diff options
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 1312 |
1 files changed, 51 insertions, 1261 deletions
@@ -1,1305 +1,95 @@ -Noteworthy changes in version 1.3.1 (unreleased) +Noteworthy changes in version 0.9.3 (unreleased) ------------------------------------------------ -Noteworthy changes in version 1.3.0 (2002-10-18) +Noteworthy changes in version 0.9.2 (2002-09-20) ------------------------------------------------ - * The last piece of internal keyserver support has been removed, - and now all keyserver access is done via the keyserver plugins. - There is also a newer keyserver protocol used between GnuPG and - the plugins, so plugins from earlier versions of GnuPG may not - work properly. + * The default directory structure is created if it does no exists. - * The HKP keyserver plugin supports the new machine-readable key - listing format for those keyservers that provide it. + * A few more diagnostics and a minor bug fixes. - * When using a HKP keyserver with multiple DNS records (such as - wwwkeys.pgp.net which has the addresses of multiple servers - around the world), try all records until one succeeds. Note - that it depends on the LDAP library used whether the LDAP - keyserver plugin does this as well. - * The library dependencies for OpenLDAP seem to change fairly - frequently, and GnuPG's configure script cannot guess all the - combinations. Use ./configure LDAPLIBS="-L libdir -l libs" to - override the script and use the libraries selected. - - * Secret keys generated with --export-secret-subkeys are now - indicated in key listings with a '#' after the "sec", and in - --with-colons listings by showing no capabilities (no lowercase - characters). - - * --trusted-key has been un-obsoleted, as it is useful for adding - ultimately trusted keys from the config file. It is identical - to using --edit and "trust" to change a key to ultimately - trusted. - -Noteworthy changes in version 1.1.92 (2002-09-11) -------------------------------------------------- - - * [IMPORTANT] The default configuration file is now - ~/.gnupg/gpg.conf. If an old ~/.gnupg/options is found it will - still be used. This change is required to have a more - consistent naming scheme with forthcoming tools. - - * The use of MDCs have increased. A MDC will be used if the - recipients directly request it, if the recipients have AES, - AES192, AES256, or TWOFISH in their cipher preferences, or if - the chosen cipher has a blocksize not equal to 64 bits - (currently this is also AES, AES192, AES256, and TWOFISH). - - * GnuPG will no longer automatically disable compression when - processing an already-compressed file unless a MDC is being - used. This is to give the message a certain amount of - resistance to the chosen-ciphertext attack while communicating - with other programs (most commonly PGP earlier than version 7.x) - that do not support MDCs. - - * The option --interactive now has the desired effect when - importing keys. - - * The file permission and ownership checks on files have been - clarified. Specifically, the homedir (usually ~/.gnupg) is - checked to protect everything within it. If the user specifies - keyrings outside this homedir, they are presumed to be shared - keyrings and therefore *not* checked. Configuration files - specified with the --options option and the IDEA cipher - extension specified with --load-extension are checked, along - with their enclosing directories. - - * The configure option --with-static-rnd=auto allows to build gpg - with all available entropy gathering modules included. At - runtime the best usable one will be selected from the list - linux, egd, unix. This is also the default for systems lacking - a /dev/random device. - - * The default character set is now taken from the current locale; - it can still be overridden by the --charset option. Using the - option -vvv shows the used character set. - - * [REMOVED] --emulate-checksum-bug and --emulate-3des-s2k-bug have - been removed. - - -Noteworthy changes in version 1.1.91 (2002-08-04) -------------------------------------------------- - - * All modules are now linked statically; the --load-extension - option is in general not useful anymore. The only exception is - to specify the deprecated idea cipher. - - * The IDEA plugin has changed. Previous versions of the IDEA - plugin will no longer work with GnuPG. However, the current - version of the plugin will work with earlier GnuPG versions. - - * When using --batch with one of the --delete-key commands, the - key must be specified by fingerprint. See the man page for - details. - - * There are now various ways to restrict the ability GnuPG has to - exec external programs (for the keyserver helpers or photo ID - viewers). Read the README file for the complete list. +Noteworthy changes in version 0.9.1 (2002-08-23) +------------------------------------------------ - * New export option to leave off attribute packets (photo IDs) - during export. This is useful when exporting to HKP keyservers - which do not understand attribute packets. + * Minor fixes. - * New import option to repair during import the HKP keyserver - mangling multiple subkeys bug. Note that this cannot completely - repair the damaged key as some crucial data is removed by the - keyserver, but it does at least give you back one subkey. This - is on by default for keyserver --recv-keys, and off by default - for regular --import. - * The keyserver helper programs now live in - /usr/[local/]libexec/gnupg by default. If you are upgrading - from 1.0.7, you might want to delete your old copies in - /usr/[local/]bin. If you use an OS that does not use libexec - for whatever reason, use configure --libexecdir=/usr/local/lib - to place the keyserver helpers there. +Noteworthy changes in version 0.9.0 (2002-08-21) +------------------------------------------------ - * The LDAP keyserver handler now works properly with very old - (version 1) LDAP keyservers. + * The default homedir has changed from ~/.gnupg-test to ~/.gnupg. + * To run gpg-agent or scdaemon in the background, the option --daemon + must be used. -Noteworthy changes in version 1.1.90 (2002-07-01) +Noteworthy changes in version 0.3.10 (2002-08-10) ------------------------------------------------- - * New commands: --personal-cipher-preferences, - --personal-digest-preferences, and - --personal-compress-preferences allow the user to specify which - algorithms are to be preferred. Note that this does not permit - using an algorithm that is not present in the recipient's - preferences (which would violate the OpenPGP standard). This - just allows sorting the preferences differently. - - * New "group" command to refer to several keys with one name. - - * A warning is issued if the user forces the use of an algorithm - that is not listed in the recipient's preferences. - - * Full revocation key (aka "designated revoker") support. - - * The preferred hash algorithms on a key are consulted when - encrypting a signed message to that key. Note that this is - disabled by default by a SHA1 preference in - --personal-digest-preferences. + * A key may be specified by a short fingerprint; either the last 4 or + 8 bytes of the SHA-1 fingerprint. - * --cert-digest-algo allows the user to specify the hash algorithm - to use when signing a key rather than the default SHA1 (or MD5 - for PGP2 keys). Do not use this feature unless you fully - understand the implications of this. + * Very basic regression tests implemented. - * --pgp7 mode automatically sets all necessary options to ensure - that the resulting message will be usable by a user of PGP 7.x. + * Signing using more than one key works on the commandline and in + server mode. - * New --attribute-fd command for frontends and scripts to get the - contents of attribute packets (i.e. photos) + * --import does now try to import all certificates up the chain; this + usually works only when the new option --auto-issuer-key-retrieve + is also used. - * In expert mode, the user can now re-sign a v3 key with a v4 - self-signature. This does not change the v3 key into a v4 key, - but it does allow the user to use preferences, primary ID flags, - etc. + * New command --delete-key. Note that in contrast to gpg this is not + interactive. - * Significantly improved photo ID support on non-unixlike - platforms. - - * The version number has jumped ahead to 1.1.90 to skip over the - old version 1.1 and to get ready for the upcoming 1.2. - - * ElGamal sign and encrypt is not anymore allowed in the key - generation dialog unless in expert mode. RSA sign and encrypt - has been added with the same restrictions. - - * [W32] Keyserver access does work with Windows NT. - - -Noteworthy changes in version 1.0.7 (2002-04-29) +Noteworthy changes in version 0.3.9 (2002-07-01) ------------------------------------------------ - * Secret keys are now stored and exported in a new format which - uses SHA-1 for integrity checks. This format renders the - Rosa/Klima attack useless. Other OpenPGP implementations might - not yet support this, so the option --simple-sk-checksum creates - the old vulnerable format. - - * The default cipher algorithm for encryption is now CAST5, - default hash algorithm is SHA-1. This will give us better - interoperability with other OpenPGP implementations. - - * Symmetric encrypted messages now use a fixed file size if - possible. This is a tradeoff: it breaks PGP 5, but fixes PGP 2, - 6, and 7. Note this was only an issue with RFC-1991 style - symmetric messages. - - * Photographic user ID support. This uses an external program to - view the images. - - * Enhanced keyserver support via keyserver "plugins". GnuPG comes - with plugins for the NAI LDAP keyserver as well as the HKP email - keyserver. It retains internal support for the HKP HTTP - keyserver. - - * Nonrevocable signatures are now supported. If a user signs a - key nonrevocably, this signature cannot be taken back so be - careful! - - * Multiple signature classes are usable when signing a key to - specify how carefully the key information (fingerprint, photo - ID, etc) was checked. - - * --pgp2 mode automatically sets all necessary options to ensure - that the resulting message will be usable by a user of PGP 2.x. - - * --pgp6 mode automatically sets all necessary options to ensure - that the resulting message will be usable by a user of PGP 6.x. - - * Signatures may now be given an expiration date. When signing a - key with an expiration date, the user is prompted whether they - want their signature to expire at the same time. - - * Revocation keys (designated revokers) are now supported if - present. There is currently no way to designate new keys as - designated revokers. - - * Permissions on the .gnupg directory and its files are checked - for safety. - - * --expert mode enables certain silly things such as signing a - revoked user id, expired key, or revoked key. - - * Some fixes to build cleanly under Cygwin32. - - * New tool gpgsplit to split OpenPGP data formats into packets. - - * New option --preserve-permissions. - - * Subkeys created in the future are not used for encryption or - signing unless the new option --ignore-valid-from is used. - - * Revoked user-IDs are not listed unless signatures are listed too - or we are in verbose mode. - - * There is no default comment string with ascii armors anymore - except for revocation certificates and --enarmor mode. - - * The command "primary" in the edit menu can be used to change the - primary UID, "setpref" and "updpref" can be used to change the - preferences. - - * Fixed the preference handling; since 1.0.5 they were erroneously - matched against against the latest user ID and not the given one. + * The protect-tool does now make use of the gpg-agent to query a + passphrase. - * RSA key generation. + * The default path of the daemons are now set to a more common value + and there are configure options to change them. - * Merged Stefan's patches for RISC OS in. See comments in - scripts/build-riscos. - - * It is now possible to sign and conventional encrypt a message (-cs). - - * The MDC feature flag is supported and can be set by using - the "updpref" edit command. - - * The status messages GOODSIG and BADSIG are now returning the primary - UID, encoded using %XX escaping (but with spaces left as spaces, - so that it should not break too much) - - * Support for GDBM based keyrings has been removed. - - * The entire keyring management has been revamped. - - * The way signature stati are store has changed so that v3 - signatures can be supported. To increase the speed of many - operations for existing keyrings you can use the new - --rebuild-keydb-caches command. - - * The entire key validation process (trustdb) has been revamped. - See the man page entries for --update-trustdb, --check-trustdb - and --no-auto-check-trustdb. - - * --trusted-keys is again obsolete, --edit can be used to set the - ownertrust of any key to ultimately trusted. - - * A subkey is never used to sign keys. - - * Read only keyrings are now handled as expected. - - -Noteworthy changes in version 1.0.6 (2001-05-29) +Noteworthy changes in version 0.3.8 (2002-06-25) ------------------------------------------------ - * Security fix for a format string bug in the tty code. - - * Fixed format string bugs in all PO files. + * The protect-tool has now a feature to extract a private RSA key + from a PKCS-12 file and convert it into the gpg-agent format. - * Removed Russian translation due to too many bugs. The FTP - server has an unofficial but better translation in the contrib - directory. + * A bunch of big fixes and changes for improved interoperability. - * Fixed expire time calculation and keyserver access. + * gpgsm can now create non-detached signatures. - * The usual set of minor bug fixes and enhancements. - - * non-writable keyrings are now correctly handled. - - -Noteworthy changes in version 1.0.5 (2001-04-29) +Noteworthy changes in version 0.3.7 (2002-06-04) ------------------------------------------------ - * WARNING: The semantics of --verify have changed to address a - problem with detached signature detection. --verify now ignores - signed material given on stdin unless this is requested by using - a "-" as the name for the file with the signed material. Please - check all your detached signature handling applications and make - sure that they don't pipe the signed material to stdin without - using a filename together with "-" on the the command line. - - * WARNING: Corrected hash calculation for input data larger than - 512M - it was just wrong, so you might notice bad signature in - some very big files. It may be wise to keep an old copy of - GnuPG around. - - * Secret keys are no longer imported unless you use the new option - --allow-secret-key-import. This is a kludge and future versions will - handle it in another way. - - * New command "showpref" in the --edit-key menu to show an easier - to understand preference listing. - - * There is now the notation of a primary user ID. For example, it - is printed with a signature verification as the first user ID; - revoked user IDs are not printed there anymore. In general the - primary user ID is the one with the latest self-signature. - - * New --charset=utf-8 to bypass all internal conversions. - - * Large File Support (LFS) is now working. - - * New options: --ignore-crc-error, --no-sig-create-check, - --no-sig-cache, --fixed_list_mode, --no-expensive-trust-checks, - --enable-special-filenames and --use-agent. See man page. - - * New command --pipemode, which can be used to run gpg as a - co-process. Currently only the verification of detached - signatures are working. See doc/DETAILS. - - * Keyserver support for the W32 version. + * More user friendly output for --list-keys without --with-colons. + New --list-sigs to show the certification path. - * Rewritten key selection code so that GnuPG can better cope with - multiple subkeys, expire dates and so. The drawback is that it - is slower. + * gpg-agent handles concurrent connections. - * A whole lot of bug fixes. + * gpgsm --import can now handle certs-only messages. - * The verification status of self-signatures are now cached. To - increase the speed of key list operations for existing keys you - can do the following in your GnuPG homedir (~/.gnupg): - cp pubring.gpg pubring.gpg.save && gpg --export-all >x && \ - rm pubring.gpg && gpg --import x - Only v4 keys (i.e not the old RSA keys) benefit from this caching. - - * New translations: Estonian, Turkish. - - -Noteworthy changes in version 1.0.4 (2000-10-17) +Noteworthy changes in version 0.3.6 (2002-05-03) ------------------------------------------------ - * Fixed a serious bug which could lead to false signature verification - results when more than one signature is fed to gpg. This is the - primary reason for releasing this version. - - * New utility gpgv which is a stripped down version of gpg to - be used to verify signatures against a list of trusted keys. - - * Rijndael (AES) is now supported and listed with top preference. - - * --with-colons now works with --print-md[s]. + * Some cleanups. -Noteworthy changes in version 1.0.3 (2000-09-18) +Noteworthy changes in version 0.3.5 (2002-04-15) ------------------------------------------------ + + * Checks key usage and uses the authorithyKeyIdentifier. - * Fixed problems with piping to/from other MS-Windows software - - * Expiration time of the primary key can be changed again. - - * Revoked user IDs are now marked in the output of --list-key - - * New options --show-session-key and --override-session-key - to help the British folks to somewhat minimize the danger - of this Orwellian RIP bill. - - * New options --merge-only and --try-all-secrets. - - * New configuration option --with-egd-socket. - - * The --trusted-key option is back after it left us with 0.9.5 - - * RSA is supported. Key generation does not yet work but will come - soon. - - * CAST5 and SHA-1 are now the default algorithms to protect the key - and for symmetric-only encryption. This should solve a couple - of compatibility problems because the old algorithms are optional - according to RFC2440 - - * Twofish and MDC enhanced encryption is now used. PGP 7 supports - this. Older versions of GnuPG don't support it, so they should be - upgraded to at least 1.0.2 - - -Noteworthy changes in version 1.0.2 (2000-07-12) ----------------------------------------------- - - * Fixed expiration handling of encryption keys. - - * Add an experimental feature to do unattended key generation. - - * The user is now asked for the reason of revocation as required - by the new OpenPGP draft. - - * There is a ~/.gnupg/random_seed file now which saves the - state of the internal RNG and increases system performance - somewhat. This way the full entropy source is only used in - cases were it is really required. - Use the option --no-random-seed-file to disable this feature. - - * New options --ignore-time-conflict and --lock-never. - - * Some fixes for the W32 version. - - * The entropy.dll is not anymore used by the W32 version but replaced - by code derived from Cryptlib. - - * Encryption is now much faster: About 2 times for 1k bit keys - and 8 times for 4k keys. - - * New encryption keys are generated in a way which allows a much - faster decryption. - - * New command --export-secret-subkeys which outputs the - the _primary_ key with it's secret parts deleted. This is - useful for automated decryption/signature creation as it - allows to keep the real secret primary key offline and - thereby protecting the key certificates and allowing to - create revocations for the subkeys. See the FAQ for a - procedure to install such secret keys. - - * Keygeneration now writes to the first writeable keyring or - as default to the one in the homedirectory. Prior versions - ignored all --keyring options. - - * New option --command-fd to take user input from a file descriptor; - to be used with --status-fd by software which uses GnuPG as a backend. - - * There is a new status PROGRESS which is used to show progress during - key generation. - - * Support for the new MDC encryption packets. To create them either - --force-mdc must be use or cipher algorithm with a blocksize other - than 64 bits is to be used. --openpgp currently disables MDC packets - entirely. This option should not yet be used. - - * New option --no-auto-key-retrieve to disable retrieving of - a missing public key from a keyserver, when a keyserver has been set. - - * Danish translation - -Noteworthy changes in version 1.0.1 (1999-12-16) ------------------------------------ - - * New command --verify-files. New option --fast-list-mode. - - * $http_proxy is now used when --honor-http-proxy is set. - - * Fixed some minor bugs and the problem with conventional encrypted - packets which did use the gpg v3 partial length headers. - - * Add Indonesian and Portugese translations. - - * Fixed a bug with symmetric-only encryption using the non-default 3DES. - The option --emulate-3des-s2k-bug may be used to decrypt documents - which have been encrypted this way; this should be done immediately - as this workaround will be remove in 1.1 - - * Can now handle (but not display) PGP's photo IDs. I don't know the - format of that packet but after stripping a few bytes from the start - it looks like a JPEG (at least my test data). Handling of this - package is required because otherwise it would mix up the - self signatures and you can't import those keys. - - * Passing non-ascii user IDs on the commandline should now work in all - cases. - - * New keys are now generated with an additional preference to Blowfish. - - * Removed the GNU Privacy Handbook from the distribution as it will go - into a separate one. - - -Noteworthy changes in version 1.0.0 (1999-09-07) ------------------------------------ - - * Add a very preliminary version of the GNU Privacy Handbook to - the distribution (lynx doc/gph/index.html). - - * Changed the version number to GnuPG 2001 ;-) - - -Noteworthy changes in version 0.9.11 ------------------------------------- - - * UTF-8 strings are now correctly printed (if --charset is set correctly). - Output of --with-colons remains C-style escaped UTF-8. - - * Workaround for a problem with PGP 5 detached signature in textmode. - - * Fixed a problem when importing new subkeys (duplicated signatures). - -Noteworthy changes in version 0.9.10 ------------------------------------- - - * Some strange new options to help pgpgpg - - * Cleaned up the dox a bit. - - -Noteworthy changes in version 0.9.9 ------------------------------------ - - * New options --[no-]utf8-strings. - - * New edit-menu commands "enable" and "disable" for entire keys. - - * You will be asked for a filename if gpg cannot deduce one. - - * Changes to support libtool which is needed for the development - of libgcrypt. - - * New script tools/lspgpot to help transferring assigned - trustvalues from PGP to GnuPG. - - * New commands --lsign-key and made --sign-key a shortcut for --edit - and sign. - - * New options (#122--126 ;-) --[no-]default-recipient[-self], - --disable-{cipher,pubkey}-algo. See the man page. - - * Enhanced info output in case of multiple recipients and fixed exit code. - - * New option --allow-non-selfsigned-uid to work around a problem with - the German IN way of separating signing and encryption keys. - - -Noteworthy changes in version 0.9.8 ------------------------------------ - - * New subcommand "delsig" in the edit menu. - - * The name of the output file is not anymore the one which is - embedded in the processed message, but the used filename with - the extension stripped. To revert to the old behaviour you can - use the option --use-embedded-filename. - - * Another hack to cope with pgp2 generated detached signatures. - - * latin-2 character set works (--charset=iso-8859-2). - - * New option --with-key-data to list the public key parameters. - New option -N to insert notations and a --set-policy-url. - A couple of other options to allow reseting of options. - - * Better support for HPUX. - - -Noteworthy changes in version 0.9.7 ------------------------------------ - - * Add some work arounds for a bugs in pgp 2 which led to bad signatures - when used with canonical texts in some cases. - - * Enhanced some status outputs. - -Noteworthy changes in version 0.9.6 ------------------------------------ - - * Twofish is now statically linked by default. The experimental 128 bit - version is now disabled. Full support will be available as soon as - the OpenPGP WG has decided on an interpretation of rfc2440. - - * Dropped support for the ancient Blowfish160 which is not OpenPGP. - - * Merged gpgm and gpg into one binary. - - * Add "revsig" and "revkey" commands to the edit menu. It is now - possible to revoke signature and subkeys. - - -Noteworthy changes in version 0.9.5 ------------------------------------ - - * New command "lsign" in the keyedit menu to create non-exportable - signatures. Removed --trusted-keys option. - - * A bunch of changes to the key validation code. - - * --list-trust-path now has an optional --with-colons format. - - * New command --recv-keys to import keys from an keyserver. - - -Noteworthy changes in version 0.9.4 ------------------------------------ - - * New configure option --enable-static-rnd=[egd|linux|unix|none] - to select a random gathering module for static linking. - - * The original text is now verbatim copied to a cleartext signed message. - - * Bugfixes but there are still a couple of bugs. - - -Noteworthy changes in version 0.9.3 ------------------------------------ - - * Changed the internal design of getkey which now allows a - efficient lookup of multiple keys and add a word match mode. - - * New options --[no-]encrypt-to. - - * Some changes to the configure stuff. Switched to automake 1.4. - Removed intl/ from CVS, autogen.sh now uses gettextize. - - * Preferences now include Twofish. Removed preference to Blowfish with - a special hack to suppress the "not listed in preferences" warning; - this is to allow us to switch completely to Twofish in the near future. - - * Changed the locking stuff. - - * Print all user ids of a good signature. - - -Noteworthy changes in version 0.9.2 ------------------------------------ - - * add some additional time warp checks. - - * Option --keyserver and command --send-keys to utilize HKP servers. - - * Upgraded to zlib 1.1.3 and fixed an inflate bug - - * More cleanup on the cleartext signatures. - - -Noteworthy changes in version 0.9.1 ------------------------------------ - - * Polish language support. - - * When querying the passphrase, the key ID of the primary key is - displayed along with the one of the used secondary key. - - * Fixed a bug occurring when decrypting pgp 5 encrypted messages, - fixed an infinite loop bug in the 3DES code and in the code - which looks for trusted signatures. - - * Fixed a bug in the mpi library which caused signatures not to - compare okay. - - * Rewrote the handling of cleartext signatures; the code is now - better maintainable (I hope so). - - * New status output VALIDSIG only for valid signatures together - with the fingerprint of the signer's key. - - -Noteworthy changes in version 0.9.0 ------------------------------------ - - * --export does now only exports rfc2440 compatible keys; the - old behaviour is available with --export-all. - Generation of v3 ElGamal (sign and encrypt) keys is not longer - supported. - - * Fixed the uncompress bug. - - * Rewrote the rndunix module. There are two environment variables - used for debugging now: GNUPG_RNDUNIX_DBG give the file to write - debugging information (use "-" for stdout) and if GNUPG_RNDUNIX_DBGALL - is set, all programs which are only tried are also printed. - - * New option --escape-from-lines to "dash-escape" "From " lines to - prevent mailers to change them to ">From ". This is not enabled by - default because it is not in compliance with rfc2440 - however, you - should turn it on. - - -Noteworthy changes in version 0.4.5 ------------------------------------ - - * The keyrings and the trustdb is now locked, so that - other GnuPG processes won't damage these files. You - may want to put the option --lock-once into your options file. - - * The latest self-signatures are now used; this enables --import - to see updated preferences etc. - - * Import of subkeys should now work. - - * Random gathering modules may now be loaded as extensions. Add - such a module for most Unices but it is very experimental! - - * Brazilian language support. - - -Noteworthy changes in version 0.4.4 ------------------------------------ - - * Fixed the way the key expiration time is stored. If you have - an expiration time on your key you should fix it with --edit-key - and the command "expire". I apologize for this inconvenience. - - * Add option --charset to support "koi8-r" encoding of user ids. - (Not yet tested). - - * Preferences should now work again. You should run - "gpgm --check-trustdb \*" to rebuild all preferences. - - * Checking of certificates should now work but this needs a lot - of testing. Key validation values are now cached in the - trustdb; they should be recalculated as needed, but you may - use --check-trustdb or --update-trustdb to do this. - - * Spanish translation by Urko Lusa. - - * Patch files are from now on signed. See the man page - for the new option --not-dash-escaped. - - * New syntax: --edit-key <userID> [<commands>] - If you run it without --batch the commands are executed and then - you are put into normal mode unless you use "quit" or "save" as - one of the commands. When in batch mode, the program quits after - the last command, so you have to use "save" if you did some changes. - It does not yet work completely, but may be used to list so the - keys etc. - - -Noteworthy changes in version 0.4.3 ------------------------------------ - - * Fixed the gettext configure bug. - - * Kludge for RSA keys: keyid and length of a RSA key are - correctly reported, but you get an error if you try to use - this key (If you do not have the non-US version). - - * Experimental support for keyrings stored in a GDBM database. - This is *much* faster than a standard keyring. You will notice - that the import gets slower with time; the reason is that all - new keys are used to verify signatures of previous inserted - keys. Use "--keyring gnupg-gdbm:<name-of-gdbm-file>". This is - not (yet) supported for secret keys. - - * A Russian language file in the distribution (alternatives are in - the contrib directory of the FTP servers) - - * commandline option processing now works as expected for GNU programs - with the exception that you can't mix options and normal arguments. - - * Now --list-key lists all matching keys. This is needed in some - other places too. - - -Noteworthy changes in version 0.4.2 ------------------------------------ - - * This is only a snapshot: There are still a few bugs. - - * Fixed this huge memory leak. - - * Redesigned the trust database: You should run "gpgm --check-trustdb". - New command --update-trustdb, which adds new key from the public - keyring into your trustdb - - * Fixed a bug in the armor code, leading to invalid packet errors. - (a workaround for this was to use --no-armor). The shorten line - length (64 instead of 72) fixes a problem with pgp5 and keyservers. - - * comment packets are not anymore generated. "--export" filters - them out. One Exception: The comment packets in a secret keyring - are still used because they carry the factorization of the public - prime product. - - * --import now only looks for KEYBLOCK headers, so you can now simply - remove the "- " in front of such a header if someone accidently signed - such a message or the keyblock is part of a cleartext signed message. - - * --with-colons now lists the key expiration time and not anymore - the valid period. - - * Some keyblocks created with old releases have a wrong sequence - of packets, so that the keyservers don't accept these keys. - Simply using "--edit-key" fixes the problem. - - * New option --force-v3-sigs to generate signed messages which are - compatible to PGP 5. - - * Add some code to support DLD (for non ELF systems) - but this is - not tested because my BSD box is currently broken. - - * New command "expire" in the edit-key menu. - - - -Noteworthy changes in version 0.4.1 ------------------------------------ - * A secondary key is used when the primary key is specified but cannot - be used for the operation (if it is a sign-only key). - - * GNUPG can now handle concatenated armored messages: There is still a - bug if different kinds of messages are mixed. - - * Iterated+Salted passphrases now work. If want to be sure that PGP5 - is able to handle them you may want to use the options - "--s2k-mode 3 --s2k-cipher-algo cast5 --s2k-digest-algo sha1" - when changing a passphrase. - - * doc/OpenPGP talks about OpenPGP compliance, doc/HACKING gives - a few hints about the internal structure. - - * Checked gnupg against the August 1998 draft (07) and I believe - it is in compliance with this document (except for one point). - - * Fixed some bugs in the import merging code and rewrote some - code for the trustdb. - - -Noteworthy changes in version 0.4.0 ------------------------------------ - * Triple DES is now supported. Michael Roth did this piece of - needed work. We have now all the coded needed to be OpenPGP - compliant. - - * Added a simple rpm spec file (see INSTALL). - - * detached and armored signatures are now using "PGP SIGNATURE", - except when --rfc1991 is used. - - * All times which are not in the yyyy-mm-dd format are now printed - in local time. - - -Noteworthy changes in version 0.3.5 ------------------------------------ - * New option --throw-keyid to create anonymous enciphered messages. - If gpg detects such a message it tires all available secret keys - in turn so decode it. This is a gnupg extension and not in OpenPGP - but it has been discussed there and afaik some products use this - scheme too (Suggested by Nimrod Zimmerman). - - * Fixed a bug with 5 byte length headers. - - * --delete-[secret-]key is now also available in gpgm. - - * cleartext signatures are not anymore converted to LF only. - - * Fixed a trustdb problem. Run "gpgm --check-trustdb" to fix old - trust dbs. - - * Building in another directory should now work. - - * Weak key detection mechanism (Niklas Hernaeus). - - -Noteworthy changes in version 0.3.4 ------------------------------------ - * New options --comment and --set-filename; see g10/OPTIONS - - * yes/no, y/n localized. - - * Fixed some bugs. - -Noteworthy changes in version 0.3.3 ------------------------------------ - * IMPORTANT: I found yet another bug in the way the secret keys - are encrypted - I did it the way pgp 2.x did it, but OpenPGP - and pgp 5.x specify another (in some aspects simpler) method. - To convert your secret keys you have to do this: - 1. Build the new release but don't install it and keep - a copy of the old program. - 2. Disable the network, make sure that you are the only - user, be sure that there are no Trojan horses etc .... - 3. Use your old gpg (version 0.3.[12]) and set the - passphrases of ALL your secret keys to empty! - (gpg --change-passphrase your-user-id). - 4. Save your ownertrusts (see the next point) - 5. rm ~/.gnupg/trustdb.gpg - 6. install the new version of gpg (0.3.3) - 7. For every secret key call "gpg --edit-key your-user-id", - enter "passwd" at the prompt, follow the instructions and - change your password back, enter "save" to store it. - 8. Restore the ownertrust (see next point). - - * The format of the trust database has changed; you must delete - the old one, so gnupg can create a new one. - IMPORTANT: Use version 0.3.[12] to save your assigned ownertrusts - ("gpgm --list-ownertrust >saved-trust"); then build this new version - and restore the ownertrust with this new version - ("gpgm --import-ownertrust saved-trust"). Please note that - --list-ownertrust has been renamed to --export-ownertrust in this - release and it does now only export defined ownertrusts. - - * The command --edit-key now provides a commandline driven menu - which can be used for various tasks. --sign-key is only an - an alias to --edit-key and maybe removed in future: use the - command "sign" of this new menu - you can select which user ids - you want to sign. - - * Alternate user ids can now be created an signed. - - * Owner trust values can now be changed with --edit-key (trust) - - * GNUPG can now run as a coprocess; this enables sophisticated - frontends. tools/shmtest.c is a simple sample implementation. - This needs some more work: all tty_xxx() are to be replaced - by cpr_xxx() and some changes in the display logics is needed. - - * Removed options --gen-prime and --gen-random. - - * Removed option --add-key; use --edit-key instead. - - * Removed option --change-passphrase; use --edit-key instead. - - * Signatures are now checked even if the output file could not - be created. Command "--verify" tries to find the detached data. - - * gpg now disables core dumps. - - * compress and symmetric cipher preferences are now used. - Because there is no 3DES yet, this is replaced by Blowfish. - - * We have added the Twofish as an experimental cipher algorithm. - Many thanks to Matthew Skala for doing this work. - Twofish is the AES submission from Schneier et al.; see - "www.counterpane.com/twofish.html" for more information. - - * Started with a help system: If you enter a question mark at some - prompt; you should get a specific help for this prompt. - - * There is no more backup copy of the secret keyring. - - * A lot of new bugs. I think this release is not as stable as - the previous one. - - -Noteworthy changes in version 0.3.2 ------------------------------------ - * Fixed some bugs when using --textmode (-seat) - - * Now displays the trust status of a positive verified message. - - * Keyrings are now scanned in the sequence they are added with - --[secret-]keyring. Note that the default keyring is implicitly - added as the very first one unless --no-default-keyring is used. - - * Fixed setuid and dlopen bug. - -Noteworthy changes in version 0.3.1 ------------------------------------ - * Partial headers are now written in the OpenPGP format if - a key in a v4 packet is used. - - * Removed some unused options, removed the gnupg.sig stuff. - - * Key lookup by name now returns a key which can be used for - the desired action. - - * New options --list-ownertrust (gpgm) to make a backup copy - of the ownertrust values you assigned. - - * clear signature headers are now in compliance with OpenPGP. - -Noteworthy changes in version 0.3.0 ------------------------------------ - - * New option --emulate-checksum-bug. If your passphrase does not - work anymore, use this option and --change-passphrase to rewrite - your passphrase. - - * More complete v4 key support: Preferences and expiration time - is set into the self signature. - - * Key generation defaults to DSA/ElGamal keys, so that new keys are - interoperable with pgp5 - - * DSA key generation is faster and key generation does not anymore - remove entropy from the random generator (the primes are public - parameters, so there is really no need for a cryptographic secure - prime number generator which we had used). - - * A complete new structure for representing the key parameters. - - * Removed most public key knowledge into the cipher library. - - * Support for dynamic loading of new algorithms. - - * Moved tiger to an extension module. - - -Noteworthy changes in version 0.2.19 ------------------------------------- - - * Replaced /dev/urandom in checks with new tool mk-tdata. - - * Some assembler file cleanups; some more functions for the Alpha. - - * Tiger has now the OpenPGP assigned number 6. Because the OID has - changed, old signatures using this algorithm can't be verified. - - * gnupg now encrypts the compressed packed and not any longer in the - reverse order; anyway it can decrypt both versions. Thanks to Tom - for telling me this (not security related) bug. - - * --add-key works and you are now able to generate subkeys. - - * It is now possible to generate ElGamal keys in v4 packets to create - valid OpenPGP keys. - - * Some new features for better integration into MUAs. - - -Noteworthy changes in version 0.2.18 ------------------------------------- - - * Splitted cipher/random.c, add new option "--disable-dev-random" - to configure to support the development of a random source for - other systems. Prepared sourcefiles rand-unix.c, rand-w32.c - and rand-dummy.c (which is used to allow compilation on systems - without a random source). - - * Fixed a small bug in the key generation (it was possible that 48 bits - of a key were not taken from the random pool) - - * Add key generation for DSA and v4 signatures. - - * Add a function trap_unaligned(), so that a SIGBUS is issued on - Alphas and not the slow emulation code is used. And success: rmd160 - raised a SIGBUS. - - * Enhanced the formatting facility of argparse and changed the use of - \r,\v to @ because gettext does not like it. - - * New option "--compress-algo 1" to allow the creation of compressed - messages which are readable by PGP and "--print-md" (gpgm) to make - speed measurement easier. - - -Noteworthy changes in version 0.2.17 ------------------------------------- - - * Comment packets are now of private type 61. - - * Passphrase code still used a 160 bit blowfish key, added a - silly workaround. Please change your passphrase again - sorry. - - * Conventional encryption now uses a type 3 packet to describe the - used algorithms. - - * The new algorithm number for Blowfish is 20, 16 is still used for - encryption only; for signing it is only used when it is in a v3 packet, - so that GNUPG keys are still valid. - - -Noteworthy changes in version 0.2.16 ------------------------------------- - - * Add experimental support for the TIGER/192 message digest algorithm. - (But there is only a dummy ASN OID). - - * Standard cipher is now Blowfish with 128 bit key in OpenPGP's CFB - mode. I renamed the old cipher to Blowfish160. Because the OpenPGP - group refused to assign me a number for Blowfish160, I have to - drop support for this in the future. You should use - "--change-passphrase" to recode your current passphrase with 128 - bit Blowfish. - - -Noteworthy changes in version 0.2.15 ------------------------------------- - - * Fixed a bug with the old checksum calculation for secret keys. - If you run the program without --batch, a warning does inform - you if your secret key needs to be converted; simply use - --change-passphrase to recalculate the checksum. Please do this - soon, as the compatible mode will be removed sometime in the future. - - * CAST5 works (using the PGP's special CFB mode). - - * Again somewhat more PGP 5 compatible. - - * Some new test cases - -Noteworthy changes in version 0.2.14 ------------------------------------- - - * Changed the internal handling of keyrings. - - * Add support to list PGP 5 keyrings with subkeys - - * Timestamps of signatures are now verified. - - * A expiration time can now be specified during key generation. - - * Some speedups for Blowfish and SHA-1, rewrote SHA-1 transform. - Reduced the amount of random bytes needed for key generation in - some cases. - - -Noteworthy changes in version 0.2.13 ------------------------------------- - - * Verify of DSA signatures works. - - * Re-implemented the slower random number generator. - - -Noteworthy changes in version 0.2.12 ------------------------------------- - - * --delete-key checks that there is no secret key. The new - option --delete-secret-key maybe used to delete a secret key. - - * "-kv" now works as expected. Options "--list-{keys,sigs]" - and "--check-sigs" are now working. - - * New options "--verify" and "--decrypt" to better support integration - into MUAs (partly done for Mutt). - - * New option "--with-colons" to make parsing of key lists easier. - -Noteworthy changes in version 0.2.11 ------------------------------------- - - * GPG now asks for a recipient's name if option "-r" is not used. - - * If there is no good trust path, the program asks whether to use - the public keys anyway. - - * "--delete-key" works for public keys. What semantics shall I use - when there is a secret key too? Delete the secret key or leave him - and auto-regenerate the public key, next time the secret key is used? - -Noteworthy changes in version 0.2.10 ------------------------------------- - - * Code for the alpha is much faster (about 20 times); the data - was misaligned and the kernel traps this, so nearly all time - was used by system to trap the misalignments and to write - syslog messages. Shame on me and thanks to Ralph for - pointing me at this while drinking some beer yesterday. - - * Changed some configure options and add an option - --disable-m-guard to remove the memory checking code - and to compile everything with optimization on. - - * New environment variable GNUPGHOME, which can be used to set - another homedir than ~/.gnupg. Changed default homedir for - Windoze version to c:/gnupg. - - * Fixed detached signatures; detached PGP signatures caused a SEGV. - - * The Windoze version works (as usual w/o a strong RNG). - - -Noteworthy changes in version 0.2.9 ------------------------------------ - - * Fixed FreeBSD bug. - - * Added a simple man page. - - * Switched to automake1.2f and a newer gettext. - -Noteworthy changes in version 0.2.8 ------------------------------------ - - * Changed the name to GNUPG, the binaries are called gpg and gpgm. - You must rename rename the directory "~/.g10" to ~/.gnupg/, rename - {pub,sec}ring.g10 to {pub,sec}ring.gpg, trustdb.g10 to trustdb.gpg - and g10.sig to gnupg.sig. - - * New or changed passphrases are now salted. - - -Noteworthy changes in version 0.2.7 ------------------------------------ - - * New command "gen-revoke" to create a key revocation certificate. - - * New option "homedir" to set the homedir (which defaults to "~/.g10"). - This directory is created if it does not exists (only the last - part of the name and not the complete hierarchy) - - * Command "import" works. (Try: "finger gcrypt@ftp.guug.de|g10 --import") - - * New commands "dearmor/enarmor" for g10maint. These are mainly - used for internal test purposes. - - * Option --version now conforming to the GNU standards and lists - the available ciphers, message digests and public key algorithms. - - * Assembler code for m68k (not tested). - - * "make check" works. - -Noteworthy changes in version 0.2.6 ------------------------------------ - - * Option "--export" works. - - -Noteworthy changes in version 0.2.5 ------------------------------------ - - * Added zlib for systems which don't have it. - Use "./configure --with-zlib" to link with the static version. - - * Generalized some more functions and rewrote the encoding of - message digests into MPIs. - - * Enhanced the checkit script - - -Noteworthy changes in version 0.2.4 ------------------------------------ - - * nearly doubled the speed of the ElGamal signature verification. - - * backup copies of keyrings are created. - - * assembler stuff for Pentium; gives about 15% better performance. - - * fixed a lot of bugs. - - -Noteworthy changes in version 0.2.3 ------------------------------------ - - * Found a bug in the calculation of ELG fingerprints. This is now - fixed, but all existing fingerprints and keyids for ELG keys - are not any more valid. - - * armor should now work; including clear signed text. - - * moved some options to the new program g10maint - - * It's now 64 bit clean and runs fine on an alpha--linux. - - * Key generation is much faster now. I fixed this by using not - so strong random number for the primes (this was a bug because the - ElGamal primes are public parameters and it does not make sense - to generate them from strong random). The real secret is the x value - which is still generated from strong (okay: /dev/random) random bits. - - * added option "--status-fd": see g10/OPTIONS - - * We have secure memory on systems which support mlock(). - It is not complete yet, because we do not have signal handler - which does a cleanup in very case. - We should also check the ulimit for the user in the case - that the admin does not have set a limit on locked pages. - - * started with internationalization support. - - * The logic to handle the web of trust is now implemented. It is - has some bugs; but I'm going to change the algorithm anyway. - It works by calculating the trustlevel on the fly. It may ask - you to provide trust parameters if the calculated trust probability - is too low. I will write a paper which discusses this new approach. - - * a couple of changes to the configure script. - - * New option "--quick-random" which uses a much quicker random - number generator. Keys generated while this option is in effect - are flags with "INSECURE!" in the user-id. This is a development - only option. - - * Read support for new version packets (OpenPGP). - - * Comment packets are now of correct OpenPGP type 16. Old comment - packets written by G10 are detected because they always start with - a hash which is an invalid version byte. - - * The string "(INSECURE!)" is appended to a new user-id if this - is generated on a system without a good random number generator. + * Basic SC support for TCOS card using a patched version of OpenSC. -Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. + Copyright 2002 g10 Code GmbH -This file is free software; as a special exception the author gives -unlimited permission to copy and/or distribute it, with or without -modifications, as long as this notice is preserved. + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. -This file is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY, to the extent permitted by law; without even the -implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |