From 08284a78138f0704c4052f1fede2353c1c5c1172 Mon Sep 17 00:00:00 2001 From: Ronald Tse Date: Sat, 22 Nov 2025 01:39:14 +0800 Subject: [PATCH 1/3] feat: add 0.18.1 post --- _posts/2025-06-19-rnp-release-0-18-0.adoc | 225 ++++++++++++++++++++++ _posts/2025-11-20-rnp-release-0-18-1.adoc | 188 ++++++++++++++++++ 2 files changed, 413 insertions(+) create mode 100644 _posts/2025-06-19-rnp-release-0-18-0.adoc create mode 100644 _posts/2025-11-20-rnp-release-0-18-1.adoc diff --git a/_posts/2025-06-19-rnp-release-0-18-0.adoc b/_posts/2025-06-19-rnp-release-0-18-0.adoc new file mode 100644 index 0000000..510a9b1 --- /dev/null +++ b/_posts/2025-06-19-rnp-release-0-18-0.adoc @@ -0,0 +1,225 @@ +--- +layout: post +title: "RNP version 0.18.0 released" +categories: release +authors: + - name: Nickolay Olshevsky + email: o.nickolay@gmail.com + social_links: + - https://github.com/ni4 +excerpt: >- + Enhanced key generation defaults, improved signature validation with error + reporting, expanded FFI capabilities for certifications, and better + cryptographic security practices. +--- + +The RNP 0.18.0 release brings significant improvements to key generation +defaults, signature validation, and FFI capabilities while strengthening +cryptographic security practices. + +This release enhances RNP's security posture by discouraging weak cryptographic +modes, improving key generation defaults, and providing better tools for +signature validation and certification management. + +== Introduction + +RNP continues to evolve as a modern OpenPGP implementation, and this release +focuses on improving security defaults, expanding API capabilities, and +enhancing compatibility with various OpenPGP implementations. + +The updates to key generation defaults, signature validation error reporting, +and certification management provide developers with more powerful tools while +maintaining backward compatibility and improving overall security. + +== Key generation enhancements + +=== RSA 3072-bit keys by default + +RNP now generates https://en.wikipedia.org/wiki/RSA_(cryptosystem)[RSA] +3072-bit keys by default, moving away from the previous 2048-bit default. + +This change reflects current best practices in cryptographic key strength: + +* 3072-bit RSA keys provide approximately 128-bit security level + +* Aligns with modern security recommendations from +https://www.keylength.com/[cryptographic research] + +* Better future-proofs keys against advances in computational power + +* Maintains good performance while significantly improving security + +This enhancement ensures that users benefit from stronger cryptographic +protection without needing to explicitly configure key generation parameters. + +=== DSA 4096-bit key support + +Support for https://en.wikipedia.org/wiki/Digital_Signature_Algorithm[DSA] +4096-bit keys has been added to accommodate existing keys used by various +entities. + +While DSA is generally being phased out in favor of more modern algorithms, +this support ensures: + +* Compatibility with legacy systems and keys +* Proper handling of existing 4096-bit DSA keys +* Smooth migration paths for organizations with established key infrastructure + +== Cryptographic security improvements + +=== Discouraging EAX AEAD mode + +The release actively discourages the use of +https://en.wikipedia.org/wiki/EAX_mode[EAX AEAD mode] due to security +considerations. + +EAX mode has several limitations compared to more modern AEAD modes: + +* Limited adoption in the OpenPGP ecosystem +* Potential security concerns with certain usage patterns +* Better alternatives available (such as OCB or GCM) + +This change helps guide users toward more secure and widely-supported +cryptographic modes. + +=== 64-bit cipher restrictions + +RNP no longer allows 64-bit ciphers for encryption without an explicit option. + +This restriction addresses security concerns: + +* 64-bit block ciphers are vulnerable to birthday attacks +* https://sweet32.info/[SWEET32 attack] demonstrates practical exploits +* Modern alternatives provide better security + +Users who specifically need 64-bit ciphers for compatibility can still enable +them explicitly, but the default behavior now promotes better security. + +=== Hash function updates on key expiration changes + +When changing key expiration dates, RNP now automatically updates the hash +function if the current one is considered weak. + +This enhancement ensures: + +* Keys don't retain weak hash functions during updates +* Automatic migration to stronger algorithms +* Improved long-term security without manual intervention + +== Signature validation enhancements + +=== Signature error reporting + +New FFI functions have been added to provide detailed signature validation +error information: + +* `rnp_signature_error_count()`: Returns the number of errors encountered during +signature validation + +* `rnp_signature_error_at()`: Retrieves specific error details at a given index + +These functions enable developers to: + +* Understand exactly why signature validation failed +* Provide detailed error messages to users +* Make informed decisions based on specific validation failures +* Implement more sophisticated error handling + +=== Invalid signatures from encrypt-only keys + +Signatures produced by encrypt-only keys or subkeys are now properly marked as +invalid. + +This enforcement ensures: + +* Proper adherence to key usage flags +* Prevention of cryptographic misuse +* Better compliance with OpenPGP best practices + +== Key certification management + +=== New certification API + +RNP now provides comprehensive functions for creating and customizing key +certifications: + +* `rnp_key_certification_create()`: Creates new key certifications + +* `rnp_key_signature_set_*` family: Functions to set various certification properties + +* `rnp_key_signature_get_*` family: Functions to retrieve certification properties + +These API enhancements enable: + +* Programmatic creation of key certifications +* Fine-grained control over certification properties +* Better integration with key management workflows +* Support for advanced certification scenarios + +== Format and compatibility improvements + +=== GnuPG armored file support + +RNP now supports dearmoring of GnuPG-armored files that use the `ARMORED FILE` +header. + +This enhancement improves interoperability with +https://gnupg.org/[GnuPG] and other OpenPGP implementations that use this +header format. + +=== Flexible armored key import + +The armored key import process now allows extra spaces, improving compatibility +with various formatting styles produced by different OpenPGP implementations. + +This tolerance for whitespace variations ensures: + +* Robust handling of keys from diverse sources +* Reduced import failures due to formatting differences +* Better user experience when working with keys from multiple systems + +== Backend and build improvements + +=== Botan 3.5.0+ support + +Enhanced support for https://botan.randombit.net/[Botan] 3.5.0 and later +versions ensures compatibility with the latest cryptographic library releases. + +=== Generated version header + +RNP now generates an `rnp_ver.h` header file, providing: + +* Compile-time version information +* Better integration with build systems +* Easier version checking in dependent projects + +=== Cross-platform compatibility + +Numerous compatibility fixes have been implemented for different operating +systems and platforms, ensuring RNP works reliably across diverse environments. + +== Performance and code quality + +=== Internal refactoring + +Significant internal refactoring has been conducted to improve: + +* Code maintainability and readability +* Long-term project sustainability +* Easier contributions and extensions + +=== Performance updates + +Various performance optimizations have been implemented throughout the codebase, +improving efficiency in common operations. + +== Looking ahead + +This release demonstrates RNP's continued commitment to security best practices, +API extensibility, and broad compatibility. The improved key generation +defaults, comprehensive signature validation error reporting, and expanded +certification management capabilities provide a solid foundation for +applications requiring robust OpenPGP functionality. + +For detailed technical information and the complete list of changes, please +visit the https://github.com/rnpgp/rnp/releases/tag/v0.18.0[release page]. diff --git a/_posts/2025-11-20-rnp-release-0-18-1.adoc b/_posts/2025-11-20-rnp-release-0-18-1.adoc new file mode 100644 index 0000000..9b8558a --- /dev/null +++ b/_posts/2025-11-20-rnp-release-0-18-1.adoc @@ -0,0 +1,188 @@ +--- +layout: post +title: "RNP version 0.18.1 released" +categories: release +authors: + - name: Nickolay Olshevsky + email: o.nickolay@gmail.com + social_links: + - https://github.com/ni4 + - name: Ronald Tse + email: ronald.tse@ribose.com + social_links: + - https://github.com/ronaldtse +excerpt: >- + Critical security release fixing CVE-2025-13470: vulnerable PKESK session keys + in version 0.18.0, along with Botan 3.7.0 compatibility improvements. +--- + +The RNP 0.18.1 release is a critical security update that addresses +CVE-2025-13470, a high-severity vulnerability in session key generation for +public key encryption introduced in version 0.18.0. + +**All users of RNP 0.18.0 should upgrade immediately to version 0.18.1.** + +== Security vulnerability: CVE-2025-13470 + +=== Summary + +RNP version 0.18.0 contains a critical vulnerability in session key generation +for PKESK (Public Key Encrypted Session Key) packets. Session keys were +generated without cryptographically random values. + +* **CVE**: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13470[CVE-2025-13470] +* **Severity**: High (CVSS 7.5) +* **Affected Version**: 0.18.0 ONLY +* **Fixed Version**: 0.18.1 + +=== Technical details + +During refactoring work in version 0.18.0, the session key initialization for +SKESK (passphrase-based encryption) was correctly updated. However, the +corresponding initialization for PKESK (public key encryption) was not +implemented, resulting in vulnerable session keys. + +The vulnerability affects only public key encryption (PKESK packets). +Passphrase-based encryption (SKESK packets) is not affected. + +**Root cause**: Vulnerable session key buffer used in PKESK packet generation. + +* **CWE**: https://cwe.mitre.org/data/definitions/330.html[CWE-330: Use of Insufficiently Random Values] +* **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (Base Score: 7.5) + +=== Impact + +Messages encrypted with RNP 0.18.0 using public key encryption use vulnerable +session key values. This is a **confidentiality issue** for PKESK-encrypted data. + +**Encryption types affected:** + +* Public key encryption (PKESK) - **AFFECTED** +* Passphrase-based encryption (SKESK) - **NOT AFFECTED** + +=== Affected and unaffected versions + +**AFFECTED:** + +* RNP 0.18.0 ONLY + +**NOT AFFECTED:** + +* RNP 0.17.1 and all earlier versions +* RNP 0.18.1 and later versions + +== Timeline + +* **2025-06-19**: RNP 0.18.0 released (vulnerability introduced) +* **2025-11-07**: Vulnerability discovered and reported by Johannes Roth (MTG AG) +* **2025-11-19**: CVE-2025-13402 assigned by Red Hat +* **2025-11-20**: CVE-2025-13470 assigned by Ribose/MITRE +* **2025-11-20**: Fix developed and tested +* **2025-11-21**: RNP 0.18.1 released with fix +* **2025-11-21**: Public disclosure (same day as release) + +== Affected distributions + +Version 0.18.0 was released on 2025-06-19 and has been packaged by numerous +distributions: + +* Debian 14, unstable +* Devuan unstable +* EPEL 8, 9, 10 +* Exherbo +* Fedora 41, 42, 43, Rawhide +* FreeBSD Ports +* Homebrew +* Kali Linux Rolling +* nixpkgs unstable +* OpenBSD Ports +* openmamba +* openSUSE Tumbleweed + +RNP 0.17.1 and earlier versions are NOT affected by this vulnerability. + +== Thunderbird status + +Thunderbird's affected status depends on distribution packaging: + +**UPSTREAM THUNDERBIRD (NOT AFFECTED):** + +Upstream Thunderbird binaries bundle RNP version 0.17.1, which is not affected. + +**DISTRIBUTION-PACKAGED THUNDERBIRD (VARIES):** + +Some distributions build Thunderbird to use system-installed RNP libraries +instead of the bundled version. Thunderbird's affected status depends on: + +1. Whether the distribution builds Thunderbird with system RNP or bundled RNP +2. If using system RNP, which version of RNP is installed + +**Known configurations:** + +* **Gentoo**: Uses system RNP (via `+system-librnp` USE flag). If system RNP + is version 0.18.0, Thunderbird IS AFFECTED. +* **Most other distributions**: Use bundled RNP 0.17.1, NOT AFFECTED. + +**Distributions should verify their Thunderbird packaging:** + +* Check if Thunderbird is built with `--enable-system-rnp` or similar flags +* Check if Thunderbird package has a dependency on system RNP libraries +* If Thunderbird uses system RNP 0.18.0, it is AFFECTED + +== Mitigation and recommendations + +=== For standalone RNP users + +Upgrade to RNP 0.18.1 immediately. + +=== For distributions that have packaged 0.18.0 + +Please update to 0.18.1 when released, or consider providing 0.17.1 as an +interim option. + +=== For Thunderbird packages using system RNP + +If your Thunderbird package is built with system RNP support and RNP 0.18.0 +is installed, update RNP to 0.18.1 or 0.17.1. Consider whether Thunderbird +should continue using system RNP or switch to bundled RNP. + +=== For users + +Users who encrypted sensitive data using RNP 0.18.0 (standalone or via +Thunderbird with system RNP 0.18.0) should re-encrypt that data with +RNP 0.18.1 or 0.17.1 based on their security requirements. + +== Additional improvements + +In addition to the critical security fix, this release includes: + +=== Botan 3.7.0 compatibility + +Full compatibility with https://botan.randombit.net/[Botan] 3.7.0 has been +ensured, addressing API changes introduced in the latest Botan release. + +=== Bug fixes + +Various bug fixes and minor improvements enhance RNP's stability and reliability. + +== Credits + +The vulnerability was discovered and reported by **Johannes Roth** of **MTG AG**. + +We thank Johannes for the responsible disclosure and coordination. + +== References + +* CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13470[CVE-2025-13470] +* Red Hat CVE: https://access.redhat.com/security/cve/cve-2025-13402 +* Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2415863 +* Red Hat CSAF: https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13402.json +* Ribose CNA Advisory: https://cve.ribose.com/advisories/ra-2025-11-20/ +* Release 0.18.1: https://github.com/rnpgp/rnp/releases/tag/v0.18.1 + +== Contact + +For security-related questions or coordination: open.source@ribose.com + +For detailed technical information and the complete list of changes, please +visit the https://github.com/rnpgp/rnp/releases/tag/v0.18.1[release page]. From 89469e1e62f0f4d421b79d4fb30dff912963f019 Mon Sep 17 00:00:00 2001 From: Ronald Tse Date: Sat, 22 Nov 2025 01:43:57 +0800 Subject: [PATCH 2/3] chore: update parent-hub --- .gitignore | 2 +- parent-hub/assets/symbol.svg | 10 ++++++++++ parent-hub/title.html | 0 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 parent-hub/assets/symbol.svg create mode 100644 parent-hub/title.html diff --git a/.gitignore b/.gitignore index 923b870..afeea99 100644 --- a/.gitignore +++ b/.gitignore @@ -3,7 +3,7 @@ _software/*/docs _software/_*_repo _specs/*/ !_specs/*.* -parent-hub/* +# parent-hub/* _site/ .sass-cache/ .jekyll-cache/ diff --git a/parent-hub/assets/symbol.svg b/parent-hub/assets/symbol.svg new file mode 100644 index 0000000..2503298 --- /dev/null +++ b/parent-hub/assets/symbol.svg @@ -0,0 +1,10 @@ + + + + + + + + + + \ No newline at end of file diff --git a/parent-hub/title.html b/parent-hub/title.html new file mode 100644 index 0000000..e69de29 From a86922b25263743f97252b0d8a7ed915e17010ff Mon Sep 17 00:00:00 2001 From: Ronald Tse Date: Sat, 22 Nov 2025 01:45:09 +0800 Subject: [PATCH 3/3] chore: gha --- .github/workflows/build_deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_deploy.yml b/.github/workflows/build_deploy.yml index 72ce689..e04d4c3 100644 --- a/.github/workflows/build_deploy.yml +++ b/.github/workflows/build_deploy.yml @@ -49,7 +49,7 @@ jobs: - name: Upload artifact # Automatically uploads an artifact from the './_site' directory by default - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@v4 # Deployment job deploy: