Version 0.20 of Gnuk has been released.
This release is a kind of "release candidate" for version 1.0. New feature of key generation is added. No more feature will be added for version 1.0.
Key generation feature added
Finally, key generation is supported. Note that it may be very slow. It may take a few minutes (or more) to generate two or three keys, when you are unlucky.
DnD pinentry support is deprecated
Once, DnD pinentry was considered a great feature, but it found that it is difficult to remember moves of folders.
gnuk_upgrade.py assumes using another token for authentication
Use of another token for authentication is assumed now. This is incompatible change. Note that when you upgrade a token of version 0.19 to 0.20 (or later), you need gnuk_upgrade.py of version 0.19.
KDF (Key Derivation Function) is now SHA-256
Keystring is now computed by SHA-256 (it was SHA1 before).
Protection improvements (even when internal data is disclosed)
Three improvements. (1) Even if PW1 and Reset-code is same, content of encrypted DEK is different now. (2) DEK is now encrypted and decrypted by keystring in ECB mode (it was just a kind of xor by single block CFB mode). (3) Key data plus checksum are encrypted in CFB mode with initial vector (it will be able to switch OCB mode easily).
LED display output change
LED display output by Gnuk is now more reactive. It shows status code when it gets GET_STATUS message of CCID. When you communicate Gnuk by internal CCID driver of GnuPG (instead of PC/SC), and enable 'debug-disable-ticker' option in .gnupg/scdaemon.conf, it is more silent now.