GnuPG Roadmap

This page has information on what we plan to do and what new features will go into which version. This is not a list of guaranteed milestones or with fixed release dates. This page should better be viewed as a scratchpad with notes of GnuPG developers.

The next GnuPG modern release will be 2.1.12 and it is long overdue.

All things to do for 2.1

  • Fix flaws in HKPS support
  • Add LDAP keyserver support
  • Add unattended key generation with passphrase.
  • More and more bug reports are coming in. Decide which of them to fix for 2.1.2.
  • Migrate everything to automake 1.14.
  • Add Tor support
  • Add a status-fd interface for the new Tofu system
  • Release Libgcrypt 1.7 so that Curve25519 ECDH will work (see below)
  • Finish NTBTLS to allow for TLS access to LDAP and HKP on Windows.

Required for GPGME

  • Add specific trust information for Tofu
  • Add API to set the tofu policy for a key

Documentation items

  • Write an I-D to describe Curve25519 ECDH

RFC work

  • The OpenPGP is slowly working on RFC-2440bis. See git://

Libgcrypt Roadmap

Libgcrypt is used by a lot of other projects and thus deserves its own roadmap

Things to be done for Libgcrypt 1.7

The current stable release is 1.7 with a lot of performance improvements and a few new features over 1.6. Here are the things we have not achieved for 1.7.0:

  • Update of the Windows entropy gatherer (rndw32.c)

The rndw32 update is pretty important because it has not seen any updates for years. We need to compare the code against the latest Cryptlib. Updating rndunix could also be done but it is not very important given that all mainstream OS now feature a /dev/random.



  • Auto build the pages on the server
  • Add RSS feed for the blogs


  • We need more disk space for Thrithemius and best also more RAM.
  • Playfair has only 2GiB RAM assigned which considerably slows it down as soon as ill behaving spiders access it.


  • Add an option to pound(1) to limit concurrent conections (cf. playfair load due to spiders)
  • Add a 404 handler to Boa (I started with that in my local repo - wk).