[Announce] GnuPG 1.0.7 released

Werner Koch wk@gnupg.org
Tue Apr 30 12:40:08 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello!
    
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage.  It is a complete and free replacement of PGP and
can be used to encrypt data and to create digital signatures.  It
includes an advanced key management facility and is compliant with the
proposed OpenPGP Internet standard as described in RFC2440.  This new
release has a lot of features beyond OpenPGP which will be included in
a soon to be published RFC2440 successor.

Version 1.0.7 has been released yesterday and is available at most
mirrors (see below) now.  If you can't get it from a mirror, use the
primary location:
      
  ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.7.tar.gz  (2.3MB)
  ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.7.tar.gz.sig
    
Due to some new translations and the work we did over the last 11
months, the diff against 1.0.6 is somewhat large:
      
  ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.6-1.0.7.diff.gz  (1.3MB)

MD5 checksums of the above files are:

  d8b36d4dfd213a1a1027b1877acbc897  gnupg-1.0.7.tar.gz
  99d92e0658972b42868d7564264797ad  gnupg-1.0.6-1.0.7.diff.gz

Some new things in this version:

    * Secret keys are now stored and exported in a new format which
      uses SHA-1 for integrity checks.  This format renders the
      Rosa/Klima attack useless.  Other OpenPGP implementations might
      not yet support this, so the option --simple-sk-checksum creates
      the old vulnerable format.

    * The default cipher algorithm for encryption is now CAST5,
      default hash algorithm is SHA-1.  This will give us better
      interoperability with other OpenPGP implementations.

    * Symmetric encrypted messages now use a fixed file size if
      possible.  This is a tradeoff: it breaks PGP 5, but fixes PGP 2,
      6, and 7.  Note this was only an issue with RFC-1991 style
      symmetric messages.

    * Photographic user ID support.  This uses an external program to
      view the images.

    * Enhanced keyserver support via keyserver "plugins".  GnuPG comes
      with plugins for the NAI LDAP keyserver as well as the HKP email
      keyserver.  It retains internal support for the HKP HTTP
      keyserver.

    * Nonrevocable signatures are now supported.  If a user signs a
      key nonrevocably, this signature cannot be taken back so be
      careful!

    * Multiple signature classes are usable when signing a key to
      specify how carefully the key information (fingerprint, photo
      ID, etc) was checked.

    * --pgp2 mode automatically sets all necessary options to ensure
      that the resulting message will be usable by a user of PGP 2.x.

    * --pgp6 mode automatically sets all necessary options to ensure
      that the resulting message will be usable by a user of PGP 6.x.

    * Signatures may now be given an expiration date.  When signing a
      key with an expiration date, the user is prompted whether they
      want their signature to expire at the same time.

    * Revocation keys (designated revokers) are now supported if
      present.  There is currently no way to designate new keys as
      designated revokers.

    * Permissions on the .gnupg directory and its files are checked
      for safety.

    * --expert mode enables certain silly things such as signing a
      revoked user id, expired key, or revoked key.

    * Some fixes to build cleanly under Cygwin32.

    * New tool gpgsplit to split OpenPGP data formats into packets.

    * New option --preserve-permissions.

    * Subkeys created in the future are not used for encryption or
      signing unless the new option --ignore-valid-from is used.

    * Revoked user-IDs are not listed unless signatures are listed too
      or we are in verbose mode.

    * There is no default comment string with ascii armors anymore
      except for revocation certificates and --enarmor mode.

    * The command "primary" in the edit menu can be used to change the
      primary UID, "setpref" and "updpref" can be used to change the
      preferences.

    * Fixed the preference handling; since 1.0.5 they were erroneously
      matched against against the latest user ID and not the given one.

    * RSA key generation.

    * Merged Stefan's patches for RISC OS in.  See comments in
      scripts/build-riscos. 

    * It is now possible to sign and conventional encrypt a message (-cs).

    * The MDC feature flag is supported and can be set by using
      the "updpref" edit command.

    * The status messages GOODSIG and BADSIG are now returning the primary
      UID, encoded using %XX escaping (but with spaces left as spaces,
      so that it should not break too much)

    * Support for GDBM based keyrings has been removed.

    * The entire keyring management has been revamped.

    * The way signature stati are store has changed so that v3
      signatures can be supported. To increase the speed of many
      operations for existing keyrings you can use the new
      --rebuild-keydb-caches command.

    * The entire key validation process (trustdb) has been revamped.
      See the man page entries for --update-trustdb, --check-trustdb
      and --no-auto-check-trustdb.

    * --trusted-keys is again obsolete, --edit can be used to set the
      ownertrust of any key to ultimately trusted.

    * A subkey is never used to sign keys.

    * Read only keyrings are now handled as expected.


Please read the man page entries for the options --update-trustdb and 
- --check-trustdb.  To get the best performance out of larger keyrings,
it is suggested that you run the new command "gpg --rebuild-keydb-caches"
once.  We tried to make the migration to 1.0.7 as smooth as possible,
but it might be good idea to backup your keyrings and the trustdb (gpg
- --export-ownertrust) first. 

Please note that due to a bug in prior versions, it won't be possible
to downgrade to 1.0.6 unless you use the GnuPG version which comes
with Debian's Woody release or you apply the patch
http://www.gnupg.org/developer/gpg-woody-fix.txt .

Most new features and a lot of bug fixes are due to David Shaw; he
greatly helped to improve GnuPG and put a lot of work into solving a
lot of little interoperability problems with PGP.  Many thanks to him
and to all the other folks who helped with this release.

See http://www.gnupg.org/docs-mls.html for a list of GnuPG related
mailing lists.  If you have any question you should direct them to
mailing list gnupg-users@gnupg.org .

      
Salaam-Shalom,

  Werner

    
p.s.
Here is a list of sites mirroring ftp://ftp.gnupg.org/gcrypt/
Please use them if you can; new releases should show up on these
servers within a day. This mirror list is also available at
http://www.gnupg.org/mirrors.html

    Australia

        ftp://ftp.planetmirror.com/pub/gnupg/
        http://ftp.planetmirror.com/pub/gnupg/
        ftp://mirror.aarnet.edu.au/pub/gnupg/

    Austria

        ftp://gd.tuwien.ac.at/privacy/gnupg/
        http://gd.tuwien.ac.at/privacy/gnupg/
        ftp://ftp.enemy.org/pub/crypto/gnupg/

    Belgium

        ftp://openbsd.rug.ac.be/pub/gcrypt/
        ftp://gnupg.x-zone.org/pub/gnupg

    Czechia

        ftp://ftp.gnupg.cz/pub/gcrypt

    Denmark

        ftp://sunsite.dk/pub/security/gcrypt/

    Finland

        ftp://ftp.jyu.fi/pub/crypt/gcrypt/
        ftp://trumpetti.atm.tut.fi/gcrypt/
        http://trumpetti.atm.tut.fi/gcrypt/
        rsync://trumpetti.atm.tut.fi/gcrypt/

    France

        ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/

    Germany

        ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/
        ftp://ftp.freenet.de/pub/ftp.gnupg.org/pub/gcrypt/

    Greece

        ftp://ftp.linux.gr/pub/crypto/gnupg/
        ftp://hal.csd.auth.gr/mirrors/gnupg/

    Hungary

        ftp://ftp.kfki.hu/pub/packages/security/gnupg/

    Iceland

        ftp://ftp.hi.is/pub/mirrors/gnupg/

    Ireland

        ftp://ftp.compsoc.com/pub/gnupg/

    Italy

        ftp://ftp.linux.it/pub/mirrors/gnupg/
        ftp://ftp3.linux.it/pub/mirrors/gnupg/

    Japan

        ftp://pgp.iijlab.net/pub/gnupg/
        ftp://ftp.ring.gr.jp/pub/net/gnupg/
        http://www.ring.gr.jp/pub/net/gnupg/
        ftp://ftp.ayamura.org/pub/gnupg/

    Korea

        ftp://ftp.snu.ac.kr/pub/security/gnupg/

    Poland

        ftp://sunsite.icm.edu.pl/pub/security/gnupg/

    Spain

        ftp://dimonieta.udg.es/mirror/gnupg

    Sweden

        ftp://ftp.stacken.kth.se/pub/crypto/gnupg/
        ftp://ftp.sunet.se:/pub/security/gnupg/

    Switzerland

        ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/

    Taiwan

        ftp://coda.nctu.edu.tw/Security/gcrypt

    United Kingdom

        ftp://ftp.net.lut.ac.uk/gcrypt/
        ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/
        http://www.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/

    United States

        ftp://ftp.exobit.org/pub/security/gnupg

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE8zmw4bH7huGIcwBMRAiLTAKCPlh37pJ1wo50gMJaCk1zRribWQwCguLkj
knSn9gpfR1rzqTQTgT5oyy8=
=lQMf
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce