Version 0.20 of Gnuk has been released.

This release is a kind of "release candidate" for version 1.0. New feature of key generation is added. No more feature will be added for version 1.0.

• Key generation feature added

  Finally, key generation is supported. Note that it may be very slow. It may take a few minutes (or more) to generate two or three keys, when you are unlucky.

• DnD pinentry support is deprecated

  Once, DnD pinentry was considered a great feature, but it found that it is difficult to remember moves of folders.

• gnuk_upgrade.py assumes using another token for authentication

  Use of another token for authentication is assumed now. This is incompatible change. Note that when you upgrade a token of version 0.19 to 0.20 (or later), you need gnuk_upgrade.py of version 0.19.

• KDF (Key Derivation Function) is now SHA-256

  Keystring is now computed by SHA-256 (it was SHA1 before).

• Protection improvements (even when internal data is disclosed)

  Three improvements. (1) Even if PW1 and Reset-code is same, content of encrypted DEK is different now. (2) DEK is now encrypted and decrypted by keystring in ECB mode (it was just a kind of xor by single block CFB mode). (3) Key data plus checksum are encrypted in CFB mode with initial vector (it will be able to switch OCB mode easily).

• LED display output change

  LED display output by Gnuk is now more reactive. It shows status code when it gets GET_STATUS message of CCID. When you communicate Gnuk by internal CCID driver of GnuPG (instead of PC/SC), and enable 'debug-disable-ticker' option in .gnupg/scdaemon.conf, it is more silent now.