symbol Asset 1

RNP 0.14.0 released

Author’s picture Nickolay Olshevsky on 21 Jan 2021

General

After a long delay the next version of the library and CLI was released. Major FFI, CLI and security improvements and compatibility fixes. Also now it can be built for Windows via MSVC and MinGW/MSYS2.

  • Improved key validation: require to have at least one valid, non-expiring self signature.

  • Added support for 'stripped' keys without userids and certifications but with valid subkey binding signature.

  • Added support for Windows via MinGW/MSYS2.

  • Added support for Windows via MSVC.

  • Fixed secret key locking when it is updated with new signatures/subkeys.

  • Fixed key expiry/flags calculation (take in account only the latest valid self-signature/subkey binding).

  • Fixed MDC reading if it appears on 8k boundary.

  • Disabled logging by default in release builds and added support for environment variable RNP_LOG_CONSOLE to enable it back.

  • Fixed leading zeroes for secp521r1 b & n field constants.

  • Allowed keys and signatures with invalid MPI bit count.

  • Added support for private/experimental signature subpackets, used by GnuPG and other implementations.

  • Added support for reserved/placeholder signatures.

  • Added support for zero-size userid/attr packet.

  • Relaxed packet dumping, ignoring invalid packets and allowing to find wrong packet easier.

  • Improved logging of errored keys/subkeys information for easier debugging.

  • Fixed support for old RSA sign-only/encrypt-only and ElGamal encrypt-and-sign keys.

  • Fixed support for ElGamal keys larger then 3072 bits.

  • Fixed symbol visibility so only FFI functions are exposed outside of the library.

  • Added support for unwrapping of raw literal packets.

  • Fixed crash with non-detached signature input, fed into the rnp_op_verify_detached_create().

  • Significantly reduced memory usage for the keys large number of signatures.

  • Fixed long armor header lines processing.

  • Added basic support for GnuPG’s offline primary keys (gnupg --export-secret-subkeys) and secret keys, stored on card.

  • Fixed primary key binding signature validation when hash algorithm differs from the one used in the subkey binding signature.

  • Fixed multiple memory leaks related to invalid algorithms/versions/etc.

  • Fixed possible crashes during processing of malformed armored input.

  • Limited allowed nesting levels for OpenPGP packets.

  • Fixed support for text-mode signatures.

  • Replaced strcpy calls with std::string and memcpy where applicable.

  • Removed usage of mktemp, replacing it with mkstemp.

  • Replaced usage of deprecated botan_pbkdf() with botan_pwdhash().

  • Added support for the marker packet, issued by some implementations.

  • Added support for unknown experimental s2ks.

  • Fixed armored message contents detection (so armored revocation signature is not more reported as the public key).

  • Changed behaviour to use latest encryption subkey by default.

  • Fixed support for widechar parameters/file names on Windows.

  • Implemented userid validity checks so only certified/non-expired/non-revoked userid may be searched.

  • Fixed GnuPG compatibility issues with CR (\r) characters in text-mode and cleartext-signed documents.

  • Improved performance of the key/uid signatures access.

  • Migrated tests to the Python 3.

  • Migrated most of the internal code to C++.

CLI

  • Do not load keyring when it is not required, avoiding extra keyring not found output.

  • Input/output data via the tty, if available, instead of stdin/stdout.

  • Fixed possible crash when HOME variable is not set.

  • rnpkeys: Added --import-sigs and changed behavior of --import to check whether input is key or signature.

  • rnpkeys: Added --export-rev command to export key’s revocation, parameters --rev-type, --rev-reason.

  • rnpkeys: Added --revoke-key command.

  • rnpkeys: Added --permissive parameter to --import-keys command.

  • rnpkeys: Added --password options, allowing to specify password and/or generate unprotected key.

FFI

  • Added keystore type constants RNP_KEYSTORE_*.

  • Added rnp_import_signatures.

  • Added rnp_key_export_revocation.

  • Added rnp_key_revoke.

  • Added rnp_request_password.

  • Added rnp_key_set_expiration to update key’s/subkey’s expiration time.

  • Added flag RNP_LOAD_SAVE_PERMISSIVE to rnp_import_keys, allowing to skip erroneous packets.

  • Added flag RNP_LOAD_SAVE_SINGLE, allowing to import keys one-by-one.

  • Added rnp_op_verify_get_protection_info to check mode and cipher used to encrypt message.

  • Added functions to retrieve recipients information (rnp_op_verify_get_recipient_count, rnp_op_verify_get_symenc_count, etc.).

  • Added flag RNP_KEY_REMOVE_SUBKEYS to rnp_key_remove function.

  • Added function rnp_output_pipe allowing to write data from input to the output.

  • Added function rnp_output_armor_set_line_length allowing to change base64 encoding line length.

  • Added function rnp_key_export_autocrypt to export public key in autocrypt-compatible format.

  • Added functions to retrieve information about the secret key’s protection (rnp_key_get_protection_type, etc.).

  • Added functions rnp_uid_get_type, rnp_uid_get_data, rnp_uid_is_primary.

  • Added function rnp_uid_is_valid.

  • Added functions rnp_key_get_revocation_signature and rnp_uid_get_revocation_signature.

  • Added function rnp_signature_get_type.

  • Added function rnp_signature_is_valid.

  • Added functions rnp_key_is_valid and rnp_key_valid_till.

  • Added exception guard to FFI boundary.

  • Fixed documentation for the rnp_unload_keys function.

Security

  • Removed version header from armored messages (see [1] ).

  • Enabled fuzzing via oss-fuzz and fixed reported issues.

  • Fixed a bunch of issues reported by static analyzer.

  • Require at least Botan 2.14.0.