[Announce] GnuPG 1.0.5 released

Werner Koch wk@gnupg.org
Sun Apr 29 21:47:01 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello!

The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage. It is a complete and free replacement of PGP and
can be used to encrypt data and to create digital signatures.  It
includes an advanced key management facility and is compliant with
the proposed OpenPGP Internet standard as described in RFC2440.

Version 1.0.5 has just been released and should be available at the
mirrors (see below) really soon.  If you can't get it from a mirror,
use the primary location:

  ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.5.tar.gz  (1.9MB)
  ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.5.tar.gz.sig

A (quite large) diff against 1.0.4 is also available:

  ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.4-1.0.5.diff.gz  (594k)

MD5 checksums of the above files are:

  44c71c3f5a9edbf5738cafc37e8359e6  gnupg-1.0.5.tar.gz
  8139c98c65186a14ac67e531409d1614  gnupg-1.0.4-1.0.5.diff.gz
  
So what's new in this version:

    * WARNING: The semantics of --verify have changed to address a
      problem with detached signature detection. --verify now ignores
      signed material given on stdin unless this is requested by using
      a "-" as the name for the file with the signed material.  Please
      check all your detached signature handling applications and make
      sure that they don't pipe the signed material to stdin without
      using a filename together with "-" on the the command line.

    * WARNING: Corrected hash calculation for input data larger than
      512M - it was just wrong, so you might notice bad signature in
      some very big files.  It may be wise to keep an old copy of
      GnuPG around.

    * Secret keys are no longer imported unless you use the new option
      --allow-secret-key-import.  This is a kludge and future versions will
      handle it in another way.

    * New command "showpref" in the --edit-key menu to show an easier
      to understand preference listing.

    * There is now the notation of a primary user ID.  For example, it
      is printed with a signature verification as the first user ID;
      revoked user IDs are not printed there anymore.  In general the
      primary user ID is the one with the latest self-signature.

    * New --charset=utf-8 to bypass all internal conversions.

    * Large File Support (LFS) is now working.

    * New options: --ignore-crc-error, --no-sig-create-check, 
      --no-sig-cache, --fixed_list_mode, --no-expensive-trust-checks,
      --enable-special-filenames and --use-agent.  See man page.

    * New command --pipemode, which can be used to run gpg as a
      co-process.  Currently only the verification of detached
      signatures are working.  See doc/DETAILS.

    * Keyserver support for the W32 version.

    * Rewritten key selection code so that GnuPG can better cope with
      multiple subkeys, expire dates and so.  The drawback is that it
      is slower.

    * A whole lot of bug fixes.

    * The verification status of self-signatures are now cached. To
      increase the speed of key list operations for existing keys you
      can do the following in your GnuPG homedir (~/.gnupg):
         $ cp pubring.gpg pubring.gpg.save && $ gpg --export-all >x && \
          rm pubring.gpg && gpg --import x
      Only v4 keys (i.e not the old RSA keys) benefit from this caching.

    * New translations: Estonian, Turkish.


Furthermore, this version implements countermeasurements against the
recent Klima/Rosa attack on the secret keyring.  But let me stress
again, that the security of the system relies on the physical
security of the machine where you use GnuPG for signing or decrypting. 
And as a last warning: never ever send a secret key over an insecure
channel; the passphrase encryption of the secret keyring is not as
secure as the the regular OpenPGP encryption and should be only
considered as a last resort protection.

See http://www.gnupg.org/docs-mls.html for a list of GnuPG related
mailing lists.  If you have any question you should direct them to
mailing list gnupg-users@gnupg.org .

Have fun,

  Werner


p.s.
The FTP, CVS and Webserver has recently moved to a new location and
you should not anymore use the *.guug.de addresses.

Here is a list of sites mirroring ftp://ftp.gnupg.org/gcrypt/ 
Please use them if you can; new releases should show up on these
servers within a day. This mirror list is also available at
http://www.gnupg.org/mirrors.html


    Australia

        ftp://orcus.progsoc.uts.edu.au/pub/gnupg/
        http://orcus.progsoc.uts.edu.au/pub/gnupg/
        rsync://orcus.progsoc.uts.edu.au/pub/gnupg/
        ftp://mirror.aarnet.edu.au/pub/gnupg/
        http://mirror.aarnet.edu.au/pub/gnupg/

    Austria

        ftp://gd.tuwien.ac.at/privacy/gnupg/

    Belgium

        ftp://openbsd.rug.ac.be/pub/gcrypt/
        ftp://gnupg.x-zone.org/pub/gnupg

    Canada

        ftp://crypto.yashy.com/pub/cryptography/gnupg/

    Czechia

        ftp://ftp.gnupg.cz/pub/gcrypt

    Denmark

        ftp://sunsite.dk/pub/security/gcrypt/

    Finland

        ftp://ftp.jyu.fi/pub/crypt/gcrypt/

    France

        ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/

    Germany

        ftp://ftp.franken.de/pub/crypt/mirror/ftp.guug.de/gcrypt/
        ftp://ftp.freenet.de/pub/ftp.gnupg.org/pub/gcrypt/

    Greece

        ftp://ftp.linux.gr/pub/crypto/gnupg/
        ftp://hal.csd.auth.gr/mirrors/gnupg/

    Hungary

        ftp://ftp.kfki.hu/pub/packages/security/gnupg/

    Iceland

        ftp://ftp.hi.is/pub/mirrors/gnupg/

    Ireland

        ftp://ftp.compsoc.com/pub/gnupg/

    Italy

        ftp://ftp.linux.it/pub/mirrors/gnupg/
        ftp://ftp3.linux.it/pub/mirrors/gnupg/

    Japan

        ftp://pgp.iijlab.net/pub/gnupg/
        ftp://ftp.ring.gr.jp/pub/net/gnupg/
        http://www.ring.gr.jp/pub/net/gnupg/

    Korea

        ftp://ftp.snu.ac.kr/pub/security/gnupg/

    Poland

        ftp://sunsite.icm.edu.pl/pub/security/gnupg/

    Spain

        ftp://dimonieta.udg.es/mirror/gnupg

    Sweden

        ftp://ftp.stacken.kth.se/pub/crypto/gnupg/
        ftp://ftp.sunet.se:/pub/security/gnupg/

    Switzerland

        ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/

    Taiwan

        ftp://coda.nctu.edu.tw/Security/gcrypt

    United Kingdom

        ftp://ftp.net.lut.ac.uk/gcrypt/
        ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/
        http://www.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/



- -- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE67Fx3bH7huGIcwBMRAnb4AJ94blzplwdkcrr8LsBwyZsbzVWqagCfXfoT
SwQFc6aGzSgkPcB45+axdes=
=+3ZT
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce