Mailing List Archive

GnuPG 1.4.1 News

I forgot to insert the NEWS for 1.4.1; there are actually not that
many as those for the last release. Here we go:

* New --rfc2440-text option which controls how text is handled in
signatures. This is in response to some problems seen with
certain PGP/MIME mail clients and GnuPG version 1.4.0. More
details about this are available at

* New "import-unusable-sigs" and "export-unusable-sigs" tags for
--import-options and --export-options. These are off by
default, and cause GnuPG to not import or export key signatures
that are not usable (e.g. expired signatures).

* New experimental HTTP, HTTPS, FTP, and FTPS keyserver helper
that uses the cURL library <> to retrieve
keys. This is disabled by default, but may be enabled with the
configure option --with-libcurl. Without this option, the
existing HTTP code is used for HTTP, and HTTPS, FTP, and FTPS
are not supported.

* When running a --card-status or --card-edit and a public key is
available, missing secret key stubs will be created on the fly.
Details of the key are listed too.

* The implicit packet dumping in double verbose mode is now sent
to stderr and not to stdout.

* Added countermeasures against the Mister/Zuccherato CFB attack

* [W32] The algorithm for the default home directory changed:
First we look at the environment variable GNUPGHOME, if this one
is not set, we check whether the registry entry
{HKCU,HKLM}\Software\GNU\GnuPG:HomeDir has been set. If this
fails we use a GnuPG directory below the standard application
data directory (APPDATA) of the current user. Only in the case
that this directory cannot be determined, the old default of
c:\gnupg will be used. The option --homedir still overrides all
of them.

* [W32] The locale selection under Windows changed. You need to
enter the locale in the registry at HKCU\Software\GNU\GnuPG:Lang.
For German you would use "de". If it is not set, GnuPG falls
back to HKLM. The languages files "*.mo" are expected in a
directory named "gnupg.nls" below the installation directory;
that directory must be stored in the registry at the same key as
above with the name "Install Directory".

* Add new --edit-key command "bkuptocard" to allow restoring a
card key from a backup.

* The "fetch" command of --card-edit now retrieves the key using
the default keyserver if no URL has been stored on the card.

* New configure option --enable-noexecstack.



Werner Koch <>
The GnuPG Experts
Free Software Foundation Europe