Version 0.20


Version 0.20 of Gnuk has been released.

This release is a kind of "release candidate" for version 1.0. New feature of key generation is added. No more feature will be added for version 1.0.

  • Key generation feature added

    Finally, key generation is supported. Note that it may be very slow. It may take a few minutes (or more) to generate two or three keys, when you are unlucky.

  • DnD pinentry support is deprecated

    Once, DnD pinentry was considered a great feature, but it found that it is difficult to remember moves of folders.

  • assumes using another token for authentication

    Use of another token for authentication is assumed now. This is incompatible change. Note that when you upgrade a token of version 0.19 to 0.20 (or later), you need of version 0.19.

  • KDF (Key Derivation Function) is now SHA-256

    Keystring is now computed by SHA-256 (it was SHA1 before).

  • Protection improvements (even when internal data is disclosed)

    Three improvements. (1) Even if PW1 and Reset-code is same, content of encrypted DEK is different now. (2) DEK is now encrypted and decrypted by keystring in ECB mode (it was just a kind of xor by single block CFB mode). (3) Key data plus checksum are encrypted in CFB mode with initial vector (it will be able to switch OCB mode easily).

  • LED display output change

    LED display output by Gnuk is now more reactive. It shows status code when it gets GET_STATUS message of CCID. When you communicate Gnuk by internal CCID driver of GnuPG (instead of PC/SC), and enable 'debug-disable-ticker' option in .gnupg/scdaemon.conf, it is more silent now.