GnuPG 1.2
Hello!
We are pleased to announce the availability of a new stable release of
GnuPG: Version 1.2.0
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage. It is a complete and free replacement of PGP and
can be used to encrypt data and to create digital signatures. It
includes an advanced key management facility and is compliant with the
proposed OpenPGP Internet standard as described in RFC2440. This new
release implements most of OpenPGP's optional features, has somewhat
better interoperabilty with non-conforming OpenPGP implementations and
improved keyserver support.
Getting the Software
====================
GnuPG 1.2.0 can be downloaded from one of the GnuPG mirror sites.
The list of mirrors can be found at http:
See below for a list of mirrors already carrying this new released.
On the mirrors you should find the follwing files in the gnupg
directory:
gnupg-1.2.0.tar.bz/2 (1.8 MB)
gnupg-1.2.0.tar.bz2.sig/
GnuPG 1.2 source compressed using BZIP2 and OpenPGP signature.
gnupg-1.2.0.tar.gz/ (2.5 MB)
gnupg-1.2.0.tar.gz.sig/
GnuPG source compressed using GZIP and OpenPGP signature.
gnupg-1.0.7-1.2.0.diff.gz/ (1.0 MB)
A patch file to upgrade a 1.0.7 GnuPG source. This file is
signed; you have to use GnuPG > 0.9.5 to verify the signature.
GnuPG has a feature to allow clear signed patch files which can
still be processed by the patch utility.
Select one of them. To shorten the download time, you probably want
to get the BZIP2 compressed file. Please try another mirror if
exceptional your mirror is not yet up to date.
In the binary directory, you should find these files:
gnupg-w32cli-1.2.0.zip/ (1.0 MB)
gnupg-w32cli-1.2.0.zip.sig/
GnuPG compiled for Microsoft Windows and OpenPGP signature.
Note that this is a command line version and comes without a
graphical installer tool. You have to use an UNZIP utility to
extract the files and install them manually. The included file
README.W32 has further instructions.
Checking the Integrity
======================
In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:
can simply check the supplied signature. For example to check the
signature of the file gnupg-1.2.0.tar.bz/2 you would use this command:
gpg --verify gnupg-1.2.0.tar.bz2.sig/
This checks whether the signature file matches the source file.
You should see a message indicating that the signature is good and
made by that signing key. Make sure that you have the right key,
either by checking the fingerprint of that key with other sources
or by checking that the key has been signed by a trustworthy other
key.
Never use a GnuPG version you just downloaded to check the
integrity of the source - use an existing GnuPG installation.
the MD5 checksum. Assuming you downloaded the file
gnupg-1.2.0.tar.bz/2, you would run the md5sum command like this:
md5sum gnupg-1.2.0.tar.bz/2
and check that the output matches the first line from the
following list:
b22b10dacfeb5c2b0bc4ce9def2d1120 gnupg-1.2.0.tar.bz/2
e93ceafc4395d1713d20044d523d18a7 gnupg-1.2.0.tar.gz/
c735a9a4400e3e3b0b78f88aadedfd3d gnupg-1.0.7-1.2.0.diff.gz/
af439e3ba82c8648041e8e9d902c3c01 gnupg-w32cli-1.2.0.zip/
Upgrade Information
===================
The name of the default configuration file has changed from "options"
to "gpg.conf". The old name will still be used as long as no
"gpg.conf" exists. We recommend to rename your file after the
installation.
If you are upgrading from a version prior to 1.0.7, you may want to
run the command "gpg --rebuild-keydb-caches" once to speed up the
keyring access. Please note also that due to a bug in versions prior
to 1.0.6 it won't be possible to downgrade to such versions unless you
use the GnuPG version which comes with Debian's Woody release or you
apply the patch http:
If you have any problems, please see the FAQ and the mailing list
archive at http:
gnupg-users@gnupg.org mailing list.
What's New
===========
Here is a list of major user visible changes since 1.0.7:
Configuration:
old ~/.gnupg/options is found it will still be used. This
change is required to have a more consistent naming scheme with
forthcoming tools.
with all available entropy gathering modules included. At
runtime the best usable one will be selected from the list
linux, egd, unix. This is also the default for systems lacking
a /dev/random device.
option is in general not useful anymore. The only exception is
to specify the deprecated IDEA cipher plugin.
exec external programs (for the keyserver helpers or photo ID
viewers). Read the README file for the complete list.
/usr/[local/]libexec/gnupg by default. If you are upgrading
from 1.0.7, you might want to delete your old copies in
/usr/[local/]bin. If you use an OS that does not use libexec
for whatever reason, use configure --libexecdir=/usr/local/lib
to place the keyserver helpers there.
New features:
importing keys.
key must be specified by fingerprint. See the man page for
details.
during export. This is useful when exporting to HKP keyservers
which do not understand attribute packets.
mangling multiple subkeys bug. Note that this cannot completely
repair the damaged key as some crucial data is removed by the
keyserver, but it does at least give you back one subkey. This
is on by default for keyserver --recv-keys, and off by default
for regular --import.
--personal-digest-preferences, and
--personal-compress-preferences allow the user to specify which
algorithms are to be preferred. Note that this does not permit
using an algorithm that is not present in the recipient's
preferences (which would violate the OpenPGP standard). This
just allows sorting the preferences differently.
contents of attribute packets (i.e. photos)
Incompatible changes:
been removed.
plugin will no longer work with GnuPG. However, the current
version of the plugin will work with earlier GnuPG versions.
generation dialog unless in expert mode. RSA sign and encrypt
has been added with the same restrictions.
OpenPGP compatibility:
recipients directly request it, if the recipients have AES,
AES192, AES256, or TWOFISH in their cipher preferences, or if
the chosen cipher has a blocksize not equal to 64 bits
(currently this is also AES, AES192, AES256, and TWOFISH).
processing an already-compressed file unless a MDC is being
used. This is to give the message a certain amount of
resistance to the chosen-ciphertext attack while communicating
with other programs (most commonly PGP earlier than version 7.x)
that do not support MDCs.
encrypting a signed message to that key. Note that this is
disabled by default by a SHA1 preference in
--personal-digest-preferences.
to use when signing a key rather than the default SHA1 (or MD5
for PGP2 keys). Do not use this feature unless you fully
understand the implications of this.
that the resulting message will be usable by a user of PGP 7.x.
Bug fixes:
clarified. Specifically, the homedir (usually ~/.gnupg) is
checked to protect everything within it. If the user specifies
keyrings outside this homedir, they are presumed to be shared
keyrings and therefore not checked. Configuration files
specified with the --options option and the IDEA cipher
extension specified with --load-extension are checked, along
with their enclosing directories.
(version 1) LDAP keyservers.
Other changes:
that is not listed in the recipient's preferences.
self-signature. This does not change the v3 key into a v4 key,
but it does allow the user to use preferences, primary ID flags,
etc.
platforms.
it can still be overridden by the --charset option. Using the
option -vvv shows the used character set.
Internationalization
====================
GnuPG comes with support for these langauges:
American English Greek (el)
Catalan (ca) Indonesian (id)
Czech (cs) Italian (it)
Danish (da)[*] Japanese (ja)
Dutch (nl)[*] Polish (pl)
Esperanto (eo)[*] Brazilian Portuguese (pt_BR)[*]
Estonian (et)[*] Portuguese (pt)
French (fr)[*] Spanish (es)[*]
Galician (gl) Swedish (sv)[*]
German (de) Turkish (tr)
Languages marked with [*] were not updated for this releases and you
may notice untranslated messages. We will probably release an update
of the translations when we have received some translation updates.
May thanks to the translators for their ongoing support of GnuPG.
Happy Hacking,
The GnuPG team (David, Stefan, Timo and Werner)
p.s.
The mirror sites below have been verified to already carry this new
release. The full list of sites mirroring ftp ftp.gnupg.org is available
at http:
Australia
Australia
ftp:
Asia
Japan
ftp:
Europe
Austria
ftp:
http:
Denmark
ftp:
Finland
ftp:
ftp:
http:
France
ftp:
Germany
ftp:
Greece
ftp:
Italy
ftp:
http:
Netherlands
ftp:
Switzerland
ftp:
United Kingdom
ftp:
http: