[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fwd: [Announce] GnuPG 2.1.0 "modern" released

To: [email protected]
Subject: Fwd: [Announce] GnuPG 2.1.0 "modern" released
From: [email protected] (odinn)
Date: Thu, 06 Nov 2014 21:41:05 +0000
In-reply-to: <CAJVRA1TvkzupwgbAJeso+XNS8j2mgMSmtJHhjzTXYb8zREaJuA@mail.gmail.com>
References: <[email protected]> <CAJVRA1TvkzupwgbAJeso+XNS8j2mgMSmtJHhjzTXYb8zREaJuA@mail.gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Explain what this means in plain English for users of Enigmail and
what they need to do.

- -o

coderman wrote:
> ---------- Forwarded message ---------- From: Werner Koch
> <[email protected]> Date: Thu, 06 Nov 2014 10:01:51 +0100 Subject:
> [Announce] GnuPG 2.1.0 "modern" released
> 
> Hello!
> 
> The GnuPG Project is pleased to announce the availability of a new
> release: Version 2.1.0.
> 
> The GNU Privacy Guard (GnuPG) is a complete and free implementation
> of the OpenPGP standard as defined by RFC-4880 and better known as
> PGP.
> 
> GnuPG, also known as GPG, allows to encrypt and sign data and 
> communication, features a versatile key management system as well
> as access modules for public key directories.  GnuPG itself is a
> command line tool with features for easy integration with other
> applications. A wealth of frontend applications and libraries
> making use of GnuPG are available.  Since version 2 GnuPG provides
> support for S/MIME and Secure Shell in addition to OpenPGP.
> 
> GnuPG is Free Software (meaning that it respects your freedom). It
> can be freely used, modified and distributed under the terms of the
> GNU General Public License.
> 
> Three different versions of GnuPG are actively maintained:
> 
> - GnuPG "modern" (2.1) is the latest development with a lot of new 
> features.  This announcement is about the first release of this 
> version.
> 
> - GnuPG "stable" (2.0) is the current stable version for general
> use. This is what most users are currently using.
> 
> - GnuPG "classic" (1.4) is the old standalone version which is
> most suitable for older or embedded platforms.
> 
> You may not install "modern" (2.1) and "stable" (2.0) at the same 
> time.  However, it is possible to install "classic" (1.4) along
> with any of the other versions.
> 
> 
> What's New in GnuPG-2.1 =======================
> 
> - The file "secring.gpg" is not anymore used to store the secret 
> keys.  Merging of secret keys is now supported.
> 
> - All support for PGP-2 keys has been removed for security
> reasons.
> 
> - The standard key generation interface is now much leaner.  This 
> will help a new user to quickly generate a suitable key.
> 
> - Support for Elliptic Curve Cryptography (ECC) is now available.
> 
> - Commands to create and sign keys from the command line without
> any extra prompts are now available.
> 
> - The Pinentry may now show the new passphrase entry and the 
> passphrase confirmation entry in one dialog.
> 
> - There is no more need to manually start the gpg-agent.  It is
> now started by any part of GnuPG as needed.
> 
> - Problems with importing keys with the same long key id have been 
> addressed.
> 
> - The Dirmngr is now part of GnuPG proper and also takes care of 
> accessing keyserver.
> 
> - Keyserver pools are now handled in a smarter way.
> 
> - A new format for locally storing the public keys is now used. 
> This considerable speeds up operations on large keyrings.
> 
> - Revocation certificates are now created by default.
> 
> - Card support has been updated, new readers and token types are 
> supported.
> 
> - The format of the key listing has been changed to better
> identify the properties of a key.
> 
> - The gpg-agent may now be used on Windows as a Pageant
> replacement for Putty in the same way it is used for years on Unix
> as ssh-agent replacement.
> 
> - Creation of X.509 certificates has been improved.  It is now
> also possible to export them directly in PKCS#8 and PEM format for
> use on TLS servers.
> 
> A detailed description of the changes can be found at 
> https://gnupg.org/faq/whats-new-in-2.1.html .
> 
> 
> Getting the Software ====================
> 
> Please follow the instructions found at https://gnupg.org/download/
> or read on:
> 
> GnuPG 2.1.0 may be downloaded from one of the GnuPG mirror sites
> or direct from its primary FTP server.  The list of mirrors can be
> found at https://gnupg.org/mirrors.html .  Note that GnuPG is not
> available at ftp.gnu.org.
> 
> On ftp.gnupg.org you find these files:
> 
> ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.0.tar.bz2  (3039k) 
> ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.0.tar.bz2.sig
> 
> This is the GnuPG 2.1 source code compressed using BZIP2 and its 
> OpenPGP signature.
> 
> ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.0_20141105.exe
> (6225k) 
> ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.0_20141105.exe.sig
> 
> This is an experimental installer for Windows including GPA as 
> graphical key manager and GpgEX as an Explorer extension.  Please 
> de-install an already installed Gpg4win version before trying this 
> installer.  This binary version has not been tested very well, thus
> it is likely that you will run into problems.  The complete source
> code for the software included in this installer is in the same
> directory; use the suffix ".tar.xz" instead of ".exe".
> 
> Although several beta versions have been released over the course
> of the last years, no extensive public field test has been done.
> Thus it is likely that bugs will show up.  Please check the mailing
> list archives and the new wiki https://wiki.gnupg.org for latest 
> information on known problems and workaround.
> 
> 
> Checking the Integrity ======================
> 
> In order to check that the version of GnuPG which you are going to 
> install is an original and unmodified one, you can do it in one of 
> the following ways:
> 
> * If you already have a version of GnuPG installed, you can simply 
> verify the supplied signature.  For example to verify the
> signature of the file gnupg-2.1.0.tar.bz2 you would use this
> command:
> 
> gpg --verify gnupg-2.1.0.tar.bz2.sig
> 
> This checks whether the signature file matches the source file. You
> should see a message indicating that the signature is good and made
> by one or more of the release signing keys.  Make sure that this is
> a valid key, either by matching the shown fingerprint against a
> trustworthy list of valid release signing keys or by checking that
> the key has been signed by trustworthy other keys. See below for
> information on the signing keys.
> 
> * If you are not able to use an existing version of GnuPG, you
> have to verify the SHA-1 checksum.  On Unix systems the command to
> do this is either "sha1sum" or "shasum".  Assuming you downloaded
> the file gnupg-2.1.0.tar.bz2, you would run the command like this:
> 
> sha1sum gnupg-2.1.0.tar.bz2
> 
> and check that the output matches the first line from the following
> list:
> 
> 2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33  gnupg-2.1.0.tar.bz2 
> 9907cb6509a0e63331b27a92e25c1ef956caaf3b
> gnupg-w32-2.1.0_20141105.exe 
> 28dc1365292c61fbb2bbae730d4158f425463c91
> gnupg-w32-2.1.0_20141105.tar.xz
> 
> 
> Release Signing Keys ====================
> 
> To guarantee that a downloaded GnuPG version has not been tampered
> by malicious entities we provide signature files for all tarballs
> and binary versions.  The keys are also signed by the long term
> keys of their respective owners.  Current releases are signed by
> one or more of these four keys:
> 
> 2048R/4F25E3B6 2011-01-12 Key fingerprint = D869 2123 C406 5DEA
> 5E0F  3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig)
> 
> rsa2048/E0856959 2014-10-29 Key fingerprint = 46CC 7308 65BB 5C78
> EBAB  ADCF 0437 6F3E E085 6959 David Shaw (GnuPG Release Signing
> Key) <dshaw 'at' jabberwocky.com>
> 
> rsa2048/33BD3F06 2014-10-29 Key fingerprint = 031E C253 6E58 0D8E
> A286  A9F2 2071 B08A 33BD 3F06 NIIBE Yutaka (GnuPG Release Key)
> <gniibe 'at' fsij.org>
> 
> rsa2048/7EFD60D9 2014-10-19 Key fingerprint = D238 EA65 D64C 67ED
> 4C30  73F2 8A86 1B1C 7EFD 60D9 Werner Koch (Release Signing Key)
> 
> You may retrieve these files from the keyservers using this
> command
> 
> gpg --recv-keys 249B39D24F25E3B6 04376F3EE0856959 \ 
> 2071B08A33BD3F06 8A861B1C7EFD60D9
> 
> The keys are also available at
> https://gnupg.org/signature_key.html and in the released GnuPG
> tarball in the file g10/distsigkey.gpg . Note that this mail has
> been signed using my standard PGP key.
> 
> 
> Internationalization ====================
> 
> This new branch of GnuPG has support for 4 languages: French,
> German, Japanese, and Ukrainian.  More translations can be expected
> with the next point releases.
> 
> 
> Documentation =============
> 
> If you used GnuPG in the past you should read the description of 
> changes and new features at doc/whats-new-in-2.1.txt or online at
> 
> https://gnupg.org/faq/whats-new-in-2.1.html
> 
> The file gnupg.info has the complete user manual of the system. 
> Separate man pages are included as well but they have not all the 
> details available in the manual.  It is also possible to read the 
> complete manual online in HTML format at
> 
> https://gnupg.org/documentation/manuals/gnupg/
> 
> or in Portable Document Format at
> 
> https://gnupg.org/documentation/manuals/gnupg.pdf .
> 
> The chapters on gpg-agent, gpg and gpgsm include information on
> how to set up the whole thing.  You may also want search the GnuPG
> mailing list archives or ask on the gnupg-users mailing lists for
> advise on how to solve problems.  Many of the new features are
> around for several years and thus enough public knowledge is
> already available.
> 
> 
> Support =======
> 
> Please consult the archive of the gnupg-users mailing list before 
> reporting a bug
> <https://gnupg.org/documentation/mailing-lists.html>. We suggest to
> send bug reports for a new release to this list in favor of filing
> a bug at <https://bugs.gnupg.org>.  For commercial support requests
> we keep a list of known service companies at:
> 
> https://gnupg.org/service.html
> 
> The driving force behind the development of GnuPG is the company
> of its principal author, Werner Koch.  Maintenance and improvement
> of GnuPG and related software takes up most of their resources.  To
> allow him to continue this work he kindly asks to either purchase a
> support contract, engage g10 Code for custom enhancements, or to
> donate money:
> 
> https://gnupg.org/donate/
> 
> 
> Thanks ======
> 
> We have to thank all the people who helped with this release, be
> it testing, coding, translating, suggesting, auditing,
> administering the servers, spreading the word, and answering
> questions on the mailing lists.  A final big Thank You goes to Hal
> Finney, who too early passed away this year.  Hal worked on PGP and
> helped to make OpenPGP a great standard; it has been a pleasure
> having worked with him.
> 

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJUW+rxAAoJEGxwq/inSG8CAecH/Rlgc3MdymDUV8uv5MrAVBLv
6/7Apl8ArBhv94d6BP0vs4cl/Qrfdb19sysDtDohTh2lt0FtBA/fAqoRhpWpRemb
fqEtfi/tOCJyP46EBleshc/TZnwbfUIpfba8xXUitaRf7Xe4qFQeMpAwHtqLvFwt
6W/iwm1NPmX3JmqdIn6utpEvY+NLe0jiiv6yoNtFjKgn58qDk1HweBQzRDh3GZ1z
bCM90U5ikKpkztJofgqvibkcNRRZYdMf5gElqdrp6r4Jz6QXZpPz8JeQ+dRIs58f
i+N46JtylAFJ+p22GrxIJ4xhOZSYyuocveZcOrghaSIu/rGHEVhgsNeRrG0v3SQ=
=DhWQ
-----END PGP SIGNATURE-----
Follow-Ups:
- [Announce] GnuPG 2.1.0 "modern" released
  - From: [email protected] (Blibbet)
- Fwd: [Announce] GnuPG 2.1.0 "modern" released
  - From: [email protected] (katana)
References:
- Fwd: [Announce] GnuPG 2.1.0 "modern" released
  - From: [email protected] (coderman)
Prev by Date: Operation Onymous
Next by Date: [Announce] GnuPG 2.1.0 "modern" released
Previous by thread: Fwd: [Announce] GnuPG 2.1.0 "modern" released
Next by thread: [Announce] GnuPG 2.1.0 "modern" released
Index(es):
- Date
- Thread