GnuPG VS-Desktop 3.1.22

GnuPG VS-Desktop® version 3.1.22 is available since 2022-05-03. The previous version was 3.1.21.

Notes to Admins

A bug (CVE-2018-25032) in the underlying zlib library might have enabled an attack if the attacker was able to control the data that was to be encrypted with GnuPG VS-Desktop.

There are no known attacks through this vector, but it is still important to update to 3.1.22. Especially if data for encryption originates from untrustworthy sources. (T5910)

New Features

GUI (Kleopatra)

  • The GnuPG backend can now be restarted through an action in the Extras menu. (T5775)
  • A tooltip highlights why subkeys are needed in the advanced key generation dialog. (T5781)
  • There is now a button in certificate details to copy the fingerprint via clipboard without spaces. (T5776)
  • The smartcard reader settings are now on their own configuration page. (T5857)
  • It is now possible to revoke your own key. (T5859)
  • The dialog for adding a User-ID has been rewritten and now also accepts names starting with numbers. (T5916)
  • It is now possible to configure a minimal and maximal validity period for new keys. (T5864)
  • A wrong passphrase for symmetric decryption now shows as wrong passphrase error. (T5406)
  • Support for using S/MIME certificate from PKCS#15 Smartcards.


  • OpenPGP and S/MIME key generation are now optimized for accessibility. (T5832)
  • The tab bar for different certificate views is now always shown. (T5841)
  • The certificate view can now be navigated by arrow keys to make it more accessible by keyboard. (T5841)
  • Empty cells in the certificate view now have screen reader specific annotations to make them readable. e.g.: "no name" or "no email". (T5841)
  • Key-IDs and Fingerprints are now read by screen readers in groups of four characters. (T5841)
  • The file encryption dialog has been optimized for accessibility. (T5845)
  • The certificate selection dialog, which can be accessed through the file encryption dialog, has been optimized for accessibility. (T5876)
  • The dialog for adding a User-ID has been rewritten for full accessibility. (T5916)

Windows Explorer Add-In (GgpEX)

  • It is now possible to configure the default command through the Windows registry. (T5915)

Engine (GnuPG)

  • Threefold decryption speedup for large files. (T5820) For full use of this improvements use GnuPG on the command line.
  • New Option "–require-compliance" to create an error if an Operation did not comply to the compliance setting.
  • Tar archives now support longer filenames larger then MAX_PATH. (T5754)
  • Support for GeNUA Smartcards.
  • WKD lookups now also work for resolvers not handling SRV records. (T4729)

Solved Bugs

GUI (Kleopatra)

  • Several places where the application name was written in lowercase have been fixed. (T5833)
  • A crash has been fixed that occurred when revoking a certification without a selected key. (T5858)
  • The keylist filter for not certified certificates now only shows not certified keys and not all invalid certificates. (T5850)
  • Forcing the key type through config now also forces correct usage flags. (T5856)

Outlook Add-In (GgpOL)

  • Fixed a double free error which could lead to random crashes. This double free was not exploitable as a security issue.

Engine (GnuPG)

  • Additional non compliant ciphers can now be decrypted in compliance mode.

Versions of the Components

Component Version Remarks
GnuPG 2.2.35 T5928
Kleopatra 3.1.22  
GpgOL 2.5.3  
GpgEX 1.0.9  
Libgcrypt 1.8.9