[Announce] GnuPG 2.1.19 released
ankostis
ankostis at gmail.com
Wed Mar 1 21:03:51 CET 2017
Thank you for your efforts.
Would it be possible with the next release to build also the python-2
& 3 bindings for Windows?
Best,
Kostis Anagnostopoulos
On 1 March 2017 at 20:27, Werner Koch <wk at gnupg.org> wrote:
> Hello!
>
> The GnuPG team is pleased to announce the availability of a new release
> of GnuPG: version 2.1.19. See below for a list of new features and bug
> fixes.
>
>
> About GnuPG
> =============
>
> The GNU Privacy Guard (GnuPG) is a complete and free implementation
> of the OpenPGP standard which is commonly abbreviated as PGP.
>
> GnuPG allows to encrypt and sign data and communication, features a
> versatile key management system as well as access modules for public key
> directories. GnuPG itself is a command line tool with features for easy
> integration with other applications. A wealth of frontend applications
> and libraries making use of GnuPG are available. As an Universal Crypto
> Engine GnuPG provides support for S/MIME and Secure Shell in addition to
> OpenPGP.
>
> There are two major flavours of GnuPG:
>
> - GnuPG 2.1 (dubbed "modern") comes with the latest features and is
> suggested for most users. This announcement is about this branch.
>
> - GnuPG 2.0 is an older but widely used branch which we will maintain
> until 2017-12-31.
>
> GnuPG is Free Software (meaning that it respects your freedom). It can
> be freely used, modified and distributed under the terms of the GNU
> General Public License.
>
>
> Noteworthy changes in version 2.1.19
> ====================================
>
> * gpg: Print a warning if Tor mode is requested but the Tor daemon
> is not running.
>
> * gpg: New status code DECRYPTION_KEY to print the actual private
> key used for decryption.
>
> * gpgv: New options --log-file and --debug.
>
> * gpg-agent: Revamp the prompts to ask for card PINs.
>
> * scd: Support for multiple card readers.
>
> * scd: Removed option --debug-disable-ticker. Ticker is used
> only when it is required to watch removal of device/card.
>
> * scd: Improved detection of card inserting and removal.
>
> * dirmngr: New option --disable-ipv4.
>
> * dirmngr: New option --no-use-tor to explicitly disable the use of
> Tor.
>
> * dirmngr: The option --allow-version-check is now required even if
> the option --use-tor is also used.
>
> * dirmngr: Handle a missing nsswitch.conf gracefully.
>
> * dirmngr: Avoid PTR lookups for keyserver pools. The are only done
> for the debug command "keyserver --hosttable".
>
> * dirmngr: Rework the internal certificate cache to support classes
> of certificates. Load system provided certificates on startup.
> Add options --tls, --no-crl, and --systrust to the "VALIDATE"
> command.
>
> * dirmngr: Add support for the ntbtls library.
>
> * wks: Create mails with a "WKS-Phase" header. Fix detection of
> Draft-2 mode.
>
> * The Windows installer is now build with limited TLS support.
>
> * Many other bug fixes and new regression tests.
>
> A detailed description of the changes found in this 2.1 branch can be
> found at <https://gnupg.org/faq/whats-new-in-2.1.html>.
>
>
> Getting the Software
> ====================
>
> Please follow the instructions found at <https://gnupg.org/download/> or
> read on:
>
> GnuPG 2.1.19 may be downloaded from one of the GnuPG mirror sites or
> direct from its primary FTP server. The list of mirrors can be found at
> <https://gnupg.org/download/mirrors.html>. Note that GnuPG is not
> available at ftp.gnu.org.
>
> The GnuPG source code compressed using BZIP2 and its OpenPGP signature
> are available here:
>
> https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.1.19.tar.bz2 (6255k)
> https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.1.19.tar.bz2.sig
> or here:
> ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.19.tar.bz2
> ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.19.tar.bz2.sig
>
> An installer for Windows without any graphical frontend except for a
> very minimal Pinentry tool is available here:
>
> https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.1.19_20170301.exe (3670k)
> https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.1.19_20170301.exe.sig
> or here
> ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.19_20170301.exe
> ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.19_20170301.exe.sig
>
> The source used to build the Windows installer can be found in the same
> directory with a ".tar.xz" suffix. The Windows installer now comes with
> TOFU support, many translations, support for Tor, and limited support
> for HKPS and Web Key Directory.
>
>
> Checking the Integrity
> ======================
>
> In order to check that the version of GnuPG which you are going to
> install is an original and unmodified one, you can do it in one of
> the following ways:
>
> * If you already have a version of GnuPG installed, you can simply
> verify the supplied signature. For example to verify the signature
> of the file gnupg-2.1.19.tar.bz2 you would use this command:
>
> gpg --verify gnupg-2.1.19.tar.bz2.sig gnupg-2.1.19.tar.bz2
>
> This checks whether the signature file matches the source file.
> You should see a message indicating that the signature is good and
> made by one or more of the release signing keys. Make sure that
> this is a valid key, either by matching the shown fingerprint
> against a trustworthy list of valid release signing keys or by
> checking that the key has been signed by trustworthy other keys.
> See the end of this mail for information on the signing keys.
>
> * If you are not able to use an existing version of GnuPG, you have
> to verify the SHA-1 checksum. On Unix systems the command to do
> this is either "sha1sum" or "shasum". Assuming you downloaded the
> file gnupg-2.1.19.tar.bz2, you run the command like this:
>
> sha1sum gnupg-2.1.19.tar.bz2
>
> and check that the output matches the next line:
>
> 10a088a6716789ac5c5cce2776952d8f4a5c57fc gnupg-2.1.19.tar.bz2
> 2614462170937abae1293cf227cacfb1028a11d3 gnupg-w32-2.1.19_20170301.exe
> abcfb15a59abb2bf05e9182133df53e5c5666272 gnupg-w32-2.1.19_20170301.tar.xz
>
>
> Internationalization
> ====================
>
> This version of GnuPG has support for 26 languages with Chinese, Czech,
> French, German, Japanese, Norwegian, Russian, and Ukrainian being almost
> completely translated. Due to expected changes in forthcoming releases
> some strings pertaining to the TOFU code are not yet translated.
>
>
> Documentation
> =============
>
> If you used GnuPG in the past you should read the description of
> changes and new features at doc/whats-new-in-2.1.txt or online at
>
> https://gnupg.org/faq/whats-new-in-2.1.html
>
> The file gnupg.info has the complete user manual of the system.
> Separate man pages are included as well but they have not all the
> details available as are the manual. It is also possible to read the
> complete manual online in HTML format at
>
> https://gnupg.org/documentation/manuals/gnupg/
>
> or in Portable Document Format at
>
> https://gnupg.org/documentation/manuals/gnupg.pdf .
>
> The chapters on gpg-agent, gpg and gpgsm include information on how
> to set up the whole thing. You may also want search the GnuPG mailing
> list archives or ask on the gnupg-users mailing lists for advise on
> how to solve problems. Many of the new features are around for
> several years and thus enough public knowledge is already available.
>
> You may also want to follow our postings at <https://gnupg.org/blob/>
> and <https://twitter.com/gnupg>.
>
>
> Support
> ========
>
> Please consult the archive of the gnupg-users mailing list before
> reporting a bug <https://gnupg.org/documentation/mailing-lists.html>.
> We suggest to send bug reports for a new release to this list in favor
> of filing a bug at <https://bugs.gnupg.org>. If you need commercial
> support check out <https://gnupg.org/service.html>.
>
> If you are a developer and you need a certain feature for your project,
> please do not hesitate to bring it to the gnupg-devel mailing list for
> discussion.
>
> Maintenance and development of GnuPG is mostly financed by donations.
> The GnuPG project employs 4 full-time developers, one part-timer, and
> one contractor. They all work exclusivly on GnuPG and closely related
> software like Libgcrypt, GPGME, and GPA. Please consider to donate via:
>
> https://gnupg.org/donate/
>
>
> Thanks
> ======
>
> We have to thank all the people who helped with this release, be it
> testing, coding, translating, suggesting, auditing, administering the
> servers, spreading the word, answering questions on the mailing
> lists, and donating money.
>
>
> The GnuPG hackers,
>
> Andre, dkg, gniibe, Justus, Neal, and Werner
>
>
>
> p.s.
> This is an announcement only mailing list. Please send replies only to
> the gnupg-users'at'gnupg.org mailing list.
>
> p.p.s
> List of Release Signing Keys:
>
> To guarantee that a downloaded GnuPG version has not been tampered by
> malicious entities we provide signature files for all tarballs and
> binary versions. The keys are also signed by the long term keys of
> their respective owners. Current releases are signed by one or more
> of these four keys:
>
> 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
> Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
> Werner Koch (dist sig)
>
> rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
> Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959
> David Shaw (GnuPG Release Signing Key) <dshaw 'at' jabberwocky.com>
>
> rsa2048/33BD3F06 2014-10-29 [expires: 2020-10-30]
> Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06
> NIIBE Yutaka (GnuPG Release Key) <gniibe 'at' fsij.org>
>
> rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31]
> Key fingerprint = D238 EA65 D64C 67ED 4C30 73F2 8A86 1B1C 7EFD 60D9
> Werner Koch (Release Signing Key)
>
> The keys are available at <https://gnupg.org/signature_key.html> and in
> any recently released GnuPG tarball in the file g10/distsigkey.gpg .
> Note that this mail has been signed by a different key.
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
> _______________________________________________
> Gnupg-announce mailing list
> Gnupg-announce at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-announce
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
More information about the Gnupg-users
mailing list