I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Ukukhishwa kwe-GnuPG 2.4.0

Ukukhishwa kwe-GnuPG 2.4.0

Ngemva kweminyaka emihlanu yokuthuthukiswa, kwethulwa ukukhishwa kwekhithi yamathuluzi ye-GnuPG 2.4.0 (GNU Privacy Guard), ehambisana nezindinganiso ze-OpenPGP (RFC-4880) kanye ne-S/MIME, futhi ihlinzeka ngezinsiza zokubethela idatha, ukusebenza ngamasiginesha kagesi, ukhiye. ukuphathwa kanye nokufinyelela kokhiye besitoreji somphakathi.

I-GnuPG 2.4.0 ibekwe njengokukhishwa kokuqala kwegatsha elisha elizinzile, elihlanganisa izinguquko eziqoqwe phakathi nokulungiselelwa kokukhishwa okungu-2.3.x. Igatsha 2.2 lehliselwe egatsheni elidala elizinzile, elizosekelwa kuze kube sekupheleni kuka-2024. Igatsha le-GnuPG 1.4 liyaqhubeka nokugcinwa njengochungechunge lwakudala olusebenzisa izinsiza ezincane, lilungele amasistimu ashumekiwe, futhi lihambisana nama-algorithms wokubethela wefa.

Izinguquko ezibalulekile ku-GnuPG 2.4 uma kuqhathaniswa negatsha elizinzile langaphambilini elingu-2.2:

  • Inqubo yangemuva yengeziwe ukuze kusetshenziswe isizindalwazi esingukhiye, kusetshenziswa i-SQLite DBMS yokugcina nokubonisa ukusesha okushesha kakhulu kokhiye. Ukuze unike amandla indawo yokugcina entsha, kufanele unike amandla inketho ethi "use-keyboxd" ku common.conf.
  • Kwengezwe inqubo yangemuva ye-tpm2d ukuvumela ama-chips e-TPM 2.0 ukuthi asetshenziselwe ukuvikela okhiye abayimfihlo nokwenza imisebenzi yokubethela noma yesiginesha yedijithali ohlangothini lwemojuli ye-TPM.
  • Isisetshenziswa esisha sekhadi le-gpg sengeziwe, esingasetshenziswa njengesixhumi esibonakalayo esivumelana nezimo kuzo zonke izinhlobo zamakhadi ahlakaniphile asekelwayo.
  • Kwengezwe insiza entsha ye-gpg-auth yokuqinisekisa.
  • Kwengezwe ifayela elisha lokucushwa elivamile, common.conf, elisetshenziselwa ukunika amandla inqubo yangemuva ye-keyboxd ngaphandle kokwengeza izilungiselelo ku-gpg.conf kanye ne-gpgsm.conf ngokuhlukana.
  • Usekelo lwenguqulo yesihlanu yokhiye namasiginesha edijithali kunikezwa, okusebenzisa i-algorithm ye-SHA256 esikhundleni se-SHA1.
  • Ama-algorithms azenzakalelayo okhiye basesidlangalaleni yi-ed25519 kanye ne-cv25519.
  • Usekelo olungeziwe lwe-AEAD block encryption modes OCB kanye ne-EAX.
  • Usekelo olungeziwe lwe-X448 elliptic curves (ed448, cv448).
  • Kuvunyelwe ukusebenzisa amagama eqembu ohlwini lokhiye.
  • Kwengezwe inketho ethi "--chuid" ku-gpg, gpgsm, gpgconf, gpg-card kanye ne-gpg-connect-ejenti ukuze uguqule i-ID yomsebenzisi.
  • Eplathifomu yeWindows, ukwesekwa okugcwele kwe-Unicode kusetshenziswa kulayini womyalo.
  • Kwengezwe inketho yokwakha "--with-tss" ukuze ukhethe umtapo wezincwadi we-TSS.
  • I-gpgsm yengeza ukwesekwa kwe-ECC okuyisisekelo kanye nekhono lokudala izitifiketi ze-EdDSA. Usekelo olungeziwe lokususa ukubethela kwedatha ebethelwe kusetshenziswa iphasiwedi. Usekelo olungeziwe lokususa ukubethela kwe-AES-GCM. Kwengezwe izinketho ezintsha "--ldapserver" kanye "--show-certs".
  • Umenzeli uvumela ukusetshenziswa kwevelu ethi "Ilebula:" kufayela elingukhiye ukuze kulungiselelwe ukwaziswa kwephinikhodi. Usekelo olusetshenziswayo lwezandiso zomenzeli we-ssh zokuhlukahluka kwemvelo. Kwengezwe ukulingiswa kwe-Win32-OpenSSH nge-gpg-agent. Ukuze udale izigxivizo zeminwe zokhiye be-SSH, i-algorithm ye-SHA-256 isetshenziswa ngokuzenzakalelayo. Kwengezwe izinketho "--pinentry-formatted-passphrase" kanye "--check-sym-passphrase-pattern".
  • I-Scd ithuthukise ukwesekwa kokusebenza nabafundi bamakhadi amaningi namathokheni. Ikhono lokusebenzisa izinhlelo zokusebenza ezimbalwa ngekhadi elithile elihlakaniphile seliqalisiwe. Ukwesekwa okwengeziwe kwamakhadi e-PIV, Amakhadi Esignesha e-Telesec v2.0 kanye ne-Rohde&Schwarz Cybersecurity. Kwengezwe izinketho ezintsha "--i-application-priority" kanye ne-"--pcsc-shared".
  • Inketho ethi "--show-configs" yengezwe ensizeni ye-gpgconf.
  • Izinguquko ku-gpg:
    • Kwengezwe ipharamitha "--list-filter" ukuze ukhethe ngokukhetha uhlu lokhiye, isibonelo "gpg -k --list-filter 'select=revoked-f && sub/algostr=ed25519β€²".
    • Kwengezwe imiyalo emisha nezinketho: "--quick-update-pref", "show-pref", "show-pref-verbose", "-export-filter export-revocs", "-full-timestrings", "-min - rsa-length", "--forbid-gen-key", "--override-compliance-check", "--force-sign-key" kanye "--no-auto-trust-new-key".
    • Kwengezwe usekelo lokungenisa izinhlu zokuhoxiswa kwezitifiketi zangokwezifiso.
    • Ukuqinisekiswa kwamasiginesha edijithali kusheshiswe izikhathi eziyi-10 noma ngaphezulu.
    • Imiphumela yokuqinisekisa manje incike kunketho ethi β€œ--sender” kanye ne-ID yomdali wesiginesha.
    • Kwengezwe ikhono lokuthekelisa okhiye be-Ed448 be-SSH.
    • Imodi ye-OCB kuphela evunyelwe ukubethela kwe-AEAD.
    • Ukukhipha ikhodi ngaphandle kokhiye osesidlangalaleni kuvunyelwe uma i-smart card ifakiwe.
    • Ku-ed448 kanye ne-cv448 algorithms, ukudalwa kokhiye benguqulo yesihlanu manje sekunikwe amandla ngenkani.
    • Uma ungenisa usuka kuseva ye-LDAP, inketho yokuzibona kuphela ivaliwe ngokuzenzakalelayo.
  • I-gpg ayisasebenzisi usayizi webhulokhi we-64-bit ekubetheleni. Ukusetshenziswa kwe-3DES kunqatshelwe, futhi i-AES imenyezelwa njenge-algorithm encane esekelwe. Ukuze ukhubaze umkhawulo, ungasebenzisa inketho ethi "--allow-old-cipher-algos".
  • Insiza ye-symcryptrun isusiwe (i-isonga esiphelelwe yisikhathi phezu kwensiza yangaphandle ye-Chiasmus).
  • Indlela yokuthola ukhiye we-PKA oyifa inqanyuliwe futhi izinketho ezihlobene nayo zisusiwe.

Source: opennet.ru

Engeza amazwana