8.74. gnupg2

Bug Fixes

BZ#638635

Previously, the secret key management daemon for GnuPG, gpg-agent, failed to encode a new iteration count value when it created a new protected key or changed an existing key. As a consequence, the key could not be unprotected and gpg-agent thus did not properly interact with a number of programs that use key decryption, such as KMail or Kleopatra. With this update, the new iteration count is encoded properly and the decryption of keys created or modified by gpg-agent no longer fails.

BZ#966493

Prior to this update, the GnuPG encryption and signing tool, gpg2, by default used CAST5, an encryption algorithm not approved by FIPS standards. Consequently, when gpg2 was run in FIPS mode, data encryption and decryption failed and caused gpg2 to terminate unexpectedly. With this update, GnuPG uses AES, a FIPS-approved encryption algorithm, and gpg2 data encryption and decryption in FIPS mode work as intended.

BZ#1006879

Previously, the GnuPG signature checking tool, gpgv2, did not correctly interact with the Libgcrypt library. As a consequence, when the gpgv command was used on a file, gpgv2 terminated unexpectedly. This update fixes the error and the gpgv command now functions correctly.

BZ#1078957

Prior to this update, GnuPG did not check for availability of the RIPEMD-160 hash function digest. Because the RIPEMD-160 algorithm is not approved by FIPS standards, GnuPG therefore terminated unexpectedly when the "gpg --verify" command was used in FIPS mode to verify a signature that contained a RIPEMD-160 hash. With this update, GnuPG properly checks for RIPEMD-160 support and the crash no longer occurs.