[Announce] Libgcrypt 1.6.1 released

Werner Koch wk at gnupg.org
Wed Jan 29 14:49:12 CET 2014


The GNU project is pleased to announce the availability of Libgcrypt
version 1.6.1.  This is a maintenance release to fix problems found in
the recently released 1.6.0 version.

Libgcrypt is a general purpose library of cryptographic building blocks.
It does not provide any implementation of OpenPGP or other protocols.
Thorough understanding of applied cryptography is required for proper
use Libgcrypt.

Noteworthy changes in version 1.6.1 (2014-01-29)

 * Added emulation for broken Whirlpool code prior to 1.6.0.

 * Improved performance of KDF functions.

 * Improved ECDSA compliance.

 * Fixed locking for Windows and non-ELF Pthread systems (regression
   in 1.6.0)

 * Fixed message digest lookup by OID (regression in 1.6.0).

 * Fixed a build problem on NetBSD.

 * Fixed memory leaks in ECC code.

 * Fixed some asm build problems and feature detection bugs.

 * Interface changes relative to the 1.6.0 release:
 GCRY_MD_FLAG_BUGEMU1            NEW (minor API change).


Source code is hosted at the GnuPG FTP server and its mirrors as listed
at http://www.gnupg.org/download/mirrors.html .  On the primary server
the source tarball and its digital signature are:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.bz2 (2413k)

That file is bzip2 compressed.  A gzip compressed version is here:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.gz (2872k)

Alternativley you may upgrade using this patch file:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.0-1.6.1.diff.bz2 (244k)

In order to check that the version of Libgcrypt you are going to build
is an original and unmodified one, you can do it in one of the following

 * Check the supplied OpenPGP signature.  For example to check the
   signature of the file libgcrypt-1.6.1.tar.bz2 you would use this

     gpg --verify libgcrypt-1.6.1.tar.bz2.sig

   This checks whether the signature file matches the source file.  You
   should see a message indicating that the signature is good and made
   by the release signing key 4F25E3B6 which is certified by my well
   known key 1E42B367.  To retrieve the keys you may use the command
   "gpg --fetch-key finger:wk at g10code.com".

 * If you are not able to use GnuPG, you have to verify the SHA-1

     sha1sum libgcrypt-1.6.1.tar.bz2

   and check that the output matches the first line from the
   following list:

f03d9b63ac3b17a6972fc11150d136925b702f02  libgcrypt-1.6.1.tar.bz2
fe6d442881a28a37d16348cdbf96b41b8ef38ced  libgcrypt-1.6.1.tar.gz
35d002247186884ba3730c91f196a5de48c3fcf8  libgcrypt-1.6.0-1.6.1.diff.bz2


Libgcrypt is distributed under the terms of the GNU Lesser General
Public License (LGPLv2.1+).  The helper programs as well as the
documentation are distributed under the terms of the GNU General Public
License (GPLv2+).  The file LICENSES has notices about contributions
that require these additional notices are distributed.


For help on developing with Libgcrypt you should read the included
manual and optional ask on the gcrypt-devel mailing list [1].  A
listing with commercial support offers for Libgcrypt and related
software is available at the GnuPG web site [2].

The driving force behind the development of Libgcrypt is my company
g10 Code.  Maintenance and improvement of Libgcrypt and related
software takes up most of our resources.  To allow us to continue our
work on free software, we ask to either purchase a support contract,
engage us for custom enhancements, or to donate money:



Many thanks to all who contributed to Libgcrypt development, be it bug
fixes, code, documentation, testing or helping users.

Happy hacking,


[1] http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
[2] http://www.gnupg.org/service.html

Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: </pipermail/attachments/20140129/f7e51d04/attachment.sig>
-------------- next part --------------
Gnupg-announce mailing list
Gnupg-announce at gnupg.org

More information about the Gnupg-devel mailing list