date:20160714

[Announce] GnuPG 2.1.14 released

2016-07-14 Thread Werner Koch

Hello!

The GnuPG team is pleased to announce the availability of a new release
of GnuPG modern: Version 2.1.14.  See below for a list of new features
and bug fixes.


About GnuPG
=

The GNU Privacy Guard (GnuPG) is a complete and free implementation
of the OpenPGP standard which is commonly abbreviated as PGP.

GnuPG allows to encrypt and sign data and communication, features a
versatile key management system as well as access modules for public key
directories.  GnuPG itself is a command line tool with features for easy
integration with other applications.  A wealth of frontend applications
and libraries making use of GnuPG are available.  Since version 2 GnuPG
provides support for S/MIME and Secure Shell in addition to OpenPGP.

GnuPG is Free Software (meaning that it respects your freedom). It can
be freely used, modified and distributed under the terms of the GNU
General Public License.

Three different branches of GnuPG are actively maintained:

- GnuPG "modern" (2.1) is the latest development with a lot of new
  features.  This announcement is about this branch.

- GnuPG "stable" (2.0) is the current stable version for general use.
  This is what most users are still using.

- GnuPG "classic" (1.4) is the old standalone version which is most
  suitable for older or embedded platforms.

You may not install "modern" (2.1) and "stable" (2.0) at the same
time.  However, it is possible to install "classic" (1.4) along with
any of the other versions.


Noteworthy changes in version 2.1.14


 * gpg: Removed options --print-dane-records and --print-pka-records.
   The new export options "export-pka" and "export-dane" can instead
   be used with the export command.

 * gpg: New options --import-filter and --export-filter.

 * gpg: New import options "import-show" and "import-export".

 * gpg: New option --no-keyring.

 * gpg: New command --quick-revuid.

 * gpg: New options -f/--recipient-file and -F/--hidden-recipient-file
   to directly specify encryption keys.

 * gpg: New option --mimemode to indicate that the content is a MIME
   part.  Does only enable --textmode right now.

 * gpg: New option --rfc4880bis to allow experiments with proposed
   changes to the current OpenPGP specs.

 * gpg: Fix regression in the "fetch" sub-command of --card-edit.

 * gpg: Fix regression since 2.1 in option --try-all-secrets.

 * gpgv: Change default options for extra security.

 * gpgsm: No more root certificates are installed by default.

 * agent: "updatestartuptty" does now affect more environment
   variables.

 * scd: The option --homedir does now work with scdaemon.

 * scd: Support some more GEMPlus card readers.

 * gpgtar: Fix handling of '-' as file name.

 * gpgtar: New commands --create and --extract.

 * gpgconf: Tweak for --list-dirs to better support shell scripts.

 * tools: Add programs gpg-wks-client and gpg-wks-server to implement
   a Web Key Service.  The configure option --enable-wks-tools is
   required to build them; they should be considered Beta software.

 * tests: Complete rework of the openpgp part of the test suite.  The
   test scripts have been changed from Bourne shell scripts to Scheme
   programs.  A customized scheme interpreter (gpgscm) is included.
   This change was triggered by the need to run the test suite on
   non-Unix platforms.

 * The rendering of the man pages has been improved.

A detailed description of the changes found in the 2.1 branch can be
found at .

Please be aware that there are still known bugs which we are working on.
Check https://bugs.gnupg.org, https://wiki.gnupg.org, and the mailing
list archives for known problems and workarounds.


Getting the Software


Please follow the instructions found at  or
read on:

GnuPG 2.1.14 may be downloaded from one of the GnuPG mirror sites or
direct from its primary FTP server.  The list of mirrors can be found at
.  Note that GnuPG is not
available at ftp.gnu.org.

The GnuPG source code compressed using BZIP2 and its OpenPGP signature
are available here:

 ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.14.tar.bz2  (5572k)
 ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.14.tar.bz2.sig
or here:
 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.1.14.tar.bz2
 https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.1.14.tar.bz2.sig

An installer for Windows without any graphical frontend except for a
minimal Pinentry tool is available here:

 ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.14_20160714.exe  (3576k)
 ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.14_20160714.exe.sig
or here
 https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.1.14_20160714.exe
 https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.1.14_20160714.exe.sig

The source used to build the Windows installer can be found in the same
directory with a ".tar.xz" suffix.  This Windows installer comes with
Tofu

[Announce] Libgcrypt 1.7.2 released

2016-07-14 Thread Werner Koch

Hello!

The GnuPG Project is pleased to announce the availability of Libgcrypt
version 1.7.2.  This is a maintenace release.

Libgcrypt is a general purpose library of cryptographic building blocks.
It is originally based on code used by GnuPG.  It does not provide any
implementation of OpenPGP or other protocols.  Thorough understanding of
applied cryptography is required to use Libgcrypt.


Noteworthy changes in version 1.7.2
===

 * Bug fixes:

   - Fix setting of the ECC cofactor if parameters are specified.

   - Fix memory leak in the ECC code.

   - Remove debug message about unsupported getrandom syscall.

   - Fix build problems related to AVX use.

   - Fix bus errors on ARM for Poly1305, ChaCha20, AES, and SHA-512.

 * Internal changes:

   - Improved fatal error message for wrong use of gcry_md_read.

   - Disallow symmetric encryption/decryption if key is not set.


Download


Source code is hosted at the GnuPG FTP server and its mirrors as listed
at https://gnupg.org/download/mirrors.html .  On the primary server
the source tarball and its digital signature are:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.2.tar.bz2 (2778k)
 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.2.tar.bz2.sig

That file is bzip2 compressed.  A gzip compressed version is here:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.2.tar.gz (3318k)
 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.2.tar.gz.sig

The same files are also available via HTTP:

 https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.2.tar.bz2 
 https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.2.tar.bz2.sig
 https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.2.tar.gz 
 https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.2.tar.gz.sig

In order to check that the version of Libgcrypt you downloaded is an
original and unmodified file please follow the instructions found at
.  In short, you may
use one of the following methods:

 - Check the supplied OpenPGP signature.  For example to check the
   signature of the file libgcrypt-1.7.2.tar.bz2 you would use this
   command:

 gpg --verify libgcrypt-1.7.2.tar.bz2.sig libgcrypt-1.7.2.tar.bz2

   This checks whether the signature file matches the source file.  You
   should see a message indicating that the signature is good and made
   by one or more of the release signing keys. 

 - If you are not able to use GnuPG, you have to verify the SHA-1
   checksum:

 sha1sum libgcrypt-1.7.2.tar.bz2

   and check that the output matches the first line from the
   this list:

85a6a936bcab4c3c05f5efbf6ce847f23d35c0c4  libgcrypt-1.7.2.tar.bz2
8e34352e21744fe3fb0558f9d6af6b69e18cb563  libgcrypt-1.7.2.tar.gz

   You should also verify that the checksums above are authentic by
   matching them with copies of this announcement.  Those copies can be
   found at other mailing lists, web sites, and search engines.
   

Copying
===

Libgcrypt is distributed under the terms of the GNU Lesser General
Public License (LGPLv2.1+).  The helper programs as well as the
documentation are distributed under the terms of the GNU General Public
License (GPLv2+).  The file LICENSES has notices about contributions
that require that these additional notices are distributed.


Support
===

For help on developing with Libgcrypt you should read the included
manual and optional ask on the gcrypt-devel mailing list [1].  A
listing with commercial support offers for Libgcrypt and related
software is available at the GnuPG web site [2].

If you are a developer and you may need a certain feature for your
project, please do not hesitate to bring it to the gcrypt-devel
mailing list for discussion.

Maintenance and development of Libgcrypt is mostly financed by
donations; see .  We currently employ
3 full-time developers, one part-timer, and one contractor to work on
GnuPG and closely related software like Libgcrypt.


Thanks
==

We like to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
servers, spreading the word, and answering questions on the mailing
lists.  Also many thanks to all our donors [3].


For the GnuPG hackers,

   Werner



p.s.
This is an announcement only mailing list.  Please send replies only to
the gcrypt-devel 'at' gnupg.org mailing list.


[1] https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
[2] https://www.gnupg.org/service.html
[3] https://gnupg.org/donate/kudos.html

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
 /* Join us at OpenPGP.conf   */


pgpXcWysbXehi.pgp
Description: PGP signature
___
Gnupg-announce mailing list
gnupg-annou...@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce___
Gnupg-users mailing list
Gnupg-users@gnupg.org

Re: Solid Crypting for GNUPG

2016-07-14 Thread Werner Koch

On Fri,  1 Jul 2016 12:02, xlba...@li.ru said:

> Can u get policy for adding a new open-non-patent algorythms for
> crypting in new versions of GNUPG without modules to it?I still aint

You are asking on how to add new algorithms to GnuPG.  I assume you mean
the OpenPGP part (gpg).

To add a new algorithm, you first need to get it into the OpenPGP
standard (RFC-4880), then make sure that Libgcrypt supports the
algorithm, and finally add it to GnuPG.

If you do not want to wait until an RFC for your algorithm has been
published, you may use the experimental range of algorithm ids from
OpenPGP.  However, we won't accept it in the upstream version of GnuPG,
because those experimental algorithm ids have practical problems and are
only useful for, well, experiments.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
 /* Join us at OpenPGP.conf   */


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-preset-passphrase not working with 2.1

2016-07-14 Thread David Matthews

On 13 July 2016 at 13:13, Daniel Kahn Gillmor  wrote:
> Hi David--
>
> On Tue 2016-07-12 16:46:53 +0200, David Matthews wrote:
>> I can't get gpg-preset-passphrase to work with GnuPG 2.1.7.
>
> there have been significant changes to GnuPG between 2.1.7 and 2.1.13.
>
> can you try upgrading to 2.1.13?

I've compiled 2.1.13 on Fedora 23 and get the same result (test output below).

According to issue 2015 this was caused by a change that went into
release 2.1.5.

Thanks,
David

++ gpg-agent -vv --daemon --allow-preset-passphrase --debug-level 9
gpg-agent[12163]: enabled debug flags: command mpi crypto memory cache
memstat ipc
gpg-agent[12163]: listening on socket '/run/user/1000/gnupg/S.gpg-agent'
gpg-agent[12164]: gpg-agent (GnuPG) 2.1.13 started
+ eval ''
+ /usr/local/libexec/gpg-preset-passphrase -vv --preset -P test myid
gpg-agent[12164]: handler 0x7fc9c028a700 for fd 4 started
gpg-agent[12164]: DBG: chan_4 -> OK Pleased to meet you, process 12165
gpg-agent[12164]: DBG: chan_4 <- OPTION ttyname=/dev/pts/0
gpg-agent[12164]: DBG: chan_4 -> OK
gpg-agent[12164]: DBG: chan_4 <- OPTION ttytype=xterm
gpg-agent[12164]: DBG: chan_4 -> OK
gpg-agent[12164]: DBG: chan_4 <- OPTION lc-ctype=en_US.UTF-8
gpg-agent[12164]: DBG: chan_4 -> OK
gpg-agent[12164]: DBG: chan_4 <- OPTION lc-messages=en_US.UTF-8
gpg-agent[12164]: DBG: chan_4 -> OK
gpg-agent[12164]: DBG: chan_4 <- PRESET_PASSPHRASE myid -1 74657374
gpg-agent[12164]: DBG: agent_put_cache 'myid' (mode 1) requested ttl=-1
gpg-agent[12164]: DBG: chan_4 -> S PROGRESS need_entropy X 60 120
gpg-agent[12164]: DBG: chan_4 -> S PROGRESS need_entropy X 120 120
 Removed lots of repeated lines 
gpg-agent[12164]: DBG: chan_4 -> S PROGRESS need_entropy X 60 120
gpg-agent[12164]: DBG: chan_4 -> S PROGRESS need_entropy X 120 120
gpg-agent[12164]: DBG: chan_4 -> OK
gpg-agent[12164]: DBG: chan_4 <- [eof]
gpg-agent[12164]: handler 0x7fc9c028a700 for fd 4 terminated
+ echo 'GET_PASSPHRASE --no-ask myid Err Pmt Des'
+ gpg-connect-agent -vv
gpg-agent[12164]: handler 0x7fc9c028a700 for fd 4 started
gpg-agent[12164]: DBG: chan_4 -> OK Pleased to meet you, process 12168
gpg-agent[12164]: DBG: chan_4 <- RESET
gpg-agent[12164]: DBG: chan_4 -> OK
gpg-agent[12164]: DBG: chan_4 <- OPTION ttytype=xterm
gpg-agent[12164]: DBG: chan_4 -> OK
gpg-agent[12164]: DBG: chan_4 <- GET_PASSPHRASE --no-ask myid Err Pmt Des
gpg-agent[12164]: DBG: agent_get_cache 'myid' (mode 3) ...
gpg-agent[12164]: DBG: ... miss
gpg-agent[12164]: command 'GET_PASSPHRASE' failed: No data
gpg-agent[12164]: DBG: chan_4 -> ERR 67108922 No data 
gpg-connect-agent: closing connection to agent
ERR 67108922 No data 
gpg-agent[12164]: DBG: chan_4 <- [eof]
gpg-agent[12164]: handler 0x7fc9c028a700 for fd 4 terminated

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[Announce] GnuPG 2.1.14 released

[Announce] Libgcrypt 1.7.2 released

Re: Solid Crypting for GNUPG

Re: gpg-preset-passphrase not working with 2.1

4 matches

Site Navigation

Mail list logo

Footer information