Fw: [Announce] GnuPG 1.0.7 released
Leigh S. Jones
kr6x@kr6x.com
Tue Apr 30 16:04:02 2002
Congratulations on this marvelous achievement, Werner!
----- Original Message -----
From: "Werner Koch" <wk@gnupg.org>
To: <announce@gnupg.org>
Sent: Tuesday, April 30, 2002 3:07 AM
Subject: [Announce] GnuPG 1.0.7 released
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello!
>
> The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
> and data storage. It is a complete and free replacement of PGP and
> can be used to encrypt data and to create digital signatures. It
> includes an advanced key management facility and is compliant with
the
> proposed OpenPGP Internet standard as described in RFC2440. This
new
> release has a lot of features beyond OpenPGP which will be included
in
> a soon to be published RFC2440 successor.
>
> Version 1.0.7 has been released yesterday and is available at most
> mirrors (see below) now. If you can't get it from a mirror, use the
> primary location:
>
> ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.7.tar.gz (2.3MB)
> ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.7.tar.gz.sig
>
> Due to some new translations and the work we did over the last 11
> months, the diff against 1.0.6 is somewhat large:
>
> ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.6-1.0.7.diff.gz
(1.3MB)
>
> MD5 checksums of the above files are:
>
> d8b36d4dfd213a1a1027b1877acbc897 gnupg-1.0.7.tar.gz
> 99d92e0658972b42868d7564264797ad gnupg-1.0.6-1.0.7.diff.gz
>
> Some new things in this version:
>
> * Secret keys are now stored and exported in a new format which
> uses SHA-1 for integrity checks. This format renders the
> Rosa/Klima attack useless. Other OpenPGP implementations
might
> not yet support this, so the option --simple-sk-checksum
creates
> the old vulnerable format.
>
> * The default cipher algorithm for encryption is now CAST5,
> default hash algorithm is SHA-1. This will give us better
> interoperability with other OpenPGP implementations.
>
> * Symmetric encrypted messages now use a fixed file size if
> possible. This is a tradeoff: it breaks PGP 5, but fixes PGP
2,
> 6, and 7. Note this was only an issue with RFC-1991 style
> symmetric messages.
>
> * Photographic user ID support. This uses an external program
to
> view the images.
>
> * Enhanced keyserver support via keyserver "plugins". GnuPG
comes
> with plugins for the NAI LDAP keyserver as well as the HKP
email
> keyserver. It retains internal support for the HKP HTTP
> keyserver.
>
> * Nonrevocable signatures are now supported. If a user signs a
> key nonrevocably, this signature cannot be taken back so be
> careful!
>
> * Multiple signature classes are usable when signing a key to
> specify how carefully the key information (fingerprint, photo
> ID, etc) was checked.
>
> * --pgp2 mode automatically sets all necessary options to ensure
> that the resulting message will be usable by a user of PGP
2.x.
>
> * --pgp6 mode automatically sets all necessary options to ensure
> that the resulting message will be usable by a user of PGP
6.x.
>
> * Signatures may now be given an expiration date. When signing
a
> key with an expiration date, the user is prompted whether they
> want their signature to expire at the same time.
>
> * Revocation keys (designated revokers) are now supported if
> present. There is currently no way to designate new keys as
> designated revokers.
>
> * Permissions on the .gnupg directory and its files are checked
> for safety.
>
> * --expert mode enables certain silly things such as signing a
> revoked user id, expired key, or revoked key.
>
> * Some fixes to build cleanly under Cygwin32.
>
> * New tool gpgsplit to split OpenPGP data formats into packets.
>
> * New option --preserve-permissions.
>
> * Subkeys created in the future are not used for encryption or
> signing unless the new option --ignore-valid-from is used.
>
> * Revoked user-IDs are not listed unless signatures are listed
too
> or we are in verbose mode.
>
> * There is no default comment string with ascii armors anymore
> except for revocation certificates and --enarmor mode.
>
> * The command "primary" in the edit menu can be used to change
the
> primary UID, "setpref" and "updpref" can be used to change the
> preferences.
>
> * Fixed the preference handling; since 1.0.5 they were
erroneously
> matched against against the latest user ID and not the given
one.
>
> * RSA key generation.
>
> * Merged Stefan's patches for RISC OS in. See comments in
> scripts/build-riscos.
>
> * It is now possible to sign and conventional encrypt a message
(-cs).
>
> * The MDC feature flag is supported and can be set by using
> the "updpref" edit command.
>
> * The status messages GOODSIG and BADSIG are now returning the
primary
> UID, encoded using %XX escaping (but with spaces left as
spaces,
> so that it should not break too much)
>
> * Support for GDBM based keyrings has been removed.
>
> * The entire keyring management has been revamped.
>
> * The way signature stati are store has changed so that v3
> signatures can be supported. To increase the speed of many
> operations for existing keyrings you can use the new
> --rebuild-keydb-caches command.
>
> * The entire key validation process (trustdb) has been revamped.
> See the man page entries for --update-trustdb, --check-trustdb
> and --no-auto-check-trustdb.
>
> * --trusted-keys is again obsolete, --edit can be used to set
the
> ownertrust of any key to ultimately trusted.
>
> * A subkey is never used to sign keys.
>
> * Read only keyrings are now handled as expected.
>
>
> Please read the man page entries for the options --update-trustdb
and
> - --check-trustdb. To get the best performance out of larger
keyrings,
> it is suggested that you run the new command
"gpg --rebuild-keydb-caches"
> once. We tried to make the migration to 1.0.7 as smooth as
possible,
> but it might be good idea to backup your keyrings and the trustdb
(gpg
> - --export-ownertrust) first.
>
> Please note that due to a bug in prior versions, it won't be
possible
> to downgrade to 1.0.6 unless you use the GnuPG version which comes
> with Debian's Woody release or you apply the patch
> http://www.gnupg.org/developer/gpg-woody-fix.txt .
>
> Most new features and a lot of bug fixes are due to David Shaw; he
> greatly helped to improve GnuPG and put a lot of work into solving a
> lot of little interoperability problems with PGP. Many thanks to
him
> and to all the other folks who helped with this release.
>
> See http://www.gnupg.org/docs-mls.html for a list of GnuPG related
> mailing lists. If you have any question you should direct them to
> mailing list gnupg-users@gnupg.org .
>
>
> Salaam-Shalom,
>
> Werner
>
>
> p.s.
> Here is a list of sites mirroring ftp://ftp.gnupg.org/gcrypt/
> Please use them if you can; new releases should show up on these
> servers within a day. This mirror list is also available at
> http://www.gnupg.org/mirrors.html
>
> Australia
>
> ftp://ftp.planetmirror.com/pub/gnupg/
> http://ftp.planetmirror.com/pub/gnupg/
> ftp://mirror.aarnet.edu.au/pub/gnupg/
>
> Austria
>
> ftp://gd.tuwien.ac.at/privacy/gnupg/
> http://gd.tuwien.ac.at/privacy/gnupg/
> ftp://ftp.enemy.org/pub/crypto/gnupg/
>
> Belgium
>
> ftp://openbsd.rug.ac.be/pub/gcrypt/
> ftp://gnupg.x-zone.org/pub/gnupg
>
> Czechia
>
> ftp://ftp.gnupg.cz/pub/gcrypt
>
> Denmark
>
> ftp://sunsite.dk/pub/security/gcrypt/
>
> Finland
>
> ftp://ftp.jyu.fi/pub/crypt/gcrypt/
> ftp://trumpetti.atm.tut.fi/gcrypt/
> http://trumpetti.atm.tut.fi/gcrypt/
> rsync://trumpetti.atm.tut.fi/gcrypt/
>
> France
>
> ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/
>
> Germany
>
> ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/
> ftp://ftp.freenet.de/pub/ftp.gnupg.org/pub/gcrypt/
>
> Greece
>
> ftp://ftp.linux.gr/pub/crypto/gnupg/
> ftp://hal.csd.auth.gr/mirrors/gnupg/
>
> Hungary
>
> ftp://ftp.kfki.hu/pub/packages/security/gnupg/
>
> Iceland
>
> ftp://ftp.hi.is/pub/mirrors/gnupg/
>
> Ireland
>
> ftp://ftp.compsoc.com/pub/gnupg/
>
> Italy
>
> ftp://ftp.linux.it/pub/mirrors/gnupg/
> ftp://ftp3.linux.it/pub/mirrors/gnupg/
>
> Japan
>
> ftp://pgp.iijlab.net/pub/gnupg/
> ftp://ftp.ring.gr.jp/pub/net/gnupg/
> http://www.ring.gr.jp/pub/net/gnupg/
> ftp://ftp.ayamura.org/pub/gnupg/
>
> Korea
>
> ftp://ftp.snu.ac.kr/pub/security/gnupg/
>
> Poland
>
> ftp://sunsite.icm.edu.pl/pub/security/gnupg/
>
> Spain
>
> ftp://dimonieta.udg.es/mirror/gnupg
>
> Sweden
>
> ftp://ftp.stacken.kth.se/pub/crypto/gnupg/
> ftp://ftp.sunet.se:/pub/security/gnupg/
>
> Switzerland
>
> ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/
>
> Taiwan
>
> ftp://coda.nctu.edu.tw/Security/gcrypt
>
> United Kingdom
>
> ftp://ftp.net.lut.ac.uk/gcrypt/
> ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/
> http://www.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/
>
> United States
>
> ftp://ftp.exobit.org/pub/security/gnupg
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
>
> iD8DBQE8zmw4bH7huGIcwBMRAiLTAKCPlh37pJ1wo50gMJaCk1zRribWQwCguLkj
> knSn9gpfR1rzqTQTgT5oyy8=
> =lQMf
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Gnupg-announce mailing list
> Gnupg-announce@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-announce
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users