ProHoster > Blog > internet nhau > Kuburitswa kweGnuPG 2.4.0

Kuburitswa kweGnuPG 2.4.0

Mushure memakore mashanu ebudiriro, kuburitswa kweGnuPG 2.4.0 (GNU Privacy Guard) toolkit inoratidzwa, inoenderana neOpenPGP (RFC-4880) uye S/MIME zviyero, uye inopa zvinoshandiswa pakuvharirwa kwedata, kushanda nemasiginecha emagetsi, kiyi. manejimendi uye kuwana makiyi ekuchengetera veruzhinji.

GnuPG 2.4.0 inomisikidzwa sekutanga kuburitswa kwebazi idzva rakatsiga, iro rinosanganisa shanduko dzakaunganidzwa panguva yekugadzirira kwe2.3.x kuburitswa. Bazi 2.2 rakadzoserwa kubazi rekare rakatsiga, iro richatsigirwa kusvika kupera kwa2024. Iyo GnuPG 1.4 bazi rinoramba richichengetedzwa seyechinyakare nhevedzano inoshandisa zvishoma zviwanikwa, inokodzera yakamisikidzwa masisitimu, uye inoenderana nenhaka encryption algorithms.

Shanduko dzakakosha muGnuPG 2.4 zvichienzaniswa neyakapfuura yakagadzikana bazi 2.2:

  • Maitiro ekumashure akawedzerwa kuita dhatabhesi yakakosha, uchishandisa SQLite DBMS yekuchengetedza uye kuratidza kukurumidza kukurumidza kutsvaga makiyi. Kugonesa nzvimbo itsva, unofanira kugonesa "use-keyboxd" sarudzo in common.conf.
  • Yakawedzerwa tpm2d yekumashure maitiro ekubvumidza TPM 2.0 machipi kuti ashandiswe kuchengetedza zvakavanzika makiyi uye kuita encryption kana dijitari siginecha mashandiro padivi reTPM module.
  • Iyo itsva gpg-kadhi yekushandisa yawedzerwa, iyo inogona kushandiswa seinochinjika interface kune ese anotsigirwa smart kadhi mhando.
  • Yakawedzera itsva gpg-auth utility yekusimbisa.
  • Yakawedzera faira itsva yakajairika, common.conf, iyo inoshandiswa kugonesa keyboxd background process pasina kuwedzera marongero ku gpg.conf uye gpgsm.conf zvakasiyana.
  • Tsigiro yevhezheni yechishanu yemakiyi uye siginecha yedhijitari inopihwa, iyo inoshandisa iyo SHA256 algorithm panzvimbo yeSHA1.
  • Iwo default algorithms emakiyi eruzhinji ari ed25519 uye cv25519.
  • Yakawedzerwa rutsigiro rweAEAD block encryption modes OCB uye EAX.
  • Yakawedzerwa rutsigiro rweX448 elliptic curves (ed448, cv448).
  • Inotenderwa kushandisa mazita emapoka muzvinyorwa zvakakosha.
  • Yakawedzerwa "--chuid" sarudzo kune gpg, gpgsm, gpgconf, gpg-kadhi uye gpg-batanidza-agent kuti uchinje mushandisi ID.
  • PaWindows papuratifomu, kutsigirwa kwakazara kweUnicode kunoitwa pamutsetse wekuraira.
  • Yakawedzerwa kuvaka sarudzo "--ne-tss" kusarudza raibhurari yeTSS.
  • gpgsm inowedzera kutsigirwa kweECC uye kugona kugadzira zvitupa zveEdDSA. Yakawedzera tsigiro yekubvisa data yakavharidzirwa uchishandisa password. Yakawedzera rutsigiro rweAES-GCM decryption. Yakawedzera sarudzo nyowani "--ldapserver" uye "--show-certs".
  • Mumiririri anobvumira kushandiswa kwe "Label:" kukosha mukiyi faira kugadzirisa iyo PIN yekuchimbidza. Yakaitwa tsigiro ye ssh-agent edzedzero yezvakasiyana nharaunda. Yakawedzera Win32-OpenSSH emulation kuburikidza negpg-agent. Kugadzira zvigunwe zveSSH makiyi, iyo SHA-256 algorithm inoshandiswa nekukasira. Yakawedzerwa "--pinentry-formatted-passphrase" uye "--check-sym-passphrase-pattern" sarudzo.
  • Scd yakavandudza rutsigiro rwekushanda nevaverengi vemakadhi akawanda uye tokeni. Iko kugona kushandisa akati wandei maapplication ane chaiyo smart kadhi kwaitwa. Yakawedzerwa rutsigiro rwemakadhi ePIV, Telesec Siginecha Makadhi v2.0 uye Rohde&Schwarz Cybersecurity. Yakawedzera sarudzo nyowani "--application-priority" uye "--pcsc-yakagoverwa".
  • Iyo "--show-configs" sarudzo yakawedzerwa kune gpgconf utility.
  • Kuchinja mu gpg:
    • Yakawedzerwa parameter "-list-filter" yekusarudza kugadzira rondedzero yemakiyi, semuenzaniso "gpg -k --list-filter 'select=revoked-f && sub/algostr=ed25519β€²".
    • Yakawedzera mirairo mitsva uye sarudzo: "--quick-update-pref", "show-pref", "show-pref-verbose", "-export-filter export-revocs", "-full-timestrings", "-min - rsa-length", "--forbid-gen-key", "--override-compliance-check", "--force-sign-key" uye "--no-auto-trust-new-key".
    • Yakawedzera tsigiro yekuunza kunze tsika zvitupa zvekuramwa mazita.
    • Kuongororwa kwemasiginecha edhijitari kwakakwidziridzwa ka10 kana kudarika.
    • Mhedzisiro yemhedzisiro ikozvino inotsamira pane "--sender" sarudzo uye ID yemusiki wemasaini.
    • Yakawedzera kugona kutumira kunze Ed448 makiyi eSSH.
    • Chete OCB modhi inotenderwa yeAEAD encryption.
    • Decryption pasina kiyi yeruzhinji inobvumidzwa kana smart card yakaiswa.
    • Kune iyo ed448 uye cv448 algorithms, kusikwa kwemakiyi echishanu vhezheni kwave kugoneswa nechisimba.
    • Paunenge uchiunza kubva kune sevha yeLDAP, iyo ye-self-sigs-chete sarudzo inovharwa nekusarudzika.
  • gpg haichashandisi 64-bit block size algorithms ye encryption. Kushandiswa kwe3DES kunorambidzwa, uye AES inoziviswa seyakanyanya kutsigirwa algorithm. Kudzima kurambidzwa, unogona kushandisa "--bvumira-yekare-cipher-algos" sarudzo.
  • Iyo symcryptrun utility yakabviswa (yakare yakaputirwa pamusoro peiyo kunze Chiasmus utility).
  • Iyo legacy PKA kiyi yekuwana nzira yakamiswa uye sarudzo dzine chekuita nayo dzabviswa.

Source: opennet.ru

Voeg