPG, gpg-agent, failed to encode a new iteration count value when it created a new protected key or changed an existing key. As a consequence, the key could not be unprotected and gpg-agent thus did not properly interact with a number of programs that use key decryption, such as KMail or Kleopatra. With this update, the new iteration count is encoded properly and the decryption of keys created or modified by gpg-agent no longer fails.
BZ#966493
Prior to this update, the GnuPG encryption and signing tool, gpg2, by default used CAST5, an encryption algorithm not approved by FIPS standards. Consequently, when gpg2 was run in FIPS mode, data encryption and decryption failed and caused gpg2 to terminate unexpectedly. With this update, GnuPG uses AES, a FIPS-approved encryption algorithm, and gpg2 data encryption and decryption in FIPS mode work as intended.
BZ#1006879
Previously, the GnuPG signature checking tool, gpgv2, did not correctly interact with the Libgcrypt library. As a consequence, when the gpgv command was used on a file, gpgv2 terminated unexpectedly. This update fixes the error and the gpgv command now functions correctly.
BZ#1078957
Prior to this update, GnuPG did not check for availability of the RIPEMD-160 hash function digest. Because the RIPEMD-160 algorithm is not approved by FIPS standards, GnuPG therefore terminated unexpectedly when the "gpg --verify" command was used in FIPS mode to verify a signature that contained a RIPEMD-160 hash. With this update, GnuPG properly checks for RIPEMD-160 support and the crash no longer occurs.
Users of gnupg2 are advised to upgrade to these updated packages, which fix these bugs.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.