Hi!
A new snapshot of GnuPG has been released today. This is an *unstable
release* to get feedback on the new features. Please test this
extensively and report bugs to gnupg-devel.
ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.6c.tar.gz (2048k)
ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.6c.tar.gz.sig
ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.6b-1.0.6c.diff.gz (448k)
Please find a list of mirrors at http://www.gnupg.org/mirrors.html
David Shaw did most of the changes:
* The generic keyserver stuff - able to use the NAI LDAP server and
the email servers. This adds "--keyserver-options", and requires
that people change their "--keyserver" definition to URL format (or
it only does HKP).
* The signature checking level stuff - asks the user how carefully
they checked the key. Adds --default-check-level (0-3) to set the
default.
* --for-your-eyes-only. Sets the flag so that the file isn't saved by
default. It makes PGP pop up a viewer with a "Tempest resistant"
font, too.
* Regular key signatures can "promote" a local signature to full
exportable status.
* Signature expirations. When signing, gpg prompts if you want the
signature to expire when the key does. If --expert is set, you can
set any expiration you like. --expert also allows the user to do
"silly" things: sign a revoked key or revoked uid.
* The new option --pgp2 tries to be as pgp2 compatible as possible and
warns if the user does something that will make the message non-PGP2
compatible.
* --no-permission-warning disables the new permission/ownership checks
in GNUPGHOME. If the permissions are not okay, calling external
programs is disabled.
* Nonrevocable key signatures with --nrsign or via the edit menu.
* Photo ID support. Adds --show-photos and --photo-viewer, which is
the command line to use for the viewer. Note, that this is not
specified by OpenPGP and the format has been reverse engineered from
PGP 6 generated public keys.
You may want to check out the comments in
/usr/local/share/gnupg/options.skel.
If you have not used the last snapshot 1.0.6b, please read this:
Using this version with a current keyring renders the keyring
unreadable for any GnuPG versions prior to 1.0.6b. Actually this
incompatibility is due to a bug in older versions which were not
able to cope with trust packets larger than one byte. You can use
--export as an escape hatch because trust packets are never
exported.
The changes introduced with that last snapshot are:
* The caching of the signature verification status changed from
using special signature subpackets to the use of the trust
packets. You can (and should) rebuild this key cache using the
new command "gpg --rebuild-keydb-caches"
* The format of the TrustDB and the way it works has entirely be
rewritten. gpg tries to migrate to the new format but this code
is obviously not very well tested, so you might want to make a
backup of our ownertrust values first.
The validity of the key is now checked every time you insert a new
key or signature and when a key or a signature expires. This
automatic check can be disabled and replaced by a cron job which
does an "gpg --check-trustdb" every night or so.
To assign an ownertrust, you can either do this in the edit menu
or use the command "gpg --update-trustdb" which does the
maintenance pass in a similar manner you probably know from PGP 2.
The man pages are not yet up to date, so please don't complain about that.
On something different: I'd like to setup a user support site for
GnuPG and list all resources available for support as well as a
directory of commercial support providers. This should be independent
of the more technical orientated www.gnupg.org and can have a more
"modern" design. The GUUG will provide the technical resources but we
need volunteer(s) to actually design and maintain such a site. If you
are intertested, please contact me by private mail.
Merry Christmas,
Werner
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus
A new snapshot of GnuPG has been released today. This is an *unstable
release* to get feedback on the new features. Please test this
extensively and report bugs to gnupg-devel.
ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.6c.tar.gz (2048k)
ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.6c.tar.gz.sig
ftp://ftp.gnupg.org/gcrypt/devel/gnupg-1.0.6b-1.0.6c.diff.gz (448k)
Please find a list of mirrors at http://www.gnupg.org/mirrors.html
David Shaw did most of the changes:
* The generic keyserver stuff - able to use the NAI LDAP server and
the email servers. This adds "--keyserver-options", and requires
that people change their "--keyserver" definition to URL format (or
it only does HKP).
* The signature checking level stuff - asks the user how carefully
they checked the key. Adds --default-check-level (0-3) to set the
default.
* --for-your-eyes-only. Sets the flag so that the file isn't saved by
default. It makes PGP pop up a viewer with a "Tempest resistant"
font, too.
* Regular key signatures can "promote" a local signature to full
exportable status.
* Signature expirations. When signing, gpg prompts if you want the
signature to expire when the key does. If --expert is set, you can
set any expiration you like. --expert also allows the user to do
"silly" things: sign a revoked key or revoked uid.
* The new option --pgp2 tries to be as pgp2 compatible as possible and
warns if the user does something that will make the message non-PGP2
compatible.
* --no-permission-warning disables the new permission/ownership checks
in GNUPGHOME. If the permissions are not okay, calling external
programs is disabled.
* Nonrevocable key signatures with --nrsign or via the edit menu.
* Photo ID support. Adds --show-photos and --photo-viewer, which is
the command line to use for the viewer. Note, that this is not
specified by OpenPGP and the format has been reverse engineered from
PGP 6 generated public keys.
You may want to check out the comments in
/usr/local/share/gnupg/options.skel.
If you have not used the last snapshot 1.0.6b, please read this:
Using this version with a current keyring renders the keyring
unreadable for any GnuPG versions prior to 1.0.6b. Actually this
incompatibility is due to a bug in older versions which were not
able to cope with trust packets larger than one byte. You can use
--export as an escape hatch because trust packets are never
exported.
The changes introduced with that last snapshot are:
* The caching of the signature verification status changed from
using special signature subpackets to the use of the trust
packets. You can (and should) rebuild this key cache using the
new command "gpg --rebuild-keydb-caches"
* The format of the TrustDB and the way it works has entirely be
rewritten. gpg tries to migrate to the new format but this code
is obviously not very well tested, so you might want to make a
backup of our ownertrust values first.
The validity of the key is now checked every time you insert a new
key or signature and when a key or a signature expires. This
automatic check can be disabled and replaced by a cron job which
does an "gpg --check-trustdb" every night or so.
To assign an ownertrust, you can either do this in the edit menu
or use the command "gpg --update-trustdb" which does the
maintenance pass in a similar manner you probably know from PGP 2.
The man pages are not yet up to date, so please don't complain about that.
On something different: I'd like to setup a user support site for
GnuPG and list all resources available for support as well as a
directory of commercial support providers. This should be independent
of the more technical orientated www.gnupg.org and can have a more
"modern" design. The GUUG will provide the technical resources but we
need volunteer(s) to actually design and maintain such a site. If you
are intertested, please contact me by private mail.
Merry Christmas,
Werner
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus