Re: [Announce] GnuPG 2.1.1 released
On Fri, 19 Dec 2014 18:22, r...@sixdemonbag.org said: While we're on the subject -- it might be nice for GnuPG to be able to issue proper Authenticode-signed Windows binaries. Code signing certificates are fairly affordable although the paperwork is a headache. Actually we (Intevation in his case) do this for Gpg4win. People seem to like this although I do not see a real security benefit in it. If you look at the download stats for December | Version| tar/exe | sig | % | |+-+--+| | 2.1.0/tar | 837 | 419 | 50 | | 2.0.26/tar |4770 | 1635 | 34 | | 1.4.18/tar |1451 | 429 | 30 | | 1.4.18/exe | 635 | 110 | 17 | (which also include automated downloads from mirrors not using rsync) It shows that less than 20% of the Windows users check the signatures. It might of course be their first gpg download and thus can't make use of the signature anyway. However, given the number of the tarball downloads it is obvious verification of signatures is not a standard procedure. Thus I do not think that Authenticate would harm even given that it is possible to buy the private key for an existing Authenticode certificate. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.1 released
Hi, On Saturday 20 December 2014 12:21:08 Werner Koch wrote: Thus I do not think that Authenticate would harm even given that it is possible to buy the private key for an existing Authenticode certificate. I actually love authenticode. It means that you can do some steps to get to the Operating System level of trust. Sure you can buy your way into this but that is the Operating System level of trust that is asserted through HTTPS connections / Windows Update and so on. It is weak, i grant you that, but it is at least _some_ automatic authentication of binaries. I'm playing a game on a Windows Machine currently (Archeage) that requires administrative access for each launch!,.. and they did not even care to sign their binary. This is just security sadism. (I keep my GNU/Linux partitions on which i do any work or store secrets encrypted) In a different project at intevation we signed all binaries in our installer keeping packaging and building on different systems. As we won't expose our private keys to propietary systems that meant running wine to create the nsis uninstaller, Maybe this is also something for the future of gpg4win. (Btw. We use osslsigncode which is a really great tool that allows you to create authenticode PKCS#7 signatures under GNU/Linux.) With regards to the original question. I'd be happy to sign your experimental gnupg only installers with our code signing certificate (and be quick about it) after verifying your signature. Intevation trusts g10code (we heavilly use gnupg internally where the source is verified by Werner) Regards, Andre signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.1 released
Apologies, that option is indeed gone. I was trying to pass it anyhow, in order to use an external (but up-to-date) gpg-agent as my agent, because that's how I was configuring the 2.0.x branch, --disable-agent --with-agent-pgm=/usr/local/opt/gpg-agent/bin/gpg-agent. When I went to build this new release of the 2.1.x branch I just automatically passed those configure options, and when the configure script didn't flag the option as unrecognised I wondered if it was a bug that it was erroring out. I should have probably double-checked to see if I was just being stupid ;). Cheers for the reply, Dom Sent from OS X. If you wish to communicate more securely my PGP Public Key is 0x872524db9d74326c. On 18/12/2014 08:35, Werner Koch wrote: On Wed, 17 Dec 2014 13:54, dominyktil...@gmail.com said: I'm still hitting a new one though. If you attempt to compile using an external gpg-agent, rather than one with the package, you hit this: You mean an option --disable-agent? Do we still have this option - it needs to be removed. gpg-agent is not optional. Salam-Shalom, Werner signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.1 released
Thank you for the time you've spent on this, but a minor quibble if you don't mind. Could you please provide signatures for the dmg files, and ideally sign the messages you send to the list about them? While we're on the subject -- it might be nice for GnuPG to be able to issue proper Authenticode-signed Windows binaries. Code signing certificates are fairly affordable although the paperwork is a headache. It might be nice doesn't mean we should do this, of course. :) Just it might be nice, and maybe we ought think about it some. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.1 released
On Wed, 17 Dec 2014 13:54, dominyktil...@gmail.com said: I'm still hitting a new one though. If you attempt to compile using an external gpg-agent, rather than one with the package, you hit this: You mean an option --disable-agent? Do we still have this option - it needs to be removed. gpg-agent is not optional. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.1 released
On Wed, 17 Dec 2014 22:21, 2014-667rhzu3dc-lists-gro...@riseup.net said: Could there be a similar issue with the %i for --photo-viewer? photo-viewer path\to\gpgview.exe %i /title 0x%K.%t[%V] I don't see any chnage in this part of the code. Did it worked in 2.0? Can you test on Unix too? (Debugging there is much easier for me). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.1 released
Running Fedora 21, 64 bit. ./configure gave error missing ksba Downloaded. ./configure gave libgpg-error is needed. # yum install --disablerepo=Dropbox libgpg-error Loaded plugins: langpacks Package libgpg-error-1.13-3.fc21.x86_64 already installed and latest version Nothing to do Circular error? regards On 16 December 2014 at 16:36, Werner Koch w...@gnupg.org wrote: Hello! The GnuPG Project is pleased to announce the availability of the second release of GnuPG modern: Version 2.1.1. The GNU Privacy Guard (GnuPG) is a complete and free implementation of the OpenPGP standard as defined by RFC-4880 and better known as PGP. GnuPG, also known as GPG, allows to encrypt and sign data and communication, features a versatile key management system as well as access modules for public key directories. GnuPG itself is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries making use of GnuPG are available. Since version 2 GnuPG provides support for S/MIME and Secure Shell in addition to OpenPGP. GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License. Three different versions of GnuPG are actively maintained: - GnuPG modern (2.1) is the latest development with a lot of new features. This announcement is about the first release of this version. - GnuPG stable (2.0) is the current stable version for general use. This is what most users are currently using. - GnuPG classic (1.4) is the old standalone version which is most suitable for older or embedded platforms. You may not install modern (2.1) and stable (2.0) at the same time. However, it is possible to install classic (1.4) along with any of the other versions. What's New in GnuPG-2.1 === * gpg: Detect faulty use of --verify on detached signatures. * gpg: New import option keep-ownertrust. * gpg: New sub-command factory-reset for --card-edit. * gpg: A stub key for smartcards is now created by --card-status. * gpg: Fixed regression in --refresh-keys. * gpg: Fixed regresion in %g and %p codes for --sig-notation. * gpg: Fixed best matching hash algo detection for ECDSA and EdDSA. * gpg: Improved perceived speed of secret key listisngs. * gpg: Print number of skipped PGP-2 keys on import. * gpg: Removed the option aliases --throw-keyid and --notation-data; use --throw-keyids and --set-notation instead. * gpg: New import option keep-ownertrust. * gpg: Skip too large keys during import. * gpg,gpgsm: New option --no-autostart to avoid starting gpg-agent or dirmngr. * gpg-agent: New option --extra-socket to provide a restricted command set for use with remote clients. * gpgconf --kill does not anymore start a service only to kill it. * gpg-pconnect-agent: Add convenience option --uiserver. * Fixed keyserver access for Windows. * Fixed build problems on Mac OS X * The Windows installer does now install development files * More translations (but most of them are not complete). * To support remotely mounted home directories, the IPC sockets may now be redirected. This feature requires Libassuan 2.2.0. * Improved portability and the usual bunch of bug fixes. A detailed description of the changes found in 2.1 can be found at https://gnupg.org/faq/whats-new-in-2.1.html . Getting the Software Please follow the instructions found at https://gnupg.org/download/ or read on: GnuPG 2.1.1 may be downloaded from one of the GnuPG mirror sites or direct from its primary FTP server. The list of mirrors can be found at https://gnupg.org/mirrors.html . Note that GnuPG is not available at ftp.gnu.org. On ftp.gnupg.org you find these files: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.1.tar.bz2 (4689k) ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.1.tar.bz2.sig This is the GnuPG 2.1 source code compressed using BZIP2 and its OpenPGP signature. ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.1_20141216.exe (6364k) ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.1_20141216.exe.sig This is an *experimental* installer for Windows including GPA as graphical key manager and GpgEX as an Explorer extension. Please de-install an already installed Gpg4win version before trying this installer. This binary version has not been tested very well, thus it is likely that you will run into problems. The complete source code for the software included in this installer is in the same directory with .exe replaced by .tar.xz. This version fixes a lot of bugs found after the release of 2.1.0 but there are still known bugs which we are working on. Please check the mailing list archives and https://wiki.gnupg.org for known problems and workaround. Checking the Integrity == In order to check
Re: [Announce] GnuPG 2.1.1 released
On Thu, 18 Dec 2014 11:59, dave.paw...@gmail.com said: ./configure gave libgpg-error is needed. configure shows you which version of which libaries you need. Please install them. The versions which come with your OS are usually too old. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.1 released
On Thursday 18 December 2014 10:59:09 Dave Pawson wrote: Running Fedora 21, 64 bit. ./configure gave error missing ksba Downloaded. ./configure gave libgpg-error is needed. # yum install --disablerepo=Dropbox libgpg-error Loaded plugins: langpacks Package libgpg-error-1.13-3.fc21.x86_64 already installed and latest version Nothing to do Circular error? I guess you are lacking the development package of libgpg-error. It's probably called libgpg-error-devel. Whenever you want to build something yourself you have to install the development packages of all dependencies. Normal users don't need them. Therefore they are usually not installed by default. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.1 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thursday 18 December 2014 at 9:03:45 AM, in mid:87388d5nym@vigenere.g10code.de, Werner Koch wrote: I don't see any chnage in this part of the code. Did it worked in 2.0? I had not used 2.0 much at all because my email app of choice doesn't play nice with it (but is fine with 2.1). I have 2.0.20 and 2.0.26 to hand; I just tested with them and found it didn't work for me. For both of these, the error message was slightly different than I see with 2.1:- gpg: system error while calling external program: Permission denied gpg: unable to display photo ID! ^ instead of:- gpg: system error while calling external program: No error gpg: unable to display photo ID! Can you test on Unix too? (Debugging there is much easier for me). The best I can do is try to get my Linux partition working again, if the wife doesn't invent too much that needs doing over Christmas. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net After all is said and done, a lot more will be said than done. -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJUk0wwXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwZc8IAIEkdqDjV5WK7Y6cHZF2Vi54 JCDD0U1set5Cs0nczv7jFTXAI15JIsw5brWRcPlKzDM4uBwNgnhFBC5Arr4f/UHB 2Yd1cmaGFE90ArQ4j9resAZ6Pv0MIvbvL3GwL/kvUAU6gPAqS72PlO9dyafmIbYz id6xDJCwOpJFT5XVYSAThJ2n/+Ao4KuOMsPqt9sU1QdSMNJwKS7MUdFil/85AK1p kIW7I/sIK+sLYwrvDIon3T8V/Za/eMeJVjM8AgD1A7pNbynh161hV9bH+GHXNGxC GkM1Kbj4ufK0dkow9ZEhwKeQnG7wx8Y+bcUoFJ9KNIorfEke/wU+b3ZQP87DrSuI vgQBFgoAZgUCVJNMOF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45LljAQCATOKlAtFkQd+KRGSeO4QLj/HR PXMd+g/TcollLscJNQEATn+VQZ6opqQZxDvtAewoqSRSYLGBETmzJhKiA0Wjgw8= =GTud -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.1 released
On 16.12.14 17:36, Werner Koch wrote: Hello! The GnuPG Project is pleased to announce the availability of the second release of GnuPG modern: Version 2.1.1. The GNU Privacy Guard (GnuPG) is a complete and free implementation of the OpenPGP standard as defined by RFC-4880 and better known as PGP. GnuPG, also known as GPG, allows to encrypt and sign data and communication, features a versatile key management system as well as access modules for public key directories. GnuPG itself is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries making use of GnuPG are available. Since version 2 GnuPG provides support for S/MIME and Secure Shell in addition to OpenPGP. GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License. Three different versions of GnuPG are actively maintained: - GnuPG modern (2.1) is the latest development with a lot of new features. This announcement is about the first release of this version. - GnuPG stable (2.0) is the current stable version for general use. This is what most users are currently using. - GnuPG classic (1.4) is the old standalone version which is most suitable for older or embedded platforms. You may not install modern (2.1) and stable (2.0) at the same time. However, it is possible to install classic (1.4) along with any of the other versions. I created an installer for GnuPG 2.1.1 on Mac OS X, available from here: http://sourceforge.net/projects/gpgosx/files/GnuPG-2.1.1.dmg/download -Patrick ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.1 released
Hi Werner, Thanks for the new release, It solves a lot of the OS X compile problems we were seeing, which is great. I'm still hitting a new one though. If you attempt to compile using an external gpg-agent, rather than one with the package, you hit this: clang -I/usr/local/Cellar/libgcrypt/1.6.2/include -I/usr/local/Cellar/libgpg-error/1.17/include -I/usr/local/Cellar/libgpg-error/1.17/include -I/usr/local/Cellar/libassuan/2.1.3/include -I/usr/local/Cellar/libgpg-error/1.17/include -g -O2 -Wall -Wno-pointer-sign -Wpointer-arith -lresolv -o gpgsplit gpgsplit.o ../common/libcommon.a -L/usr/local/Cellar/libgcrypt/1.6.2/lib -lgcrypt -L/usr/local/Cellar/libgpg-error/1.17/lib -lgpg-error -L/usr/local/Cellar/libgpg-error/1.17/lib -lgpg-error -lz -lbz2 -lintl -Wl,-framework -Wl,CoreFoundation -liconv Making all in po Making all in doc /Applications/Xcode.app/Contents/Developer/usr/bin/make all-am clang -o yat2m ./yat2m.c for file in gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi dirmngr.texi scdaemon.texi tools.texi ; do \ ./yat2m -I . -D gpgtwoone --release GnuPG 2.1.1 --source GNU Privacy Guard 2.1 --store \ `test -f '$file' || echo './'`$file ; done yat2m: writing 'gnupg.7' yat2m: writing 'gpg2.1' yat2m: writing 'gpgsm.1' yat2m: writing 'gpg-agent.1' yat2m: writing 'dirmngr.8' yat2m: writing 'scdaemon.1' yat2m: writing 'watchgnupg.1' yat2m: writing 'gpgv2.1' yat2m: writing 'addgnupghome.8' yat2m: writing 'gpgconf.1' yat2m: writing 'applygnupgdefaults.8' yat2m: writing 'gpgsm-gencert.sh.1' yat2m: writing 'gpg-preset-passphrase.1' yat2m: writing 'gpg-connect-agent.1' yat2m: writing 'dirmngr-client.1' yat2m: writing 'gpgparsemail.1' yat2m: writing 'symcryptrun.1' yat2m: writing 'gpg-zip.1' Making all in tests Making all in openpgp make[3]: *** No rule to make target `../../agent/gpg-agent', needed by `all-local'. Stop. make[2]: *** [all-recursive] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 Any ideas? Cheers, Dom Sent from OS X. If you wish to communicate more securely my PGP Public Key is 0x872524db9d74326c. On 16/12/2014 16:36, Werner Koch wrote: Hello! The GnuPG Project is pleased to announce the availability of the second release of GnuPG modern: Version 2.1.1. The GNU Privacy Guard (GnuPG) is a complete and free implementation of the OpenPGP standard as defined by RFC-4880 and better known as PGP. GnuPG, also known as GPG, allows to encrypt and sign data and communication, features a versatile key management system as well as access modules for public key directories. GnuPG itself is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries making use of GnuPG are available. Since version 2 GnuPG provides support for S/MIME and Secure Shell in addition to OpenPGP. GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License. Three different versions of GnuPG are actively maintained: - GnuPG modern (2.1) is the latest development with a lot of new features. This announcement is about the first release of this version. - GnuPG stable (2.0) is the current stable version for general use. This is what most users are currently using. - GnuPG classic (1.4) is the old standalone version which is most suitable for older or embedded platforms. You may not install modern (2.1) and stable (2.0) at the same time. However, it is possible to install classic (1.4) along with any of the other versions. What's New in GnuPG-2.1 === * gpg: Detect faulty use of --verify on detached signatures. * gpg: New import option keep-ownertrust. * gpg: New sub-command factory-reset for --card-edit. * gpg: A stub key for smartcards is now created by --card-status. * gpg: Fixed regression in --refresh-keys. * gpg: Fixed regresion in %g and %p codes for --sig-notation. * gpg: Fixed best matching hash algo detection for ECDSA and EdDSA. * gpg: Improved perceived speed of secret key listisngs. * gpg: Print number of skipped PGP-2 keys on import. * gpg: Removed the option aliases --throw-keyid and --notation-data; use --throw-keyids and --set-notation instead. * gpg: New import option keep-ownertrust. * gpg: Skip too large keys during import. * gpg,gpgsm: New option --no-autostart to avoid starting gpg-agent or dirmngr. * gpg-agent: New option --extra-socket to provide a restricted command set for use with remote clients. * gpgconf --kill does not anymore start a service only to kill it. * gpg-pconnect-agent: Add convenience option --uiserver. * Fixed keyserver access for Windows. * Fixed build problems
Re: [Announce] GnuPG 2.1.1 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tuesday 16 December 2014 at 4:36:19 PM, in mid:874msveem4@vigenere.g10code.de, Werner Koch wrote: * gpg: Fixed regresion in %g and %p codes for --sig-notation. Could there be a similar issue with the %i for --photo-viewer? photo-viewer path\to\gpgview.exe %i /title 0x%K.%t[%V] seems to get me the message:- gpg: system error while calling external program: No error gpg: unable to display photo ID! - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net The secret to creativity is knowing how to hide your sources. -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJUkfPlXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwya0H/jVscH4wzZlQ4EqlhXJHOKvL 9Th8s/FR8SLcVhjJ8lH0FjOJCooq+QquqFrCMj7FZRo6mKmG403zNpSPv202CPke jFKBcuML9Kdxg/sHOQRhTWYuh/dAfbm/RBCJ3+1xx36F0v9pIvaGq0ViS8DwHMsB bYivIfDcvlYl70IS2D5cxMc7TgH6+mNogAmU7Lm8R+u2OpfK0XbWMV9F4Vi93V9M pZ3EffBRwMZqMVjXmdaSCqa9RMIjDqRJJiTOEBl+TsKgztg1sDhijqFIt88EkSXv eieqJx12oYyfa3ri6AyjOpF0VMlTVQVHQ+s0kXxB83WbP2vOg3Summ4fO8TmzNyI vgQBFgoAZgUCVJHz7V8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45O37AQBAm74Ib66ZbTWqSoD7uiPlBIk6 SG5wru7bfpv0ZZcj9QEAVGIhR34UcDoGXaj4NstNHYplD93pzoFqvsCEtnLaHQ0= =tvmk -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[Announce] GnuPG 2.1.1 released
Hello! The GnuPG Project is pleased to announce the availability of the second release of GnuPG modern: Version 2.1.1. The GNU Privacy Guard (GnuPG) is a complete and free implementation of the OpenPGP standard as defined by RFC-4880 and better known as PGP. GnuPG, also known as GPG, allows to encrypt and sign data and communication, features a versatile key management system as well as access modules for public key directories. GnuPG itself is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries making use of GnuPG are available. Since version 2 GnuPG provides support for S/MIME and Secure Shell in addition to OpenPGP. GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License. Three different versions of GnuPG are actively maintained: - GnuPG modern (2.1) is the latest development with a lot of new features. This announcement is about the first release of this version. - GnuPG stable (2.0) is the current stable version for general use. This is what most users are currently using. - GnuPG classic (1.4) is the old standalone version which is most suitable for older or embedded platforms. You may not install modern (2.1) and stable (2.0) at the same time. However, it is possible to install classic (1.4) along with any of the other versions. What's New in GnuPG-2.1 === * gpg: Detect faulty use of --verify on detached signatures. * gpg: New import option keep-ownertrust. * gpg: New sub-command factory-reset for --card-edit. * gpg: A stub key for smartcards is now created by --card-status. * gpg: Fixed regression in --refresh-keys. * gpg: Fixed regresion in %g and %p codes for --sig-notation. * gpg: Fixed best matching hash algo detection for ECDSA and EdDSA. * gpg: Improved perceived speed of secret key listisngs. * gpg: Print number of skipped PGP-2 keys on import. * gpg: Removed the option aliases --throw-keyid and --notation-data; use --throw-keyids and --set-notation instead. * gpg: New import option keep-ownertrust. * gpg: Skip too large keys during import. * gpg,gpgsm: New option --no-autostart to avoid starting gpg-agent or dirmngr. * gpg-agent: New option --extra-socket to provide a restricted command set for use with remote clients. * gpgconf --kill does not anymore start a service only to kill it. * gpg-pconnect-agent: Add convenience option --uiserver. * Fixed keyserver access for Windows. * Fixed build problems on Mac OS X * The Windows installer does now install development files * More translations (but most of them are not complete). * To support remotely mounted home directories, the IPC sockets may now be redirected. This feature requires Libassuan 2.2.0. * Improved portability and the usual bunch of bug fixes. A detailed description of the changes found in 2.1 can be found at https://gnupg.org/faq/whats-new-in-2.1.html . Getting the Software Please follow the instructions found at https://gnupg.org/download/ or read on: GnuPG 2.1.1 may be downloaded from one of the GnuPG mirror sites or direct from its primary FTP server. The list of mirrors can be found at https://gnupg.org/mirrors.html . Note that GnuPG is not available at ftp.gnu.org. On ftp.gnupg.org you find these files: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.1.tar.bz2 (4689k) ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.1.tar.bz2.sig This is the GnuPG 2.1 source code compressed using BZIP2 and its OpenPGP signature. ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.1_20141216.exe (6364k) ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.1_20141216.exe.sig This is an *experimental* installer for Windows including GPA as graphical key manager and GpgEX as an Explorer extension. Please de-install an already installed Gpg4win version before trying this installer. This binary version has not been tested very well, thus it is likely that you will run into problems. The complete source code for the software included in this installer is in the same directory with .exe replaced by .tar.xz. This version fixes a lot of bugs found after the release of 2.1.0 but there are still known bugs which we are working on. Please check the mailing list archives and https://wiki.gnupg.org for known problems and workaround. Checking the Integrity == In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a version of GnuPG installed, you can simply verify the supplied signature. For example to verify the signature of the file gnupg-2.1.1.tar.bz2 you would use this command: gpg --verify gnupg-2.1.1.tar.bz2.sig gnupg-2.1.1.tar.bz2 This checks whether the signature file matches the source
