2009-12-21 19:17:41 +00:00
|
|
|
To: gnupg-announce@gnupg.org, info-gnu@gnu.org
|
|
|
|
Mail-Followup-To: gnupg-users@gnupg.org
|
|
|
|
|
|
|
|
|
|
|
|
Hello!
|
|
|
|
|
|
|
|
We are pleased to announce the availability of a new stable GnuPG-2
|
2011-01-13 17:04:47 +01:00
|
|
|
release: Version 2.0.17.
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
|
|
|
|
and data storage. It can be used to encrypt data, create digital
|
|
|
|
signatures, help authenticating using Secure Shell and to provide a
|
|
|
|
framework for public key cryptography. It includes an advanced key
|
|
|
|
management facility and is compliant with the OpenPGP and S/MIME
|
|
|
|
standards.
|
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.11) in
|
2009-12-21 19:17:41 +00:00
|
|
|
that it splits up functionality into several modules. However, both
|
|
|
|
versions may be installed alongside without any conflict. In fact,
|
|
|
|
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
|
|
|
|
included in GnuPG-2 and allows for seamless passphrase caching. The
|
|
|
|
advantage of GnuPG-1 is its smaller size and the lack of dependency on
|
|
|
|
other modules at run and build time. We will keep maintaining GnuPG-1
|
|
|
|
versions because they are very useful for small systems and for server
|
|
|
|
based applications requiring only OpenPGP support.
|
|
|
|
|
|
|
|
GnuPG is distributed under the terms of the GNU General Public License
|
|
|
|
(GPL version 3). GnuPG-2 works best on GNU/Linux or *BSD systems.
|
|
|
|
|
|
|
|
|
|
|
|
What's New
|
|
|
|
===========
|
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
* Allow more hash algorithms with the OpenPGP v2 card.
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
* The gpg-agent now tests for a new gpg-agent.conf on a HUP.
|
|
|
|
|
|
|
|
* Fixed output of "gpgconf --check-options".
|
|
|
|
|
|
|
|
* Fixed a bug where Scdaemon sends a signal to Gpg-agent running in
|
|
|
|
non-daemon mode.
|
|
|
|
|
|
|
|
* Fixed TTY management for pinentries and session variable update
|
|
|
|
problem.
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2010-08-11 14:17:25 +00:00
|
|
|
* Minor bug fixes.
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
|
|
|
|
Getting the Software
|
|
|
|
====================
|
|
|
|
|
|
|
|
Please follow the instructions found at http://www.gnupg.org/download/
|
|
|
|
or read on:
|
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
GnuPG 2.0.17 may be downloaded from one of the GnuPG mirror sites or
|
2009-12-21 19:17:41 +00:00
|
|
|
direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors
|
|
|
|
can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG
|
|
|
|
is not available at ftp.gnu.org.
|
|
|
|
|
|
|
|
On the FTP server and its mirrors you should find the following files
|
|
|
|
in the gnupg/ directory:
|
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
gnupg-2.0.17.tar.bz2 (3904k)
|
|
|
|
gnupg-2.0.17.tar.bz2.sig
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
GnuPG source compressed using BZIP2 and OpenPGP signature.
|
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
gnupg-2.0.16-2.0.17.diff.bz2 (75k)
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
A patch file to upgrade a 2.0.16 GnuPG source tree. This patch
|
2009-12-21 19:17:41 +00:00
|
|
|
does not include updates of the language files.
|
|
|
|
|
|
|
|
Note, that we don't distribute gzip compressed tarballs for GnuPG-2.
|
|
|
|
|
|
|
|
|
|
|
|
Checking the Integrity
|
|
|
|
======================
|
|
|
|
|
|
|
|
In order to check that the version of GnuPG which you are going to
|
|
|
|
install is an original and unmodified one, you can do it in one of
|
|
|
|
the following ways:
|
|
|
|
|
|
|
|
* If you already have a trusted version of GnuPG installed, you
|
|
|
|
can simply check the supplied signature. For example to check the
|
2011-01-13 17:04:47 +01:00
|
|
|
signature of the file gnupg-2.0.17.tar.bz2 you would use this command:
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
gpg --verify gnupg-2.0.17.tar.bz2.sig
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
This checks whether the signature file matches the source file.
|
|
|
|
You should see a message indicating that the signature is good and
|
|
|
|
made by that signing key. Make sure that you have the right key,
|
|
|
|
either by checking the fingerprint of that key with other sources
|
|
|
|
or by checking that the key has been signed by a trustworthy other
|
|
|
|
key. Note, that you can retrieve the signing key using the command
|
|
|
|
|
|
|
|
finger wk ,at' g10code.com
|
|
|
|
|
|
|
|
or using a keyserver like
|
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
gpg --keyserver keys.gnupg.net --recv-key 4F25E3B6
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
The distribution key 4F25E3B6 is signed by the well known key
|
|
|
|
1E42B367.
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
|
|
|
|
INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!
|
|
|
|
|
|
|
|
* If you are not able to use an old version of GnuPG, you have to verify
|
|
|
|
the SHA-1 checksum. Assuming you downloaded the file
|
2011-01-13 17:04:47 +01:00
|
|
|
gnupg-2.0.17.tar.bz2, you would run the sha1sum command like this:
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
sha1sum gnupg-2.0.17.tar.bz2
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
and check that the output matches the first line from the
|
|
|
|
following list:
|
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
41ef5460417ca0a1131fc730849fe3afd49ad2de gnupg-2.0.17.tar.bz2
|
|
|
|
ba49d5ab2659bfe6403d52df58722f439e393bbb gnupg-2.0.16-2.0.17.diff.bz2
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
|
|
|
|
Internationalization
|
|
|
|
====================
|
|
|
|
|
|
|
|
GnuPG comes with support for 27 languages. Due to a lot of new and
|
2011-01-13 17:04:47 +01:00
|
|
|
changed strings many translations are not entirely complete. Jakub
|
|
|
|
Bogusz, Petr Pisar, Jedi and Daniel Nylander have been kind enough to
|
|
|
|
update their translations on short notice. Thus the Chinese, Czech,
|
|
|
|
German, Polish and Swedish translations are complete.
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
|
|
|
|
Documentation
|
|
|
|
=============
|
|
|
|
|
|
|
|
We are currently working on an installation guide to explain in more
|
|
|
|
detail how to configure the new features. As of now the chapters on
|
|
|
|
gpg-agent and gpgsm include brief information on how to set up the
|
|
|
|
whole thing. Please watch the GnuPG website for updates of the
|
|
|
|
documentation. In the meantime you may search the GnuPG mailing list
|
|
|
|
archives or ask on the gnupg-users mailing lists for advise on how to
|
|
|
|
solve problems. Many of the new features are around for several years
|
|
|
|
and thus enough public knowledge is already available. KDE's KMail is
|
|
|
|
the most prominent user of GnuPG-2. In fact it has been developed along
|
|
|
|
with the KMail folks. Mutt users might want to use the configure
|
|
|
|
option "--enable-gpgme" and "set use_crypt_gpgme" in ~/.muttrc to make
|
|
|
|
use of GnuPG-2 to enable S/MIME in addition to a reworked OpenPGP
|
|
|
|
support.
|
|
|
|
|
|
|
|
The manual is also available online in HTML format at
|
|
|
|
http://www.gnupg.org/documentation/manuals/gnupg/
|
|
|
|
and in Portable Document Format at
|
|
|
|
http://www.gnupg.org/documentation/manuals/gnupg.pdf .
|
|
|
|
|
|
|
|
|
|
|
|
Support
|
|
|
|
=======
|
|
|
|
|
|
|
|
Improving GnuPG is costly, but you can help! We are looking for
|
|
|
|
organizations that find GnuPG useful and wish to contribute back.
|
|
|
|
You can contribute by reporting bugs, improve the software, order
|
|
|
|
extensions or support or more general by donating money to the Free
|
|
|
|
Software movement (e.g. http://www.fsfeurope.org/help/donate.en.html).
|
|
|
|
|
|
|
|
Commercial support contracts for GnuPG are available, and they help
|
|
|
|
finance continued maintenance. g10 Code GmbH, a Duesseldorf based
|
|
|
|
company owned and headed by GnuPG's principal author, is currently
|
|
|
|
funding GnuPG development. We are always looking for interesting
|
|
|
|
development projects.
|
|
|
|
|
|
|
|
The GnuPG service directory is available at:
|
|
|
|
|
|
|
|
http://www.gnupg.org/service.html
|
|
|
|
|
|
|
|
|
|
|
|
Thanks
|
|
|
|
======
|
|
|
|
|
|
|
|
We have to thank all the people who helped with this release, be it
|
|
|
|
testing, coding, translating, suggesting, auditing, administering the
|
|
|
|
servers, spreading the word or answering questions on the mailing
|
|
|
|
lists.
|
|
|
|
|
|
|
|
|
|
|
|
Happy Hacking,
|
|
|
|
|
|
|
|
The GnuPG Team
|
|
|
|
|