[Announce] GnuPG 1.3.2 released (development)

David Shaw dshaw at jabberwocky.com
Tue May 27 17:46:02 CEST 2003

Hash: SHA1


The latest release from the development branch of GnuPG is ready for
public consumption.  This is a branch to create what will be GnuPG 1.4
someday.  It will change much more frequently than the 1.2.x "stable"
branch, which will mainly be updated for bug fix reasons.

The more GnuPG-familiar user is encouraged try this release (and the
ones that will follow in the 1.3.x branch), and report back any
problems to gnupg-devel at gnupg.org.  In return, you get the latest code
with the latest features.

Note that while this code is stable enough for many uses, it is still
the development branch.  Mission-critical applications should always
use the 1.2.x stable branch.

The files are available from:

  ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.2.tar.gz       (1617k)

MD5 checksums for the files are:

  c984bfeb35fbc7bdc591bffb0d690d22  gnupg-1.3.2.tar.gz
  8d6c476a9d972ee7c3436d5ba2029130  gnupg-1.3.2.tar.gz.sig

Noteworthy changes in version 1.3.2 (2003-05-27)
- ------------------------------------------------

    * New "--gnupg" option (set by default) that disables --openpgp,
      and the various --pgpX emulation options.  This replaces
      --no-openpgp, and --no-pgpX, and also means that GnuPG has now
      grown a --gnupg option to make GnuPG act like GnuPG.

    * A bug in key validation has been fixed.  This bug only affects
      keys with more than one user ID (photo IDs do not count here),
      and results in all user IDs on a given key being treated with
      the validity of the most-valid user ID on that key.

    * Notation names that do not contain a '@' are no longer allowed
      unless --expert is set.  This is to help prevent pollution of
      the (as yet unused) IETF notation namespace.

    * Multiple trust models are now supported via the --trust-model
      option.  The options are "pgp" (web-of-trust plus trust
      signatures), "classic" (web-of-trust only), and "always"
      (identical to the --always-trust option).

    * The --personal-{cipher|digest|compression}-preferences are now
      consulted to get default algorithms before resorting to the
      last-ditch defaults of --s2k-cipher-algo, SHA1, and ZIP
      respectively.  This allows a user to set algorithms to use in a
      safe manner so they are used when legal to do so, without
      forcing them on for all messages.

    * New --primary-keyring option to designate the keyring that the
      user wants new keys imported into.

    * --s2k-digest-algo is now used for all password mangling.
      Earlier versions used both --s2k-digest-algo and --digest-algo
      for passphrase mangling.

    * Handling of --hidden-recipient or --throw-keyid messages is now
      easier - the user only needs to give their passphrase once, and
      GnuPG will try it against all of the available secret keys.

    * Care is taken to prevent compiler optimization from removing
      memory wiping code.

    * New option --no-mangle-dos-filenames so that filenames are not
      truncated in the W32 version.

    * A "convert-from-106" script has been added.  This is a simple
      script that automates the conversion from a 1.0.6 or earlier
      version of GnuPG to a 1.0.7 or later version.

    * Disabled keys are now skipped when selecting keys for
      encryption.  If you are using the --with-colons key listings to
      detect disabled keys, please see doc/DETAILS for a minor format
      change in this release.

    * Minor trustdb changes to make the trust calculations match
      common usage.

    * New command "revuid" in the --edit-key menu to revoke a user ID.
      This is a simpler interface to the old method (which still
      works) of revoking the user ID self-signature.

    * Status VALIDSIG does now also print the primary key's
      fingerprint, as well as the signature version, pubkey algorithm,
      hash algorithm, and signature class.

    * Add read-only support for the SHA-256 hash, and optional
      read-only support for the SHA-384 and SHA-512 hashes.

    * New option --enable-progress-filter for use with frontends.

    * DNS SRV records are used in HKP keyserver lookups to allow
      administrators to load balance and select keyserver port
      automatically.  This is as specified in

    * When using the "keyid!" syntax during a key export, only that
      specified key is exported.  If the key in question is a subkey,
      the primary key plus only that subkey is exported.

    * configure --disable-xxx options to disable individual algorithms
      at build time.  This can be used to build a smaller gpg binary
      for embedded uses where space is tight.  See the README file for
      the algorithms that can be used with this option, or use
      --enable-minimal to build the smallest gpg possible (disables
      all optional algorithms, disables keyserver access, and disables
      photo IDs).

    * The keyserver no-modify flag on a key can now be displayed and

    * Note that the TIGER/192 digest algorithm is in the process of
      being dropped from the OpenPGP standard.  While this release of
      GnuPG still contains it, it is disabled by default.  To ensure
      you will still be able to use your messages with future versions
      of GnuPG and other OpenPGP programs, please do not use this

Happy Hacking,

  The GnuPG team (David, Stefan, Timo and Werner)
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc


More information about the Gnupg-announce mailing list