Fw: [Announce] GnuPG 1.0.7 released

Leigh S. Jones kr6x@kr6x.com
Tue Apr 30 16:04:02 2002


Congratulations on this marvelous achievement, Werner!

----- Original Message -----
From: "Werner Koch" <wk@gnupg.org>
To: <announce@gnupg.org>
Sent: Tuesday, April 30, 2002 3:07 AM
Subject: [Announce] GnuPG 1.0.7 released


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello!
>
> The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
> and data storage.  It is a complete and free replacement of PGP and
> can be used to encrypt data and to create digital signatures.  It
> includes an advanced key management facility and is compliant with
the
> proposed OpenPGP Internet standard as described in RFC2440.  This
new
> release has a lot of features beyond OpenPGP which will be included
in
> a soon to be published RFC2440 successor.
>
> Version 1.0.7 has been released yesterday and is available at most
> mirrors (see below) now.  If you can't get it from a mirror, use the
> primary location:
>
>   ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.7.tar.gz  (2.3MB)
>   ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.7.tar.gz.sig
>
> Due to some new translations and the work we did over the last 11
> months, the diff against 1.0.6 is somewhat large:
>
>   ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.6-1.0.7.diff.gz
(1.3MB)
>
> MD5 checksums of the above files are:
>
>   d8b36d4dfd213a1a1027b1877acbc897  gnupg-1.0.7.tar.gz
>   99d92e0658972b42868d7564264797ad  gnupg-1.0.6-1.0.7.diff.gz
>
> Some new things in this version:
>
>     * Secret keys are now stored and exported in a new format which
>       uses SHA-1 for integrity checks.  This format renders the
>       Rosa/Klima attack useless.  Other OpenPGP implementations
might
>       not yet support this, so the option --simple-sk-checksum
creates
>       the old vulnerable format.
>
>     * The default cipher algorithm for encryption is now CAST5,
>       default hash algorithm is SHA-1.  This will give us better
>       interoperability with other OpenPGP implementations.
>
>     * Symmetric encrypted messages now use a fixed file size if
>       possible.  This is a tradeoff: it breaks PGP 5, but fixes PGP
2,
>       6, and 7.  Note this was only an issue with RFC-1991 style
>       symmetric messages.
>
>     * Photographic user ID support.  This uses an external program
to
>       view the images.
>
>     * Enhanced keyserver support via keyserver "plugins".  GnuPG
comes
>       with plugins for the NAI LDAP keyserver as well as the HKP
email
>       keyserver.  It retains internal support for the HKP HTTP
>       keyserver.
>
>     * Nonrevocable signatures are now supported.  If a user signs a
>       key nonrevocably, this signature cannot be taken back so be
>       careful!
>
>     * Multiple signature classes are usable when signing a key to
>       specify how carefully the key information (fingerprint, photo
>       ID, etc) was checked.
>
>     * --pgp2 mode automatically sets all necessary options to ensure
>       that the resulting message will be usable by a user of PGP
2.x.
>
>     * --pgp6 mode automatically sets all necessary options to ensure
>       that the resulting message will be usable by a user of PGP
6.x.
>
>     * Signatures may now be given an expiration date.  When signing
a
>       key with an expiration date, the user is prompted whether they
>       want their signature to expire at the same time.
>
>     * Revocation keys (designated revokers) are now supported if
>       present.  There is currently no way to designate new keys as
>       designated revokers.
>
>     * Permissions on the .gnupg directory and its files are checked
>       for safety.
>
>     * --expert mode enables certain silly things such as signing a
>       revoked user id, expired key, or revoked key.
>
>     * Some fixes to build cleanly under Cygwin32.
>
>     * New tool gpgsplit to split OpenPGP data formats into packets.
>
>     * New option --preserve-permissions.
>
>     * Subkeys created in the future are not used for encryption or
>       signing unless the new option --ignore-valid-from is used.
>
>     * Revoked user-IDs are not listed unless signatures are listed
too
>       or we are in verbose mode.
>
>     * There is no default comment string with ascii armors anymore
>       except for revocation certificates and --enarmor mode.
>
>     * The command "primary" in the edit menu can be used to change
the
>       primary UID, "setpref" and "updpref" can be used to change the
>       preferences.
>
>     * Fixed the preference handling; since 1.0.5 they were
erroneously
>       matched against against the latest user ID and not the given
one.
>
>     * RSA key generation.
>
>     * Merged Stefan's patches for RISC OS in.  See comments in
>       scripts/build-riscos.
>
>     * It is now possible to sign and conventional encrypt a message
(-cs).
>
>     * The MDC feature flag is supported and can be set by using
>       the "updpref" edit command.
>
>     * The status messages GOODSIG and BADSIG are now returning the
primary
>       UID, encoded using %XX escaping (but with spaces left as
spaces,
>       so that it should not break too much)
>
>     * Support for GDBM based keyrings has been removed.
>
>     * The entire keyring management has been revamped.
>
>     * The way signature stati are store has changed so that v3
>       signatures can be supported. To increase the speed of many
>       operations for existing keyrings you can use the new
>       --rebuild-keydb-caches command.
>
>     * The entire key validation process (trustdb) has been revamped.
>       See the man page entries for --update-trustdb, --check-trustdb
>       and --no-auto-check-trustdb.
>
>     * --trusted-keys is again obsolete, --edit can be used to set
the
>       ownertrust of any key to ultimately trusted.
>
>     * A subkey is never used to sign keys.
>
>     * Read only keyrings are now handled as expected.
>
>
> Please read the man page entries for the options --update-trustdb
and
> - --check-trustdb.  To get the best performance out of larger
keyrings,
> it is suggested that you run the new command
"gpg --rebuild-keydb-caches"
> once.  We tried to make the migration to 1.0.7 as smooth as
possible,
> but it might be good idea to backup your keyrings and the trustdb
(gpg
> - --export-ownertrust) first.
>
> Please note that due to a bug in prior versions, it won't be
possible
> to downgrade to 1.0.6 unless you use the GnuPG version which comes
> with Debian's Woody release or you apply the patch
> http://www.gnupg.org/developer/gpg-woody-fix.txt .
>
> Most new features and a lot of bug fixes are due to David Shaw; he
> greatly helped to improve GnuPG and put a lot of work into solving a
> lot of little interoperability problems with PGP.  Many thanks to
him
> and to all the other folks who helped with this release.
>
> See http://www.gnupg.org/docs-mls.html for a list of GnuPG related
> mailing lists.  If you have any question you should direct them to
> mailing list gnupg-users@gnupg.org .
>
>
> Salaam-Shalom,
>
>   Werner
>
>
> p.s.
> Here is a list of sites mirroring ftp://ftp.gnupg.org/gcrypt/
> Please use them if you can; new releases should show up on these
> servers within a day. This mirror list is also available at
> http://www.gnupg.org/mirrors.html
>
>     Australia
>
>         ftp://ftp.planetmirror.com/pub/gnupg/
>         http://ftp.planetmirror.com/pub/gnupg/
>         ftp://mirror.aarnet.edu.au/pub/gnupg/
>
>     Austria
>
>         ftp://gd.tuwien.ac.at/privacy/gnupg/
>         http://gd.tuwien.ac.at/privacy/gnupg/
>         ftp://ftp.enemy.org/pub/crypto/gnupg/
>
>     Belgium
>
>         ftp://openbsd.rug.ac.be/pub/gcrypt/
>         ftp://gnupg.x-zone.org/pub/gnupg
>
>     Czechia
>
>         ftp://ftp.gnupg.cz/pub/gcrypt
>
>     Denmark
>
>         ftp://sunsite.dk/pub/security/gcrypt/
>
>     Finland
>
>         ftp://ftp.jyu.fi/pub/crypt/gcrypt/
>         ftp://trumpetti.atm.tut.fi/gcrypt/
>         http://trumpetti.atm.tut.fi/gcrypt/
>         rsync://trumpetti.atm.tut.fi/gcrypt/
>
>     France
>
>         ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/
>
>     Germany
>
>         ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/
>         ftp://ftp.freenet.de/pub/ftp.gnupg.org/pub/gcrypt/
>
>     Greece
>
>         ftp://ftp.linux.gr/pub/crypto/gnupg/
>         ftp://hal.csd.auth.gr/mirrors/gnupg/
>
>     Hungary
>
>         ftp://ftp.kfki.hu/pub/packages/security/gnupg/
>
>     Iceland
>
>         ftp://ftp.hi.is/pub/mirrors/gnupg/
>
>     Ireland
>
>         ftp://ftp.compsoc.com/pub/gnupg/
>
>     Italy
>
>         ftp://ftp.linux.it/pub/mirrors/gnupg/
>         ftp://ftp3.linux.it/pub/mirrors/gnupg/
>
>     Japan
>
>         ftp://pgp.iijlab.net/pub/gnupg/
>         ftp://ftp.ring.gr.jp/pub/net/gnupg/
>         http://www.ring.gr.jp/pub/net/gnupg/
>         ftp://ftp.ayamura.org/pub/gnupg/
>
>     Korea
>
>         ftp://ftp.snu.ac.kr/pub/security/gnupg/
>
>     Poland
>
>         ftp://sunsite.icm.edu.pl/pub/security/gnupg/
>
>     Spain
>
>         ftp://dimonieta.udg.es/mirror/gnupg
>
>     Sweden
>
>         ftp://ftp.stacken.kth.se/pub/crypto/gnupg/
>         ftp://ftp.sunet.se:/pub/security/gnupg/
>
>     Switzerland
>
>         ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/
>
>     Taiwan
>
>         ftp://coda.nctu.edu.tw/Security/gcrypt
>
>     United Kingdom
>
>         ftp://ftp.net.lut.ac.uk/gcrypt/
>         ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/
>         http://www.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/
>
>     United States
>
>         ftp://ftp.exobit.org/pub/security/gnupg
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
>
> iD8DBQE8zmw4bH7huGIcwBMRAiLTAKCPlh37pJ1wo50gMJaCk1zRribWQwCguLkj
> knSn9gpfR1rzqTQTgT5oyy8=
> =lQMf
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Gnupg-announce mailing list
> Gnupg-announce@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-announce
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users