0.3.3 released

Werner Koch wk at isil.d.shuttle.de
Sun Aug 9 00:26:12 CEST 1998


I have just released v0.3.3 of GNUPG:

  ftp://ftp.guug.de/pub/gcrypt/gnupg-0.3.3.tar.gz       (629k)

  ftp://ftp.guug.de/pub/gcrypt/diffs/gnupg-0.3.3.diff.gz (153k)

I have only checked in on Linux with libc5.  Please read the NEWS

Noteworthy changes in version 0.3.3
* IMPORTANT: I found yet another bug in the way the secret keys
  are encrypted - I did it the way pgp 2.x did it, but OpenPGP
  and pgp 5.x specifiy another (in some aspects simpler) method.
  To convert your secret keys you have to do this:
    1. Build the new release but don't install it and keep
       a copy of the old program.
    2. Disable the network, make sure that you are the only
       user, be sure that there are no trojan horses etc ....
    3. Use your old gpg (version 0.3.[12]) and set the
       passphrases of ALL your secret keys to empty!
       (gpg --change-passphrase your-user-id).
    4. Save your ownertrusts (see the next point)
    5. rm ~/.gnupg/trustd.gpg
    6. install the new version of gpg (0.3.3)
    7. For every secret key call "gpg --edit-key your-user-id",
       enter "passwd" at the prompt, follow the instructions and
       change your passward back, enter "save" to store it.
    8. Restore the ownertrust (see next point).

* The format of the trust database has changed; you must delete
  the old one, so gnupg can create a new one.
  IMPORTANT: Use version 0.3.[12] to save your assigned ownertrusts
  ("gpgm --list-ownertrust >saved-trust"); then build this new version
  and restore the ownertrust with this new version
  ("gpgm --import-ownertrust saved-trust").  Please note that
  --list-ownertrust has been renamed to --export-ownertrust in this
  release and it does now only export defined ownertrusts.

* The command --edit-key now provides a commandline driven menu
  which can be used vor vaious tasks.  --sign-key is only an
  an alias to --edit-key and maybe removed in future: use the
  command "sign" of this new menu - you can select which user ids
  you want to sign.

* Alternate user ids can now be created an signed.

* Owner trust values can now be changed with --edit-key (trust)

* GNUPG can now run as a coprocess; this enables sophisticated
  frontends.  tools/shmtest.c is a simple sample implemenation.
  This needs some more work: all tty_xxx() are to be replaced
  by cpr_xxx() and some changes in the display logics is needed.

* Removed options --gen-prime and --gen-random.

* Removed option --add-key; use --edit-key instead.

* Removed option --change-passphrase; use --edit-key instead.

* Signatures are now checked even if the output file could not
  be created. Command "--verify" tries to find the detached data.

* gpg now disables core dumps.

* compress and symmetric cipher preferences are now used.
  Because there is no 3DES yet, this is replaced by Blowfish.

* We have added the Twofish as an experimental cipher algorithm.
  Many thanks to Matthew Skala for doing this work.
  Twofish is the AES submission from Schneier et al.; see
  "www.counterpane.com/twofish.html" for more information.

* Started with a help system: If you enter a question mark at some
  prompt; you should get a specific help for this prompt.

* There is no more backup copy of the secret keyring.

* A lot of new bugs. I think this release is not as stable as
  the previous one.

Have fun,


More information about the Gnupg-devel mailing list