Starting with Fedora 30, the
/usr/bin/gpg path representing the main GPG
implementation uses GnuPG 2 instead of version 1 used in earlier releases.
This change brings Fedora in line with other major distributions, and
provides users with consistent experience between distributions.
The default metadata encryption format for full disk encryption has been
changed from LUKS1 to LUKS2. LUKS2 is an evolution of the standard that
enables new features such as the Argon2 KDF for keyslots (alongside
currently used PBKDF2), improved support for automatic activation, support
for wrapped key ciphers (the
paes cipher), and experimental authenticated
LUKS1 continues to be supported.
Note that older boot media (Fedora 27 and earlier) do not provide a version
cryptsetup that can unlock LUKS2-encrypted volumes. This means a
Fedora 27 or earlier installation ISO can not be used to rescue a system
with LUKS2 encryption.
A number of unsafe legacy functions have been removed from
libcrypt, and a
compatibility package is now provided for applications that rely on these
functions. For details, see