18:45 Adam Weinberger (adamw) 

security/gnupg: Update to 2.3.0

Changes:
  * A new experimental key database daemon is provided.  To enable it
    put "use-keyboxd" into gpg.conf and gpgsm.conf.  Keys are stored
    in a SQLite database and make key lookup much faster.

  * New tool gpg-card as a flexible frontend for all types of
    supported smartcards.

  * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and
    gpg-connect-agent.

  * The gpg-wks-client tool is now installed under bin; a wrapper for
    its old location at libexec is also installed.

  * tpm2d: New daemon to physically bind keys to the local machine.
    See https://gnupg.org/blog/20210315-using-tpm-with-gnupg-2.3.html

  * gpg: Switch to ed25519/cv25519 as default public key algorithms.

  * gpg: Verification results now depend on the --sender option and
    the signer's UID subpacket.  [#4735]

  * gpg: Do not use any 64-bit block size cipher algorithm for
    encryption.  Use AES as last resort cipher preference instead of
    3DES.  This can be reverted using --allow-old-cipher-algos.

  * gpg: Support AEAD encryption mode using OCB or EAX.

  * gpg: Support v5 keys and signatures.

  * gpg: Support curve X448 (ed448, cv448).

  * gpg: Allow use of group names in key listings.  [e825aea2ba]

  * gpg: New option --full-timestrings to print date and time.

  * gpg: New option --force-sign-key.  [#4584]

  * gpg: New option --no-auto-trust-new-key.

  * gpg: The legacy key discovery method PKA is no longer supported.
    The command --print-pka-records and the PKA related import and
    export options have been removed.

  * gpg: Support export of Ed448 Secure Shell keys.

  * gpgsm: Add basic ECC support.

  * gpgsm: Support creation of EdDSA certificates.  [#4888]

  * agent: Allow the use of "Label:" in a key file to customize the
    pinentry prompt.  [5388537806]

  * agent: Support ssh-agent extensions for environment variables.
    With a patched version of OpenSSH this avoids the need for the
    "updatestartuptty" kludge.  [224e26cf7b]

  * scd: Improve support for multiple card readers and tokens.

  * scd: Support PIV cards.

  * scd: Support for Rohde&Schwarz Cybersecurity cards.

  * scd: Support Telesec Signature Cards v2.0

  * scd: Support multiple application on certain smartcard.

  * scd: New option --application-priority.

  * scd: New option --pcsc-shared; see man page for important notes.

  * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs.

  * The symcryptrun tool, a wrapper for the now obsolete external
    Chiasmus tool, has been removed.

  * Full Unicode support under Windows for the command line.  [#4398]

  Release-info: https://dev.gnupg.org/T5343

    433d2e2

23:49 asomers 

security/gnupg: add the --shared-access option to scdaemon

gnupg's scdaemon opens smart cards in exclusive mode, which prevents other
applications (such as PKCS#11 libraries) from concurrently accessing the
card). Upstream refuses to fix the problem. This commit adds a
--shared-access option to scdaemon. When enabled, scdaemon will access the
smart card in shared mode, playing nicely with other applications. The
default behavior is unchanged.

See Also:
https://github.com/GPGTools/MacGPG2/commit/d6cb8039a0cdc74b9bdd89a3dfa93248aa2c4100
https://dev.gnupg.org/T3267
https://dev.gnupg.org/D320
https://github.com/OpenSC/OpenSC/issues/953

Reviewed by:	adamw
Approved by:	adamw (maintainer)
Obtained-from:	GPGTools
Sponsored by:	Axcient
Differential Revision:	https://reviews.freebsd.org/D22473