[Announce] GnuPG 2.0.10 released
Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.10. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.9) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as included in GnuPG-2 and allows for seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and the lack of dependency on other modules at run and build time. We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support. GnuPG is distributed under the terms of the GNU General Public License (GPL version 3). GnuPG-2 works best on GNU/Linux or *BSD systems. What's New === * [gpg] New keyserver helper gpg2keys_kdns as generic DNS CERT lookup. Run with --help for a short description. Requires the ADNS library. * [gpg] New mechanisms local and nodefault for --auto-key-locate. Fixed a few problems with this option. * [gpg] New command --locate-keys. * [gpg] New options --with-sig-list and --with-sig-check. * [gpg] The option -sat is no longer an alias for --clearsign. * [gpg] The option --fixed-list-mode is now implicitly used and obsolete. * [gpg] New control statement %ask-passphrase for the unattended key generation. * [gpg] The algorithm to compute the SIG_ID status has been changed. * [gpgsm] Now uses AES by default. * [gpgsm] Made --output option work with --export-secret-key-p12. * [gpg-agent] Terminate process if the own listening socket is not anymore served by ourself. * [scdaemon] Made it more robust on W32. * [gpg-connect-agent] Accept commands given as command line arguments. * [w32] Initialized the socket subsystem for all keyserver helpers. * [w32] The sysconf directory has been moved from a subdirectory of the installation directory to %CSIDL_COMMON_APPDATA%/GNU/etc/gnupg. * [w32] The gnupg2.nls directory is not anymore used. The standard locale directory is now used. * [w32] Fixed a race condition between gpg and gpgsm in the use of temporary file names. * The gpg-preset-passphrase mechanism works again. An arbitrary string may now be used for a custom cache ID. * Admin PINs are cached again (bug in 2.0.9). * Support for version 2 OpenPGP cards. * Libgcrypt 1.4 is now required. Getting the Software Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 2.0.10 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the FTP server and its mirrors you should find the following files in the gnupg/ directory: gnupg-2.0.10.tar.bz2 (3736k) gnupg-2.0.10.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-2.0.9-2.0.10.diff.bz2 (264k) A patch file to upgrade a 2.0.9 GnuPG source tree. This patch does not include updates of the language files. Note, that we don't distribute gzip compressed tarballs for GnuPG-2. Checking the Integrity == In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.10.tar.bz2 you would use this command: gpg --verify gnupg-2.0.10.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an
Setting up a new laptop - importing keyrings
I'm setting up a new netbook, and have copied into the .gnupg folder my keyrings and associated files from this laptop. Kgpg lists the keys correctly, but all is not well. When I try to set keys for signing and encryption I get the endless searching bar, as Chris described a few days ago. I considered starting from an empty keyring and importing signatures as they arrive in kmail, but I think the problem is that I don't know how to get the secret key recognised. I'm happy to delete everything and start again if there is a better way, but I need help to get this sorted. Thanks Anne signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Expire of elgamal sub
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Faramir schrieb: Hello Patrick, A much more time later I saw, that my elgamal still has got an expiration date and I can not find anything how I could change it. gpg -edit--key 7A5A6CC7 (press enter) key 1 (press enter -this will select the subkey to edit) expire (press enter -this will tell gpg you want to modify the expiration date) and then, select the new expiration time. 0 means it will never expire, (n)w means it will expire in n weeks... gpg will show you the available options. Once everything is ok, use the 'save' command to save the changes, and all you need to do after that, is to send your public key to your friends (or to upload it again to keyservers) in order to let them know your subkey is not going to expire. Hm the key 1 one was the right thing I searched weeks for! I just thought I could select keys etc with 1,2,3 etc, with key I also could select my elgamal :) Then I added a new elgamal, the 2048g/610BB46C one. Is this right so? Can I edit the expire of the elgamal? What would Well, you can always add more subkeys... but *never* delete them, even if they expire or are revoked... if you delete an encrypting subkey, you will be unable to decrypt anything encrypted to that subkey... happen *now* if the elgamal 2048g/D6395C9A has been expired? If that elgamal subkey expires, people (including you) will be unable to use it to encrypt messages. But since you already have another elgamal subkey with encryption capability, *I think* you would not notice anything strange (unless your friends don't have the updated public key containing the new subkey... if they don't have it, they won't be able to send you encrypted things). Anyway, old messages encrypted to the expired subkey can still be decrypted, as long as you don't delete the expired subkey. Please CC my while I am not subscribed and thanks. :-) Done... but maybe you would like to subscribe... I think the list always carries interesting stuff. Now, I will paste an example about how to edit the expiration date of your subkey. Unfortunately, the language is Spanish, but I think that won't be a big problem, since it's very few text... My comments go behind '//' signs: //this is a comment, not a command Orden gpg -edit--key 88EB95D7 //Orden = Command pub 1024D/0x88EB95D7 creado: 2009-01-07 caduca: nunca uso: SCA confianza: absoluta validez: absoluta sub 2048g/0xDEF0DD90 creado: 2009-01-07 caduca: nunca uso: E sub 2048g/0x53AD1366 creado: 2009-01-07 caduca: 2009-01-14 uso: E [ absoluta ] (1). Tester3 (for test purposes) t...@a.aaa //since the subkey I need to edit is the second one displayed, //I need to select the subkey number 2. I think you will need to select //your subkey number 1 Orden key 2 //this will select it pub 1024D/0x88EB95D7 creado: 2009-01-07 caduca: nunca uso: SCA confianza: absoluta validez: absoluta sub 2048g/0xDEF0DD90 creado: 2009-01-07 caduca: nunca uso: E sub* 2048g/0x53AD1366 creado: 2009-01-07 caduca: 2009-01-14 uso: E [ absoluta ] (1). Tester3 (for test purposes) t...@a.aaa //please note the '*' sign near the selected subkey. If you select the //wrong one, repeat the command to deselect it, and then select the //right one Orden expire Cambiando fecha de caducidad de subclave. Por favor, especifique el período de validez de la clave. 0 = la clave nunca caduca n = la clave caduca en n días nw = la clave caduca en n semanas nm = la clave caduca en n meses ny = la clave caduca en n años ¿Validez de la clave (0)? 0 //here I had to enter how much time I want to give it before //it expires. I entered 0 to set it to never expire La clave nunca caduca ¿Es correcto? (s/n) s //gpg ask me if it is right to never expire it. I told it it was right Necesita una frase contraseña para desbloquear la clave secreta del usuario: Tester3 (for test purposes) t...@a.aaa clave $s de $u bits, ID $s, creada el $s pub 1024D/0x88EB95D7 creado: 2009-01-07 caduca: nunca uso: SCA confianza: absoluta validez: absoluta sub 2048g/0xDEF0DD90 creado: 2009-01-07 caduca: nunca uso: E sub* 2048g/0x53AD1366 creado: 2009-01-07 caduca: nunca uso: E [ absoluta ] (1). Tester3 (for test purposes) t...@a.aaa //gpg request the passphrasse in order to be able to make the changes Orden save //I gave the 'save' command to save the changes, and that's all Best Regards Okay now I understand it with the key cmd. Much thanks also for your complete howto! :-) - -- /* Mit freundlichem Gruß / With kind regards, Patrick Matthäi E-Mail: patrick.matth...@web.de Comment: Always if we think we are right, we were maybe wrong. */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux)
Re: recover private key
Once again! Thanks you guys for helping me out! Faramir-2 wrote: Yes, you can send messages to me, and I am sure other people here will volunteer to test encryption with you. You are right, john and I already tested it, i had to send the public key to him by mail though. He could find it on the key server... hmmm?! which is strange since i think i uploaded it at some point in time. Faramir-2 wrote: Well, when I install GPG, the keyrings are empty, so I don't think it comes with a demo... my private key starts with the following: This is a test secret keyring simply stored by GNUPG so that it is easier to make diff files. sec /XXX 2003-12-31 Test one (pp=def) o...@example.com ssb /XXX 2003-12-31 sec /XXX 2003-12-31 Test two (no pp) t...@example.com ssb /XXX 2003-12-31 sec /XXX 2003-12-31 Test three (no pp) th...@example.com How come it has those example mails there?! Faramir-2 wrote: gpg: WARNING: key ECABF51D contains preferences for unavailable gpg: algorithms on these user IDs: gpg: Test three (no pp) th...@example.com: preference for cipher algorithm 1 gpg: it is strongly suggested that you update your preferences and gpg: re-distribute this key to avoid potential algorithm mismatch problems There are several problems: 1.- I downloaded the key ECABF51D from keyservers, and it doesn't have a subkey for encryption purposes, so you can only sign and certify, but not encrypt/decrypt. Hm. I'm starting to think that i may be better of starting over again?! Maybe it is easier if I just try to generate a new key!? I don't know what went wrong when i uploaded to the keyserver?! Faramir-2 wrote: 2.- Also, the key lists in it's preferences, the encryption algorithm IDEA (cipher algorithm 1). And GPG doesn't include that algorithm, because it is not free. It seems it can be used for non-business purposes, but I am not really sure about that, so if somebody sends a message to you, and it is encrypted with IDEA, you would be unable to decrypt it (but I think that is not your worst problem, since as long as you don't get encryption capabilities -by adding a subkey capable of encryption- I *think* people won't be able to send encrypted messages to you). You can download idea.dll and configure gpg to use it, but unless you are sure you are not breaking the copyright... I am NOT sure about that, I have read somewhere it was allowed to use it if you are not doing business, but I am not sure about the reliability of the place where I read that. Also, when I tried to find the company that is supposed to hold de copyright, I couldn't find it on internet... (and since I was just curious about it, I didn't keep searching). do you all use IDEA?! if it is not commonly used i dont think i'll try and get it. Enough work to get the standard algorithm working for me ;) Faramir-2 wrote: Last words: I am not sure if you should add a subkey first, and edit preferences latter, or to edit pref first, and add the key latter... Again: do you think it would be better for me to just start over?! And by the way... why do you all sign your messages here? I'm not sure i have understood the signing idea completely? it is to make sure that the reader knows the sender is the person he/she says he/she is!? right!? hope you are all enjoying the weekend! J -- View this message in context: http://www.nabble.com/recover-private-key-tp21268023p21397920.html Sent from the GnuPG - User mailing list archive at Nabble.com. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Question of using GNUPG on Win OS
Hi, Currently i have a project need some data from PGP encrypted files. I need to decrypt these files by program. I think GNUPG should be a greate tool for my requirement. But I am really confused by the GNUPG version and usage since I don't have many experience of Linux OS. My project will be executed on Win OS. So, I have following questions need your help. Really appriciated for any helps. 1. Where can I download a windows version of GNUPG? The files on GNUPG download ftp site seems all are Linux version. 2. How can I decrypt files by using GNUPG programmatic? Using some DLL API or call the command? 3. Are there any guid or documents for GNUPG windows version? -- Thanks, Neil ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question of using GNUPG on Win OS
Neil Yan wrote: 1. Where can I download a windows version of GNUPG? The files on GNUPG download ftp site seems all are Linux version. ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.9.exe 2. How can I decrypt files by using GNUPG programmatic? Using some DLL API or call the command? Calling the command. You may find Perl to be very useful for this. 3. Are there any guid or documents for GNUPG windows version? I assume you mean GUIs, as in Graphical User Interface. (GUID is another acronym: Globally Unique Identifier.) Yes; Google for WinPT or GPGshell. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Setting up a new laptop - importing keyrings
Anne Wilson wrote: I'm setting up a new netbook, and have copied into the .gnupg folder my keyrings and associated files from this laptop. Kgpg lists the keys correctly, but all is not well. When I try to set keys for signing and encryption I get the endless searching bar, as Chris described a few days ago. I know nothing of Kpg, but perhaps we can determine whether the issue is with gpg or Kgpg and that might narrow down where to look. I considered starting from an empty keyring and importing signatures as they arrive in kmail, but I think the problem is that I don't know how to get the secret key recognised. Are your secret keys listed by gpg --list-secret-keys ? If so, then the problem isn't with the keyrings. It could be with Kgpg or the gpg-agent setup (IIRC, that was what the problem a few days ago was). -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ A hen is only an egg's way of making another egg. -- Samuel Butler pgprRr9gvvrsb.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
