[git] gnupg-doc - branch, master, updated. 1d63effe8d30c76530cf7f6d3ba44ae76eab2371
by Werner Koch
cvs at cvs.gnupg.org
Tue Aug 19 12:52:12 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via 1d63effe8d30c76530cf7f6d3ba44ae76eab2371 (commit)
via 53b2cf09c0309c5cfc8cdbb2eaa62da18a6ac1f7 (commit)
from 64dac94489afa59e44763dfd7c2f49ed40312615 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1d63effe8d30c76530cf7f6d3ba44ae76eab2371
Author: Werner Koch <wk at gnupg.org>
Date: Tue Aug 19 12:52:18 2014 +0200
swdb: Update and add Makefile for signing.
diff --git a/web/Makefile b/web/Makefile
new file mode 100644
index 0000000..d65dc10
--- /dev/null
+++ b/web/Makefile
@@ -0,0 +1,8 @@
+
+all: swdb.lst.sig
+
+swdb.lst: swdb.mac
+ awk '/^#\+macro:/ {print $$2, $$3}' swdb.mac >swdb.lst
+
+swdb.lst.sig: swdb.lst
+ gpg -sbu 0x249B39D24F25E3B6 swdb.lst
diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el
index 15d4342..b5f3ae3 100644
--- a/web/share/gpgweb.el
+++ b/web/share/gpgweb.el
@@ -31,7 +31,7 @@
(aput 'org-publish-project-alist "gpgweb-other"
'(:base-directory "."
- :base-extension "jpg\\|png\\|css\\|txt\\|rss"
+ :base-extension "jpg\\|png\\|css\\|txt\\|rss\\|lst\\|sig"
:recursive t
:publishing-directory "../stage"
:publishing-function org-publish-attachment
@@ -205,8 +205,7 @@
"werner at trithemius.gnupg.org:"
"/var/www/www/www.gnupg.org/htdocs/ ;"
" ssh werner at trithemius.gnupg.org"
- " touch /var/www/www/www.gnupg.org/htdocs/donate/donors.dat"))))
-
+ " touch /var/www/www/www.gnupg.org/htdocs/donate/donors.dat"))
(provide 'gpgweb)
diff --git a/web/swdb.mac b/web/swdb.mac
index 17192c1..0e78807 100644
--- a/web/swdb.mac
+++ b/web/swdb.mac
@@ -1,4 +1,5 @@
# Version information
+# Please run make in this directory after changing this file.
#
# Primary FTP server base directory
@@ -13,6 +14,12 @@
#+macro: gnupg_size 4203k
#+macro: gnupg_sha1 3ff5b38152c919724fd09cf2f17df704272ba192
+#
+# GnuPG-2.1
+#
+#+macro: gnupg21_ver 2.1.0
+#+macro: gnupg21_branch master
+
#
# GnuPG-1
@@ -77,7 +84,7 @@
# DirMngr
#
#+macro: dirmngr_ver 1.1.0
-#+macro: dirmngr_size 543k"
+#+macro: dirmngr_size 543k
#+macro: dirmngr_sha1 a7a7d1432db9edad2783ea1bce761a8106464165
@@ -97,5 +104,18 @@
#+macro: libassuan_sha1 7aed69734ba64b63004107cada671b5861d332a4
+#
+# nPth
+#
+#+macro: npth_ver 0.91
+
+
+#
+# GpgEX
+#
+#+macro: gpgex_ver 1.0.1
+
+
+
# --- end of swdb.mac ---
commit 53b2cf09c0309c5cfc8cdbb2eaa62da18a6ac1f7
Author: Werner Koch <wk at gnupg.org>
Date: Sun Aug 17 14:00:34 2014 +0200
FAQ and swdb update.
diff --git a/web/donate/index.org b/web/donate/index.org
index 23e65f7..e1fa444 100644
--- a/web/donate/index.org
+++ b/web/donate/index.org
@@ -7,7 +7,9 @@
Maintaining and improving GnuPG is costly. For more than a decade,
[[https://g10code.com][g10^code]] GmbH, a company owned and headed by GnuPG's principal
author Werner Koch, is bearing the majority of these costs. To help
- them carry on this work, they need your support.
+ them carry on this work, they need your support. Note that despite
+ GnuPG carries an [[https://www.fsf.org][FSF]] copyright notice, they never funded the
+ development or hosting costs.
If you are using [[http://gnupg.org][GnuPG]], [[http://directory.fsf.org/project/libgcrypt/][Libgcrypt]], [[http://gnupg.org/related_software/gpgme/][GPGME]], or [[https://www.gpg4win.org][Gpg4win]] and would like
to help with development and maintenance please consider to make a
@@ -75,8 +77,9 @@
<tr>
<td></td>
<td>
- If you want to be listed on the sponsors page, please enter
- your name as it shall appear there.
+ If you want to be listed on the
+ <a href="kudos.html">list of donors</a>,
+ please enter your name as it shall appear there.
</td>
</tr>
<tr>
diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org
index 81ba8fa..e442dcd 100644
--- a/web/faq/gnupg-faq.org
+++ b/web/faq/gnupg-faq.org
@@ -1893,22 +1893,51 @@ some of the answers in this section.
-** Why does GnuPG use RSA-2048 by default?
+** Why does GnuPG default to 2048 bit RSA-2048?
:PROPERTIES:
:CUSTOM_ID: default_rsa2048
:END:
-The United States National Institute of Standards and Technology
-([[http://www.nist.gov][NIST]]) believes that 2048-bit [[#define_asymc][asymmetric cryptography]] will be secure
-until at least the year 2030. Larger keys are unlikely to extend this
-duration very much. Further, large keys come with their own problems:
-they cannot be moved to smartcards, mobile devices have trouble with
-them, and so on.
+At the time the decision was made, 2048-bit RSA was thought to provide
+reasonable security for the next decade or more while still being
+compatible with the overwhelming majority of the OpenPGP ecosystem.
+
+*** Is that still the case?
+Largely, yes. According to NIST Special Publication 800-57, published
+in July 2012, 2048-bit RSA is believed safe until 2030. At present,
+no reputable cryptographer or research group has cast doubt on the
+safety of RSA-2048. That said, many are suggesting shifting to larger
+keys, and GnuPG will be making such a shift in the near future.
+
+*** What do other groups have to say about 2048-bit RSA?
+In 2014, the German Bundesnetzagentur fuer Elektrizitaet, Gas,
+Telekommunikation, Post und Eisenbahnen recommended using RSA-2048 for
+long-term security in electronic signatures.
+
+In 2012, ECRYPT-II published their “Yearly Report on Algorithms and
+Keysizes” wherein they expressed their belief RSA-1776 will suffice
+until at least 2020, and RSA-2432 until 2030.
+
+In 2010, France’s Agence Nationale de la Securite des Systems
+d’Information stated they had confidence in RSA-2048 until at
+least 2020.
+
+*** Is there a general recommendation that 3072-bit keys be used for new applications?
+No, although some respected people and groups within the cryptographic
+community have made such recommendations. Some even recommend
+4096-bit keys.
-GnuPG uses RSA by default instead of DSA not because of any problems
-with DSA, but just because RSA has a larger installed user base and is
-better supported by other OpenPGP-compatible products.
+*** Will GnuPG ever support RSA-3072 or RSA-4096 by default?
+Probably not. The future is elliptical-curve cryptography, which will
+bring a level of safety comparable to RSA-16384. Every minute we
+spend arguing about whether we should change the defaults to RSA-3072
+or more is one minute the shift to ECC is delayed. Frankly, we think
+ECC is a really good idea and we'd like to see it deployed as soon as
+humanly possible.
+*** I think I need larger key sizes.
+By all means, feel free to generate certificates with larger keys.
+GnuPG supports up to 4096-bit keys.
** Do other high-security applications use RSA-2048?
@@ -1916,7 +1945,6 @@ better supported by other OpenPGP-compatible products.
:CUSTOM_ID: rsa2048_in_the_real_world
:END:
-
2048-bit RSA is commonly used to secure SSL root signing certificates.
It’s also used to sign operating system patches, Authenticode
signatures, Java applets and more. RSA-2048 is believed to be safe
@@ -1924,13 +1952,11 @@ against attack until at least the year 2030, so use it with
confidence.
-
** Why doesn’t GnuPG default to using RSA-4096?
:PROPERTIES:
:CUSTOM_ID: no_default_of_rsa4096
:END:
-
Because it gives us almost nothing, while costing us quite a lot.
Breaking an RSA-10 key requires you to try each prime number between
@@ -1961,7 +1987,6 @@ well-served with RSA-2048.
:CUSTOM_ID: please_use_ecc
:END:
-
Almost always when people use 4096-bit RSA they’re doing so because
they believe RSA-4096 to be much stronger than it is. The United
States’ National Institute of Standards and Technology ([[http://www.nist.gov][NIST]]) states
@@ -1982,7 +2007,6 @@ RSA.
:CUSTOM_ID: not_a_bad_idea_just_unnecessary
:END:
-
RSA-4096 is not a bad idea: it’s just, generally speaking,
unnecessary. You gain very little in the way of additional resistance
to brute-forcing and cryptanalysis.
diff --git a/web/index.org b/web/index.org
index b67c585..37ed1a4 100644
--- a/web/index.org
+++ b/web/index.org
@@ -5,17 +5,18 @@
* The GNU Privacy Guard
#+index: GnuPG
#+index: GPG
+#+index: PGP
#+index: Gpg4win
#+index: GPGTools
-GnuPG is the [[http://www.gnu.org/][GNU project]]'s complete and free implementation of the
-OpenPGP standard as defined by [[http://www.ietf.org/rfc/rfc4880.txt][RFC4880]]. GnuPG allows to encrypt and
+GnuPG is a complete and free implementation of the OpenPGP standard as
+defined by [[http://www.ietf.org/rfc/rfc4880.txt][RFC4880]] (also known as /PGP/). GnuPG allows to encrypt and
sign your data and communication, features a versatile key management
system as well as access modules for all kinds of public key
directories. GnuPG, also known as /GPG/, is a command line tool with
features for easy integration with other applications. A wealth of
[[file:related_software/frontends.html][frontend applications]] and [[file:related_software/libraries.html][libraries]] are available. Version 2 of GnuPG
-also provides support for S/MIME.
+also provides support for S/MIME and Secure Shell (ssh).
GnuPG is [[http://www.gnu.org/philosophy/free-sw.html][Free Software]] (meaning that it respects your freedom). It can
be freely used, modified and distributed under the terms of the
@@ -23,7 +24,7 @@ be freely used, modified and distributed under the terms of the
GnuPG comes in two flavours: [[download][{{{gnupg1_ver}}}]] is the well known and
portable standalone version, whereas [[download][{{{gnupg_ver}}}]] is the enhanced
-and somewhat harder to build version.
+and modern version and suggested for most users.
Project [[http://www.gpg4win.org][Gpg4win]] provides a Windows version of GnuPG. It is nicely
integrated into an installer and features several frontends as well as
@@ -32,8 +33,6 @@ English and German manuals.
Project [[http://gpgtools.org][GPGTools]] provides a Mac OS X version of GnuPG. It is nicely
integrated into an installer and features all required tools.
-Project [[https://www.gnupg.org/aegypten/][Aegypten]] developed the S/MIME functionality in GnuPG 2.
-
#+BEGIN_HTML
<p id="smallnote">This site is currently undergoing a complete redesign.
We apologize for any inconveniences like broken links
@@ -41,6 +40,18 @@ Project [[https://www.gnupg.org/aegypten/][Aegypten]] developed the S/MIME funct
already aware of them. (2014-05-28 wk)</p>
#+END_HTML
+* Reconquer your privacy
+
+Even if you have nothing to hide, using encryption helps protect the
+privacy of people you communicate with, and makes life difficult for
+bulk surveillance systems. If you do have something important to hide,
+you are in good company; GnuPG is one of the tools that Edward Snowden
+used to uncover his secrets about the NSA.
+
+Please visit the [[https://emailselfdefense.fsf.org][Email Self-Defense]] site to learn how and why you
+should use GnuPG for your electronic communication.
+
+
* Latest news
#+index: News
@@ -51,10 +62,33 @@ all [[file:news.org][news of previous years]] is also available.
# GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just
# point or paste the [[news.en.rss][RSS file]] into your aggregator.
+
+** GnuPG 2.0.26 released (2014-08-12)
+
+GnuPG 2.0.26 is now available. This is a maintenance release. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000353.html][{more}]]
+
+** Libgcrypt 1.5.4 security fix release :important:
+
+Using any Libgcrypt version less than 1.5.4 with GnuPG 2.0.x and
+Elgamal encryption keys is vulnerable to the /Get Your Hands Off My
+Laptop/ attack. Please update to the newly released Libgcrypt 1.5.4
+or a 1.6 version. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html][{more}]]
+
+** Get Your Hands Off My Laptop (2014-08-07)
+
+Daniel Genkin, Itamar Pipman, and Eran Tromer latest side channel
+attack targets an /older version/ of GnuPG. If your GnuPG and
+Libgcrypt versions are up-to-date you are safe. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000349.html][{more}]]
+
+** GPGME 1.5.1 and 1.4.4 released (2014-08-07) :important:
+
+A security fix release for the GPGME library is available. It is
+suggested to update to one of these version. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000350.html][{more}]]
+
** GnuPG 2.0.25 and 1.4.18 released (2014-06-30)
To fix a minor regression in the previous releases we released today
-new version sof GnuPG-1 and GnuPG-2: [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000346.html][{2.0.25}]], [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000347.html][{1.4.18}]]
+new versions of GnuPG-1 and GnuPG-2: [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000346.html][{2.0.25}]], [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000347.html][{1.4.18}]]
** GnuPG 2.0.24 released (2014-06-24) :important:
diff --git a/web/swdb.mac b/web/swdb.mac
index 0840198..17192c1 100644
--- a/web/swdb.mac
+++ b/web/swdb.mac
@@ -8,10 +8,10 @@
#
# GnuPG-2
#
-#+macro: gnupg_ver 2.0.25
+#+macro: gnupg_ver 2.0.26
#+macro: gnupg_branch STABLE-BRANCH-2-0
-#+macro: gnupg_size 4201k
-#+macro: gnupg_sha1 890d77d89f2d187382f95e83e386f2f7ba789436
+#+macro: gnupg_size 4203k
+#+macro: gnupg_sha1 3ff5b38152c919724fd09cf2f17df704272ba192
#
@@ -51,10 +51,10 @@
#
# GPGME
#
-#+macro: gpgme_ver 1.4.3
+#+macro: gpgme_ver 1.5.1
#+macro: gpgme_branch master
-#+macro: gpgme_size 950k
-#+macro: gpgme_sha1 ffdb5e4ce85220501515af8ead86fd499525ef9a
+#+macro: gpgme_size 943k
+#+macro: gpgme_sha1 a91c258e79acf30ec86a667e07f835e5e79342d8
#
@@ -92,9 +92,9 @@
#
# LIBASSUAN
#
-#+macro: libassuan_ver 2.1.1
-#+macro: libassuan_size 526k
-#+macro: libassuan_sha1 8bd3826de30651eb8f9b8673e2edff77cd70aca1
+#+macro: libassuan_ver 2.1.2
+#+macro: libassuan_size 504k
+#+macro: libassuan_sha1 7aed69734ba64b63004107cada671b5861d332a4
-----------------------------------------------------------------------
Summary of changes:
web/Makefile | 8 ++++++++
web/donate/index.org | 9 ++++++---
web/faq/gnupg-faq.org | 54 +++++++++++++++++++++++++++++++++++--------------
web/index.org | 48 ++++++++++++++++++++++++++++++++++++-------
web/share/gpgweb.el | 5 ++---
web/swdb.mac | 40 +++++++++++++++++++++++++++---------
6 files changed, 126 insertions(+), 38 deletions(-)
create mode 100644 web/Makefile
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
More information about the Gnupg-commits
mailing list