2009-12-21 19:17:41 +00:00
|
|
|
To: gnupg-announce@gnupg.org, info-gnu@gnu.org
|
|
|
|
Mail-Followup-To: gnupg-users@gnupg.org
|
|
|
|
|
|
|
|
|
|
|
|
Hello!
|
|
|
|
|
|
|
|
We are pleased to announce the availability of a new stable GnuPG-2
|
2013-04-25 12:00:16 +01:00
|
|
|
release: Version 2.0.20.
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
|
|
|
|
and data storage. It can be used to encrypt data, create digital
|
|
|
|
signatures, help authenticating using Secure Shell and to provide a
|
|
|
|
framework for public key cryptography. It includes an advanced key
|
|
|
|
management facility and is compliant with the OpenPGP and S/MIME
|
|
|
|
standards.
|
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.13) in
|
2009-12-21 19:17:41 +00:00
|
|
|
that it splits up functionality into several modules. However, both
|
|
|
|
versions may be installed alongside without any conflict. In fact,
|
|
|
|
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
|
|
|
|
included in GnuPG-2 and allows for seamless passphrase caching. The
|
|
|
|
advantage of GnuPG-1 is its smaller size and the lack of dependency on
|
|
|
|
other modules at run and build time. We will keep maintaining GnuPG-1
|
|
|
|
versions because they are very useful for small systems and for server
|
|
|
|
based applications requiring only OpenPGP support.
|
|
|
|
|
|
|
|
GnuPG is distributed under the terms of the GNU General Public License
|
2011-08-04 18:17:22 +02:00
|
|
|
(GPLv3+). GnuPG-2 works best on GNU/Linux and *BSD systems but is
|
|
|
|
also available for other Unices, Microsoft Windows and Mac OS X.
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
What's New in 2.0.20
|
2012-03-27 11:19:32 +02:00
|
|
|
====================
|
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* Decryption using smartcards keys > 3072 bit does now work.
|
2012-03-27 11:19:32 +02:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* New meta option ignore-invalid-option to allow using the same
|
|
|
|
option file by other GnuPG versions.
|
2012-03-27 11:19:32 +02:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* gpg: The hash algorithm is now printed for sig records in key listings.
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* gpg: Skip invalid keyblock packets during import to avoid a DoS.
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* gpg: Correctly handle ports from DNS SRV records.
|
2011-01-13 17:04:47 +01:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* keyserver: Improve use of SRV records
|
2011-01-13 17:04:47 +01:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
* gpg-agent: Avoid tty corruption when killing pinentry.
|
|
|
|
|
|
|
|
* scdaemon: Improve detection of card insertion and removal.
|
|
|
|
|
|
|
|
* scdaemon: Rename option --disable-keypad to --disable-pinpad.
|
|
|
|
|
|
|
|
* scdaemon: Better support for CCID readers. Now, the internal CCID
|
|
|
|
driver supports readers without the auto configuration feature.
|
|
|
|
|
|
|
|
* scdaemon: Add pinpad input for PC/SC, if your reader has pinpad and
|
|
|
|
it supports variable length PIN input, and you specify
|
|
|
|
--enable-pinpad-varlen option.
|
|
|
|
|
|
|
|
* scdaemon: New option --enable-pinpad-varlen.
|
|
|
|
|
|
|
|
* scdaemon: Install into libexecdir to avoid accidental execution
|
|
|
|
from the command line.
|
|
|
|
|
|
|
|
* Support building using w64-mingw32.
|
|
|
|
|
|
|
|
* Assorted bug fixes.
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
|
|
|
|
Getting the Software
|
|
|
|
====================
|
|
|
|
|
|
|
|
Please follow the instructions found at http://www.gnupg.org/download/
|
|
|
|
or read on:
|
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
GnuPG 2.0.20 may be downloaded from one of the GnuPG mirror sites or
|
2009-12-21 19:17:41 +00:00
|
|
|
direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors
|
|
|
|
can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG
|
|
|
|
is not available at ftp.gnu.org.
|
|
|
|
|
|
|
|
On the FTP server and its mirrors you should find the following files
|
|
|
|
in the gnupg/ directory:
|
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
gnupg-2.0.20.tar.bz2 (4186k)
|
|
|
|
gnupg-2.0.20.tar.bz2.sig
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
GnuPG source compressed using BZIP2 and OpenPGP signature.
|
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
gnupg-2.0.19-2.0.20.diff.bz2 (249k)
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
A patch file to upgrade a 2.0.19 GnuPG source tree. This patch
|
2009-12-21 19:17:41 +00:00
|
|
|
does not include updates of the language files.
|
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
Note, that we don't distribute gzip compressed tarballs for GnuPG-2.
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
|
|
|
|
Checking the Integrity
|
|
|
|
======================
|
|
|
|
|
|
|
|
In order to check that the version of GnuPG which you are going to
|
|
|
|
install is an original and unmodified one, you can do it in one of
|
|
|
|
the following ways:
|
|
|
|
|
|
|
|
* If you already have a trusted version of GnuPG installed, you
|
|
|
|
can simply check the supplied signature. For example to check the
|
2013-04-25 12:00:16 +01:00
|
|
|
signature of the file gnupg-2.0.20.tar.bz2 you would use this command:
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
gpg --verify gnupg-2.0.20.tar.bz2.sig
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
This checks whether the signature file matches the source file.
|
|
|
|
You should see a message indicating that the signature is good and
|
|
|
|
made by that signing key. Make sure that you have the right key,
|
|
|
|
either by checking the fingerprint of that key with other sources
|
|
|
|
or by checking that the key has been signed by a trustworthy other
|
|
|
|
key. Note, that you can retrieve the signing key using the command
|
|
|
|
|
|
|
|
finger wk ,at' g10code.com
|
|
|
|
|
|
|
|
or using a keyserver like
|
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
gpg --keyserver keys.gnupg.net --recv-key 4F25E3B6
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2011-01-13 17:04:47 +01:00
|
|
|
The distribution key 4F25E3B6 is signed by the well known key
|
|
|
|
1E42B367.
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
|
|
|
|
INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!
|
|
|
|
|
|
|
|
* If you are not able to use an old version of GnuPG, you have to verify
|
|
|
|
the SHA-1 checksum. Assuming you downloaded the file
|
2013-04-25 12:00:16 +01:00
|
|
|
gnupg-2.0.20.tar.bz2, you would run the sha1sum command like this:
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
sha1sum gnupg-2.0.20.tar.bz2
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
and check that the output matches the first line from the
|
|
|
|
following list:
|
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
7ddfefa37ee9da89a8aaa8f9059d251b4cd02562 gnupg-2.0.20.tar.bz2
|
|
|
|
4afefda1f42c7b8065e97c6df051fab2db552642 gnupg-2.0.19-2.0.20.diff.bz2
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
Documentation
|
|
|
|
=============
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
The file gnupg.info has the complete user manual of the system.
|
2011-08-04 18:17:22 +02:00
|
|
|
Separate man pages are included as well; however they have not all the
|
|
|
|
details available in the manual. It is also possible to read the
|
|
|
|
complete manual online in HTML format at
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
http://www.gnupg.org/documentation/manuals/gnupg/
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
or in Portable Document Format at
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
http://www.gnupg.org/documentation/manuals/gnupg.pdf .
|
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
The chapters on gpg-agent, gpg and gpgsm include information on how
|
|
|
|
to set up the whole thing. You may also want search the GnuPG mailing
|
|
|
|
list archives or ask on the gnupg-users mailing lists for advise on
|
|
|
|
how to solve problems. Many of the new features are around for
|
|
|
|
several years and thus enough public knowledge is already available.
|
|
|
|
|
2012-03-27 11:19:32 +02:00
|
|
|
Almost all mail clients support GnuPG-2. Mutt users may want to use
|
|
|
|
the configure option "--enable-gpgme" during build time and put a "set
|
|
|
|
use_crypt_gpgme" in ~/.muttrc to enable S/MIME support along with the
|
|
|
|
reworked OpenPGP support.
|
2011-08-04 18:17:22 +02:00
|
|
|
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
Support
|
|
|
|
=======
|
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
Please consult the archive of the gnupg-users mailing list before
|
|
|
|
reporting a bug <http://gnupg.org/documentation/mailing-lists.html>.
|
|
|
|
We suggest to send bug reports for a new release to this list in favor
|
|
|
|
of filing a bug at <http://bugs.gnupg.org>. We also have a dedicated
|
|
|
|
service directory at:
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
http://www.gnupg.org/service.html
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2013-04-25 12:00:16 +01:00
|
|
|
The driving force behind the development of GnuPG is the company of
|
|
|
|
its principal author, Werner Koch. Maintenance and improvement of
|
|
|
|
GnuPG and related software takes up most of their resources. To
|
|
|
|
allow him them continue his work he asks to either purchase a support
|
|
|
|
contract, engage them for custom enhancements, or to donate money:
|
2009-12-21 19:17:41 +00:00
|
|
|
|
2011-08-04 18:17:22 +02:00
|
|
|
http://g10code.com/gnupg-donation.html
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
|
|
|
|
Thanks
|
|
|
|
======
|
|
|
|
|
|
|
|
We have to thank all the people who helped with this release, be it
|
|
|
|
testing, coding, translating, suggesting, auditing, administering the
|
|
|
|
servers, spreading the word or answering questions on the mailing
|
2011-08-04 18:17:22 +02:00
|
|
|
lists.
|
2009-12-21 19:17:41 +00:00
|
|
|
|
|
|
|
|
|
|
|
Happy Hacking,
|
|
|
|
|
|
|
|
The GnuPG Team
|