This month we released OpenKeychain version 5.1.
We have accumulated a bit of a backlog of improvements since our last release announcement. Some highlights:
Elliptic Curve Cryptography
Version 4.9 completed support for modern keys based on Curve 25519. These keys offer stronger security guarantees and faster operations than RSA at smaller key sizes. OpenKeychain should now be able to work with all commonly used keys.
OpenKeychain now includes the Web Key Directory (WKD) mechanism.
This automatically looks up keys on the provider domain when searching for an email address, if available.
For example, searching for
firstname.lastname@example.org will automatically fetch the correct key from kernel.org, avoiding ambiguity from keyservers.
Many thanks to Wiktor Kwapisiewicz for contributing this feature.
Improved USB support
OpenKeychain should now work correctly with Gnuk, Nitrokey and Ledger Nano S security tokens via USB, as well as the Yubikey 4. Shout outs to the guys at Nitrokey and Yubico for providing test devices!
Fix security issue
In version 5.1, we fixed a potential security issue with the external key status interface. We are not aware that this has been exploited in practice, users should still update to at least version 5.1 as soon as possible. You can find some details in our documentation of past vulnerabilities.
OpenKeychain is available on Google Play and F-Droid.
- Vincent and Dominik