[Announce] GnuPG 1.3.4 released (development)

David Shaw dshaw at jabberwocky.com
Thu Nov 27 21:05:30 CET 2003

Hash: SHA1


The latest release from the development branch of GnuPG is ready for
public consumption.  This is a branch to create what will eventually
become GnuPG 1.4.  It will change with greater frequency than the
1.2.x "stable" branch, which will mainly be updated for bug fix

The more GnuPG-familiar user is encouraged try this release (and the
ones that will follow in the 1.3.x branch), and report back any
problems to gnupg-devel at gnupg.org.  In return, you get the latest code
with the latest features.

This release contains code to address the recently discovered Elgamal
sign+encrypt problem discussed in:

Note that this change prevents generating any new Elgamal sign+encrypt
keys, and prevents generating any new Elgamal signatures or encrypting
to Elgamal sign+encrypt keys.  This also means that this version of
GnuPG cannot be used to revoke an existing Elgamal sign+encrypt
primary key (as the revocation involves issuing a signature).  It can
still be used to revoke an Elgamal sign+encrypt subkey with a
non-Elgamal primary key.  If you still have a primary Elgamal key you
want to revoke, you will need to do it with an earlier version of

As always, note that while this code is stable enough for many uses,
it is still the development branch.  Mission-critical applications
should always use the 1.2.x stable branch.

The files are available from:

  ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.4.tar.gz       (1861k)
  ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.3-1.3.4.diff.gz (242k)

MD5 checksums for the files are:

  3e2722be17f9ff3979c95b5fb1371818  gnupg-1.3.4.tar.gz
  907cd4bbaf03d6713e697310613612e9  gnupg-1.3.3-1.3.4.diff.gz

Noteworthy changes in version 1.3.4 (2003-11-27)
- ------------------------------------------------

    * Added support for BZIP2 compression.  This should be considered
      experimental, and is only available if the libbzip2 library
      <http://sources.redhat.com/bzip2/> is installed.

    * Added the ability to handle messages that can be decrypted with
      either a passphrase or a secret key.  These messages may be
      generated with --symmetric --encrypt or --symmetric --sign

    * The config file search has been enhanced to try for less
      specific filename matches before giving up.  For example,
      version 1.3.4 will try for gpg.conf-1.3.4, gpg.conf-1.3, and
      gpg.conf-1 before falling back to the regular gpg.conf file.

    * Fixed a format string bug in the HKP keyserver handler.

    * Support for Elgamal sign+encrypt keys has been removed.  Old
      signatures may still be verified, and existing encrypted
      messages may still be decrypted, but no new signatures may be
      issued by, and no new messages will be encrypted to, these keys.

 The GnuPG team (David, Stefan, Timo and Werner)
Version: GnuPG v1.3.4-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc


More information about the Gnupg-announce mailing list