security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Release 1.4.21

This commit is contained in:
Werner Koch 2016-08-17 15:07:57 +02:00
parent 5e1843fc47
commit 47531220e5
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 30 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
NEWS
View File

@ -1,6 +1,15 @@
Noteworthy changes in version 1.4.21 (unreleased)
Noteworthy changes in version 1.4.21 (2016-08-17)
-------------------------------------------------
* Fix critical security bug in the RNG [CVE-2016-6313]. An attacker
who obtains 580 bytes from the standard RNG can trivially predict
the next 20 bytes of output. Problem detected by Felix Dörre and
Vladimir Klebanov, KIT.
* Tweak default options for gpgv.
* By default do not anymore emit the GnuPG version with --armor.
Noteworthy changes in version 1.4.20 (2015-12-20)
-------------------------------------------------

34
README
View File

@ -307,6 +307,12 @@
card. To see the fingerprints of the secondary keys, you can
give the command twice; but this is normally not needed.
NEVER use the keyid to verify a key - always use the complete
fingerprint. The keyid is just a convenience handle to identify a
key by a short semi-unique name which is trivial to spoof. You
may want to put the line "keyid-format long" into your gpg.conf to
tell gpg to print the long keyid (which is still spoof-able).
If you don't know the owner of the public key you are in trouble.
Suppose however that friend of yours knows someone who knows someone
who has met the owner of the public key at some computer conference.
@ -403,20 +409,6 @@
There are several ways to specify a user ID, here are some examples.
* Only by the short keyid (prepend a zero if it begins with A..F):
"234567C4"
"0F34E556E"
"01347A56A"
"0xAB123456
* By a complete keyid:
"234AABBCC34567C4"
"0F323456784E56EAB"
"01AB3FED1347A5612"
"0x234AABBCC34567C4"
* By a fingerprint:
"1234343434343434C434343434343434"
@ -426,6 +418,20 @@
The first one is a short fingerprint for PGP 2.x style keys.
The others are long fingerprints for OpenPGP keys.
* By a complete keyid (prepend a zero if it begins with A..F):
"234AABBCC34567C4"
"0F323456784E56EAB"
"01AB3FED1347A5612"
"0x234AABBCC34567C4"
* By the short keyid:
"234567C4"
"0F34E556E"
"01347A56A"
"0xAB123456
* By an exact string:
"=Heinrich Heine <heinrichh@uni-duesseldorf.de>"