GPG Suite 2018.2

Security Update

This releases addresses EFAIL, an exploit of a weakness in the OpenPGP standard and the handling of mixed content – encrypted content and plain content in the same message – in macOS Mail, GPGMail, as well as other OpenPGP plugins, which could help an attacker in posession of a target's encrypted messages to extract their content once decrypted. (https://efail.de)

EFAIL mitigations in GPGMail (10.13 only at the moment)

  • Remote content is no longer loaded within encrpyted messages
  • If a message contains more than one encrypted part only the first part is decrypted
  • In case of mixed content – plain content and encrypted content – the plain content is isolated
  • Additional mitigations for S/MIME since unfortunately Apple has yet to completely fix EFAIL

Native GPG Suite update notifications

  • The GPG Suite updater uses native macOS notifications now to alert the user of updates
  • That means you will no longer be interruped in the middle of your work (or talk - sorry Edward Snowden at 34C3)

Revamped key signing dialog

  • The GPG Keychain dialog to sign a key has been vastly improved
  • It is now easier to sign your friends keys after you have verified them (thanks DKG for the input)

GPGMail 3.0b6 (10.13 only)

Improvements

  • EFAIL mitigations for GPGMail [#981]
  • Better support for iPGMail messages [#964]
  • Signatures created by subkeys now show the subkey fingerprint in the signature details
  • The signature details window was completely revamped [#619]

Fixes

  • Crash that might occur when a message looked like a MS Exchange modified PGP/MIME message as well as a Pseudo-PGP/MIME message at the same time [#978]
  • Attachments containing a detached signature are no longer erroneously recognized as encrypted attachment [#958]
  • Attachments in the .doc format could in some rare cases not be displayed [#974]
  • PGP Data within a S/MIME signed message was not decrypted properly [#973]
  • GPGMail health indicator design (in Preferences) adjusted to match macOS High Sierra's appearance [#968]
  • Improved handling of MDC errors [#980]

GPGMail 2.7.2 (10.12 only)

Improvements

  • Signatures created by subkeys now show the subkey fingerprint in the signature detail
  • The signature details window was completely revamped [#619]

Fixes

  • Improved handling of MDC errors [#980]

GPGMail 2.6.5 (10.9 - 10.11)

Improvements

  • Signatures created by subkeys now show the subkey fingerprint in the signature details
  • The signature details window was completely revamped [#619]

Fixes

  • Improved handling of MDC errors [#980]

GPG Keychain 1.4.3

Improvements

  • Revamped the key signing dialog [#282]
  • Default key server is now sks key server pool when no defaul key server is set [#445]
  • Warning message about password length improved [#438, #436]
  • Added tooltip for the key's "Disable" option [#443]

Fixes

  • Option to include secret key during key export was not always shown [#439]

GPG Suite Preferences 2.1.2

Improvements

  • Email is pre-filled in "Send Report" when user entered an email in the Crash Reporting option [#99]
  • When no key server is set, sks key server pool is used as default [#101]

GPGServices 1.11.3

Fixes

  • GPGServices again works as expected with Microsoft Office 2016 and TorBrowser [#235]

MacGPG 2.2.7

Improvements

  • Updated to GnuPG 2.2.7 [#713]
  • Enables the internal CCID driver for smart card access [#707]
  • Adds support for key servers protected by HTTP basic auth [#712]

Libmacgpg 0.8.4

Improvements

  • Use the hkps sks key server pool by default if no key server is set [#159]

Fixes

  • Aborts decryption and doesn't return decrypted data if MDC is missing or corrupted (mitigation against efail)
  • Do not allow unencrypted plaintext in an encrypted message to prevent encryption spoof [#162]
  • Do not throw an error when encrypting symmetrically and there's no pubring [#160]
  • LDAP server search now shows name and email and not only key id [#158]
Earlier Releases