GPGrelay / News: Recent posts

GPGrelay 0.959 released!

See history.txt for details.

Posted by Andreas John 2005-03-31

GPGrelay Version 0.955 released!

Version 0.955 ; release-date: 2004-Oct-22

* GPGrelay:
o More Dialogs have now proper Parent/Child-Hierarchy to disable some unwanted Non-
Modality (and proper positioning)
o GPGrelay now always tries to keep selections in lists/trees when reloading keys
o Revoked/Expired/Disabled Subkeys are now also shown in keyviews (still missing similar
feature for primary keys)
o Revoke UserID is now also available through GPGrelay-GUI
o Untrusted UserIDs are now also grayed out in the Key-Displays
o Advanced debug-compiler-define for deadlock-checking (very experimental, might not
working as intended, have to find out :))
At least it helped to catch one deadlock-situation with GPGrelay-shutdown while being
asked for a passphrase so it wasn't worthless effort... (Not active in Release-Builds! In
case you suffer from GPGrelay hanging, you might want to give the debug-build a try!)
o STARTTLS/STLS is now always defaulting to TLS-Connection as some servers abort
connection with an SSL2-Hello and don't negotiate TLS (or did I simply miss something
in the OpenSSL-Doc?)
o Log Full Protocol does now also show the StartTLS-Chitchat.
o Some small improvements with Logging (still quite slow for large mails when log full
bodies is turned on)
o GPGrelay isn't that picky about email-addresses anymore, so it will work with internal
email-addresses like "user@domain" or simply "user".
Nevertheless GPGrelay is matching full strings, so "user@domain" doesn't match with a
fully given "user@domain.com", so basically this one is only useful for giving aliases to
GPGrelay (doubt it's useful to have abbreviated emails inside userids).
o The PhotoID-Display can now be resized
o Changed some dialog-texts to have Mnemonics (underlined chars) now, so you can
navigate a bit more easily with the keyboards by pressing "Alt+Mnemonic" (don't
hesitate to tell me missing/duplicate ones; this came late and is a boring issue, so I
guess I haven't checked all dialogs properly... Suggested to be incorporated in current
and future translations too.)
o --autoexportsettings is now also working when shutting down win2k (GPGrelay is now
creating the .reg-file by itself instead of executing regedit.exe to export the entries)
o Simple Password-Spy-Detection should alarm you when someone unauthorized (eg.
Spyware or Backdoor) is trying to read a passphrase from a GPGrelay-Dialog
o Better support of crippled keys: VerifyPassphrase doesn't only rely on a signing-(sub)key
anymore.
o Better handling of non-canonical lineendings from broken servers
o Little GUI-Fix: Relay-Dialog with IMAP and SSL is now properly changing the default-ports.
o Changed a few lines of code so GPGrelay will now compile directly with VC.NET 2003 --
to my surprise the run through VC.NET also revealed embarrassing misuse of some
MFC-Macros, so this experiment was more than worthwhile! ... read more

Posted by Andreas John 2004-10-22

GPGrelay 0.950 released!

Version 0.950 ; release-date: 2004-May-21

* GPGrelay:
o Default-Inline-Profiles now have the "don't touch attachment" turned off
o There is now also a tooltip for the "don't touch attachment"
o Keyring-Load on startup is now working properly again! (used to create keyrules for keys
in keyring twice, which caused the "Profile for new Key"-Feature to be disabled).
o Show-PhotoID is now also working with 16bit-display-depth
o Decrypt/Verify Clipboard does now try to handle quoted email-text before failing...
o Some mysterious regular crashes (Win2K, SP4) solved (WM_SOCKET_NOTIFY is sent
after WM_SOCKET_DEAD for CSockets)
o If GPGrelay detects many missing keys, the keyrules aren't deleted automatically from
the registry (you have to confirm manually)
o Passphrase-Verify does now work again if no primary-secret-key is available
o Sign content from clipboard is now using preferred sign-key from the keyrule of the
primary UserID of the Secret Key (this also solves the "no primary-secret-key"-issue
there)
o Copy Log to Clipboard is now working again (Owner-Drawn Listbox but was still
referenced as CListBox...)
o GPGrelay is now doing the "gpg --check-trustdb" properly when reloading keys
o Added convenience-function to export settings to a .reg-File (the Save/Restore Settings
only write/read data to the registry, and this "Export Settings" will ease backup of the
settings a bit) To import simply doubleclick the resulting .reg-File
o Also a new commandline-option added: --autoexportsettings "filename.reg"
o Gen-Key/Add Subkey is now properly working with GPG 1.2.4
o Bugfix: Deleting the UserID that is currently edited in the keyrule-dialog caused
GPGrelay to crash.
o It's now also possible to bind GPGrelay to a real IP-Address instead of only localhost;
this has alot of security issues coming along with, so I don't recommend using it unless
you really know what you're up to; see readme.txt for details! ... read more

Posted by Andreas John 2004-05-21

GPGrelay 0.94 released

GPGrelay is a small email-relaying server that uses GnuPG (the GNU Privacy Guard) to sign/encrypt (SMTP-Relay) or verify/decrypt (POP3-Relay) emails. This enables many email-clients to send and receive emails that are PGP-MIME conform.

Posted by Andreas John 2004-01-05

GPGrelay 0.93 released!

Version 0.93 ; release-date: 2003-Jul-26

* GPGrelay:
o SuppressPortProbing-Flag available through registry (not through
GUI; set "SuppressPortProbing" to 1 if you don't want GPGrelay to
do Port-Probing anymore)
o Trying to be more friendly to the system-settings: Some dialogs are
now aware of large systemfonts, also some System-Color-References are
now properly supported.
o Decryption of symmetric encrypted content is now also properly
handled by GPGrelay
o Import Key features now a primitive preview Key
o Tray-Menu also has now "Show GPGrelay" (alternative to Left-Click on
the Tray-Icon)
o It's now possible to have multiple servers per relay specified (of
course, only one can be active at once) -- this allows to have
GPGrelay on a mobile machine and easily change servers depending on
the network to connect to (mainly useful for SMTP-Servers)
This also allows now to deactivate single relays instead of all
on/off
o Change Passphrase for secret key is now also supported
o Thanks to Andrea Rimicci GPGrelay is now properly working on
Multihomed-Hosts!
o Resizable kind of Splitter-Window for the Sign-Key-Dialog
o SSL for the standard-ports is now always treated as STARTTLS to
reduce error-logs on the servers (no SMTPs (or POP3s) on default
SMTP- (or POP3-) Ports allowed anymore)
o Passphrases aren't copied around that much anymore (using RefCount
instead of Copy -- nevertheless dialogs might have still multiple
copies in RAM...)
o New commandline-argument: "--hkey_local_machine" which lets GPGrelay
store it's settings under
"HKEY_LOCAL_MACHINE\Software\.tSCc.\GPGrelay" instead of the default
location at "HKEY_CURRENT_USER\Software\.tSCc.\GPGrelay"
This also requires to set a proper entry in
HKEY_LOCAL_MACHINE\Software\GNU\GnuPG\HomeDir
Might be handy for those people who want to run GPGrelay as a NT-
Service
o "Add UserID" disables the Okay-Button as long as the new UserID is
invalid
o There was a bug lurking in the gpg-comm-stuff that could have caused
occasional crashes on some systems
o The Key-Dialogs now also contain information in which keyring a key
resides (pubrings only) - It's quite useless information when you use
only one keyring-file, but is too much info any harm?
o Partial Keyring-Reload on Sign-Key/Delete-Key (way faster with huge
keyrings; at least in cases of non-complete WoT which is usually the
case...)
o GPGrelay-Cachefile-Location now defaults to
"%APPDATA%\GPGrelay\GPGrelay.cache", so it will be useful in
multiuser-environment too ... read more

Posted by Andreas John 2003-07-26

GPGrelay 0.92 has been released!

GPGrelay Version 0.92 ; release-date: 2003-Mar-12

GPGrelay:
- Revokate subkey disabled if no secret key is available (crashed
GPGrelay!)
- Add/Delete Subkey is now also available through the GUI
- Generate Key a bit more cleaned up
- Additional checks if Sockets are really listening on loopback-device.
- Alias-Edit/Remove-Buttons are now disabled if nothing editable is
selected ("Not working edit-button" confused too many users :)).
- Keyrules for Public-Keys-Only crashed when trying to change the subkey
to be used for encryption.
- Update of Passphrase-Settings after Keyrule-Edit was still corrupted
- Reload-Key-Lock has now finer granularity and should feel faster
- It's now possible to disable Shutdown-Confirm (to reenable it you need
to use regedit or hold down SHIFT-Key while selecting shutdown...)
POP3:
- Inlined-PGP as well as Headerfield-Status used to forward header twice
(and also introduced some empty lines at the beginning of the mail)
- Autolearn-Alias had a bug introduced with the Force-Aliases
- When "don't verify" is set in the global control, GPG is now also called
with "--skip-verify" when decrypting
- Mailparts with empty headers are now also treated correctly
- GPGrelay isn't so pedantic anymore about "protocol"-Parameter in the
PGP-MIME-Content-Type (some clients don't specify it, and it's more or
less redundant anyway)
- "Quiet" and inlined encrypted mails is working now
- Log-Protocol for AUTH PLAIN and AUTH LOGIN is now displaying Username
and Passphrase in clear - hopefully people will be more aware of their
insecureness now (it's just simple Base64 and not proteced in any way)!
Try using AUTH CRAM-MD5 or APOP instead!
SMTP:
- Fixed bug with the implementation of the RFC3156-Recommendations:
Preparation for signing of nested Multiparts is now also supported
- Confirm "Encrypt To Untrusted"-Dialog is now shown in the foreground
- "Encrypt To Untrusted" had a racecondition that sometimes displayed
error where no error was.
- Sending HTML-Mails inlined (sign or encr) are treated specially now, so
recipients won't have problems anymore to decrypt it; this is done by
simply discarding all HTML-Stuff and only transfer the text/plain-
alternative.
- Unknown-Sender always lead to Pass-Through
- Log-Protocol for AUTH PLAIN and AUTH LOGIN is now displaying Username
and Passphrase in clear - hopefully people will be more aware of their
insecureness now (it's just simple Base64 and not proteced in any way)!
Try using AUTH CRAM-MD5 or APOP instead!

Posted by Andreas John 2003-03-12

GPGrelay 0.91has been released

GPGrelay is a small email-relaying server that uses GnuPG (the GNU Privacy Guard) to sign/encrypt (SMTP-Relay) or verifies/decrypts (POP3-Relay) emails. This enables many email-clients to send and receive emails that are PGP-MIME conforming. This release includes bugfixes and minor feature enhancements.

Posted by Andreas John 2003-02-03

GPGrelay v0.90 has been released!

After nearly one year of rewriting the codebase GPGrelay is finally coming with a lot of
improvements and bugfixes!
It's designed to work with GnuPG 1.2.0 (or later) which was also recently released!
You have to obtain GPG 1.2.0 first! See http://www.gnupg.org/download.htm

Changes since GPGrelay 0.82:

- Finally eliminated a bad design-flaw in GPGrelay:
GPG is now always called with the proper KeyID instead of (maybe) ambiguous UserID (remember:
only email-addresses are used for matching!).
The interface is now also aimed straight to email-addresses, so it might be a bit uncommon at
first.
Also this change in concept came very late, thus this caused a very huge rewrite, and this
probably has introduced many new bugs (hope no fatal ones!).
But at least this allows now to handle multiple identical UserIDs (e.g. needed when keys phase
out).
And it's now also possible to directly specify which Subkey should be used for sign or for encr
so you can work with new Subkeys instead of completely new Keys.... read more

Posted by Andreas John 2002-09-23