[Announce] GnuPG 1.0.5 released
Werner Koch
wk@gnupg.org
Sun Apr 29 21:47:05 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello!
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage. It is a complete and free replacement of PGP and
can be used to encrypt data and to create digital signatures. It
includes an advanced key management facility and is compliant with
the proposed OpenPGP Internet standard as described in RFC2440.
Version 1.0.5 has just been released and should be available at the
mirrors (see below) really soon. If you can't get it from a mirror,
use the primary location:
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.5.tar.gz (1.9MB)
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.5.tar.gz.sig
A (quite large) diff against 1.0.4 is also available:
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.4-1.0.5.diff.gz (594k)
MD5 checksums of the above files are:
44c71c3f5a9edbf5738cafc37e8359e6 gnupg-1.0.5.tar.gz
8139c98c65186a14ac67e531409d1614 gnupg-1.0.4-1.0.5.diff.gz
So what's new in this version:
* WARNING: The semantics of --verify have changed to address a
problem with detached signature detection. --verify now ignores
signed material given on stdin unless this is requested by using
a "-" as the name for the file with the signed material. Please
check all your detached signature handling applications and make
sure that they don't pipe the signed material to stdin without
using a filename together with "-" on the the command line.
* WARNING: Corrected hash calculation for input data larger than
512M - it was just wrong, so you might notice bad signature in
some very big files. It may be wise to keep an old copy of
GnuPG around.
* Secret keys are no longer imported unless you use the new option
--allow-secret-key-import. This is a kludge and future versions will
handle it in another way.
* New command "showpref" in the --edit-key menu to show an easier
to understand preference listing.
* There is now the notation of a primary user ID. For example, it
is printed with a signature verification as the first user ID;
revoked user IDs are not printed there anymore. In general the
primary user ID is the one with the latest self-signature.
* New --charset=utf-8 to bypass all internal conversions.
* Large File Support (LFS) is now working.
* New options: --ignore-crc-error, --no-sig-create-check,
--no-sig-cache, --fixed_list_mode, --no-expensive-trust-checks,
--enable-special-filenames and --use-agent. See man page.
* New command --pipemode, which can be used to run gpg as a
co-process. Currently only the verification of detached
signatures are working. See doc/DETAILS.
* Keyserver support for the W32 version.
* Rewritten key selection code so that GnuPG can better cope with
multiple subkeys, expire dates and so. The drawback is that it
is slower.
* A whole lot of bug fixes.
* The verification status of self-signatures are now cached. To
increase the speed of key list operations for existing keys you
can do the following in your GnuPG homedir (~/.gnupg):
$ cp pubring.gpg pubring.gpg.save && $ gpg --export-all >x && \
rm pubring.gpg && gpg --import x
Only v4 keys (i.e not the old RSA keys) benefit from this caching.
* New translations: Estonian, Turkish.
Furthermore, this version implements countermeasurements against the
recent Klima/Rosa attack on the secret keyring. But let me stress
again, that the security of the system relies on the physical
security of the machine where you use GnuPG for signing or decrypting.
And as a last warning: never ever send a secret key over an insecure
channel; the passphrase encryption of the secret keyring is not as
secure as the the regular OpenPGP encryption and should be only
considered as a last resort protection.
See http://www.gnupg.org/docs-mls.html for a list of GnuPG related
mailing lists. If you have any question you should direct them to
mailing list gnupg-users@gnupg.org .
Have fun,
Werner
p.s.
The FTP, CVS and Webserver has recently moved to a new location and
you should not anymore use the *.guug.de addresses.
Here is a list of sites mirroring ftp://ftp.gnupg.org/gcrypt/
Please use them if you can; new releases should show up on these
servers within a day. This mirror list is also available at
http://www.gnupg.org/mirrors.html
Australia
ftp://orcus.progsoc.uts.edu.au/pub/gnupg/
http://orcus.progsoc.uts.edu.au/pub/gnupg/
rsync://orcus.progsoc.uts.edu.au/pub/gnupg/
ftp://mirror.aarnet.edu.au/pub/gnupg/
http://mirror.aarnet.edu.au/pub/gnupg/
Austria
ftp://gd.tuwien.ac.at/privacy/gnupg/
Belgium
ftp://openbsd.rug.ac.be/pub/gcrypt/
ftp://gnupg.x-zone.org/pub/gnupg
Canada
ftp://crypto.yashy.com/pub/cryptography/gnupg/
Czechia
ftp://ftp.gnupg.cz/pub/gcrypt
Denmark
ftp://sunsite.dk/pub/security/gcrypt/
Finland
ftp://ftp.jyu.fi/pub/crypt/gcrypt/
France
ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/
Germany
ftp://ftp.franken.de/pub/crypt/mirror/ftp.guug.de/gcrypt/
ftp://ftp.freenet.de/pub/ftp.gnupg.org/pub/gcrypt/
Greece
ftp://ftp.linux.gr/pub/crypto/gnupg/
ftp://hal.csd.auth.gr/mirrors/gnupg/
Hungary
ftp://ftp.kfki.hu/pub/packages/security/gnupg/
Iceland
ftp://ftp.hi.is/pub/mirrors/gnupg/
Ireland
ftp://ftp.compsoc.com/pub/gnupg/
Italy
ftp://ftp.linux.it/pub/mirrors/gnupg/
ftp://ftp3.linux.it/pub/mirrors/gnupg/
Japan
ftp://pgp.iijlab.net/pub/gnupg/
ftp://ftp.ring.gr.jp/pub/net/gnupg/
http://www.ring.gr.jp/pub/net/gnupg/
Korea
ftp://ftp.snu.ac.kr/pub/security/gnupg/
Poland
ftp://sunsite.icm.edu.pl/pub/security/gnupg/
Spain
ftp://dimonieta.udg.es/mirror/gnupg
Sweden
ftp://ftp.stacken.kth.se/pub/crypto/gnupg/
ftp://ftp.sunet.se:/pub/security/gnupg/
Switzerland
ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/
Taiwan
ftp://coda.nctu.edu.tw/Security/gcrypt
United Kingdom
ftp://ftp.net.lut.ac.uk/gcrypt/
ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/
http://www.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/
- --
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE67Fx3bH7huGIcwBMRAnb4AJ94blzplwdkcrr8LsBwyZsbzVWqagCfXfoT
SwQFc6aGzSgkPcB45+axdes=
=+3ZT
-----END PGP SIGNATURE-----
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce