From wk at gnupg.org Tue Apr 30 12:05:02 2002 From: wk at gnupg.org (Werner Koch) Date: Wed Feb 23 12:43:33 2005 Subject: [Announce] GnuPG 1.0.7 released Message-ID: <87sn5dqz2c.fsf@alberti.gnupg.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. This new release has a lot of features beyond OpenPGP which will be included in a soon to be published RFC2440 successor. Version 1.0.7 has been released yesterday and is available at most mirrors (see below) now. If you can't get it from a mirror, use the primary location: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.7.tar.gz (2.3MB) ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.7.tar.gz.sig Due to some new translations and the work we did over the last 11 months, the diff against 1.0.6 is somewhat large: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.6-1.0.7.diff.gz (1.3MB) MD5 checksums of the above files are: d8b36d4dfd213a1a1027b1877acbc897 gnupg-1.0.7.tar.gz 99d92e0658972b42868d7564264797ad gnupg-1.0.6-1.0.7.diff.gz Some new things in this version: * Secret keys are now stored and exported in a new format which uses SHA-1 for integrity checks. This format renders the Rosa/Klima attack useless. Other OpenPGP implementations might not yet support this, so the option --simple-sk-checksum creates the old vulnerable format. * The default cipher algorithm for encryption is now CAST5, default hash algorithm is SHA-1. This will give us better interoperability with other OpenPGP implementations. * Symmetric encrypted messages now use a fixed file size if possible. This is a tradeoff: it breaks PGP 5, but fixes PGP 2, 6, and 7. Note this was only an issue with RFC-1991 style symmetric messages. * Photographic user ID support. This uses an external program to view the images. * Enhanced keyserver support via keyserver "plugins". GnuPG comes with plugins for the NAI LDAP keyserver as well as the HKP email keyserver. It retains internal support for the HKP HTTP keyserver. * Nonrevocable signatures are now supported. If a user signs a key nonrevocably, this signature cannot be taken back so be careful! * Multiple signature classes are usable when signing a key to specify how carefully the key information (fingerprint, photo ID, etc) was checked. * --pgp2 mode automatically sets all necessary options to ensure that the resulting message will be usable by a user of PGP 2.x. * --pgp6 mode automatically sets all necessary options to ensure that the resulting message will be usable by a user of PGP 6.x. * Signatures may now be given an expiration date. When signing a key with an expiration date, the user is prompted whether they want their signature to expire at the same time. * Revocation keys (designated revokers) are now supported if present. There is currently no way to designate new keys as designated revokers. * Permissions on the .gnupg directory and its files are checked for safety. * --expert mode enables certain silly things such as signing a revoked user id, expired key, or revoked key. * Some fixes to build cleanly under Cygwin32. * New tool gpgsplit to split OpenPGP data formats into packets. * New option --preserve-permissions. * Subkeys created in the future are not used for encryption or signing unless the new option --ignore-valid-from is used. * Revoked user-IDs are not listed unless signatures are listed too or we are in verbose mode. * There is no default comment string with ascii armors anymore except for revocation certificates and --enarmor mode. * The command "primary" in the edit menu can be used to change the primary UID, "setpref" and "updpref" can be used to change the preferences. * Fixed the preference handling; since 1.0.5 they were erroneously matched against against the latest user ID and not the given one. * RSA key generation. * Merged Stefan's patches for RISC OS in. See comments in scripts/build-riscos. * It is now possible to sign and conventional encrypt a message (-cs). * The MDC feature flag is supported and can be set by using the "updpref" edit command. * The status messages GOODSIG and BADSIG are now returning the primary UID, encoded using %XX escaping (but with spaces left as spaces, so that it should not break too much) * Support for GDBM based keyrings has been removed. * The entire keyring management has been revamped. * The way signature stati are store has changed so that v3 signatures can be supported. To increase the speed of many operations for existing keyrings you can use the new --rebuild-keydb-caches command. * The entire key validation process (trustdb) has been revamped. See the man page entries for --update-trustdb, --check-trustdb and --no-auto-check-trustdb. * --trusted-keys is again obsolete, --edit can be used to set the ownertrust of any key to ultimately trusted. * A subkey is never used to sign keys. * Read only keyrings are now handled as expected. Please read the man page entries for the options --update-trustdb and - --check-trustdb. To get the best performance out of larger keyrings, it is suggested that you run the new command "gpg --rebuild-keydb-caches" once. We tried to make the migration to 1.0.7 as smooth as possible, but it might be good idea to backup your keyrings and the trustdb (gpg - --export-ownertrust) first. Please note that due to a bug in prior versions, it won't be possible to downgrade to 1.0.6 unless you use the GnuPG version which comes with Debian's Woody release or you apply the patch http://www.gnupg.org/developer/gpg-woody-fix.txt . Most new features and a lot of bug fixes are due to David Shaw; he greatly helped to improve GnuPG and put a lot of work into solving a lot of little interoperability problems with PGP. Many thanks to him and to all the other folks who helped with this release. See http://www.gnupg.org/docs-mls.html for a list of GnuPG related mailing lists. If you have any question you should direct them to mailing list gnupg-users@gnupg.org . Salaam-Shalom, Werner p.s. Here is a list of sites mirroring ftp://ftp.gnupg.org/gcrypt/ Please use them if you can; new releases should show up on these servers within a day. This mirror list is also available at http://www.gnupg.org/mirrors.html Australia ftp://ftp.planetmirror.com/pub/gnupg/ http://ftp.planetmirror.com/pub/gnupg/ ftp://mirror.aarnet.edu.au/pub/gnupg/ Austria ftp://gd.tuwien.ac.at/privacy/gnupg/ http://gd.tuwien.ac.at/privacy/gnupg/ ftp://ftp.enemy.org/pub/crypto/gnupg/ Belgium ftp://openbsd.rug.ac.be/pub/gcrypt/ ftp://gnupg.x-zone.org/pub/gnupg Czechia ftp://ftp.gnupg.cz/pub/gcrypt Denmark ftp://sunsite.dk/pub/security/gcrypt/ Finland ftp://ftp.jyu.fi/pub/crypt/gcrypt/ ftp://trumpetti.atm.tut.fi/gcrypt/ http://trumpetti.atm.tut.fi/gcrypt/ rsync://trumpetti.atm.tut.fi/gcrypt/ France ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/ Germany ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/ ftp://ftp.freenet.de/pub/ftp.gnupg.org/pub/gcrypt/ Greece ftp://ftp.linux.gr/pub/crypto/gnupg/ ftp://hal.csd.auth.gr/mirrors/gnupg/ Hungary ftp://ftp.kfki.hu/pub/packages/security/gnupg/ Iceland ftp://ftp.hi.is/pub/mirrors/gnupg/ Ireland ftp://ftp.compsoc.com/pub/gnupg/ Italy ftp://ftp.linux.it/pub/mirrors/gnupg/ ftp://ftp3.linux.it/pub/mirrors/gnupg/ Japan ftp://pgp.iijlab.net/pub/gnupg/ ftp://ftp.ring.gr.jp/pub/net/gnupg/ http://www.ring.gr.jp/pub/net/gnupg/ ftp://ftp.ayamura.org/pub/gnupg/ Korea ftp://ftp.snu.ac.kr/pub/security/gnupg/ Poland ftp://sunsite.icm.edu.pl/pub/security/gnupg/ Spain ftp://dimonieta.udg.es/mirror/gnupg Sweden ftp://ftp.stacken.kth.se/pub/crypto/gnupg/ ftp://ftp.sunet.se:/pub/security/gnupg/ Switzerland ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/ Taiwan ftp://coda.nctu.edu.tw/Security/gcrypt United Kingdom ftp://ftp.net.lut.ac.uk/gcrypt/ ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/ http://www.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/ United States ftp://ftp.exobit.org/pub/security/gnupg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE8zmw4bH7huGIcwBMRAiLTAKCPlh37pJ1wo50gMJaCk1zRribWQwCguLkj knSn9gpfR1rzqTQTgT5oyy8= =lQMf -----END PGP SIGNATURE-----