[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GnuPG one-two-three released

From: Werner Koch
Subject: GnuPG one-two-three released
Date: Fri, 22 Aug 2003 15:28:25 +0200
User-agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/20.7 (gnu/linux)

We are pleased to announce the availability of a new stable GnuPG
release: Version 1.2.3

The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage.  It is a complete and free replacement of PGP and
can be used to encrypt data and to create digital signatures.  It
includes an advanced key management facility and is compliant with the
proposed OpenPGP Internet standard as described in RFC2440. 

This release solves a performance problem introduced with 1.2.2 and
make building on less common platforms easier.

Getting the Software

GnuPG 1.2.3 can be downloaded from one of the GnuPG mirror sites or
>From direct from .  The list of mirrors can
be found at .  Note, that GnuPG is
not available at

On the mirrors you should find the follwing files in the *gnupg*

  gnupg-1.2.3.tar.bz2 (2240k)

      GnuPG source compressed using BZIP2 and OpenPGP signature.

  gnupg-1.2.3.tar.gz (3228k)

      GnuPG source compressed using GZIP and OpenPGP signature.

  gnupg-1.2.2-1.2.3.diff.gz (915k)

      A patch file to upgrade a 1.2.2 GnuPG source. This file is
      signed; you have to use GnuPG > 0.9.5 to verify the signature.
      GnuPG has a feature to allow clear signed patch files which can
      still be processed by the patch utility.

Select one of them. To shorten the download time, you probably want to
get the BZIP2 compressed file.  Please try another mirror if
exceptional your mirror is not yet up to date.  

In the *binary* directory, you should find these files: (1309k)

      GnuPG compiled for Microsoft Windows and OpenPGP signature.
      Note that this is a command line version and comes without a
      graphical installer tool.  You have to use an UNZIP utility to
      extract the files and install them manually.  The included file
      README.W32 has further instructions. 

Checking the Integrity

In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:

 * If you already have a trusted version of GnuPG installed, you
   can simply check the supplied signature.  For example to check the
   signature of the file gnupg-1.2.3.tar.bz2 you would use this command:

     gpg --verify gnupg-1.2.3.tar.bz2.sig

   This checks whether the signature file matches the source file.
   You should see a message indicating that the signature is good and
   made by that signing key.  Make sure that you have the right key,
   either by checking the fingerprint of that key with other sources
   or by checking that the key has been signed by a trustworthy other
   key.  Note, that you can retrieve the signing key by 
   finger wk 'at' .

   Never use a GnuPG version you just downloaded to check the
   integrity of the source - use an existing GnuPG installation.

 * If you are not able to use an old version of GnuPG, you have to verify
   the MD5 checksum.  Assuming you downloaded the file
   gnupg-1.2.3.tar.bz2, you would run the md5sum command like this:

     md5sum gnupg-1.2.3.tar.bz2

   and check that the output matches the first line from the
   following list:

cdca1282d7901f9ddb52f9725b001af2  gnupg-1.2.3.tar.bz2
46b990908019422535a08ce91b370ae7  gnupg-1.2.3.tar.gz
64c305371e658764006439b73ecbd8c3  gnupg-1.2.2-1.2.3.diff.gz

Upgrade Information

If you are upgrading from a version prior to 1.0.7, you should run the
script tools/convert-from-106 once.  Please note also that due to a
bug in versions prior to 1.0.6 it may not be possible to downgrade to
such versions unless you apply the patch .

If you have any problems, please see the FAQ and the mailing list
archive at  Please direct questions to the
address@hidden mailing list.

What's New

Here is a list of major user visible changes since 1.2.2:

    * New "--gnupg" option (set by default) that disables --openpgp,
      and the various --pgpX emulation options.  This replaces
      --no-openpgp, and --no-pgpX, and also means that GnuPG has
      finally grown a --gnupg option to make GnuPG act like GnuPG.

    * A number of portability changes to make building GnuPG on
      less-common platforms easier.

    * Romanian translation.

    * Two new %-expandos for use in notation and policy URLs.  "%g"
      expands to the fingerprint of the key making the signature
      (which might be a subkey), and "%p" expands to the fingerprint
      of the primary key that owns the key making the signature.

    * New "tru" record in --with-colons --list-keys listings.  It
      shows the status of the trust database that was used to
      calculate the key validity in the listings.  See doc/DETAILS for
      the specifics of this.

    * New REVKEYSIG status tag for --status-fd.  It indicates a valid
      signature that was issued by a revoked key.  See doc/DETAILS for
      the specifics of this.

GnuPG comes with support for these langauges:

  American English        Indonesian (id)                 
  Catalan (ca)            Italian (it)                    
  Czech (cs)              Japanese (ja)                   
  Danish (da)[*]          Polish (pl)                        
  Dutch (nl)[*]           Brazilian Portuguese (pt_BR)[*]    
  Esperanto (eo)[*]       Portuguese (pt)                    
  Estonian (et)           Romanian (ro)                   
  Finnish (fi)            Slovak (sk)                     
  French (fr)             Spanish (es)                    
  Galician (gl)           Swedish (sv)                    
  German (de)             Traditional Chinese (zh_TW)     
  Greek (el)              Turkish (tr)                    
  Hungarian (hu)                     

Languages marked with [*] were not updated for this releases and you
may notice untranslated messages. Many thanks to the translators for
their ongoing support of GnuPG.

Future Directions

GnuPG 1.2.x is the current stable branch and won't undergo any serious
changes.  We will just fix bugs and add compatibility fixes as

GnuPG 1.3.x is the version were we do most new stuff and it will lead
to the next stable version 1.4 not too far away.

GnuPG 1.9.x is brand new and flagged as experimental.  This version
merged the code from the Aegypten project and thus it includes the
gpg-agent, a smartcard daemon and gpg's S/MIME cousin gpgsm.  The
design is different to the previous versions and we won't support any
ancient systems - thus POSIX compatibility will be an absolute
requirement for supported platforms.  1.9 is based on the current 1.3
code and has been released to have software ready to play with the
forthcoming OpenPGP smartcard.

The OpenPGP smartcard is a soon to be released specification of an ISO
7816 based application to generate or import keys into a smartcard and
provide all functionality to use this card with OpenPGP.  The
specification features 3 1024 bit RSA keys (signing, decryption and
authentication) as well as utility data objects to make integration
easy.  We will be able to give about 50 test cards to selected
developers and soon after distribute real cards.

For other developments you may want to consult the task list at .

Happy Hacking,

  The GnuPG team (David, Stefan, Timo and Werner)

Let's not forget about all the other contributors; here is list of
them (from the THANKS file):

The GNU Privacy Guard has been created by the GnuPG team: David Shaw,
Matthew Skala, Michael Roth, Niklas Hernaeus, Nils Ellmenreich, Rémi
Guyomarch, Stefan Bellon, Timo Schulz and Werner Koch.  Birger
Langkjer, Daniel Resare, Dokianakis Theofanis, Edmund GRIMLEY EVANS,
Gaël Quéri, Gregory Steuck, Nagy Ferenc László, Ivo Timmermans, Jacobo
Tarri'o Barreiro, Janusz Aleksander Urbanowicz, Jedi Lin, Jouni
Hiltunen, Laurentiu Buzdugan, Magda Procha'zkova', Michael Anckaert,
Michal Majer, Marco d'Itri, Nilgun Belma Buguner, Pedro Morais, Tedi
Heriyanto, Thiago Jung Bauermann, Rafael Caetano dos Santos, Toomas
Soome, Urko Lusa, Walter Koch, Yosiaki IIDA did the official
translations. Mike Ashley wrote and maintains the GNU Privacy
Handbook. David Scribner is the current FAQ editor.  Lorenzo
Cappelletti maintains the web site.

The following people helped greatly by suggesting improvements,
testing, fixing bugs, providing resources and doing other important
tasks: Adam Mitchell, Albert Chin, Alec Habig, Allan Clark, Anand
Kumria, Andreas Haumer, Anthony Mulcahy, Ariel T Glenn, Bob Mathews,
Bodo Moeller, Brendan O'Dea, Brenno de Winter, Brian M. Carlson, Brian
Moore, Brian Warner, Bryan Fullerton, Caskey L. Dickson, Cees van de
Griend, Charles Levert, Chip Salzenberg, Chris Adams, Christian Biere,
Christian Kurz, Christian von Roques, Christopher Oliver, Christian
Recktenwald, Dan Winship, Daniel Eisenbud, Daniel Koening, Dave
Dykstra, David C Niemi, David Champion, David Ellement, David
Hallinan, David Hollenberg, David Mathog, David R. Bergstein, Detlef
Lannert, Dimitri, Dirk Lattermann, Dirk Meyer, Disastry, Douglas
Calvert, Ed Boraas, Edmund GRIMLEY EVANS, Edwin Woudt, Enzo
Michelangeli, Ernst Molitor, Fabio Coatti, Felix von Leitner, fish
stiqz, Florian Weimer, Francesco Potorti, Frank Donahoe, Frank
Heckenbach, Frank Stajano, Frank Tobin, Gabriel Rosenkoetter, Gaël
Quéri, Gene Carter, Geoff Keating, Georg Schwarz, Giampaolo Tomassoni,
Gilbert Fernandes, Greg Louis, Greg Troxel, Gregory Steuck, Gregery
Barton, Harald Denker, Holger Baust, Hendrik Buschkamp, Holger
Schurig, Holger Smolinski, Holger Trapp, Hugh Daniel, Huy Le, Ian
McKellar, Ivo Timmermans, Jan Krueger, Jan Niehusmann, Janusz
A. Urbanowicz, James Troup, Jean-loup Gailly, Jeff Long, Jeffery Von
Ronne, Jens Bachem, Jeroen C. van Gelderen, J Horacio MG, J. Michael
Ashley, Jim Bauer, Jim Small, Joachim Backes, Joe Rhett, John
A. Martin, Johnny Teveßen, Jörg Schilling, Jos Backus, Joseph Walton,
Juan F. Codagnone, Jun Kuriyama, Kahil D. Jallad, Karl Fogel, Karsten
Thygesen, Katsuhiro Kondou, Kazu Yamamoto, Keith Clayton, Kevin Ryde,
Klaus Singvogel, Kurt Garloff, Lars Kellogg-Stedman, L. Sassaman, M
Taylor, Marcel Waldvogel, Marco d'Itri, Marco Parrone, Marcus
Brinkmann, Mark Adler, Mark Elbrecht, Mark Pettit, Markus Friedl,
Martin Kahlert, Martin Hamilton, Martin Schulte, Matt Kraai, Matthew
Skala, Matthew Wilcox, Matthias Urlichs, Max Valianskiy, Michael
Engels, Michael Fischer v. Mollard, Michael Roth, Michael Sobolev,
Michael Tokarev, Nicolas Graner, Mike McEwan, Neal H Walfield, Nelson
H. F. Beebe, NIIBE Yutaka, Niklas Hernaeus, Nimrod Zimerman, N J Doye,
Oliver Haakert, Oskari Jääskeläinen, Pascal Scheffers, Paul D. Smith,
Per Cederqvist, Phil Blundell, Philippe Laliberte, Peter Fales, Peter
Gutmann, Peter Marschall, Peter Valchev, Piotr Krukowiecki, QingLong,
Ralph Gillen, Rat, Reinhard Wobst, Rémi Guyomarch, Reuben Sumner,
Richard Outerbridge, Robert Joop, Roddy Strachan, Roger Sondermann,
Roland Rosenfeld, Roman Pavlik, Ross Golder, Ryan Malayter, Sam
Roberts, Sami Tolvanen, Sean MacLennan, Sebastian Klemke, Serge
Munhoven, SL Baur, Stefan Bellon, Dr.Stefan.Dalibor, Stefan Karrmann,
Stefan Keller, Steffen Ullrich, Steffen Zahn, Steven Bakker, Steven
Murdoch, Susanne Schultz, Ted Cabeen, Thiago Jung Bauermann, Thijmen
Klok, Thomas Roessler, Tim Mooney, Timo Schulz, Todd Vierling, TOGAWA
Satoshi, Tom Spindler, Tom Zerucha, Tomas Fasth, Tommi Komulainen,
Thomas Klausner, Tomasz Kozlowski, Thomas Mikkelsen, Ulf Möller, Urko
Lusa, Vincent P. Broman, Volker Quetschke, W Lewis, Walter Hofmann,
Walter Koch, Wayne Chapeskie, Wim Vandeputte, Winona Brown, Yosiaki
IIDA, Yoshihiro Kajiki and Gerlinde Klaes.

This software has been made possible by the previous work of Chris
Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin Hellmann
Paul Kendall, Philip R. Zimmermann, Peter Gutmann, Philip A. Nelson,
Taher ElGamal, Torbjorn Granlund, Whitfield Diffie, some unknown NSA
mathematicians and all the folks who have worked hard to create
complete and free operating systems.

Werner Koch                                      <address@hidden>
The GnuPG Experts                      
Free Software Foundation Europe        

Attachment: pgpfyrkLbf2H5.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]