Hello! We just released the third *beta version* of GnuPG 2.1. It has been released to give you the opportunity to check out the new features.
It is marked as a beta versions and the plan is to release a couple more betas in the next months before we can declare 2.1.0 stable enough for general use. If you need a stable and fully maintained version of GnuPG, you should in general use 2.0.x or even the old 1.4.x. Noteworthy changes in version 2.1.0beta3 ======================================== * Fixed regression in GPG's secret key export function. * Allow generation of card keys up to 4096 bit. * Support the SSH confirm flag. * The Assuan commands KILLAGENT and KILLSCD are working again. * SCdaemon does not anymore block after changing a card (regression fix). * gpg-connect-agent does now proberly display the help output for "SCD HELP" commands. * Preliminary support for the GPGSM validation model "steed". * Improved certificate creation in GPGSM. * New option for GPG_AGENT to select a passphrase mode. The loopback mode may be used to bypass Pinentry. Noteworthy changes already found in beta2: * ECC support for GPG as described by draft-jivsov-openpgp-ecc-06.txt. * New GPGSM feature to create certificates from a parameter file. Add prompt to the --gen-key UI to create self-signed certificates. * Dirmngr has taken over the function of the keyserver helpers. Thus we now have a specified direct interface to keyservers via Dirmngr. LDAP, DNS and mail backends are not yet implemented. * TMPDIR is now also honored when creating a socket using --no-standard-socket and with symcryptrun's temp files. * Fixed a bug where SCdaemon sends a signal to Gpg-agent running in non-daemon mode. * Print "AES128" instead of "AES". This change introduces a little incompatibility for tools using "gpg --list-config". We hope that these tools are written robust enough to accept this new algorithm name as well. * Fixed CRL loading under W32 (bug#1010). * Fixed TTY management for pinentries and session variable update problem. Noteworthy changes already found in beta1: * GPG does not anymore use secring.gpg but delegates all secret key operations to gpg-agent. The import command moves secret keys to the agent. * The OpenPGP import command is now able to merge secret keys. * The G13 tool for disk encryption key management has been added. * If the agent's --use-standard-socket option is active, all tools try to start and daemonize the agent on the fly. In the past this was only supported on W32; on non-W32 systems the new configure option --disable-standard-socket may now be used to disable this new default. * Dirmngr is now a part of this package. Dirmngr is now also expected to run as a system service and the configuration directories are changed to the GnuPG name space. * Removed GPG options: --export-options: export-secret-subkey-passwd --simple-sk-checksum * New GPG options: --try-secret-key * Support DNS lookups for SRV, PKA and CERT on W32. * The default for --include-cert is now to include all certificates in the chain except for the root certificate. * Numerical values may now be used as an alternative to the debug-level keywords. * New GPGSM option --ignore-cert-extension. * Support for Windows CE. * Given sufficient permissions Dirmngr is started automagically. * Bug fixes. Migration from 1.4 or 2.0 to this version ========================================= The major change in 2.1 is that gpg-agent now takes care of the OpenPGP secret keys (those managed by GPG). The former secring.gpg will not be used anymore. Newly generated keys are generated and stored in the agent's key store (~/.gnupg/private-keys-v1.d/). To migrate your existing keys to the agent you should run this command gpg2 --import ~/.gnupg/secring.gpg The agent will you ask for the passphrase of each key. You may use the Cancel button of the Pinentry to skip importing this key. If you want to stop the import process and you use one of the latest pinentries, you should close the pinentry window instead of hitting the cancel button. Secret keys already imported are skipped by the import command. It is advisable to keep the secring.gpg for use with older versions of GPG. Note that gpg-agent now uses a fixed socket by default. All tools will start the gpg-agent as needed. In general there is no more need to set the GPG_AGENT_INFO environment variable. The SSH_AUTH_SOCK environment variable should be set to a fixed value. GPG's smartcard commands --card-edit and --card-status as well as the card related sub-commands of --edit-key are not yet supported. However, signing and decryption with a smartcard does work. The Dirmngr is now part of GnuPG proper. Thus there is no more need to install the separate dirmngr package. The directroy layout of Dirmngr changed to make use of the GnuPG directories; for example you use /etc/gnupg/trusted-certs and /var/lib/gnupg/extra-certs. Dirmngr needs to be started as a system daemon. Getting the Software ==================== GnuPG 2.1 is available at ftp://ftp.gnupg.org/gcrypt/gnupg/unstable/gnupg-2.1.0beta3.tar.bz2 ftp://ftp.gnupg.org/gcrypt/gnupg/unstable/gnupg-2.1.0beta3.tar.bz2.sig and soon on all mirrors <http://www.gnupg.org/mirrors.html>. Note that libgcrypt >= 1.5 and Libassuan >= 2.0.3 are now required; they are available at ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.0.tar.bz2 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.0.tar.bz2.sig ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.0.3.tar.bz2 ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.0.3.tar.bz2.sig Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * You are expected to have a trusted version of GnuPG installed, thus you may simply check the supplied signature. For example to check the signature of the file gnupg-2.1.0beta3.tar.bz2 you would use this command: gpg --verify gnupg-2.1.0beta3.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a key server like gpg --recv-key 4F25E3B6 The distribution key 4F25E3B6 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! Internationalization ==================== This version comes only with support for English and German. More languages will be added for the real release. Documentation ============= We are currently working on an installation guide to explain in more detail how to configure the new features. As of now the chapters on gpg-agent and gpgsm include brief information on how to set up the whole thing. Please watch the GnuPG website for updates of the documentation. In the meantime you may search the GnuPG mailing list archives or ask on the gnupg-users mailing lists for advise on how to solve problems. Many of the new features are around for several years and thus enough public knowledge is already available. Future Plans ============ Some tasks we would like to do before a 2.1 release: * Replace the pubring.gpg public key store with the keybox format. * Re-enable importing keys to a smartcard * Re-enable LDAP, kDNS and mail keyserver methods * Replace Pth by the nPth (already done and tested for GNU/Linux) Support ======= Improving GnuPG is costly, but you can help! We are looking for organizations that find GnuPG useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or by donating money. Commercial support contracts for GnuPG are available, and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company owned and headed by GnuPG's principal author, is currently funding GnuPG development. We are always looking for interesting development projects. A service directory is available at: http://www.gnupg.org/service.html Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Happy Hacking, The GnuPG Team -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpTvsuGfL3sm.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users