NeoPG starts as an opiniated fork of GnuPG 2 to clean up the code and make it easier to develop.
We want to provide a stable and extensible API for application developers, too.
Eventually, we will add new ways to use OpenPGP that make it accessible and usable.
This attack on GnuPG signature verification is specific to pass, the Simple Password Store. It can give the attacker access to passwords and remote code execution.
This is another attack to spoof digital signatures specific to Enigmail.
GnuPG, Enigmail, GPGTools and potentially other applications using GnuPG can be attacked with in-band signaling similar to phreaking phone lines in the 1970s (“Cap’n Crunch”). We demonstrate this by creating messages that appear to be signed by arbitrary keys.
I found out that it is possible to create a message that looks encrypted in GnuPG and many email clients, but where the plaintext is actually not protected at all.