-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. Version 1.0.5 has just been released and should be available at the mirrors (see below) really soon. If you can't get it from a mirror, use the primary location: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.5.tar.gz (1.9MB) ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.5.tar.gz.sig A (quite large) diff against 1.0.4 is also available: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.4-1.0.5.diff.gz (594k) MD5 checksums of the above files are: 44c71c3f5a9edbf5738cafc37e8359e6 gnupg-1.0.5.tar.gz 8139c98c65186a14ac67e531409d1614 gnupg-1.0.4-1.0.5.diff.gz So what's new in this version: * WARNING: The semantics of --verify have changed to address a problem with detached signature detection. --verify now ignores signed material given on stdin unless this is requested by using a "-" as the name for the file with the signed material. Please check all your detached signature handling applications and make sure that they don't pipe the signed material to stdin without using a filename together with "-" on the the command line. * WARNING: Corrected hash calculation for input data larger than 512M - it was just wrong, so you might notice bad signature in some very big files. It may be wise to keep an old copy of GnuPG around. * Secret keys are no longer imported unless you use the new option --allow-secret-key-import. This is a kludge and future versions will handle it in another way. * New command "showpref" in the --edit-key menu to show an easier to understand preference listing. * There is now the notation of a primary user ID. For example, it is printed with a signature verification as the first user ID; revoked user IDs are not printed there anymore. In general the primary user ID is the one with the latest self-signature. * New --charset=utf-8 to bypass all internal conversions. * Large File Support (LFS) is now working. * New options: --ignore-crc-error, --no-sig-create-check, --no-sig-cache, --fixed_list_mode, --no-expensive-trust-checks, --enable-special-filenames and --use-agent. See man page. * New command --pipemode, which can be used to run gpg as a co-process. Currently only the verification of detached signatures are working. See doc/DETAILS. * Keyserver support for the W32 version. * Rewritten key selection code so that GnuPG can better cope with multiple subkeys, expire dates and so. The drawback is that it is slower. * A whole lot of bug fixes. * The verification status of self-signatures are now cached. To increase the speed of key list operations for existing keys you can do the following in your GnuPG homedir (~/.gnupg): $ cp pubring.gpg pubring.gpg.save && $ gpg --export-all >x && \ rm pubring.gpg && gpg --import x Only v4 keys (i.e not the old RSA keys) benefit from this caching. * New translations: Estonian, Turkish. Furthermore, this version implements countermeasurements against the recent Klima/Rosa attack on the secret keyring. But let me stress again, that the security of the system relies on the physical security of the machine where you use GnuPG for signing or decrypting. And as a last warning: never ever send a secret key over an insecure channel; the passphrase encryption of the secret keyring is not as secure as the the regular OpenPGP encryption and should be only considered as a last resort protection. See http://www.gnupg.org/docs-mls.html for a list of GnuPG related mailing lists. If you have any question you should direct them to mailing list gnupg-users@gnupg.org . Have fun, Werner p.s. The FTP, CVS and Webserver has recently moved to a new location and you should not anymore use the *.guug.de addresses. Here is a list of sites mirroring ftp://ftp.gnupg.org/gcrypt/ Please use them if you can; new releases should show up on these servers within a day. This mirror list is also available at http://www.gnupg.org/mirrors.html Australia ftp://orcus.progsoc.uts.edu.au/pub/gnupg/ http://orcus.progsoc.uts.edu.au/pub/gnupg/ rsync://orcus.progsoc.uts.edu.au/pub/gnupg/ ftp://mirror.aarnet.edu.au/pub/gnupg/ http://mirror.aarnet.edu.au/pub/gnupg/ Austria ftp://gd.tuwien.ac.at/privacy/gnupg/ Belgium ftp://openbsd.rug.ac.be/pub/gcrypt/ ftp://gnupg.x-zone.org/pub/gnupg Canada ftp://crypto.yashy.com/pub/cryptography/gnupg/ Czechia ftp://ftp.gnupg.cz/pub/gcrypt Denmark ftp://sunsite.dk/pub/security/gcrypt/ Finland ftp://ftp.jyu.fi/pub/crypt/gcrypt/ France ftp://ftp.strasbourg.linuxfr.org/pub/gnupg/ Germany ftp://ftp.franken.de/pub/crypt/mirror/ftp.guug.de/gcrypt/ ftp://ftp.freenet.de/pub/ftp.gnupg.org/pub/gcrypt/ Greece ftp://ftp.linux.gr/pub/crypto/gnupg/ ftp://hal.csd.auth.gr/mirrors/gnupg/ Hungary ftp://ftp.kfki.hu/pub/packages/security/gnupg/ Iceland ftp://ftp.hi.is/pub/mirrors/gnupg/ Ireland ftp://ftp.compsoc.com/pub/gnupg/ Italy ftp://ftp.linux.it/pub/mirrors/gnupg/ ftp://ftp3.linux.it/pub/mirrors/gnupg/ Japan ftp://pgp.iijlab.net/pub/gnupg/ ftp://ftp.ring.gr.jp/pub/net/gnupg/ http://www.ring.gr.jp/pub/net/gnupg/ Korea ftp://ftp.snu.ac.kr/pub/security/gnupg/ Poland ftp://sunsite.icm.edu.pl/pub/security/gnupg/ Spain ftp://dimonieta.udg.es/mirror/gnupg Sweden ftp://ftp.stacken.kth.se/pub/crypto/gnupg/ ftp://ftp.sunet.se:/pub/security/gnupg/ Switzerland ftp://sunsite.cnlab-switch.ch/mirror/gcrypt/ Taiwan ftp://coda.nctu.edu.tw/Security/gcrypt United Kingdom ftp://ftp.net.lut.ac.uk/gcrypt/ ftp://ftp.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/ http://www.mirror.ac.uk/sites/ftp.gnupg.org/pub/gcrypt/ - -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE67Fx3bH7huGIcwBMRAnb4AJ94blzplwdkcrr8LsBwyZsbzVWqagCfXfoT SwQFc6aGzSgkPcB45+axdes= =+3ZT -----END PGP SIGNATURE----- _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users