Download Latest Version
GpgFrontend-2.1.9-windows-x86_64-portable.zip (50.7 MB)
Get an email when there's a new version of GpgFrontend
Release Notes (v2.1.9)
This release brings a major security upgrade to GpgFrontend, introducing strengthened memory and data protection, integrity checks, and comprehensive code signing—making GpgFrontend even better suited for users in high-sensitivity environments. Usability has also been improved and key issues resolved.
TL;DR: This is a major security-focused update with BREAKING CHANGES—previous data is not compatible!
Enhanced Security for Memory and Data
- Sensitive information now benefits from configurable security levels, enforced memory wiping, secure memory regions, and a dedicated cache—greatly reducing the risk of in-memory attacks and accidental leaks.
- All sensitive application data and keys stored on disk are now safeguarded using modern, high-strength algorithms—HMAC-SHA256, AES-GCM and ARGON2ID.
- KeyPackage files now require PIN protection and use AES-GCM-256 encryption by default.
- For high-sensitivity environments, you can require PIN entry to unlock the Application and enable scheduled key rotation to further minimize risk.
Comprehensive Windows Code Signing & Integrity Self-Check
- All Windows binaries (EXE, DLL, MSI, MSIX) are now digitally signed, eliminating “Unknown Publisher” warnings and making it easier to verify the integrity of your installation.
- A new (optional) application self-check can verify the integrity and authenticity of critical DLLs (Qt, OpenSSL, etc.) at startup to guard against tampering.
- Offers an MSIX installer for Windows, providing a cleaner and more convenient installation experience.
Smarter Key Management
- When multiple signing subkeys exist, you can now select which to use for each signing operation. (#156)
- Key generation settings can now be saved as reusable profiles. (#216)
- OwnerTrust can now be set for a KeyGroup, improving flexibility for trust management. (#215)
Improved Update, Compatibility, and Platform Support
- Updates can now be checked via ftp.bktus.com and git.bktus.com, providing more privacy and independence from GitHub APIs.
- Resolved all known AppImage TLS/SSL issues and added native ARM64 AppImage support.
- Numerous UI/UX improvements and reliability fixes. (#217 [#218])
Security is a community effort!
While this release significantly strengthens security throughout GpgFrontend, there may still be areas for further improvement. We encourage everyone—users, developers, and security enthusiasts—to review the code, report issues, and suggest enhancements. Your feedback and contributions are vital for keeping GpgFrontend robust and trustworthy in the face of evolving threats.
New Contributors
- @x86txt made their first contribution in https://github.com/saturneric/GpgFrontend/pull/209
- @AnthonyLloydDotNet made their first contribution in https://github.com/saturneric/GpgFrontend/pull/212
Full Changelog: https://github.com/saturneric/GpgFrontend/compare/v2.1.8...v2.1.9