[Announce] GnuPG 1.0.7 released
wk at gnupg.org
Tue Apr 30 12:05:02 CEST 2002
-----BEGIN PGP SIGNED MESSAGE-----
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage. It is a complete and free replacement of PGP and
can be used to encrypt data and to create digital signatures. It
includes an advanced key management facility and is compliant with the
proposed OpenPGP Internet standard as described in RFC2440. This new
release has a lot of features beyond OpenPGP which will be included in
a soon to be published RFC2440 successor.
Version 1.0.7 has been released yesterday and is available at most
mirrors (see below) now. If you can't get it from a mirror, use the
Due to some new translations and the work we did over the last 11
months, the diff against 1.0.6 is somewhat large:
MD5 checksums of the above files are:
Some new things in this version:
* Secret keys are now stored and exported in a new format which
uses SHA-1 for integrity checks. This format renders the
Rosa/Klima attack useless. Other OpenPGP implementations might
not yet support this, so the option --simple-sk-checksum creates
the old vulnerable format.
* The default cipher algorithm for encryption is now CAST5,
default hash algorithm is SHA-1. This will give us better
interoperability with other OpenPGP implementations.
* Symmetric encrypted messages now use a fixed file size if
possible. This is a tradeoff: it breaks PGP 5, but fixes PGP 2,
6, and 7. Note this was only an issue with RFC-1991 style
* Photographic user ID support. This uses an external program to
view the images.
* Enhanced keyserver support via keyserver "plugins". GnuPG comes
with plugins for the NAI LDAP keyserver as well as the HKP email
keyserver. It retains internal support for the HKP HTTP
* Nonrevocable signatures are now supported. If a user signs a
key nonrevocably, this signature cannot be taken back so be
* Multiple signature classes are usable when signing a key to
specify how carefully the key information (fingerprint, photo
ID, etc) was checked.
* --pgp2 mode automatically sets all necessary options to ensure
that the resulting message will be usable by a user of PGP 2.x.
* --pgp6 mode automatically sets all necessary options to ensure
that the resulting message will be usable by a user of PGP 6.x.
* Signatures may now be given an expiration date. When signing a
key with an expiration date, the user is prompted whether they
want their signature to expire at the same time.
* Revocation keys (designated revokers) are now supported if
present. There is currently no way to designate new keys as
* Permissions on the .gnupg directory and its files are checked
* --expert mode enables certain silly things such as signing a
revoked user id, expired key, or revoked key.
* Some fixes to build cleanly under Cygwin32.
* New tool gpgsplit to split OpenPGP data formats into packets.
* New option --preserve-permissions.
* Subkeys created in the future are not used for encryption or
signing unless the new option --ignore-valid-from is used.
* Revoked user-IDs are not listed unless signatures are listed too
or we are in verbose mode.
* There is no default comment string with ascii armors anymore
except for revocation certificates and --enarmor mode.
* The command "primary" in the edit menu can be used to change the
primary UID, "setpref" and "updpref" can be used to change the
* Fixed the preference handling; since 1.0.5 they were erroneously
matched against against the latest user ID and not the given one.
* RSA key generation.
* Merged Stefan's patches for RISC OS in. See comments in
* It is now possible to sign and conventional encrypt a message (-cs).
* The MDC feature flag is supported and can be set by using
the "updpref" edit command.
* The status messages GOODSIG and BADSIG are now returning the primary
UID, encoded using %XX escaping (but with spaces left as spaces,
so that it should not break too much)
* Support for GDBM based keyrings has been removed.
* The entire keyring management has been revamped.
* The way signature stati are store has changed so that v3
signatures can be supported. To increase the speed of many
operations for existing keyrings you can use the new
* The entire key validation process (trustdb) has been revamped.
See the man page entries for --update-trustdb, --check-trustdb
* --trusted-keys is again obsolete, --edit can be used to set the
ownertrust of any key to ultimately trusted.
* A subkey is never used to sign keys.
* Read only keyrings are now handled as expected.
Please read the man page entries for the options --update-trustdb and
- --check-trustdb. To get the best performance out of larger keyrings,
it is suggested that you run the new command "gpg --rebuild-keydb-caches"
once. We tried to make the migration to 1.0.7 as smooth as possible,
but it might be good idea to backup your keyrings and the trustdb (gpg
- --export-ownertrust) first.
Please note that due to a bug in prior versions, it won't be possible
to downgrade to 1.0.6 unless you use the GnuPG version which comes
with Debian's Woody release or you apply the patch
Most new features and a lot of bug fixes are due to David Shaw; he
greatly helped to improve GnuPG and put a lot of work into solving a
lot of little interoperability problems with PGP. Many thanks to him
and to all the other folks who helped with this release.
See http://www.gnupg.org/docs-mls.html for a list of GnuPG related
mailing lists. If you have any question you should direct them to
mailing list gnupg-users at gnupg.org .
Here is a list of sites mirroring ftp://ftp.gnupg.org/gcrypt/
Please use them if you can; new releases should show up on these
servers within a day. This mirror list is also available at
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-announce