RNP version 0.15.2 released

Nickolay Olshevsky on 06 Aug 2021

Version: RNP 0.15.2 Release date: 2021-08-05

RNP 0.15.2 introduces significant improvements to key validation, signature handling, and expiration time calculations. This release focuses on enhancing compatibility with other OpenPGP implementations while maintaining robust security practices.

Introduction

Key and signature validation are fundamental aspects of any OpenPGP implementation. This release refines RNP’s approach to these critical functions, making it more practical while maintaining security. The changes reflect real-world usage patterns and improve interoperability with other OpenPGP software.

Key highlights:

• Enhanced user ID validation for expired self-signatures

• Improved signature validation based on historical key status

• Fixed expiration time calculations for better key lifecycle management

Other highlights:

• New FFI function for intelligent key selection

• Enhanced user ID management in FFI

• Improved CLI error reporting

• Better encryption subkey selection

• New key generation options for expiration

Key validation improvements

User ID validation enhancements

A major enhancement in this release is the more flexible approach to user ID validation. The changes include:

• Support for user IDs with expired self-signatures

• Better handling of historical validity periods

• Improved compatibility with existing key infrastructure

• More intuitive behavior for end users

This refinement helps users maintain access to their identities while preserving the security benefits of key expiration mechanisms.

Signature validation improvements

RNP now recognizes historical validity of keys during signature verification.

Signatures are now validated based on the key’s status at the time of signing. This means a signature is not considered as "invalid" if the key which produced it was valid during signing, even when it is expired at verification time.

Expired keys no longer invalidate their previously valid signatures. This approach better aligns with OpenPGP specification requirements and other implementations.

This change ensures that valid signatures remain verifiable even after key expiration, which is particularly important for long-term document verification.

Expiration time handling

Several improvements have been made to key expiration handling:

• Fixed incorrect expiration time calculations in edge cases

• More accurate handling of certification expiration dates

• Better synchronization between primary keys and user IDs

• Improved handling of overlapping validity periods

These fixes ensure more reliable key lifecycle management and prevent unexpected key invalidation.

Developer improvements

FFI enhancements

New FFI capabilities have been added to improve integration flexibility:

• rnp_key_get_default_key() function for intelligent key selection

  • Automatically selects appropriate subkeys for operations

  • Considers key capabilities and validity

  • Improves application usability

• Enhanced user ID management

  • NULL hash parameter support in rnp_key_add_uid()

  • Automatic selection of appropriate hash algorithms

  • Simplified API usage

• Consistent encryption subkey selection

  • Unified approach across different encryption operations

  • Improved Autocrypt compatibility

  • More predictable behavior for developers

Command-line interface improvements

The CLI tools have received important usability improvements:

• Better error reporting for encryption operations in rnp

  • Clear error messages when encryption fails

  • Improved debugging capabilities

  • Better user experience

• New key generation options in rnpkeys

  • rnpkeys now provides an --expiration option for setting key validity periods

  • More flexible key lifecycle management

  • Better control over key properties

Looking ahead

RNP 0.15.2 represents an important step in improving the usability and reliability of OpenPGP implementations. The changes demonstrate RNP’s commitment to:

• Practical security measures

• Enhanced compatibility

• Improved developer experience

• Better end-user usability

For detailed technical information and the complete list of changes, please visit the release page.