diff options
| -rw-r--r-- | doc/announce-2.1.txt | 261 |
1 files changed, 261 insertions, 0 deletions
diff --git a/doc/announce-2.1.txt b/doc/announce-2.1.txt new file mode 100644 index 000000000..e165332a1 --- /dev/null +++ b/doc/announce-2.1.txt @@ -0,0 +1,261 @@ +Hello! + +The GnuPG Project is pleased to announce the availability of a +new release: Version 2.1.0. + +The GNU Privacy Guard (GnuPG) is a complete and free implementation of +the OpenPGP standard as defined by RFC-4880 and better known as PGP. + +GnuPG, also known as GPG, allows to encrypt and sign data and +communication, features a versatile key management system as well as +access modules for public key directories. GnuPG itself is a command +line tool with features for easy integration with other applications. +A wealth of frontend applications and libraries making use of GnuPG +are available. Since version 2 GnuPG provides support for S/MIME and +Secure Shell in addition to OpenPGP. + +GnuPG is Free Software (meaning that it respects your freedom). It can +be freely used, modified and distributed under the terms of the GNU +General Public License. + +Three different versions of GnuPG are actively maintained: + +- GnuPG "modern" (2.1) is the latest development with a lot of new + features. This announcement is about the first release of this + version. + +- GnuPG "stable" (2.0) is the current stable version for general use. + This is what most users are currently using. + +- GnuPG "classic" (1.4) is the old standalone version which is most + suitable for older or embedded platforms. + +You may not install "modern" (2.1) and "stable" (2.0) at the same +time. However, it is possible to install "classic" (1.4) along with +any of the other versions. + + +What's New in GnuPG-2.1 +======================= + + - The file "secring.gpg" is not anymore used to store the secret + keys. Merging of secret keys is now supported. + + - All support for PGP-2 keys has been removed for security reasons. + + - The standard key generation interface is now much leaner. This + will help a new user to quickly generate a suitable key. + + - Support for Elliptic Curve Cryptography (ECC) is now available. + + - Commands to create and sign keys from the command line without any + extra prompts are now available. + + - The Pinentry may now show the new passphrase entry and the + passphrase confirmation entry in one dialog. + + - There is no more need to manually start the gpg-agent. It is now + started by any part of GnuPG as needed. + + - Problems with importing keys with the same long key id have been + addressed. + + - The Dirmngr is now part of GnuPG proper and also takes care of + accessing keyserver. + + - Keyserver pools are now handled in a smarter way. + + - A new format for locally storing the public keys is now used. + This considerable speeds up operations on large keyrings. + + - Revocation certificates are now created by default. + + - Card support has been updated, new readers and token types are + supported. + + - The format of the key listing has been changed to better identify + the properties of a key. + + - The gpg-agent may now be used on Windows as a Pageant replacement + for Putty in the same way it is used for years on Unix as + ssh-agent replacement. + + - Creation of X.509 certificates has been improved. It is now also + possible to export them directly in PKCS#8 and PEM format for use + on TLS servers. + +A detailed description of the changes can be found at +https://gnupg.org/faq/whats-new-in-2.1.html . + + +Getting the Software +==================== + +Please follow the instructions found at https://gnupg.org/download/ or +read on: + +GnuPG 2.1.0 may be downloaded from one of the GnuPG mirror sites or +direct from its primary FTP server. The list of mirrors can be found +at https://gnupg.org/mirrors.html . Note that GnuPG is not available +at ftp.gnu.org. + +On ftp.gnupg.org you find these files: + + ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.0.tar.bz2 (3039k) + ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.0.tar.bz2.sig + +This is the GnuPG 2.1 source code compressed using BZIP2 and its +OpenPGP signature. + + ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.0_20141105.exe (6225k) + ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32-2.1.0_20141105.exe.sig + +This is an experimental installer for Windows including GPA as +graphical key manager and GpgEX as an Explorer extension. Please +de-install an already installed Gpg4win version before trying this +installer. This binary version has not been tested very well, thus it +is likely that you will run into problems. The complete source code +for the software included in this installer is in the same directory; +use the suffix ".tar.xz" instead of ".exe". + +Although several beta versions have been released over the course of +the last years, no extensive public field test has been done. Thus it +is likely that bugs will show up. Please check the mailing list +archives and the new wiki https://wiki.gnupg.org for latest +information on known problems and workaround. + + +Checking the Integrity +====================== + +In order to check that the version of GnuPG which you are going to +install is an original and unmodified one, you can do it in one of +the following ways: + + * If you already have a version of GnuPG installed, you can simply + verify the supplied signature. For example to verify the signature + of the file gnupg-2.1.0.tar.bz2 you would use this command: + + gpg --verify gnupg-2.1.0.tar.bz2.sig + + This checks whether the signature file matches the source file. + You should see a message indicating that the signature is good and + made by one or more of the release signing keys. Make sure that + this is a valid key, either by matching the shown fingerprint + against a trustworthy list of valid release signing keys or by + checking that the key has been signed by trustworthy other keys. + See below for information on the signing keys. + + * If you are not able to use an existing version of GnuPG, you have + to verify the SHA-1 checksum. On Unix systems the command to do + this is either "sha1sum" or "shasum". Assuming you downloaded the + file gnupg-2.1.0.tar.bz2, you would run the command like this: + + sha1sum gnupg-2.1.0.tar.bz2 + + and check that the output matches the first line from the + following list: + +2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33 gnupg-2.1.0.tar.bz2 +9907cb6509a0e63331b27a92e25c1ef956caaf3b gnupg-w32-2.1.0_20141105.exe +28dc1365292c61fbb2bbae730d4158f425463c91 gnupg-w32-2.1.0_20141105.tar.xz + + +Release Signing Keys +==================== + +To guarantee that a downloaded GnuPG version has not been tampered by +malicious entities we provide signature files for all tarballs and +binary versions. The keys are also signed by the long term keys of +their respective owners. Current releases are signed by one or more +of these four keys: + + 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] + Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 + Werner Koch (dist sig) + + rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] + Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959 + David Shaw (GnuPG Release Signing Key) <dshaw 'at' jabberwocky.com> + + rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28] + Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06 + NIIBE Yutaka (GnuPG Release Key) <gniibe 'at' fsij.org> + + rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31] + Key fingerprint = D238 EA65 D64C 67ED 4C30 73F2 8A86 1B1C 7EFD 60D9 + Werner Koch (Release Signing Key) + +You may retrieve these files from the keyservers using this command + + gpg --recv-keys 249B39D24F25E3B6 04376F3EE0856959 \ + 2071B08A33BD3F06 8A861B1C7EFD60D9 + +The keys are also available at https://gnupg.org/signature_key.html +and in the released GnuPG tarball in the file g10/distsigkey.gpg . +Note that this mail has been signed using my standard PGP key. + + +Internationalization +==================== + +This new branch of GnuPG has support for 4 languages: French, German, +Japanese, and Ukrainian. More translations can be expected with the +next point releases. + + +Documentation +============= + +If you used GnuPG in the past you should read the description of +changes and new features at doc/whats-new-in-2.1.txt or online at + + https://gnupg.org/faq/whats-new-in-2.1.html + +The file gnupg.info has the complete user manual of the system. +Separate man pages are included as well but they have not all the +details available in the manual. It is also possible to read the +complete manual online in HTML format at + + https://gnupg.org/documentation/manuals/gnupg/ + +or in Portable Document Format at + + https://gnupg.org/documentation/manuals/gnupg.pdf . + +The chapters on gpg-agent, gpg and gpgsm include information on how +to set up the whole thing. You may also want search the GnuPG mailing +list archives or ask on the gnupg-users mailing lists for advise on +how to solve problems. Many of the new features are around for +several years and thus enough public knowledge is already available. + + +Support +======== + +Please consult the archive of the gnupg-users mailing list before +reporting a bug <https://gnupg.org/documentation/mailing-lists.html>. +We suggest to send bug reports for a new release to this list in favor +of filing a bug at <https://bugs.gnupg.org>. For commercial support +requests we keep a list of known service companies at: + + https://gnupg.org/service.html + +The driving force behind the development of GnuPG is the company of +its principal author, Werner Koch. Maintenance and improvement of +GnuPG and related software takes up most of their resources. To allow +him to continue this work he kindly asks to either purchase a support +contract, engage g10 Code for custom enhancements, or to donate money: + + https://gnupg.org/donate/ + + +Thanks +====== + +We have to thank all the people who helped with this release, be it +testing, coding, translating, suggesting, auditing, administering the +servers, spreading the word, and answering questions on the mailing +lists. A final big Thank You goes to Hal Finney, who too early passed +away this year. Hal worked on PGP and helped to make OpenPGP a great +standard; it has been a pleasure having worked with him. |