A regpg gendnskey subcommand that generates DNSSEC keys with
sensible parameters.
Fix check, recrypt, shred subcommands when filenames contain
spaces. Thanks to Paul Haughton for the bug report.
Compatibility fixes for more recent versions of Ansible, OpenSSL, and GnuPG.
Accommodate lack of SHA256 support in Mac OS X crypt(3)
ReGPG::Login supports object-oriented style as well as script style.
ReGPG::Login has a HTTP Basic authorization convenience helper.
A regpg dnssec subcommand that provides wrappers for the BIND
dnssec-keygen and dnssec-settime programs, to make it more
convenient to work with encrypted DNSSEC private keys.
Introduce ReGPG::Login, a Perl module to load partially-encrypted login credentials. It uses the storage layout that I have set up for the DNS systems at Cambridge.
Bugs: I have not yet fixed the Makefile to install it properly, nor written any tests.
Explicitly tell OpenSSL to use SHA-256.
I have not managed to find a version of OpenSSL that does not use SHA-256 (I checked 1.0.1 and 1.1.0 and 1.1.1) so this is effectively a no-op, but it might be useful for people stuck on ante-diluvian versions.
Minor test suite fixes for RHEL 7.
Attempt to work around gpg2 reliability problems. The Ansible
plugins will run gpg1 if it is available (since it is more
reliable than gpg2) and re-run gpg2 if it looks like there was a
spurious failure.
Python 3 compatibility for the Ansible plugins.
Compatibility with gpg2 format key IDs. When listing key IDs,
gpg adds a prefix indicating the algorithm and key size, separated
from the ID by a slash. However, gpg does not accept key IDs in
this format, so regpg strips off the prefix to make it work.
Previously regpg only recognized gpg1 prefixes like 4096R/,
but now it also strips off gpg2 prefixes like rsa4096/.
Declare regpg to be stable.
Reduce length of passwords, so it is feasible to copy-type them into a console.
Other minor genpwd improvements.
Compatibility with Ansible 2.5 and 2.6. Thanks to David Carter for reporting that there were problems.
Minor test portability and robustness improvements found when running on Debian sid / unstable.
genspkifp generates SPKI fingerprints for HTTPS public key pinning (HPKP)
fix regpg init ansible when there are existing plugin settings
check the relnotes are updated before release
Ed25519 ssh keys (using puttygen)
fix ssh key generation on BSDish systems
Support for both Markdown.pl and Text::Markdown in doc build
Avoid locale interference in tests
Use ~/.regpg to avoid interference from user's gpg.conf
depipe subcommand, for writing to a temporary fifo
gencrt and gencsa now auto-generate private keys as necessary
gencrt subcommand for self-signed X.509 certificates
gencrt also has super simple X.509 CA support
port to Ansible 2.0, 2.1.0, 2.1.1, and devel
crypt(3) hash output fromgenpwd
GPLv3
Ansible portability fixes
Ansible gpg_d module, to support binary secrets
Force message authentication digests on encrypted files
squeegee subcommand
lskeys can list decryption keys of encrypted files
Portability fixes to different versions of Ansible, GnuPG, OpenSSL
Improvements to test suite
Presentation to colleagues
Logo
Before this point, regpg had very few users. Please see the git
logs for changes to older versions.
Part of
regpghttps://dotat.at/prog/regpg/
Written by Tony Finch fanf2@cam.ac.uk dot@dotat.at
at Cambridge University Information Services.