v2.2.1 stabilizes the 2.2.x series and is now the recommended release for all users. Upgrading from 2.1.x is encouraged.
Highlights
- Choose your default backend. Pick GnuPG or rPGP instead of always defaulting to GnuPG. (https://github.com/saturneric/GpgFrontend/issues/245#issuecomment-4686091612)
- Cancel running operations from the waiting dialog.
- Operation result report. A structured report card showing signers, recipients, signature validity, and a SHA-256 of the processed data; zoom in and export it as a PNG.
- Passphrase strength meter (rPGP) with a confirmation field when setting a new passphrase.
- Editor upgrades. Live SHA-256 integrity check plus configurable font and tab size. (#256)
- Key generation upgrades. Choose OpenPGP v4 or v6 (rPGP), generate a random anonymous identity, and pick from profiles grouped by family/algorithm.
- Streamlined signing. A single signing-key picker that shows only signing-capable keys (and their signing subkeys) and respects the keys already selected in the key toolbox, instead of presenting unrelated private keys.
- Better feedback. Key-format version in key-pair details (rPGP), export success confirmation, and a log viewer with syntax highlighting, filtering, and status.
- About & wizard polish. Build-info and rPGP engine tabs, plus GitHub star call-to-action.
- Translated module UI. UI provided by integrated modules is now localized along with the rest of the app.
Security
- Secrets zeroized on every drop path (rPGP). Keys, passphrases, and plaintext are wiped whenever they go out of scope, not just at the FFI boundary.
- Secure buffers end-to-end (rPGP). Sensitive data is carried in protected memory buffers throughout the app instead of plain strings.
- Hardened Rust/C++ handoff (rPGP). The FFI uses safe buffer ownership and a single secure-free path, replacing manual free callbacks.
- Passphrase fields wiped after use (rPGP). Input fields are cleared from memory immediately once the passphrase is consumed.
- Passphrase cache protected (rPGP). Idle and hard expiry (defaults 10min/2h), locked in RAM, wiped after use, configurable.
- Key database locked down (rPGP) with owner-only file permissions.
- Safer input handling. UID name/comment validation rejects malformed characters, and failed decrypts no longer overwrite editor contents.
Stability and correctness
- More reliable shutdown (GnuPG). All GnuPG daemons are now stopped via
gpgconf --kill all(not justgpg-agent), so a component still holding an Assuan connection can no longer blockgpgme_release(). This fixes hangs and leftover processes, notably on Windows. A detached watchdog force-exits if teardown wedges, and background GC and monitor tasks abort early during shutdown to avoid use-after-free races. - Edit-menu livelock fix (GnuPG). Resolved an endless key/card edit-menu loop and ensured a wedged edit operation is cancelled and torn down, so it can no longer block later edits on the same channel.
- Directory decryption fix (GnuPG). Resolved a race that could drop trailing files when decrypting an encrypted directory archive.
- Multi-signer signing (rPGP). Cleartext and detached signing now use all selected keys, not just the first.
- Clearer passphrase handling (rPGP). Cancelling a passphrase prompt is now distinguished from a real failure, with an auto-close timeout (default 120s, with a visible countdown) so the prompt can't hang.
- rPGP fixes. Verify all signatures on multi-signer messages and list every signer; detect cleartext vs. detached/inline signatures; reject post-quantum subkeys on v4 keys; merge secret subkeys instead of dropping them; plus clearer error messages, consistent UID and subkey databases, and correct key generation results.
- Corrupt-object quarantine. A background health check detects corrupt, unreadable, or undecryptable stored objects and quarantines them first, deleting only after a grace period. This protects against losing data when an object is temporarily undecryptable (for example, while a required key is missing).
- Key generation dialogs stay open on failure so you can retry without re-entering input.
- UI fixes. Show operation output even on errors and so on.
Platform
- Windows. The executable and DLLs are now signed with a new code signing certificate (SHA-1 thumbprint
F9CDDCBCDAF086EFDD601B56F07379528FF47A35), and the bundled GnuPG is updated to 2.5.20. - Linux. The AppImage bundles a top-level
.DirIconand keeps icons under theircom.bktus.gpgfrontendname, so the application icon integrates better with the desktop environment and file manager.
Full Changelog: https://github.com/saturneric/GpgFrontend/compare/v2.2.0-beta.1...v2.2.1