[Announcement] GnuPG for OS X 2.4.5

[Ralph Seichter via Gnupg-users]

GnuPG for OS X / macOS release 2.4.5 is now available for download via
https://sourceforge.net/p/gpgosx/docu/Download/ .

The disk image signature key is available via public keyservers, and it
can also be downloaded from https://www.seichter.de/pgp/gpgosx-signing.asc .

  pub ed25519/FD56297D9833FF7F 2022-07-07 [SC] [expires: 2027-07-06]
 Key fingerprint = EAB0 FE4F F793 D9E7 028E  C8E2 FD56 297D 9833 FF7F
  uid [ultimate] Ralph Seichter (GnuPG for OS X signing key)

GnuPG 2.4.x is installed in /usr/local/gnupg-2.4 instead of the formerly
hardcoded directory /usr/local/gnupg-2.2. This enables installing both
stable and LTS releases of GnuPG for OS X side by side, for advanced
users' needs.

The one caveat is that the latest installation will replace existing
soft links in /usr/local/{bin,lib}. Please use absolute paths like
/usr/local/gnupg-2.2/bin/gpg2 if necessary. Enjoy.

-Ralph

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

[Announce] GnuPG 2.4.5 released

[Werner Koch via Gnupg-users]

Hello!

We are pleased to announce the availability of a new stable GnuPG
release: version 2.4.5.  This version fixes a couple of bugs and comes
with some new features.


What is GnuPG
=

The GNU Privacy Guard (GnuPG, GPG) is a complete and free implementation
of the OpenPGP and S/MIME standards.

GnuPG allows to encrypt and sign data and communication, features a
versatile key management system as well as access modules for public key
directories.  GnuPG itself is a command line tool with features for easy
integration with other applications.  The separate library GPGME provides
a uniform API to use the GnuPG engine by software written in common
programming languages.  A wealth of frontend applications and libraries
making use of GnuPG are available.  As an universal crypto engine GnuPG
provides support for S/MIME and Secure Shell in addition to OpenPGP.

GnuPG is Free Software (meaning that it respects your freedom).  It can
be freely used, modified and distributed under the terms of the GNU
General Public License.


Noteworthy changes in version 2.4.5
===

  * gpg,gpgv: New option --assert-pubkey-algo.  [T6946]

  * gpg: Emit status lines for errors in the compression layer.
[T6977]

  * gpg: Fix invocation with --trusted-keys and --no-options.  [T7025]

  * gpgsm: Allow for a longer salt in PKCS#12 files.  [T6757]

  * gpgtar: Make --status-fd=2 work on Windows.  [T6961]

  * scd: Support for the ACR-122U NFC reader.  [rG1682ca9f01]

  * scd: Suport D-TRUST ECC cards.  [T7000,T7001]

  * scd: Allow auto detaching of kernel drivers; can be disabled with
the new compatibility-flag ccid-no-auto-detach.  [rGa1ea3b13e0]

  * scd: Allow setting a PIN length of 6 also with a reset code for
openpgp cards.  [T6843]

  * agent: Allow GET_PASSPHRASE in restricted mode.  [rGadf4db6e20]

  * dirmngr: Trust system's root CAs for checking CRL issuers.
[T6963]

  * dirmngr: Fix regression in 2.4.4 in fetching keys via hkps.
[T6997]

  * gpg-wks-client: Make option --mirror work properly w/o specifying
domains.  [rG37cc255e49]

  * g13,gpg-wks-client: Allow command style options as in "g13 mount
foo".  [rGa09157ccb2]

  * Allow tilde expansion for the foo-program options.  [T7017]

  * Make the getswdb.sh tool usable outside the GnuPG tree.

  Release-info: https://dev.gnupg.org/T6960


Getting the Software


Please follow the instructions found at  or
read on:

GnuPG may be downloaded from one of the GnuPG mirror sites or direct
from its primary FTP server.  The list of mirrors can be found at
.  Note that GnuPG is not
available at ftp.gnu.org.

The GnuPG source code compressed using BZIP2 and its OpenPGP signature
are available here:

 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.5.tar.bz2 (7704k)
 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.4.5.tar.bz2.sig

A new release of the Windows version in the form of the full featured
Gpg4win installer including this version of GnuPG is available here:

 https://files.gpg4win.org/gpg4win-4.3.1.exe (34M)
 https://files.gpg4win.org/gpg4win-4.3.1.exe.sig

and its source code is

 https://files.gpg4win.org/gpg4win-4.3.1.tar.xz (219M)
 https://files.gpg4win.org/gpg4win-4.3.1.tar.xz.sig


Checking the Integrity
==

In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:

 * If you already have a version of GnuPG installed, you can simply
   verify the supplied signature.  For example to verify the signature
   of the file gnupg-2.4.5.tar.bz2 you would use this command:

 gpg --verify gnupg-2.4.5.tar.bz2.sig gnupg-2.4.5.tar.bz2

   This checks whether the signature file matches the source file.
   You should see a message indicating that the signature is good and
   made by one or more of the release signing keys.  Make sure that
   this is a valid key, either by matching the shown fingerprint
   against a trustworthy list of valid release signing keys or by
   checking that the key has been signed by trustworthy other keys.
   See the end of this mail for information on the signing keys.

 * If you are not able to use an existing version of GnuPG, you have
   to verify the SHA-1 checksum.  On Unix systems the command to do
   this is either "sha1sum" or "shasum".  Assuming you downloaded the
   file gnupg-2.4.5.tar.bz2, you run the command like this:

 sha1sum gnupg-2.4.5.tar.bz2

   and check that the output matches the next line:

ae0935ead29a2dfa34d6b48d70808652bc3ca73b  gnupg-2.4.5.tar.bz2
7c5fa919c2eb90194e844de027a36e87c7be8a80  gpg4win-4.3.1.exe


Internationalization


This version of GnuPG has support for 26 languages with Chinese
(traditional and simplified), Czech, French, German, Italian,
Japanese, Norwegian, Polish, Russian, Turkish, and Ukrainian
being almost