Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

dkgpg-1.1.3-lp151.3.3.1 RPM for x86_64

From OpenSuSE Leap 15.1 updates for x86_64

Name: dkgpg Distribution: openSUSE Leap 15.1
Version: 1.1.3 Vendor: openSUSE
Release: lp151.3.3.1 Build date: Fri Jul 26 11:49:50 2019
Group: Productivity/Security Build host: cloud131
Size: 2257185 Source RPM: dkgpg-1.1.3-lp151.3.3.1.src.rpm
Summary: Distributed Key Generation (DKG) and Threshold Cryptography for OpenPGP
The Distributed Privacy Guard (DKGPG) implements Distributed Key
Generation (DKG) and Threshold Cryptography for OpenPGP. The
generated public keys are RFC4880 compatible and can be used by e.g.
GnuPG. The main purpose of this software is distributing power among
multiple parties, eliminating single points of failure, and
increasing the difficulty of side-channel attacks on private key

DKGPG consists of a number of command-line programs. The current implementation
is in experimental state and should NOT be used in production environments.

A shared private key and a common public key (currently only
DSA/ElGamal) are generated. Further interactive protocols perform the
private operations like decryption and signing of files, provided
that a previously defined threshold of parties/devices take part in
the distributed computation. Due to the interactiveness of the
protocols, a lot of messages between participating parties have to be
exchanged in a secure way. GNUnet's mesh-routed CADET srvice is used
to establish private and broadcast channels for this message
exchange. A TCP/IP-based service is included as an alternative. It
may be combined with torsocks and NAT of a local hidden service.






* Mon Jul 22 2019 Karol Babioch <>
  - Update to version 1.1.3:
      This is a bugfix release that includes only three minor improvements: a
      direct-key signature (0x1f) for the primary key is added by default such
      that restricting key servers (e.g. can deliver a
      cryptographically checkable key without verification of any included
      user ID or without appended subkey. The command line interface of
      dkg-decrypt has been improved in order to give users an easy access to
      the symmetric-key decryption mode. An additional option ("-5") for
      dkg-sign allows to generate V5 signatures (cf. draft RFC 4880bis).
* Sun Jun 02 2019 Karol Babioch <>
  - Update to version 1.1.2:
      This release adds a lot of features to some programs: two new options
      ("-K" and "-f") allow dkg-keysign to read the certification key from a
      keyring instead of a single key block file. Moreover, with option "-a"
      an interactive confirmation by the user is required for each signature.
      Passive support of V5 keys (cf. draft RFC 4880bis) has been added for
      all programs, however, dkg-generate still generates V4 keys only,
      because this new feature of the draft is not widely spread. There is
      also a new encryption capability: an empty KEYSPEC tells dkg-encrypt to
      create a symmetric-key encrypted session key, i.e., the user has to
      supply a passphrase for encryption and decryption without any public-key
      cryptography involved. Last but not least, two bugs have been fixed:
      First, dkg-decrypt failed on many ZIP-compressed OpenPGP messages with
      "ZLIB ERROR: -3 invalid block type" due to a bug in decompression logic.
      Second, dkg-decrypt failed in a special case of symmetric-key encrypted
      session keys. Finally, the non-installing program dkg-fuzzer (generates
      fuzzy samples of somehow corrupted OpenPGP stuctures) has been added.
* Sun Apr 28 2019 Karol Babioch <>
  - Update to version 1.1.1:
      Some small improvements have been applied for dkg-generate: Two new
      options ("-u" and "-N") allow providing the initial user ID and to
      disable the passphrase at command line. Moreover, since this release
      dkg-timestamp and dkg-timestamp-verify require a special key usage flag
      from recent RFC 4880bis draft to select so-called timestamping keys.
      Finally, the synchronization time of the internally used broadcast
      protocol was reduced to a more reasonable amount and in dkg-decrypt the
      detection of end of data for message and decryption shares was changed.
* Mon Dec 10 2018
  - Update to version 1.1.0:
      This release supports Authenticated Encryption with Associated Data (AEAD)
      in accordance to RFC 4880bis (draft); this can be enforced with the new
      added option "-a" when  dkg-(d)encrypt is used. For using domain parameters,
      as described in RFC 7919, one should specify the new option "-r", when
      dkg-gencrs is used. Last, for key generation (dkg-generate) the timestamp
      option was added ( "--timestamping") which sets a key usage flag.
* Mon Nov 12 2018 Karol Babioch <>
  - Update to version 1.0.9
      This release improves the possibilities of DKGPG further. With the new
      programs dkg-adduid and dkg-revuid an user ID can be added and revoked,
      respectively. The program dkg-revoke now supports a human-readable
      reason for revocation (by option "-R") and dkg-decrypt verifies an
      included signature according to a given key ring (option "-k"). Last
      but not least, by the program dkg-addrevoker an external revocation
      key can be specified.
* Thu Sep 13 2018 Karol Babioch <>
  - Update to version 1.0.8:
      First of all, passive support for ECDSA, ECDH, and EdDSA (cf. RFC 6637
      and Werner Koch's draft RFC 4880bis) has been added by relying on the
      most recent version of LibTMCG. The threshold signature scheme and the
      threshold encryption are still limited to finite field cryptography
      (i.e. DSA and ElGamal). Moreover, the programs generate and recognize
      a few other new OpenPGP features (e.g. issuer fingerprint subpackets)
      from RFC 4880bis. Compressed messages are now decompressed by the
      program dkg-decrypt using zlib Compression Library (and optionally by
      library routines from libbzip2). This completes DKGPG's compatibility
      with other OpenPGP software, however, the prefered compression algorithm
      (i.e. "no compression") in self-signatures of generated keys is kept
      for now. Support for symmetric-key decryption by dkg-decrypt has been
      added too. The program dkg-verify now reads the signature from a file,
      if option "-s" is used. To keep track of later protocol changes, all
      interactive programs include a version identifier in their common ID of
      the reliable broadcast channel. Thus programs from previous releases
      will not communicate with those of this release. With the new programs
      dkg-timestamp and dkg-timestamp-verify a OpenPGP timestamp signature
      can be generated and verified, respectively. Last but not least, by the
      new option "-y" some programs (dkg-generate, dkg-decrypt, dkg-sign,
      dkg-keysign, and dkg-timestamp) will work with regular OpenPGP keys too.
      The README file contains a configuration sample showing how to replace
      classic PGP by DKGPG in the famous mail user agent mutt based on this
      option. Please note that this feature is experimental and semantics
      may be changed later.
  - Added new build requirements:
    * zlib
    * bzip2
* Mon Jul 09 2018
  - Update to 1.0.7:
    * Small improvments due to the new OpenPGP structures from libTMCG
    * "-k" option has been added to further programs
    * OpenPGP cleartext signatures can be generated with the "-t" option
    * Output of potentially malicious user IDs has been sanitized in
      dkg-keycheck, dkg-keyinfo, and dkg-keysign
  - Applied spec-cleaner
* Wed Mar 21 2018
  - Update to version 1.0.6:
    * dkg-keysign: added option "-k" (keyring with external keys)
    * dkg-encrypt: added option "-k" (keyring with external keys)
    * dkg-verify: added option "-k" (keyring with external keys)
    * dkg-keycheck: added option "-k" (keyring with external keys)
    * dkg-keycheck: added output of allowed external revocation keys
    * dkg-encrypt: added option "-s" to select appropriate subkey
    * dkg-encrypt: renamed option "-z" to "-t" for convenience
    * dkg-keysign: include only exportable signatures to output
    * check and set strict permissions (0600) for private key file
    * dkg-sign: added option "-U" (policy URI) and improved manpage
    * dkg-refresh: support generic verification and public key parsing
    * dkg-keysign: added options "-1" through "-3" (validation level)
    * dkg-keysign: added option "-u" (select user IDs) for CLT18
    * dkg-keysign: support generic verification and public key parsing
    * dkg-verify: support generic verification and public key parsing
    * dkg-encrypt: support generic encryption and public key parsing
    * dkg-generate: added no-modify key server preferences (0x80)
    * improved error handling for unrecognized OpenPGP (sub)packets
    * dkg-keycheck: changed semantics of option "-r" (reduce subkeys)
    * dkg-keycheck: uses new public-key block parser from LibTMCG
    * new default domain parameter set (CRS) due to LibTMCG changes
    * raised the requirement of libgcrypt version to >= 1.7.0
* Sat Feb 10 2018
  - Trim/compact long description for size, and wrap at 70 cols.
* Thu Feb 08 2018
  - Update to version 1.0.5
    * added secure memory allocation from libgcrypt for some parts
    * dkg-verify: added options "-f" and "-t" for a validity period
    * added simple initalization procedure for memory locking
    * added basic check on signature strength in parse_signature()
    * added some basic checks on key strength in parse_public_key()
    * added check for revocation signatures in parse_public_key()
    * dkg-encrypt: added option "-z" for improved privacy (zero key ID)
    * dkg-verify: added validity checks on key and signature
    * dkg-keycheck: added ROCA vulnerability detector (Infineon RSALib)
    * added option "-U" for dkg-keysign (policy URI)
    * added option "-r" for dkg-keysign (revocation signature)
    * added option "-r" for dkg-keycheck (support for RSA keys)
    * added program dkg-keysign for creating certification signatures
    * dkg-decrypt: removed support for not integrity protected messages
    * dkg-keycheck: added test for small/same k in DSA signatures
    * dkg-refresh: added cache for very strong randomness
  - Use https instead of http
* Mon Jan 15 2018
  - Initial packaging of version 1.0.4



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 9 10:07:50 2021