From c98a39defe2424b6dd668403bcec7dff826c0d4c Mon Sep 17 00:00:00 2001 From: Ben Kibbey Date: Fri, 8 Mar 2013 20:18:03 -0500 Subject: [PATCH] Update NEWS. --- NEWS | 45 ++++++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 23 deletions(-) diff --git a/NEWS b/NEWS index 1a5bd3b2..520ecdcd 100644 --- a/NEWS +++ b/NEWS @@ -2,38 +2,36 @@ PWMD v3.0.0 ----------- This version contains quite a few changes and enhancements. Most commands and syntax have changed in this release so please read the -example configuration file and the generated texinfo documentation in -doc/pwmd.info, after doing ./configure && make. +example configuration file and the html or texinfo documentation in +the doc/ directory. You will need to convert your existing pwmd v2.x data file to the new -format by doing the following: +data file format by doing the following: $ pwmd --convert datafile -o newfile -then place "newfile" in ~/.pwmd/data. This will generate a new public -and private key pair (when using gpg-agent support by specifying ---use-agent) and prompt for the passphrase to use for protecting the -secret key. The secret portion of the key is stored in -~/.gnupg/private-keys-v1.d/ by gpg-agent. No keypair is generated by -default; the data file is symmetrically encrypted. +then place "newfile" in ~/.pwmd/data. If you built with gpg-agent +support by passing --enable-agent to configure, then append +--use-agent to the above command line to use the gpg-agent to generate +a public and private keypair. No keypair is generated by default; the +data file is symmetrically encrypted. Pwmd now supports the use of the gpg-agent for passphrase caching and key management. This means smartcards are also supported. A "stub" of the secret key is stored in the above mentioned key directory, but the secret portion of the key is stored on the smartcard. To convert your existing data while encrypting to an existing public key, pass the ---keygrip option with --convert or --import along with +--keygrip option with --convert or --import, along with --use-agent. You may also need to pass the --sign-keygrip, too. See the pwmd manual for details. -The XML document is now cached in pwmd when the passphrase is cached -in gpg-agent. This is needed to prevent requiring a smartcard to be -inserted for each OPEN command although it can be required by setting -the CACHETIMEOUT to 0. pwmd will operate on a copy of the cached -document and update the cached one after a SAVE. It is also much -faster than having to decrypt the data file during each OPEN although -the cached document is still encrypted, it is only encrypted with 1 -iteration and with a generated key. +The XML document is now cached in pwmd when the passphrase is also +cached. This is needed to prevent requiring a smartcard to be inserted +for each OPEN command although it can still be required by setting the +CACHETIMEOUT of a data file to 0. Pwmd will operate on a copy of the +cached document and update the cached one after a SAVE. It is also +much faster than having to decrypt the data file during each OPEN. +The cached document is encrypted to prevent memory grepping attacks. Ported to POSIX threads (pthreads). @@ -43,12 +41,14 @@ Renamed error codes: PWMD_FILE_MODIFIED -> GPG_ERR_CHECKSUM Most commands now have an --inquire option to retrieve remaining -non-option arguments via a server inquire. This avoids the assuan line -length limit for longer element paths. +non-option arguments via a server inquire. This avoids the libassuan +line length limit for longer element paths. Added the PASSWD command to change the passphrase of a secret key or a symmetrically encrypted key (SAVE --no-agent). +The IMPORT command can now import siblings. + Added the AGENT command to send a command directly to gpg-agent. Added the GETINFO command to retrieve server details. This removes the @@ -64,7 +64,8 @@ OPEN'd file. It was added to prevent a race condition with another client accessing the same file when one client needed to determine the cache status before the OPEN. -Texinfo documentation. +Texinfo documentation and the manual page is generated from the +texinfo source. Commands that normally returned GPG_ERR_NO_VALUE now return GPG_ERR_NO_DATA. @@ -85,8 +86,6 @@ documentation for details. The checksum is now a CRC32 checksum rather than a stat() of the ctime of the data file. -Data files are now portable across architectures and endianness. - Can now listen for remote connections via TLS (IPv4 and IPv6) as well as the local UNIX domain socket. -- 2.11.4.GIT