English | Deutsch
Home »

What's new in Gpg4win 4.2?


Okular (GnuPG Edition)

Gpg4win has been extended with the popular Okular PDF Viewer as a new optional component. Although our Okular version is currently considered experimental and therefore not installed by default, this provides the ability to legally sign and verify documents with S/MIME certificates and smart cards which GnuPG supports.
The user experience regarding signatures and the performance will improve over the next releases.

The GnuPG Edition of Okular is optimized to be lightweight and to provide as little attack surface as possible. It does not support any active content like JavaScript or media files in PDF documents. It should therefore be more suitable in high security environments than other PDF readers.
If needed, the fully featured Okular with support for many document formats and active forms can be installed from the Microsoft Store but this lacks the GnuPG integration.

It is worth noting that Okular recently became the first, and at the time of writing (2023-07-14) the only, software package to be awarded the Blue Angel certificate issued by the German Federal Environment Agency. With the Blue Angel, the agency certifies, among other things, the openness and verifiability of the code, ensuring that Okular is a secure and reliable application that respects the privacy of its users and the confidentiality of their documents.

  • Verify with the GnuPG certificate store.
  • Sign signature fields.
  • Sign any PDF.


The new component keyboxd is now enabled by default for new users of Gpg4win. Keyboxd stores certificates (public keys) in a sqlite database and keeps it in memory. The resulting performance improvement can be quite large especially for users with large keyrings.

If you like you can switch to keyboxd at any time. To do this, open a command line (cmd) and run


To deactivate it again the command is:

Crypto Manager Kleopatra

Folder encryption and decryption (gpgtar) has been completely reworked so that it now has roughly the same performance as on the command line. The new architecture also allows for further performance improvements in the future and is much more robust.

Some other improvements are:

  • The standard validity period for the extension of certificates is now the same as for certificate creation.
  • Hints for the upcoming expiry of certificates.
  • Option to rename an encrypted archive file in case of name collision.
For the entire list of changes see: The changelog