Mailing List Archive

[Announce] GnuPG 2.0.19 released
Hello!

We are pleased to announce the availability of a new stable GnuPG-2
release: Version 2.0.19.

The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage. It can be used to encrypt data, create digital
signatures, help authenticating using Secure Shell and to provide a
framework for public key cryptography. It includes an advanced key
management facility and is compliant with the OpenPGP and S/MIME
standards.

GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.12) in
that it splits up functionality into several modules. However, both
versions may be installed alongside without any conflict. In fact,
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
included in GnuPG-2 and allows for seamless passphrase caching. The
advantage of GnuPG-1 is its smaller size and the lack of dependency on
other modules at run and build time. We will keep maintaining GnuPG-1
versions because they are very useful for small systems and for server
based applications requiring only OpenPGP support.

GnuPG is distributed under the terms of the GNU General Public License
(GPLv3+). GnuPG-2 works best on GNU/Linux and *BSD systems but is
also available for other Unices, Microsoft Windows and Mac OS X.


What's New in 2.0.19
====================

* GPG now accepts a space separated fingerprint as a user ID. This
allows to copy and paste the fingerprint from the key listing.

* GPG now uses the longest key ID available. Removed support for the
original HKP keyserver which is not anymore used by any site.

* Rebuild the trustdb after changing the option --min-cert-level.

* Ukrainian translation.

* Honor option --cert-digest-algo when creating a cert.

* Emit a DECRYPTION_INFO status line.

* Improved detection of JPEG files.


Getting the Software
====================

Please follow the instructions found at http://www.gnupg.org/download/
or read on:

GnuPG 2.0.19 may be downloaded from one of the GnuPG mirror sites or
direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors
can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG
is not available at ftp.gnu.org.

On the FTP server and its mirrors you should find the following files
in the gnupg/ directory:

gnupg-2.0.19.tar.bz2 (4089k)
gnupg-2.0.19.tar.bz2.sig

GnuPG source compressed using BZIP2 and OpenPGP signature.

gnupg-2.0.18-2.0.19.diff.bz2 (305k)

A patch file to upgrade a 2.0.18 GnuPG source tree. This patch
does not include updates of the language files.

Note, that we don't distribute gzip compressed tarballs for GnuPG-2.


Checking the Integrity
======================

In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:

* If you already have a trusted version of GnuPG installed, you
can simply check the supplied signature. For example to check the
signature of the file gnupg-2.0.19.tar.bz2 you would use this command:

gpg --verify gnupg-2.0.19.tar.bz2.sig

This checks whether the signature file matches the source file.
You should see a message indicating that the signature is good and
made by that signing key. Make sure that you have the right key,
either by checking the fingerprint of that key with other sources
or by checking that the key has been signed by a trustworthy other
key. Note, that you can retrieve the signing key using the command

finger wk ,at' g10code.com

or using a keyserver like

gpg --keyserver keys.gnupg.net --recv-key 4F25E3B6

The distribution key 4F25E3B6 is signed by the well known key
1E42B367.

NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!

* If you are not able to use an old version of GnuPG, you have to verify
the SHA-1 checksum. Assuming you downloaded the file
gnupg-2.0.19.tar.bz2, you would run the sha1sum command like this:

sha1sum gnupg-2.0.19.tar.bz2

and check that the output matches the first line from the
following list:

190c09e6688f688fb0a5cf884d01e240d957ac1f gnupg-2.0.19.tar.bz2
d5e5643dc5ecb4e5296f1a9500f850cfbfd0f8ff gnupg-2.0.18-2.0.19.diff.bz2


Documentation
=============

The file gnupg.info has the complete user manual of the system.
Separate man pages are included as well; however they have not all the
details available in the manual. It is also possible to read the
complete manual online in HTML format at

http://www.gnupg.org/documentation/manuals/gnupg/

or in Portable Document Format at

http://www.gnupg.org/documentation/manuals/gnupg.pdf .

The chapters on gpg-agent, gpg and gpgsm include information on how
to set up the whole thing. You may also want search the GnuPG mailing
list archives or ask on the gnupg-users mailing lists for advise on
how to solve problems. Many of the new features are around for
several years and thus enough public knowledge is already available.

Almost all mail clients support GnuPG-2. Mutt users may want to use
the configure option "--enable-gpgme" during build time and put a "set
use_crypt_gpgme" in ~/.muttrc to enable S/MIME support along with the
reworked OpenPGP support.


Support
=======

Please consult the archive of the gnupg-users mailing list before
reporting a bug <http://gnupg.org/documentation/mailing-lists.html>.
We suggest to send bug reports for a new release to this list in favor
of filing a bug at <http://bugs.gnupg.org>. We also have a dedicated
service directory at:

http://www.gnupg.org/service.html

Maintaining and improving GnuPG is costly. For more than 10 years
now, g10 Code, a German company owned and headed by GnuPG's principal
author Werner Koch, is bearing the majority of these costs. To help
them carry on this work, they need your support. Please consider to
visit the GnuPG donation page at:

http://g10code.com/gnupg-donation.html


Thanks
======

We have to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
servers, spreading the word or answering questions on the mailing
lists.


Happy Hacking,

The GnuPG Team


--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
RE: [Announce] GnuPG 2.0.19 released [ In reply to ]
Outstanding! Hopefully the GPG4Win port for Windows will follow suit before
long. Thanks for an awesome product and support.

> -----Original Message-----
> From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On
> Behalf Of Werner Koch
> Sent: Tuesday, March 27, 2012 4:20 AM
> To: gnupg-announce@gnupg.org; info-gnu@gnu.org
> Subject: [Announce] GnuPG 2.0.19 released
>
> --=InfoSec-9705-Samford-Road-Delta-Force-pipeline-SSL-embassy-e-bomb=AN
> Content-Transfer-Encoding: quoted-printable
>
> Hello!
>
> We are pleased to announce the availability of a new stable GnuPG-2
> release: Version 2.0.19.
>
> The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data
> storage. It can be used to encrypt data, create digital signatures, help
> authenticating using Secure Shell and to provide a framework for public key
> cryptography. It includes an advanced key management facility and is
compliant
> with the OpenPGP and S/MIME standards.
>
> GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.12) in that it
> splits up functionality into several modules. However, both versions may be
> installed alongside without any conflict. In fact, the gpg version from
GnuPG-1
> is able to make use of the gpg-agent as included in GnuPG-2 and allows for
> seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and
> the lack of dependency on other modules at run and build time. We will keep
> maintaining GnuPG-1 versions because they are very useful for small systems
and
> for server based applications requiring only OpenPGP support.
>
> GnuPG is distributed under the terms of the GNU General Public License
(GPLv3+).
> GnuPG-2 works best on GNU/Linux and *BSD systems but is also available for
other
> Unices, Microsoft Windows and Mac OS X.
>
>
> What's New in 2.0.19
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> * GPG now accepts a space separated fingerprint as a user ID. This
> allows to copy and paste the fingerprint from the key listing.
>
> * GPG now uses the longest key ID available. Removed support for the
> original HKP keyserver which is not anymore used by any site.
>
> * Rebuild the trustdb after changing the option --min-cert-level.
>
> * Ukrainian translation.
>
> * Honor option --cert-digest-algo when creating a cert.
>
> * Emit a DECRYPTION_INFO status line.
>
> * Improved detection of JPEG files.
>
>
> Getting the Software
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> Please follow the instructions found at http://www.gnupg.org/download/ or read
> on:
>
> GnuPG 2.0.19 may be downloaded from one of the GnuPG mirror sites or direct
from
> ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors can be found at
> http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at
> ftp.gnu.org.
>
> On the FTP server and its mirrors you should find the following files in the
> gnupg/ directory:
>
> gnupg-2.0.19.tar.bz2 (4089k)
> gnupg-2.0.19.tar.bz2.sig
>
> GnuPG source compressed using BZIP2 and OpenPGP signature.
>
> gnupg-2.0.18-2.0.19.diff.bz2 (305k)
>
> A patch file to upgrade a 2.0.18 GnuPG source tree. This patch
> does not include updates of the language files.
>
> Note, that we don't distribute gzip compressed tarballs for GnuPG-2.
>
>
> Checking the Integrity
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> In order to check that the version of GnuPG which you are going to install is
an
> original and unmodified one, you can do it in one of the following ways:
>
> * If you already have a trusted version of GnuPG installed, you
> can simply check the supplied signature. For example to check the
> signature of the file gnupg-2.0.19.tar.bz2 you would use this command:
>
> gpg --verify gnupg-2.0.19.tar.bz2.sig
>
> This checks whether the signature file matches the source file.
> You should see a message indicating that the signature is good and
> made by that signing key. Make sure that you have the right key,
> either by checking the fingerprint of that key with other sources
> or by checking that the key has been signed by a trustworthy other
> key. Note, that you can retrieve the signing key using the command
>
> finger wk ,at' g10code.com
>
> or using a keyserver like
>
> gpg --keyserver keys.gnupg.net --recv-key 4F25E3B6
>
> The distribution key 4F25E3B6 is signed by the well known key
> 1E42B367.
>
> NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
> INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!
>
> * If you are not able to use an old version of GnuPG, you have to verify
> the SHA-1 checksum. Assuming you downloaded the file
> gnupg-2.0.19.tar.bz2, you would run the sha1sum command like this:
>
> sha1sum gnupg-2.0.19.tar.bz2
>
> and check that the output matches the first line from the
> following list:
>
> 190c09e6688f688fb0a5cf884d01e240d957ac1f gnupg-2.0.19.tar.bz2
> d5e5643dc5ecb4e5296f1a9500f850cfbfd0f8ff gnupg-2.0.18-2.0.19.diff.bz2
>
>
> Documentation
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> The file gnupg.info has the complete user manual of the system.
> Separate man pages are included as well; however they have not all the details
> available in the manual. It is also possible to read the complete manual
online
> in HTML format at
>
> http://www.gnupg.org/documentation/manuals/gnupg/
>
> or in Portable Document Format at
>
> http://www.gnupg.org/documentation/manuals/gnupg.pdf .
>
> The chapters on gpg-agent, gpg and gpgsm include information on how to set up
> the whole thing. You may also want search the GnuPG mailing list archives or
> ask on the gnupg-users mailing lists for advise on how to solve problems.
Many
> of the new features are around for several years and thus enough public
> knowledge is already available.
>
> Almost all mail clients support GnuPG-2. Mutt users may want to use the
> configure option "--enable-gpgme" during build time and put a "set
> use_crypt_gpgme" in ~/.muttrc to enable S/MIME support along with the reworked
> OpenPGP support.
>
>
> Support
> =3D=3D=3D=3D=3D=3D=3D
>
> Please consult the archive of the gnupg-users mailing list before reporting a
> bug <http://gnupg.org/documentation/mailing-lists.html>.
> We suggest to send bug reports for a new release to this list in favor of
filing
> a bug at <http://bugs.gnupg.org>. We also have a dedicated service directory
> at:
>
> http://www.gnupg.org/service.html
>
> Maintaining and improving GnuPG is costly. For more than 10 years now, g10
> Code, a German company owned and headed by GnuPG's principal author Werner
Koch,
> is bearing the majority of these costs. To help them carry on this work, they
> need your support. Please consider to visit the GnuPG donation page at:
>
> http://g10code.com/gnupg-donation.html
>
>
> Thanks
> =3D=3D=3D=3D=3D=3D
>
> We have to thank all the people who helped with this release, be it testing,
> coding, translating, suggesting, auditing, administering the servers,
spreading
> the word or answering questions on the mailing lists.
>
>
> Happy Hacking,
>
> The GnuPG Team
>
>
> =2D-=20
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
> --=InfoSec-9705-Samford-Road-Delta-Force-pipeline-SSL-embassy-e-bomb=AN
> Content-Type: application/pgp-signature
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.1.0-git0013520 (GNU/Linux)
>
> iEYEARECAAYFAk9xhk4ACgkQTwVA1Xf5X5VY6gCfQQJTJnmwhdJSJWcNoxepeFNC
> qawAn2kAmVS6xTpLvpHlqFCp55HARETv
> =7Ypy
> -----END PGP SIGNATURE-----
> --=InfoSec-9705-Samford-Road-Delta-Force-pipeline-SSL-embassy-e-bomb=AN--
>
>
>
> --Boundary_(ID_7Ur+nEovmc96187kWDny6A)
> MIME-version: 1.0
> Content-type: text/plain; CHARSET=US-ASCII
> Content-transfer-encoding: 7BIT
> Content-disposition: inline
>
> _______________________________________________
> Gnupg-announce mailing list
> Gnupg-announce@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-announce
>
> --Boundary_(ID_7Ur+nEovmc96187kWDny6A)
> MIME-version: 1.0
> Content-type: text/plain; CHARSET=US-ASCII
> Content-transfer-encoding: 7BIT
> Content-disposition: inline
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
> --Boundary_(ID_7Ur+nEovmc96187kWDny6A)--



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.0.19 released [ In reply to ]
On Tue, 27 Mar 2012 19:18, jw72253@verizon.net said:
> Outstanding! Hopefully the GPG4Win port for Windows will follow suit before
> long. Thanks for an awesome product and support.

I am working on a maintenance release. I also plan to provide an
ultralight installer, for those who need only GnuPG and nothing else.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.0.19 released [ In reply to ]
Werner Koch wrote:
> On Tue, 27 Mar 2012 19:18, jw72253@verizon.net said:
>> Outstanding! Hopefully the GPG4Win port for Windows will follow suit before
>> long. Thanks for an awesome product and support.
>
> I am working on a maintenance release. I also plan to provide an
> ultralight installer, for those who need only GnuPG and nothing else.

Werner,

Would it also be possible to package the GPG4Win source distribution in
something else in addition to a Win32 executable, say tar.xz or tar.bz2? A
windows executable is not very handy if one is wanting to cross-compile on a
*nix system.

Thanks,

-John

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.0.19 released [ In reply to ]
On Tue, 27 Mar 2012 21:56, JPClizbe@tx.rr.com said:

> Would it also be possible to package the GPG4Win source distribution in
> something else in addition to a Win32 executable, say tar.xz or tar.bz2? A
> windows executable is not very handy if one is wanting to cross-compile on a
> *nix system.

You are not expected to use the source installer do do anything. It is
better to use the gpg4win tarball and its included download script to
build a new installer. We distribute the source installer merely to
satisfy the terms of the GPL. The source installer is build using the
same NSIS scripts as used for the real installer.


Salam-Shalom,

Werner


--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users