Анонсы выхода версий

Date: Mon, 29 Mar 2004 23:01:35 -0500
From: David Shaw <dshaw@jabberwocky.com>
To: announce@gnupg.org
Subject: [Announce] GnuPG 1.2.5 first release candidate

Представляем Вашему вниманию первую версию-кандидат GnuPG 1.2.5:

ftp://ftp.gnupg.org/gcrypt/alp.....nupg-1.2.5rc1.tar.gz^[link1] (3404k)
ftp://ftp.gnupg.org/gcrypt/alp.....-1.2.5rc1.tar.gz.sig^[link2]

патч обновляющий версию 1.2.4:

ftp://ftp.gnupg.org/gcrypt/alp.....2.4-1.2.5rc1.diff.gz^[link3] (676k)

Список зеркал по ссылке: http://www.gnupg.org/download/mirrors.html

MD5 суммы::

bfdabd51ae6f19441c580506f2a51b4a gnupg-1.2.4-1.2.5rc1.diff.gz
b907b73fc139b213bcad089545c94dfb gnupg-1.2.5rc1.tar.gz
6a3f543732867149aaae27f0b780e08e gnupg-1.2.5rc1.tar.gz.sig

Т.к. это стабильная ветка, то данное обновление содержит в основном
исправления ошибок и улучшает портируемость. Вы можете тестировать
данную версию и сообщите нам, пожалуйста, если найдете ошибки.

Изменения относительно 1.2.4:

Новый параметр ~~ask-cert-level/~~no-ask-cert-level включает/отключает
запрос уровня подписи при сертифицировании ключа.
По умолчанию включено.

Новый параметр min-cert-level позволяет игнорировать сертификаты
ниже заданного уровня. По умолчанию 1 (т.е. ничего не игнорировать).

Новый параметр --max-output позволяет ограничить объем текстового
вывода создаваемого GnuPG. Данный параметр можно использовать
в программах, вызывающих GnuPG для обработки сообщений,
которые могут генерить текстовый вывод больший, чем вызывающая
программа может обработать.
Это иногда называется "Decompression Bomb".

Новая команда --list-config для программ оболочек (frontends) и других программ,
которые вызывают GnuPG. См. doc/DETAILS.

Новая команда --gpgconf-list для внутреннего использования утилитой gpgconf
из gnupg 1.9.x.

Некоторое повышение производительности на больших таблицах ключей.
См. --enable-key-cache=SIZE в файле README.

Некоторые исправления для портирования на OpenBSD/i386, HPPA и AIX платформы.

Happy hacking,

The GnuPG Team (David, Stefan, Timo, Werner)

Перевод: Maxim Britov

<!escaped~~></blockquote><!~~escaped-->

Комментарии

— Kent (26/05/2004 23:18)
Вышла новая версия, GnuPG 1.3.6 (development).
Анонс находится здесь:
http://lists.gnupg.org/piperma.....e/2004q2/000168.html^[link4]

— MaxBritov (27/05/2004 10:34)
На тему не смотрим?
1.3.6 не стабильная версия, а для тестирования

— Kent (27/05/2004 22:11)
Maxim, ну не надо придираться. Не так уж часто версии GnuPG выходят. А темы плодить не хочется. Название я подправил.

И, если не затруднит, ждём фирменного перевода анонса от Maxim Britov.

— Kent (20/06/2004 13:33)
GnuPG 1.2.5 second release candidate

From: Werner Koch <wk{_at_}gnupg.org> Hi! We are pleased to announce the availability of the second release candidate for GnuPG 1.2.5: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc2.tar.gz (3496k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc2.tar.gz.sig or as a patch against the first RC ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc1-1.2.5rc2.diff.gz (439k) Mirrors are listed at http://www.gnupg.org/download/mirrors.html MD5 sums are: f915790e3e2d13256cc49e3f08b77e1b gnupg-1.2.5rc2.tar.gz 9f15c912f40c14daf4fa3d612eece938 gnupg-1.2.5rc1-1.2.5rc2.diff.gz As this is the stable branch, this release contains mostly bug and portability fixes. Please test this release and report any problems. Noteworthy changes since 1.2.4: * New --ask-cert-level/--no-ask-cert-level option to turn on and off the prompt for signature level when signing a key. Defaults to off. * New --min-cert-level option to disregard key signatures that are under a specified level. Defaults to 1 (i.e. don't disregard anything). * New --max-output option to limit the amount of plaintext output generated by GnuPG. This option can be used by programs which call GnuPG to process messages that may result in plaintext larger than the calling program is prepared to handle. This is sometimes called a "Decompression Bomb". * New --list-config command for frontends and other programs that call GnuPG. See doc/DETAILS for the specifics of this. * New --gpgconf-list command for internal use by the gpgconf utility from gnupg 1.9.x. * Some performance improvements with large keyrings. See --enable-key-cache=SIZE in the README file for details. * Some portability fixes for the OpenBSD/i386, HPPA, and AIX platforms. * Simplified Chinese translation. Since RC1 we fixed a couple more portability issues as well as some other glitches. If we don't get serious complaints on this release, 1.2.5 will be released soon. Happy hacking, The GnuPG Team

— MaxBritov (27/07/2004 17:38)

Мы рады предложить Вам новую версию GnuPG 1.2.5
Данная версия является продолжением стабильной ветви разработки GnuPG 1.2.x

GNU Privacy Guard (GnuPG) – GNU приложение для обеспечения секретных
коммуникаций и шифрования хранимых данных. GnuPG, являющееся полной
и свободной заменой PGP, может быть использовано для шифрования
данных и создания цифровых подписей. GnuPG предоставляет широкие
возможности по управлению ключами и совместимо с предложенным OpenPGP
стандартом описанным в RFC2440.

Основная цель выпуска новой версии – исправление найденных ошибок.
Подробности в секции "Что нового?" – см. ниже.

Получение программы
=====
Следуйте инструкциям с http://www.gnupg.org/download/ или прочитайте:

GnuPG 1.2.5 можно скачать с одного из зеркал GnuPG
или прямо с ftp://ftp.gnupg.org/gcrypt
Список зеркал можно найти по адресу: http://www.gnupg.org/mirrors.html
Учтите, что GnuPG не доступен на ftp.gnu.org.

На зеркалах Вам следует искать следующие файлы в папке *gnupg*:

gnupg-1.2.5.tar.bz2 (2430k)
gnupg-1.2.5.tar.bz2.sig

Исходный код GnuPG сжатый с использованием BZIP2 и подпись OpenPGP.

gnupg-1.2.5.tar.gz (3559k)
gnupg-1.2.5.tar.gz.sig

Исходный код GnuPG сжатый с использованием GZIP и подпись OpenPGP.

gnupg-1.2.4-1.2.5.diff.gz (979k)

Патч обновляющий версию 1.2.4 до GnuPG 1.2.5. Файл подписан;
Вы должны использовать GnuPG > 0.9.5 для проверки подписи.
GnuPG позволяет прозрачно подписывать файлы патчей,
которые затем могут применяться без проблем.

Выберите один из вышеуказанных вариантов. Для уменьшения времени загрузки
возможно лучшим вариантов будет получение BZIP2 файла. Используйте другие
зеркала, если выбранное Вами еще не обновлено.

В папке *binary* Вам следует искать:

gnupg-w32cli-1.2.5.zip (1468k)
gnupg-w32cli-1.2.5.zip.sig

GnuPG собранный для Microsoft Windows с подписью OpenPGP.
Учтите, что это версия для работы с командной строкой и поставляется
без графического инсталлятора.
Вам следует использовать утилиту UNZIP для извлечения файлов
и установки их вручную. См. файл README. W32 для дополнительных
инструкций.

Проверка целостности
======
Убедиться что версия GnuPG, которую Вы собираетесь установить,
имеет оригинальное происхождение (не модифицирована никем)
можно одним из следующих способов:

* Если уже имеется проверенная версия GnuPG, то Вы можете просто

проверить приложенную подпись. Например проверка подписи файла
gnupg-1.2.5.tar.bz2 осуществляется следующей командой:

gpg ~~verify gnupg-1.2.5.tar.bz2.sig~~

Так Вы проверите подпись файла с исходным кодом. Вы должны увидеть
сообщение о том, что подпись достоверна и создана соответствующим ключом.
Удостоверьтесь, что Вы имеете оригинальный ключ, достоверность которого
следует проверить по отпечатку или проверкой того, что ключ подписан
доверенным ключом. Учтите, что Вы можете получить ключ используя
"finger wk 'на' g10code.com" или "dd9jn 'на' gnu.org", или
используя серверы ключей. Я недавно продлил срок действия ключа,
так что Вам, возможно, следует обновить данный ключ.

Никогда не используйте ту версию GnuPG, которую Вы только что скачали.
Для проверки целостности – используйте ранее установленную
(проверенную) версию.

* Если Вы не можете использовать ранее установленную версию GnuPG,

то Вам следует проверить контрольную сумму MD5. Например проверка
gnupg-1.2.5.tar.bz2 осуществляется следующей командой:

md5sum gnupg-1.2.5.tar.bz2

и сверьте вывод данной команды с соответствущими данными указанными
ниже:

9109ff94f7a502acd915a6e61d28d98a gnupg-1.2.5.tar.gz
e4991e46fde52b216410ef0f485b4217 gnupg-1.2.5.tar.bz2
d591cb58a7bc81d4e5572260ba2cd595 gnupg-1.2.4-1.2.5.diff.gz
3d93d73942117c4c0182cb15e01de70f gnupg-w32cli-1.2.5.zip

Обновление

Если Вы обновляетесь с версии более ранней, чем 1.0.7, то Вам следует
выполнить скрипт tools/convert-from-106 перед использованием новой версии.
Учтите также, что в версиях до 1.0.6 имеется ошибка и Вы не сможете
вернуться к такой версии, пока не примените патч
http://www.gnupg.org/developer/gpg-woody-fix.txt

Если Вы встретили какие-либо проблемы – см. FAQ и архив дискуссионных
почтовых списков на http://lists.gnupg.org Задавайте вопросы в
листе gnupg-users@gnupg.org или русскоязычном gnupg-ru@gnupg.org

Что нового

Здесь описаны основные изменения по отношению к версии 1.2.4:

~~Новый параметр --ask-cert-level/~~no-ask-cert-level вкл/выкл
запроса уровня подписи при подписывании ключа. По умолчанию вкл.

Новый параметр min-cert-level позволяет игнорировать ключи,
подписанные с уровнем ниже заданного. По умолчанию 1 (т.е.
ничего не игнорировать)

Новый параметр --max-output ограничивает объем выводимого GnuPG
текста. Данный параметр можно использовать в программах, которые
вызывают GnuPG для обработки соощений и не желают получить
в результате сообщение большего объема, чем они готовы обработать.
Иногда это называется "Decompression Bomb".

Новая команда --list-config для программ оболочек др. программ,
которые вызывают GnuPG.

Новая команда --gpgconf-list для внутренного использования
утилитой gpgconf из gnupg 1.9.x.

Некоторое повышение производительности на операциях с большими
связками ключей. См. --enable-key-cache=SIZE в файле README.

Некоторые улучшения портируемости на платформы OpenBSD/i386, HPPA
и AIX.

Китайский перевод.

Интернационализация
=====
GnuPG поставляется с переводом на 28 языков:

American English Indonesian (id)
Bela-Russian (be)[*] Italian (it)
Catalan (ca)[*] Japanese (ja)[*]
Czech (cs) Polish (pl)
Danish (da)[*] Brazilian Portuguese (pt_BR)[*]
Dutch (nl) Portuguese (pt)[*]
Esperanto (eo)[*] Romanian (ro)
Estonian (et) Russian (ru)
Finnish (fi) Slovak (sk)
French (fr) Spanish (es)
Galician (gl)[*] Swedish (sv)[*]
German (de) Traditional Chinese (zh_TW)[*]
Greek (el) Simplified Chinese (zh_CN)
Hungarian (hu) Turkish (tr)

Языки помеченные [*] не обновлены к настоящему релизу и Вы можете
получать непереведенные сообщения. Большое спасибо переводчикам
за их поддержку проекта GnuPG.

Планы на будущее
==
GnuPG 1.2.x текущая стабильная ветвь разработки. Здесь не ожидается
никаких существенных изменений. Мы будем исправлять обнаруженные
ошибки и добавлять исправления повышающие совместимость
по необходимости.

GnuPG 1.3.x – версия, в которую мы внедрили много нового и на ее
основе выйдет следующая стабильная версия 1.4 (довольно скоро)

GnuPG 1.9.x – новое поколение GnuPG. Данная версия объединит код
проекта Aegypten, включая gpg-agent, демон smartcard и gpgsm
для поддержки S/MIME. Дизайн отличается от предыдущих версий
и может не поддерживаться некоторыми старыми системами – совместимость
с POSIX будет абсолютным требованием для поддерживаемых платформ.
1.9 основана на коде старой 1.3 и будет мирно сосуществовать
с другими версиями GnuPG.

Happy Hacking,

The GnuPG Team (David, Stefan, Timo and Werner)

—
Werner Koch <wk@gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org

Перевод: Максим Бритов.
PS. В cvs ветке 1.2.x появилась папка doc/ru/, где лежат

русскоязычные GnuPG Privacy Handbook, man (перевод Павла Шайдо) и FAQ, detail (старое).

<!escaped~~></blockquote><!~~escaped-->

— Kent (26/08/2004 21:59)
Вышла новая стабильная версия 1.2.6

Версия только для Linux. Исправлены ошибки версии 1.2.5, возникающие при установке программы.
Скомпилированной версии под Windows нет, т.к. ошибка возникала только в Linux.

Here is a list of major user visible changes since 1.2.6:

Updated the included gettext. This also fixes the installation
problem from 1.2.5

Fixed a race condition possibly leading to deleted keys.

— Kent (02/10/2004 21:20)
GnuPG 1.3.90 released (development)

Noteworthy changes in version 1.3.90 (2004-10-01)

Readline support at all prompts is now available if the systems
provides a readline library. The build time option

-without-readline may be used to disable this feature.

Support for the OpenPGP smartcard is now enabled by default.
Use the option --disable-card-support to build without support
for smartcards.

New command "addcardkey" in the key edit menu to add subkeys to
a smartcard. New command "keytocard" to transfer a key to a
smartcard.
The serial number of the card is show in secret key listings.

-K may now be used as an alias for --list-secret-keys.

HTTP Basic authentication is now supported for all HKP and HTTP
keyserver functions, either through a proxy or via direct
access.

— Kent (16/10/2004 20:47)
GnuPG 1.3.91 released (development)

Noteworthy changes in version 1.3.91 (2004-10-15)

A new configure option --enable-selinux-support disallows
processing of confidential files used by gpg (e.g. secring.gpg).
This helps writing ACLs for the SELinux kernel.

Support for fetching keys via finger has been added. This is
useful for setting a preferred keyserver URL like
"finger:wk@g10code.com".

Timeout support has been added to the keyserver helpers. This
allows users to set an upper limit on how long to wait for the
keyserver before giving up.

New "direct" trust model where users can set key validity
directly if they do not want to participate in the web of trust.

Minor bug fixes, code and string cleanups.

— MaxBritov (28/10/2004 19:30)
Вышел GnuPG 1.3.92

Брать отсюда:

ftp://ftp.gnupg.org/gcrypt/alp...../gnupg-1.3.92.tar.gz^[link5] (3.8M)
ftp://ftp.gnupg.org/gcrypt/alp.....pg-1.3.92.tar.gz.sig^[link6]
ftp://ftp.gnupg.org/gcrypt/alp.....gnupg-1.3.92.tar.bz2^[link7] (2.6M)
ftp://ftp.gnupg.org/gcrypt/alp.....g-1.3.92.tar.bz2.sig^[link8]
Патч относительно 1.3.91:

ftp://ftp.gnupg.org/gcrypt/alp......3.92-1.3.92.diff.gz^[link9] (602k)
Контрольные суммы MD5:

285789af00856a12354fd3d967cf61b4 gnupg-1.3.92.tar.gz
bc9ee1f97d22dc727a00dfbfe2ebbf5e gnupg-1.3.92.tar.bz2
4ea581339dcf46cd8c21d928d4f9b759 gnupg-1.3.91-1.3.92.diff.gz
Контрольные суммы SHA1:

e03bb8d584fcf6c2a4567027012ce8012d6f85ec gnupg-1.3.92.tar.gz
e208f9db3fcab4b0c9afc089b6eff49a739289dc gnupg-1.3.92.tar.bz2
620f045f49d02f210edb95e3f2c6f9a42b72632c gnupg-1.3.91-1.3.92.diff.gz

Появилась собранная версия для MS Windows:

ftp://ftp.gnupg.org/gcrypt/alp.....pg-w32cli-1.3.92.zip^[link10] (1.5M)
ftp://ftp.gnupg.org/gcrypt/alp.....32cli-1.3.92.zip.sig^[link11]
Для корректной интернационализации следует иметь
установленную GNU iconv.dll. Доступна здесь:

ftp://ftp.gnupg.org/gcrypt/bin.....biconv-1.9.1.dll.zip^[link12] (644k)
ftp://ftp.gnupg.org/gcrypt/bin.....nv-1.9.1.dll.zip.sig^[link13]
Контроьные суммы MD5:

a5967c5b466e7fb3cf176a30623f55bd gnupg-w32cli-1.3.92.zip
f3582d28862c539d2f655ade5e141f2f libiconv-1.9.1.dll.zip

Изменения в 1.3.92 (2004-10-28)

Добавлено русское руководство (man). Преогромнейшее СПАСИБО Павлу Шайдо :)

для преобразования кодовых страниц теперь используется libiconv, если
они отличны от UTF-8, Latin-1,-2 и KOI8-2. Win32 версия будет работать корректно
только при установленной iconv.dll. Библиотека доступна на всех зеркалах сайта GNU, как libiconv.

gettext для Windows упрощен. MO файлы теперь распространяются в кодировке UTF-8
и gpg транслирует сообщения на лету.

Команда разработчиков GnuPG (David, Stefan, Timo и Werner)

прим: Большое им за всё СПАСИБО!

— Kent (18/12/2004 07:01)
Новая версия GnuPG v1.4.0

From: Werner Koch <...gnupg.org> Subject: GnuPG stable 1.4 released Date: Thu, 16 Dec 2004 18:24:48 +0100 Hello! We are pleased to announce the availability of the new stable GnuPG series. This first release is version 1.4.0 The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. 1.4.x is very similar to 1.2.x although a lot of improvements have been added over the course of the last 2 years. There are some minor incompatibilities when using very rare options but in almost all cases it may just replace the 1.2.x versions (as well as 1.0.6). Please note that the 1.2.x series will enter end of life status on January 1, 2005, after which it will only be updated for security critical bugs. Before then, we expect one more 1.2.x release to address a few minor outstanding issues (the fixes for which are already in 1.4.0), and to update the translations. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 1.4.0 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the mirrors you should find the following files in the *gnupg* directory: gnupg-1.4.0.tar.bz2 (2658k) gnupg-1.4.0.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-1.4.0.tar.gz (3837k) gnupg-1.4.0.tar.gz.sig GnuPG source compressed using GZIP and OpenPGP signature. Select one of them. To shorten the download time, you probably want to get the BZIP2 compressed file. Please try another mirror if exceptional your mirror is not yet up to date. In the *binary* directory, you should find these files: gnupg-w32cli-1.4.0.zip (1626k) gnupg-w32cli-1.4.0.zip.sig GnuPG compiled for Microsoft Windows and OpenPGP signature. Note that this is a command line version and comes without a graphical installer tool. You have to use an UNZIP utility to extract the files and install them manually. The included file README.W32 has further instructions. The source files are the same as given above. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-1.4.0.tar.bz2 you would use this command: gpg --verify gnupg-1.4.0.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using "finger wk 'at' g10code.com" or "finger dd9jn 'at' gnu.org" or using the keyservers. I recently prolonged the expiration date; thus you might need a fresh copy of that key. Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation! * If you are not able to use an old version of GnuPG, you have to verify the SHA1 checksum. Assuming you downloaded the file gnupg-1.4.0.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-1.4.0.tar.bz2 and check that the output matches the first line from the following list: 0054635a131b7af383e956fa9e1520ac44cad116 gnupg-1.4.0.tar.bz2 7078b8f14f21d04c7bc9d988a6a2f08d703fbc83 gnupg-1.4.0.tar.gz 6490a13bf98c919190e0f9bc115ab5af0b3059e0 gnupg-w32cli-1.4.0.zip Upgrade Information =================== If you are upgrading from a version prior to 1.0.7, you should run the script tools/convert-from-106 once. Please note also that due to a bug in versions prior to 1.0.6 it may not be possible to downgrade to such versions unless you apply the patch http://www.gnupg.org/developer/gpg-woody-fix.txt . If you have any problems, please see the FAQ and the mailing list archive at http://lists.gnupg.org. Please direct questions to the gnupg-users@gnupg.org mailing list. What's New =========== There are too many changes to list them here. Please check out the NEWS file or read the summary at the end of this announcement. Internationalization ==================== GnuPG comes with support for 28 languages: American English Indonesian (id)[*] Bela-Russian (be)[*] Italian (it)[*] Catalan (ca)[*] Japanese (ja) Czech (cs) Polish (pl)[*] Danish (da)[*] Brazilian Portuguese (pt_BR)[*] Dutch (nl)[*] Portuguese (pt)[*] Esperanto (eo)[*] Romanian (ro)[*] Estonian (et)[*] Russian (ru)[*] Finnish (fi)[*] Slovak (sk)[*] French (fr) Spanish (es)[*] Galician (gl)[*] Swedish (sv)[*] German (de) [*] Traditional Chinese (zh_TW)[*] Greek (el) [*] Simplified Chinese (zh_CN) Hungarian (hu) [*] Turkish (tr) [*] Languages marked with [*] were not updated for this release and you will most likely notice untranslated messages. Many thanks to the translators for their ongoing support of GnuPG. Due to a lot of stylistic changes to the strings and about 150 new strings, most translations are not up to date. However we don't think that this is reason enough to hold back the release. Updated translations will be added to the next releases. [Note to our translators: please see the file doc/TRANSLATE] Future Directions ================= GnuPG 1.4.x is the current stable branch and will be kept as the easy to use and build single-executable versions. We plan to backport new features from the development series to 1.4. GnuPG 1.9.x is the new development series of GnuPG. This version merged the code from the Aegypten project and thus it includes the gpg-agent, a smartcard daemon and gpg's S/MIME cousin gpgsm. The design is different to the previous versions and we may not support all ancient systems - thus POSIX compatibility will be an absolute requirement for supported platforms. 1.9 is as of now based on an somewhat older 1.3 code but will peacefully coexist with other GnuPG versions. Support ======= Developing and maintaining GnuPG and related software is nothing one can do in the evening or on weekends. We all spend a lot of time and money on it. David is actually doing this in his spare time beside his day job; g10 Code employs Timo and Werner to work on this software and would appreciate to refinance it by entering into support contracts or other contributions. Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Kudos to David Shaw who did most of the new features in 1.4 and discussed various OpenPGP problems in lengths at several working groups. Happy Hacking, The GnuPG Team (David, Timo and Werner) -- Werner Koch <wk@gnupg.org> The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org %0C GnuPG 1.4 Highlights ==================== This is a brief overview of the changes between the GnuPG 1.2 series and the new GnuPG 1.4 series. To read the full list of highlights for each revision that led up to 1.4, see the NEWS file in the GnuPG distribution. This document is based on the NEWS file, and is thus the highlights of the highlights. When upgrading, note that RFC-2440, the OpenPGP standard, is currently being revised. Most of the revisions in the latest draft (2440bis-12) have already been incorporated into GnuPG 1.4. Algorithm Changes ----------------- OpenPGP supports many different algorithms for encryption, hashing, and compression, and taking into account the OpenPGP revisions, GnuPG 1.4 supports a slightly different algorithm set than 1.2 did. The SHA256, SHA384, and SHA512 hashes are now supported for read and write. The BZIP2 compression algorithm is now supported for read and write. Due to the recent successful attack on the MD5 hash algorithm (discussed in <http://www.rsasecurity.com/rsalabs/node.asp?id=2738>, among other places), MD5 is deprecated for OpenPGP use. It is still allowed in GnuPG 1.4 for backwards compatibility, but a warning is given when it is used. The TIGER/192 hash is no longer available. This should not be interpreted as a statement as to the quality of TIGER/192 - rather, the revised OpenPGP standard removes support for several unused or mostly unused hashes, and TIGER/192 was one of them. Similarly, Elgamal signatures and the Elgamal signing key type have been removed from the OpenPGP standard, and thus from GnuPG. Please do not confuse Elgamal signatures with DSA or DSS signatures or with Elgamal encryption. Elgamal signatures were very rarely used and were not supported in any product other than GnuPG. Elgamal encryption was and still is part of OpenPGP and GnuPG. Very old (pre-1.0) versions of GnuPG supported a nonstandard (contrary to OpenPGP) Elgamal key type. While no recent version of GnuPG permitted the generation of such keys, GnuPG 1.2 could still use them. GnuPG 1.4 no longer allows the use of these keys or the (also nonstandard) messages generated using them. At build time, it is possible to select which algorithms will be built into GnuPG. This can be used to build a smaller program binary for embedded uses where space is tight. Keyserver Changes ----------------- GnuPG 1.4 does all keyserver operations via plugin or helper applications. This allows the main GnuPG program to be smaller and simpler. People who package GnuPG for various reasons have the flexibility to include or leave out support for any keyserver type as desired. Support for fetching keys via HTTP and finger has been added. This is mainly useful for setting a preferred keyserver URL like "http://www.jabberwocky.com/key.asc". or "finger:wk@g10code.com". The LDAP keyserver helper now supports storing, retrieving, and searching for keys in both the old NAI "LDAP keyserver" as well as the more recent method to store OpenPGP keys in standard LDAP servers. This is compatible with the storage schema that PGP uses, so both products can interoperate with the same LDAP server. The LDAP keyserver helper is compatible with the PGP company's new "Global Directory" service. If the LDAP library you use supports LDAP-over-TLS and LDAPS, then GnuPG detects this and supports them as well. Note that using TLS or LDAPS does not improve the security of GnuPG itself, but may be useful in certain key distribution scenarios. HTTP Basic authentication is now supported for all HKP and HTTP keyserver functions, either through a proxy or via direct access. The HKP keyserver plugin supports the new machine-readable key listing format for those keyservers that provide it. IPv6 is supported for HKP and HTTP keyserver access. When using a HKP keyserver with multiple DNS records (such as subkeys.pgp.net which has the addresses of multiple servers around the world), all DNS address records are tried until one succeeds. This prevents a single down server in the rotation from stopping access. DNS SRV records are used in HKP keyserver lookups to allow administrators to load balance and select keyserver ports automatically. Timeout support has been added to the keyserver plugins. This allows users to set an upper limit on how long to wait for the keyserver before giving up. Preferred Keyserver URL ----------------------- Preferred keyserver support has been added. Users may set a preferred keyserver via the --edit-key command "keyserver". If the --keyserver-option honor-keyserver-url is set (and it is by default), then the preferred keyserver is used when refreshing that key with --refresh-keys. The --sig-keyserver-url option can be used to inform signature recipients where the signing key can be downloaded. When verifying the signature, if the signing key is not present, and the keyserver options honor-keyserver-url and auto-key-retrieve are set, this URL will be used to retrieve the key. Trust Signatures ---------------- GnuPG 1.4 supports OpenPGP trust signatures, which allow a user to specify the trust level and distance from the user along with the signature so users can delegate different levels of certification ability to other users, possibly restricted by a regular expression on the user ID. Trust Models ------------ GnuPG 1.4 supports several ways of looking at trust: Classic - The classic PGP trust model, where people sign each others keys and thus build up an assurance (called "validity") that the key belongs to the right person. This was the default trust model in GnuPG 1.2. Always - Bypass all trust checks, and make all keys fully valid. Direct - Users may set key validity directly. PGP - The PGP 7 and 8 behavior which combines Classic trust with trust signatures overlaid on top. This is the default trust model in GnuPG 1.4. The OpenPGP Smartcard --------------------- GnuPG 1.4 supports the OpenPGP smartcard (<http://www.g10code.de/p-card.html>) Secret keys may be kept fully or partially on the smartcard. The smartcard may be used for primary keys or subkeys. Other Interesting New Features ------------------------------ For those using Security-Enhanced Linux <http://www.nsa.gov/selinux/>, the configure option --enable-selinux-support prevents GnuPG from processing its own files (i.e. reading the secret keyring for something other than getting a secret key from it). This simplifies writing ACLs for the SELinux kernel. Readline support is now available at all prompts if the system provides a readline library. GnuPG can now create messages that can be decrypted with either a passphrase or a secret key. These messages may be generated with --symmetric --encrypt or --symmetric --sign --encrypt. --list-options and --verify-options allow the user to customize exactly what key listings or signature verifications look like, enabling or disabling things such as photo display, preferred keyserver URL, calculated validity for each user ID, etc. The --primary-keyring option designates the keyring that the user wants new keys imported into. The --hidden-recipient (or -R) command encrypts to a user, but hides the identity of that user. This is the same functionality as --throw-keyid, but can be used on a per-user basis. Full algorithm names (e.g. "3DES", "SHA1", "ZIP") can now be used interchangeably with the short algorithm names (e.g. "S2", "H2", "Z1") anywhere algorithm names are used in GnuPG. The --keyid-format option selects short (99242560), long (DB698D7199242560), 0xshort (0x99242560), or 0xlong (0xDB698D7199242560) key ID displays. This lets users tune the display to what they prefer. While it is not recommended for extended periods, it is possible to run both GnuPG 1.2.x and GnuPG 1.4 during the transition. To aid in this, GnuPG 1.4 tries to load a config file suffixed with its version before it loads the default config file. For example, 1.4 will try for gpg.conf-1.4 and gpg.conf-1 before falling back to the regular gpg.conf file.

Версия для Windows:
ftp://ftp.gnupg.org/gcrypt/bin.....pg-w32cli-1.4.0a.zip^[link14] (1627k)
ftp://ftp.gnupg.org/gcrypt/bin.....32cli-1.4.0a.zip.sig^[link15]

Контрольная сумма SHA1:

28be01b7f8eaa29db73d11bf8b9504e823c07c2b gnupg-w32cli-1.4.0a.zip

— Kent (16/03/2005 20:01)
Вышла версия GnuPG v1.4.1

Программа обзавелась инсталлятором и полной поддержкой русского языка (Вин32 версия). Также исправлена проблема совместной работы с The Bat! (проверено на The Bat! V2.12)

From: Werner Koch <~~~@gnupg.org> Subject: GnuPG 1.4.1 released Date: Tue, 15 Mar 2005 17:53:36 +0100 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.1 The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 1.4.1 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the mirrors you should find the following files in the *gnupg* directory: gnupg-1.4.1.tar.bz2 (2756k) gnupg-1.4.1.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-1.4.1.tar.gz (3964k) gnupg-1.4.1.tar.gz.sig GnuPG source compressed using GZIP and OpenPGP signature. gnupg-1.4.0-1.4.1.diff.bz2 (650k) A patch file to upgrade a 1.4.0 GnuPG source. Select one of them. To shorten the download time, you probably want to get the BZIP2 compressed file. Please try another mirror if exceptional your mirror is not yet up to date. In the *binary* directory, you should find these files: gnupg-w32cli-1.4.1.exe (1406k) gnupg-w32cli-1.4.1.exe.sig GnuPG compiled for Microsoft Windows and OpenPGP signature. Note that this is a command line version and now comes with a graphical installer tool. The source files are the same as given above. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-1.4.1.tar.bz2 you would use this command: gpg --verify gnupg-1.4.1.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using "finger wk 'at' g10code.com" or "finger dd9jn 'at' gnu.org" or using the keyservers. I recently prolonged the expiration date; thus you might need a fresh copy of that key. Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-1.4.1.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-1.4.1.tar.bz2 and check that the output matches the first line from the following list: ebd16ef9d3fd3c38e38cf39e6347ed058fd12840 gnupg-1.4.1.tar.bz2 f8e982d5e811341a854ca9c15feda7d5aba6e09a gnupg-1.4.1.tar.gz db573a6c3707f65797b569efda7e0905c4c4469c gnupg-w32cli-1.4.1.exe Upgrade Information =================== If you are upgrading from a version prior to 1.0.7, you should run the script tools/convert-from-106 once. Please note also that due to a bug in versions prior to 1.0.6 it may not be possible to downgrade to such versions unless you apply the patch http://www.gnupg.org/developer/gpg-woody-fix.txt . If you have any problems, please see the FAQ and the mailing list archive at http://lists.gnupg.org. Please direct questions to the gnupg-users@gnupg.org mailing list. What's New =========== There are too many changes to list them here. Please check out the NEWS file or read the summary at the end of this announcement. Internationalization ==================== GnuPG comes with support for 28 languages: American English Indonesian (id)[*] Bela-Russian (be)[*] Italian (it)[*] Catalan (ca)[*] Japanese (ja) Czech (cs) Polish (pl)[*] Danish (da)[*] Brazilian Portuguese (pt_BR)[*] Dutch (nl)[*] Portuguese (pt)[*] Esperanto (eo)[*] Romanian (ro) Estonian (et)[*] Russian (ru)[*] Finnish (fi)[*] Slovak (sk)[*] French (fr) Spanish (es)[*] Galician (gl)[*] Swedish (sv)[*] German (de) [*] Traditional Chinese (zh_TW) Greek (el) [*] Simplified Chinese (zh_CN) Hungarian (hu) [*] Turkish (tr) [*] Languages marked with [*] were not updated for this release and you will most likely notice untranslated messages. Many thanks to the translators for their ongoing support of GnuPG. Due to a lot of stylistic changes to the strings and about 150 new strings, most translations are not up to date. However we don't think that this is reason enough to hold back the release. Updated translations will be added with the next releases. Future Directions ================= GnuPG 1.4.x is the current stable branch and will be kept as the easy to use and build single-executable versions. We plan to backport new features from the development series to 1.4. GnuPG 1.9.x is the new development series of GnuPG. This version merged the code from the Aegypten project and thus it includes the gpg-agent, a smartcard daemon and gpg's S/MIME cousin gpgsm. The design is different to the previous versions and we may not support all ancient systems - thus POSIX compatibility will be an absolute requirement for supported platforms. 1.9 is as of now based on an somewhat older 1.3 code but will peacefully coexist with other GnuPG versions. Support ======= Developing and maintaining GnuPG and related software is nothing one can do in the evening or on weekends. We all spend a lot of time and money on it. David is actually doing this in his spare time beside his day job; g10 Code employs Timo and Werner to work on this software and would appreciate to refinance it by entering into support contracts or other contributions. Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Kudos to David Shaw who did most of the new features in 1.4 and discussed various OpenPGP problems in lengths at several working groups. Happy Hacking, The GnuPG Team (David, Timo and Werner) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iEYEARECAAYFAkI3Eu4ACgkQYHhOlAEKV+1lTwCfSVtlldBYT2G3MZrxk+jHcH0i gYcAnArQgwu1RvaLp+713awo0QX6E6im =PGws -----END PGP SIGNATURE-----
Что нового:
* New --rfc2440-text option which controls how text is handled in signatures. This is in response to some problems seen with certain PGP/MIME mail clients and GnuPG version 1.4.0. More details about this are available at <http://lists.gnupg.org/pipermail/gnupg-users/2005-January/024408.html>. * New "import-unusable-sigs" and "export-unusable-sigs" tags for --import-options and --export-options. These are off by default, and cause GnuPG to not import or export key signatures that are not usable (e.g. expired signatures). * New experimental HTTP, HTTPS, FTP, and FTPS keyserver helper that uses the cURL library <http://curl.haxx.se> to retrieve keys. This is disabled by default, but may be enabled with the configure option --with-libcurl. Without this option, the existing HTTP code is used for HTTP, and HTTPS, FTP, and FTPS are not supported. * When running a --card-status or --card-edit and a public key is available, missing secret key stubs will be created on the fly. Details of the key are listed too. * The implicit packet dumping in double verbose mode is now sent to stderr and not to stdout. * Added countermeasures against the Mister/Zuccherato CFB attack <http://eprint.iacr.org/2005/033>. * [W32] The algorithm for the default home directory changed: First we look at the environment variable GNUPGHOME, if this one is not set, we check whether the registry entry {HKCU,HKLM}\Software\GNU\GnuPG:HomeDir has been set. If this fails we use a GnuPG directory below the standard application data directory (APPDATA) of the current user. Only in the case that this directory cannot be determined, the old default of c:\gnupg will be used. The option --homedir still overrides all of them. * [W32] The locale selection under Windows changed. You need to enter the locale in the registry at HKCU\Software\GNU\GnuPG:Lang. For German you would use "de". If it is not set, GnuPG falls back to HKLM. The languages files "*.mo" are expected in a directory named "gnupg.nls" below the installation directory; that directory must be stored in the registry at the same key as above with the name "Install Directory". * Add new --edit-key command "bkuptocard" to allow restoring a card key from a backup. * The "fetch" command of --card-edit now retrieves the key using the default keyserver if no URL has been stored on the card. * New configure option --enable-noexecstack.

— Гость (16/03/2005 20:46)
А что значит с полной поддержкой русского языка?
Для мне подробнее можно, т.к. не ставил пока на windows, не смотрел.
Инсталлятор переведен?

— Kent (16/03/2005 23:01)
Инсталлятор не переведён – английский и немецкий языки. Но там трудно не разобраться.
Сообщения в консоли выводятся на русском (правда, я ещё полностью все функции не опробовал), в том числе Help.
В GPGshell и в The Bat! Результаты работы также на русском.

— MaxBritov (17/03/2005 13:05)
Kent, Спасибо.
1118 translated messages, 8 fuzzy translations, 60 untranslated messages.
Вот инсталлятором надо бы заняться.
Еще ссылка по теме выхода новой версии:
http://www.fsfe.org/Members/werner/gpgbits

— Kent (23/04/2005 14:52)
Вышла версия GnuPG 1.9.16 (S/MIME)
Пока только для Linux.

From: Werner Koch <..@.....com> Subject: GnuPG 1.9.16 (S/MIME) released Date: Thu, 21 Apr 2005 17:23:26 +0200 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! We are pleased to announce the availability of GnuPG 1.9.16; the development branch of GnuPG featuring the S/MIME protocol. GnuPG 1.9 is the development version of GnuPG; it is based on some old GnuPG 1.3 code and the previous NewPG package. It will eventually lead to a GnuPG 2.0 release. Note that GnuPG 1.4 and 1.9 are not yet in sync and thus features and bug fixes done in 1.4 are not available in 1.9. *Please keep on using 1.4.x for OpenPGP*; 1.9.x and 1.4.x may be installed simultaneously. You should use GnuPG 1.9 if you want to use the gpg-agent or gpgsm (the S/MIME variant of gpg). The gpg-agent is also helpful when using the stable gpg version 1.4 (as well as the old 1.2 series). This is mainly a bug fix release but comes with some new features as well: * gpg-agent does now support the ssh-agent protocol and thus allows to use the pinentry as well as the OpenPGP smartcard with ssh. * New tool gpg-connect-agent as a general client for the gpg-agent. * New tool symcryptrun as a wrapper for certain encryption tools. * The gpg tool is not anymore build by default because those gpg versions available in the gnupg 1.4 series are far more matured. Please get it from the mirrors as listed at http://www.gnupg.org/download/mirrors.html or direct from ftp.gnupg.org: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.16.tar.bz2 (1667k) ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.16.tar.bz2.sig or as a patch against the previous release: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.9.15-1.9.16.diff.bz2 (108k) You will also need to get a new libksba (the X.509 and CMS parser): ftp://ftp.gnupg.org/gcrypt/alpha/libksba/libksba-0.9.11.tar.bz2 (443k) ftp://ftp.gnupg.org/gcrypt/alpha/libksba/libksba-0.9.11.tar.bz2.sig a patch is also available: ftp://ftp.gnupg.org/gcrypt/alpha/libksba/libksba-0.9.10-0.9.11.diff.bz2 (112k) GnuPG 1.9 makes use of a separate tool for CRL checking, this is called the Dirmngr. We have also released a new version of it and we suggest to update to that release: ftp://ftp.gnupg.org/gcrypt/alpha/dirmngr/dirmngr-0.9.2.tar.bz2 (463k) ftp://ftp.gnupg.org/gcrypt/alpha/dirmngr/dirmngr-0.9.2.tar.bz2.sig as usual we also provide a patch: ftp://ftp.gnupg.org/gcrypt/alpha/dirmngr/dirmngr-0.9.1-0.9.2.diff.bz2 (16k) SHA-1 checksums for the above files are: 7e470baf9a91221342af5aad57319329bf983a3a gnupg-1.9.16.tar.bz2 5a296cd8788f7fe2495bc014f8e19a4d2a000dc8 gnupg-1.9.15-1.9.16.diff.bz2 0dc8a41b3165404ccdb0e4a3701412f7cc625b11 libksba-0.9.11.tar.bz2 9805a08fd74b64c23262d31b741b12b0a59f04b2 libksba-0.9.10-0.9.11.diff.bz2 0e8377deb78408b9081681ea1437667cc3c5b77e dirmngr-0.9.2.tar.bz2 5f02bd2a9c5ac9214e0412d48d8d5342e230a2b0 dirmngr-0.9.1-0.9.2.diff.bz2 Happy hacking, Werner -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iEYEARECAAYFAkJnxRgACgkQYHhOlAEKV+3RUgCeKeZvWsVNJDK5Mm5GKRmTzPjL /sMAoLmKF4+61cYHk/NxKUlmqUxSIq2T =yxLM -----END PGP SIGNATURE-----

— Kent (28/07/2005 23:57)
New stable GnuPG release: GnuPG v1.4.2

What's New

New command "verify" in the card-edit menu to display
the Private-DO-3. The Admin command has been enhanced to take
the optional arguments "on", "off" and "verify". The latter may
be used to verify the Admin Pin without modifying data; this
allows displaying the Private-DO-4 with the "list" command.

Rewrote large parts of the card code to optionally make use of a
running gpg-agent. If --use-agent is being used and a gpg-agent
with enabled scdaemon is active, gpg will now divert all card
operations to that daemon. This is required because both,
scdaemon and gpg require exclusive access to the card reader. By
delegating the work to scdaemon, both can peacefully coexist and
scdaemon is able to control the use of the reader. Note that
this requires at least gnupg 1.9.17.

Fixed a couple of problems with the card reader.

Command completion is now available in the --edit-key and
-card-edit menus. Filename completion is available at all
filename prompts. Note that completion is only available if the
system provides a readline library.

New experimental HKP keyserver helper that uses the cURL
library. It is enabled via the configure option --with-libcurl
like the other (also experimental) cURL helpers. Please make
sure to also apply the attached patch.

New key cleaning options that can be used to remove unusable
(expired, revoked) signatures from a key. This is available via
the new "clean" command in --edit-key on a key by key basis, as
well as via the import-clean-sigs/import-clean-uids and
export-clean-sigs/export-clean-uids options for --import-options
and --export-options. These are currently off by default, and
replace the import-unusable-sigs/export-unusable-sigs options
from version 1.4.1.

New export option export-reset-subkey-passwd.

New option --limit-card-insert-tries.

ftp://ftp.gnupg.org/gcrypt/

6eda5b090f9f1ac0da5e8b545e2667220a0e89ca gnupg-1.4.2.tar.bz2
cc7e9a5268bf309ac652a7343b62dff8cfb68d38 gnupg-1.4.2.tar.gz
ca0180b5e5d6ee78c68c701f6ded2d9008bf7608 gnupg-1.4.1-1.4.2.diff.bz2
8394920be8d2daa764e94d4bd5869853a3f293b8 gnupg-w32cli-1.4.2.exe

— Гость (21/12/2005 00:16)
Подскажите, пожалуйста, какая версия продуктов PGP лучше всего подходит для электронной почты? И где можно взять исходные коды программ? Очень надо!

— Lustermaf (25/12/2005 13:45)
Natik, Вы ошиблись разделом. В этой теме только анонсы выхода версий GnuPG.
PGP обсуждается здесь^[link16], там и спросите.

— Lustermaf (09/03/2006 23:13)
Вслед за 1.4.2.1 вышла стабильная версия GnuPG 1.4.2.2:

Noteworthy changes in version 1.4.2.2 (2006-03-08)

Files containing several signed messages are not allowed any
longer as there is no clean way to report the status of such
files back to the caller. To partly revert to the old behaviour
the new option ~~allow-multisig-verification may be used.~~
<!escaped~~></blockquote><!~~escaped-->
Эта версия исправляет обнаруженную недавно уязвимость^[link17], поэтому всем настоятельно рекомендуется обновиться.

Ссылка на новость: http://lists.gnupg.org/piperma.....e/2006q1/000216.html^[link18]
Ссылка для скачивания: http://www.gnupg.org/download/

— Вий (16/03/2006 15:55)
Хочу скачать gnupg 1.4.2.2 по ссылке ftp://ftp.gnupg.org/gcrypt/bin.....g-w32cli-1.4.2.2.exe^[link19]
По этой ссылке файл не качается уже несколько дней. ?? Как и другие файлы.
Ради проверки попробовал закачку других файлов (с других сайтов) – пошло. Скажите, только у меня "неисправность"?

— Lustermaf (16/03/2006 16:20)
Вий, у меня тоже сейчас не скачивается. :(
Но это не повод ждать несколько дней: ведь есть зеркала^[link20].

Попробуйте скачать с одного из них^[link21] и не забудьте проверить подпись (ЭЦП):
gnupg-w32cli-1.4.2.2.exe^[link22]
gnupg-w32cli-1.4.2.2.exe.sig^[link23]

— Вий (16/03/2006 18:56)
Lustermaf, спасибо. Скачал, подпись верна.

— Kent (03/04/2006 23:32)
Обновление GnuPG до версии 1.4.3.

Что нового:

Noteworthy changes in version 1.4.3 (2006-04-03)

If available, cURL-based keyserver helpers are built that can
retrieve keys using HKP or any protocol that cURL supports
(HTTP, HTTPS, FTP, FTPS, etc). If cURL is not available, HKP
and HTTP are still supported using a built-in cURL emulator. To
force building the old pre-cURL keyserver helpers, use the
configure option --enable-old-keyserver-helpers. Note that none
of this affects finger or LDAP support, which are unchanged.
Note also that a future version of GnuPG will remove the old
keyserver helpers altogether.

Implemented Public Key Association (PKA) signature verification.
This uses special DNS records and notation data to associate a
mail address with an OpenPGP key to prove that mail coming from
that address is legitimate without the need for a full trust
path to the signing key.

When exporting subkeys, those specified with a key ID or
fingerpint and the '!' suffix are now merged into one keyblock.

Added "gpg-zip", a program to create encrypted archives that can
interoperate with PGP Zip.

Added support for signing subkey cross-certification "back
signatures". Requiring cross-certification to be present is
currently off by default, but will be changed to on by default
in the future, once more keys use it. A new "cross-certify"
command in the --edit-key menu can be used to update signing
subkeys to have cross-certification.

The key cleaning options for --import-options and
-export-options have been further polished. "import-clean" and
"export-clean" replace the older
import-clean-sigs/import-clean-uids and
export-clean-sigs/export-clean-uids option pairs.

New "minimize" command in the --edit-key menu removes everything
that can be removed from a key, rendering it as small as
possible. There are corresponding "export-minimal" and
"import-minimal" commands for --export-options and

-import-options.

New --fetch-keys command to retrieve keys by specifying a URI.
This allows direct key retrieval from a web page or other
location that can be specified in a URI. Available protocols
are HTTP and finger, plus anything that cURL supplies, if built
with cURL support.

Files containing several signed messages are not allowed any
longer as there is no clean way to report the status of such
files back to the caller. To partly revert to the old behaviour
the new option --allow-multisig-verification may be used.

The keyserver helpers can now handle keys in either ASCII armor
or binary format.

New auto-key-locate option that takes an ordered list of methods
to locate a key if it is not available at encryption time (-r or

-recipient). Possible methods include "cert" (use DNS CERT as
per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
server for the domain in question), "keyserver" (use the
currently defined keyserver), as well as arbitrary keyserver
URIs that will be contacted for the key.

Able to retrieve keys using DNS CERT records as per RFC-2538bis
(currently in draft): http://www.josefsson.org/rfc2538bis

Скачать:
ftp://ftp.gnupg.org/gcrypt/
Дистрибутив для Windows находится в директории *binary*

Зеркала можно найти здесь:
http://www.gnupg.org/mirrors.html

Контрольные суммы SHA-1:
9e96b36e4f4d1e8bc5028c99fac674482cbdb370 gnupg-1.4.3.tar.bz2
7c0f5db594bed9a901d9be43c31f6c80c6080141 gnupg-1.4.3.tar.gz
5477211551e96ad689c7618ee39a2b9c186721ef gnupg-1.4.2.2-1.4.3.diff.bz2
abf49fa5dc71e291144780d47f2811d83ae5e1ba gnupg-w32cli-1.4.3.exe

— Olaf (10/06/2006 17:42)
Глупый вопрос: как проверить контрольную сумму?
Также скачал файл подписи, но проверить не смог, т.к. у меня нет открытого ключа, на keyserver2.pgp.com такого ID нет.

— serzh (10/06/2006 18:23)
Проверка сумм:
sha1sum file
или sha1sum -c file.sha1
Открытый ключ:
http://www.gnupg.org/(en)/signature_key.html
Проверка подписи
gpg --verify file.sig

— serzh (28/06/2006 13:00)
25.06.06 обновился GnuPG до версии 1.4.4
Скачать: http://gnupg.org/download/

— Rabby (28/06/2006 14:05)
What's New – 1.4.4

* User IDs are now capped at 2048 bytes. This avoids a memory allocation attack (see CVE-2006-3082).

* Added support for the SHA-224 hash. Like the SHA-384 hash, it is mainly useful when DSS (the US Digital Signature Standard) compatibility is desired.

* Added support for the latest update to DSA keys and signatures. This allows for larger keys than 1024 bits and hashes other than SHA-1 and RIPEMD/160. Note that not all OpenPGP implementations can handle these new keys and signatures yet. See "--enable-dsa2" in the manual for more information.

— Гость (04/07/2006 14:35)
Вышла версия GnuPG v1.4.4

— Kent (02/08/2006 02:02)
Вышла версия 1.4.5

Что нового:

Noteworthy changes in version 1.4.5 (2006-08-01)

Reverted check for valid standard handles under Windows.

More DSA2 tweaks.

Fixed a problem uploading certain keys to the smart card.

Fixed 2 more possible memory allocation attacks.

Added Norwegian translation.

— Гость (03/08/2006 18:11)
UPDATING TO THIS VERSION IS HIGHLY RECOMMENDED!
http://lists.gnupg.org/piperma.....e/2006q3/000229.html^[link24]

— Rabby (21/12/2006 09:52)
Между делом:
http://www.gnupg.org/(en)/news.html

Important security update for GnuPG (2006-12-06 17:18:35)

Tavis Ormandy of the Gentoo security team identified a severe and exploitable bug in the processing of encrypted packets in GnuPG. Updating is highly suggested. A new version of GnuPG (1.4.6) as well has a patch to 2.0.1 has been released.

Таким образом, вышла новая версия:

ftp://ftp.gnupg.org/gcrypt/bin.....upg-w32cli-1.4.6.exe^[link25]

... Ну и про обновившуюся ветку 2.0.х

What's New

* Experimental support for the PIN pads of the SPR 532 and the Kaan Advanced card readers. Add "disable-keypad" scdaemon.conf if you don't want it. Does currently only work for the OpenPGP card and its authentication and decrypt keys.
* Fixed build problems on some some platforms and crashes on amd64.
* Fixed a buffer overflow in gpg2. [bug#728]

Ссылки
^[link1] ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc1.tar.gz

^[link2] ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.5rc1.tar.gz.sig

^[link3] ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.2.4-1.2.5rc1.diff.gz

^[link4] http://lists.gnupg.org/pipermail/gnupg-announce/2004q2/000168.html

^[link5] ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.gz

^[link6] ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.gz.sig

^[link7] ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.bz2

^[link8] ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.bz2.sig

^[link9] ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92-1.3.92.diff.gz

^[link10] ftp://ftp.gnupg.org/gcrypt/alpha/binary/gnupg-w32cli-1.3.92.zip

^[link11] ftp://ftp.gnupg.org/gcrypt/alpha/binary/gnupg-w32cli-1.3.92.zip.sig

^[link12] ftp://ftp.gnupg.org/gcrypt/binary/libiconv-1.9.1.dll.zip

^[link13] ftp://ftp.gnupg.org/gcrypt/binary/libiconv-1.9.1.dll.zip.sig

^[link14] ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.0a.zip

^[link15] ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.0a.zip.sig

^[link16] http://www.pgpru.com/forum/viewforum.php?f=10

^[link17] http://www.pgpru.com/forum/viewtopic.php?t=1810

^[link18] http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html

^[link19] ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.2.2.exe

^[link20] http://www.gnupg.org/download/mirrors.html

^[link21] ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/

^[link22] ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.2.2.exe

^[link23] ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.2.2.exe.sig

^[link24] http://lists.gnupg.org/pipermail/gnupg-announce/2006q3/000229.html

^[link25] ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.6.exe

openPGP в России

Анонсы выхода версий