GnuPG 1.2.3
Hello!
We are pleased to announce the availability of a new stable
GnuPG release: Version 1.2.3
The GNU Privacy Guard (GnuPG) is GNU’s tool for secure
communication and data storage. It is a complete and free
replacement of PGP and can be used to encrypt data and to create
digital signatures. It includes an advanced key management facility
and is compliant with the proposed OpenPGP Internet standard as
described in RFC2440.
This release solves a performance problem introduced with 1.2.2
and make building on less common platforms easier.
Getting the Software
GnuPG 1.2.3 can be downloaded from one of the GnuPG mirror sites
or >From direct from ftp://ftp.gnupg.org/gcrypt .
The list of mirrors can be found at http://www.gnupg.org/mirrors.html.
Note, that GnuPG is not available at ftp.gnu.org.
On the mirrors you should find the follwing files in the
gnupg directory:
gnupg-1.2.3.tar.bz2
(2240k)
gnupg-1.2.3.tar.bz2.sig
GnuPG source compressed using BZIP2 and OpenPGP signature.
gnupg-1.2.3.tar.gz
(3228k)
gnupg-1.2.3.tar.gz.sig
GnuPG source compressed using GZIP and OpenPGP signature.
gnupg-1.2.2-1.2.3.diff.gz
(915k)
A patch file to upgrade a 1.2.2 GnuPG source. This file
is signed; you have to use GnuPG > 0.9.5 to verify the
signature. GnuPG has a feature to allow clear signed patch files
which can still be processed by the patch utility.
Select one of them. To shorten the download time, you probably
want to get the BZIP2 compressed file. Please try another mirror if
exceptional your mirror is not yet up to date.
In the binary directory, you should find these
files:
gnupg-w32cli-1.2.3.zip
(1309k)
gnupg-w32cli-1.2.3.zip.sig
GnuPG compiled for Microsoft Windows and OpenPGP
signature. Note that this is a command line version and comes
without a graphical installer tool. You have to use an UNZIP
utility to extract the files and install them manually. The
included file README.W32 has further instructions.
Checking the Integrity
In order to check that the version of GnuPG which you are going
to install is an original and unmodified one, you can do it in one
of the following ways:
- If you already have a trusted version of GnuPG installed, you
can simply check the supplied signature. For example to check the
signature of the file gnupg-1.2.3.tar.bz2 you would use
this command:
gpg –verify gnupg-1.2.3.tar.bz2.sig
This checks whether the signature file matches the source file.
You should see a message indicating that the signature is good and
made by that signing key. Make sure that you have the right key,
either by checking the fingerprint of that key with other sources
or by checking that the key has been signed by a trustworthy other
key. Note, that you can retrieve the signing key by finger wk ‘at’
g10code.com .
Never use a GnuPG version you just downloaded to check the
integrity of the source – use an existing GnuPG installation.
- If you are not able to use an old version of GnuPG, you have to
verify the MD5 checksum. Assuming you downloaded the file gnupg-1.2.3.tar.bz2, you would run
the md5sum command like this:
md5sum gnupg-1.2.3.tar.bz2
and check that the output matches the first line from the
following list:
cdca1282d7901f9ddb52f9725b001af2 gnupg-1.2.3.tar.bz2
46b990908019422535a08ce91b370ae7 gnupg-1.2.3.tar.gz
64c305371e658764006439b73ecbd8c3 gnupg-1.2.2-1.2.3.diff.gz
208f98809a6e533fed08846723795477 gnupg-w32cli-1.2.3.zip
Upgrade Information
If you are upgrading from a version prior to 1.0.7, you should
run the script tools/convert-from-106 once. Please note also that
due to a bug in versions prior to 1.0.6 it may not be possible to
downgrade to such versions unless you apply the patch http://www.gnupg.org/developer/gpg-woody-fix.txt
.
If you have any problems, please see the FAQ and the mailing
list archive at http://lists.gnupg.org. Please direct
questions to the [email protected] mailing
list.
What’s New
Here is a list of major user visible changes since 1.2.2:
- New “–gnupg” option (set by default) that disables –openpgp,
and the various –pgpX emulation options. This replaces
–no-openpgp, and –no-pgpX, and also means that GnuPG has finally
grown a –gnupg option to make GnuPG act like GnuPG. - A number of portability changes to make building GnuPG on
less-common platforms easier. - Romanian translation.
- Two new %-expandos for use in notation and policy URLs. “%g”
expands to the fingerprint of the key making the signature (which
might be a subkey), and “%p” expands to the fingerprint of the
primary key that owns the key making the signature. - New “tru” record in –with-colons –list-keys listings. It
shows the status of the trust database that was used to calculate
the key validity in the listings. See doc/DETAILS for the specifics
of this. - New REVKEYSIG status tag for –status-fd. It indicates a valid
signature that was issued by a revoked key. See doc/DETAILS for the
specifics of this.
Internationalization
GnuPG comes with support for these langauges:
| American English | Indonesian (id) |
| Catalan (ca) | Italian (it) |
| Czech (cs) | Japanese (ja) |
| Danish (da)[*] | Polish (pl) |
| Dutch (nl)[*] | Brazilian Portuguese (pt_BR)[*] |
| Esperanto (eo)[*] | Portuguese (pt) |
| Estonian (et) | Romanian (ro) |
| Finnish (fi) | Slovak (sk) |
| French (fr) | Spanish (es) |
| Galician (gl) | Swedish (sv) |
| German (de) | Traditional Chinese (zh_TW) |
| Greek (el) | Turkish (tr) |
| Hungarian (hu) |
Languages marked with [*] were not updated for this releases and
you may notice untranslated messages. Many thanks to the
translators for their ongoing support of GnuPG.
Future Directions
GnuPG 1.2.x is the current stable branch and won’t undergo any
serious changes. We will just fix bugs and add compatibility fixes
as required.
GnuPG 1.3.x is the version were we do most new stuff and it will
lead to the next stable version 1.4 not too far away.
GnuPG 1.9.x is brand new and flagged as experimental. This
version merged the code from the Aegypten project and thus it
includes the gpg-agent, a smartcard daemon and gpg’s S/MIME cousin
gpgsm. The design is different to the previous versions and we
won’t support any ancient systems – thus POSIX compatibility will
be an absolute requirement for supported platforms. 1.9 is based on
the current 1.3 code and has been released to have software ready
to play with the forthcoming OpenPGP smartcard.
The OpenPGP smartcard is a soon to be released specification of
an ISO 7816 based application to generate or import keys into a
smartcard and provide all functionality to use this card with
OpenPGP. The specification features 3 1024 bit RSA keys (signing,
decryption and authentication) as well as utility data objects to
make integration easy. We will be able to give about 50 test cards
to selected developers and soon after distribute real cards.
For other developments you may want to consult the task list at
http://g10code.com/en/tasklist.html
.
Happy Hacking,
The GnuPG team (David, Stefan, Timo and Werner)
Let’s not forget about all the other contributors; here is list
of them (from the THANKS file):
The GNU Privacy Guard has been created by the GnuPG team: David
Shaw, Matthew Skala, Michael Roth, Niklas Hernaeus, Nils
Ellmenreich, Rémi Guyomarch, Stefan Bellon, Timo Schulz and
Werner Koch. Birger Langkjer, Daniel Resare, Dokianakis Theofanis,
Edmund GRIMLEY EVANS, Gaël Quéri, Gregory Steuck, Nagy
Ferenc László, Ivo Timmermans, Jacobo Tarri’o
Barreiro, Janusz Aleksander Urbanowicz, Jedi Lin, Jouni Hiltunen,
Laurentiu Buzdugan, Magda Procha’zkova’, Michael Anckaert, Michal
Majer, Marco d’Itri, Nilgun Belma Buguner, Pedro Morais, Tedi
Heriyanto, Thiago Jung Bauermann, Rafael Caetano dos Santos, Toomas
Soome, Urko Lusa, Walter Koch, Yosiaki IIDA did the official
translations. Mike Ashley wrote and maintains the GNU Privacy
Handbook. David Scribner is the current FAQ editor. Lorenzo
Cappelletti maintains the web site.
The following people helped greatly by suggesting improvements,
testing, fixing bugs, providing resources and doing other important
tasks: Adam Mitchell, Albert Chin, Alec Habig, Allan Clark, Anand
Kumria, Andreas Haumer, Anthony Mulcahy, Ariel T Glenn, Bob
Mathews, Bodo Moeller, Brendan O’Dea, Brenno de Winter, Brian M.
Carlson, Brian Moore, Brian Warner, Bryan Fullerton, Caskey L.
Dickson, Cees van de Griend, Charles Levert, Chip Salzenberg, Chris
Adams, Christian Biere, Christian Kurz, Christian von Roques,
Christopher Oliver, Christian Recktenwald, Dan Winship, Daniel
Eisenbud, Daniel Koening, Dave Dykstra, David C Niemi, David
Champion, David Ellement, David Hallinan, David Hollenberg, David
Mathog, David R. Bergstein, Detlef Lannert, Dimitri, Dirk
Lattermann, Dirk Meyer, Disastry, Douglas Calvert, Ed Boraas,
Edmund GRIMLEY EVANS, Edwin Woudt, Enzo Michelangeli, Ernst
Molitor, Fabio Coatti, Felix von Leitner, fish stiqz, Florian
Weimer, Francesco Potorti, Frank Donahoe, Frank Heckenbach, Frank
Stajano, Frank Tobin, Gabriel Rosenkoetter, Gaël Quéri,
Gene Carter, Geoff Keating, Georg Schwarz, Giampaolo Tomassoni,
Gilbert Fernandes, Greg Louis, Greg Troxel, Gregory Steuck, Gregery
Barton, Harald Denker, Holger Baust, Hendrik Buschkamp, Holger
Schurig, Holger Smolinski, Holger Trapp, Hugh Daniel, Huy Le, Ian
McKellar, Ivo Timmermans, Jan Krueger, Jan Niehusmann, Janusz A.
Urbanowicz, James Troup, Jean-loup Gailly, Jeff Long, Jeffery Von
Ronne, Jens Bachem, Jeroen C. van Gelderen, J Horacio MG, J.
Michael Ashley, Jim Bauer, Jim Small, Joachim Backes, Joe Rhett,
John A. Martin, Johnny Teveßen, Jörg Schilling, Jos
Backus, Joseph Walton, Juan F. Codagnone, Jun Kuriyama, Kahil D.
Jallad, Karl Fogel, Karsten Thygesen, Katsuhiro Kondou, Kazu
Yamamoto, Keith Clayton, Kevin Ryde, Klaus Singvogel, Kurt Garloff,
Lars Kellogg-Stedman, L. Sassaman, M Taylor, Marcel Waldvogel,
Marco d’Itri, Marco Parrone, Marcus Brinkmann, Mark Adler, Mark
Elbrecht, Mark Pettit, Markus Friedl, Martin Kahlert, Martin
Hamilton, Martin Schulte, Matt Kraai, Matthew Skala, Matthew
Wilcox, Matthias Urlichs, Max Valianskiy, Michael Engels, Michael
Fischer v. Mollard, Michael Roth, Michael Sobolev, Michael Tokarev,
Nicolas Graner, Mike McEwan, Neal H Walfield, Nelson H. F. Beebe,
NIIBE Yutaka, Niklas Hernaeus, Nimrod Zimerman, N J Doye, Oliver
Haakert, Oskari Jääskeläinen, Pascal Scheffers, Paul
D. Smith, Per Cederqvist, Phil Blundell, Philippe Laliberte, Peter
Fales, Peter Gutmann, Peter Marschall, Peter Valchev, Piotr
Krukowiecki, QingLong, Ralph Gillen, Rat, Reinhard Wobst,
Rémi Guyomarch, Reuben Sumner, Richard Outerbridge, Robert
Joop, Roddy Strachan, Roger Sondermann, Roland Rosenfeld, Roman
Pavlik, Ross Golder, Ryan Malayter, Sam Roberts, Sami Tolvanen,
Sean MacLennan, Sebastian Klemke, Serge Munhoven, SL Baur, Stefan
Bellon, Dr.Stefan.Dalibor, Stefan Karrmann, Stefan Keller, Steffen
Ullrich, Steffen Zahn, Steven Bakker, Steven Murdoch, Susanne
Schultz, Ted Cabeen, Thiago Jung Bauermann, Thijmen Klok, Thomas
Roessler, Tim Mooney, Timo Schulz, Todd Vierling, TOGAWA Satoshi,
Tom Spindler, Tom Zerucha, Tomas Fasth, Tommi Komulainen, Thomas
Klausner, Tomasz Kozlowski, Thomas Mikkelsen, Ulf Möller, Urko
Lusa, Vincent P. Broman, Volker Quetschke, W Lewis, Walter Hofmann,
Walter Koch, Wayne Chapeskie, Wim Vandeputte, Winona Brown, Yosiaki
IIDA, Yoshihiro Kajiki and Gerlinde Klaes.
This software has been made possible by the previous work of
Chris Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin
Hellmann Paul Kendall, Philip R. Zimmermann, Peter Gutmann, Philip
A. Nelson, Taher ElGamal, Torbjorn Granlund, Whitfield Diffie, some
unknown NSA mathematicians and all the folks who have worked hard
to create complete and free operating systems.
—
Werner Koch