view release on metacpan or  search on metacpan

t/samples/message.asc  view on Meta::CPAN

proposed OpenPGP Internet standard as described in RFC2440.  This new
release implements most of OpenPGP's optional features, has somewhat
better interoperabilty with non-conforming OpenPGP implementations and
improved keyserver support.

Getting the Software
====================

GnuPG 1.2.0 can be downloaded from one of the *GnuPG mirror sites*.
The list of mirrors can be found at http://www.gnupg.org/mirrors.html.
See below for a list of mirrors already carrying this new released.

On the mirrors you should find the follwing files in the *gnupg*
directory:

  gnupg-1.2.0.tar.bz2 (1.8 MB)
  gnupg-1.2.0.tar.bz2.sig

      GnuPG 1.2 source compressed using BZIP2 and OpenPGP signature.

  gnupg-1.2.0.tar.gz (2.5 MB)
  gnupg-1.2.0.tar.gz.sig

      GnuPG source compressed using GZIP and OpenPGP signature.

  gnupg-1.0.7-1.2.0.diff.gz (1.0 MB)

      A patch file to upgrade a 1.0.7 GnuPG source. This file is
      signed; you have to use GnuPG > 0.9.5 to verify the signature.
      GnuPG has a feature to allow clear signed patch files which can
      still be processed by the patch utility.

Select one of them. To shorten the download time, you probably want
to get the BZIP2 compressed file.  Please try another mirror if
exceptional your mirror is not yet up to date.

In the *binary* directory, you should find these files:

  gnupg-w32cli-1.2.0.zip (1.0 MB)
  gnupg-w32cli-1.2.0.zip.sig

      GnuPG compiled for Microsoft Windows and OpenPGP signature.
      Note that this is a command line version and comes without a
      graphical installer tool.  You have to use an UNZIP utility to
      extract the files and install them manually.  The included file
      README.W32 has further instructions. 



Checking the Integrity
======================

In order to check that the version of GnuPG which you are going to
install is an original and unmodified one, you can do it in one of
the following ways:

 * If you already have a trusted version of GnuPG installed, you
   can simply check the supplied signature.  For example to check the
   signature of the file gnupg-1.2.0.tar.bz2 you would use this command:

     gpg --verify gnupg-1.2.0.tar.bz2.sig

   This checks whether the signature file matches the source file.
   You should see a message indicating that the signature is good and
   made by that signing key.  Make sure that you have the right key,
   either by checking the fingerprint of that key with other sources
   or by checking that the key has been signed by a trustworthy other
   key.

   Never use a GnuPG version you just downloaded to check the
   integrity of the source - use an existing GnuPG installation.

 * If you are not able to use an old version of GnuPG, you have to verify
   the MD5 checksum.  Assuming you downloaded the file
   gnupg-1.2.0.tar.bz2, you would run the md5sum command like this:

     md5sum gnupg-1.2.0.tar.bz2

   and check that the output matches the first line from the
   following list:

     b22b10dacfeb5c2b0bc4ce9def2d1120  gnupg-1.2.0.tar.bz2
     e93ceafc4395d1713d20044d523d18a7  gnupg-1.2.0.tar.gz
     c735a9a4400e3e3b0b78f88aadedfd3d  gnupg-1.0.7-1.2.0.diff.gz
     af439e3ba82c8648041e8e9d902c3c01  gnupg-w32cli-1.2.0.zip



Upgrade Information
===================

The name of the default configuration file has changed from "options"
to "gpg.conf".  The old name will still be used as long as no
"gpg.conf" exists.  We recommend to rename your file after the
installation.

If you are upgrading from a version prior to 1.0.7, you may want to
run the command "gpg --rebuild-keydb-caches" once to speed up the
keyring access. Please note also that due to a bug in versions prior
to 1.0.6 it won't be possible to downgrade to such versions unless you
use the GnuPG version which comes with Debian's Woody release or you
apply the patch http://www.gnupg.org/developer/gpg-woody-fix.txt .

If you have any problems, please see the FAQ and the mailing list
archive at http://lists.gnupg.org.  Please direct questions to the
gnupg-users@gnupg.org mailing list.



What's New
===========

Here is a list of major user visible changes since 1.0.7:

  Configuration:

    * The default configuration file is now ~/.gnupg/gpg.conf.  If an
      old ~/.gnupg/options is found it will still be used.  This
      change is required to have a more consistent naming scheme with
      forthcoming tools.

    * The configure option --with-static-rnd=auto allows to build gpg
      with all available entropy gathering modules included.  At
      runtime the best usable one will be selected from the list
      linux, egd, unix.  This is also the default for systems lacking
      a /dev/random device.

    * All modules are now linked statically; the --load-extension
      option is in general not useful anymore.  The only exception is
      to specify the deprecated IDEA cipher plugin.

    * There are now various ways to restrict the ability GnuPG has to
      exec external programs (for the keyserver helpers or photo ID
      viewers).  Read the README file for the complete list.

    * The keyserver helper programs now live in
      /usr/[local/]libexec/gnupg by default.  If you are upgrading
      from 1.0.7, you might want to delete your old copies in
      /usr/[local/]bin.  If you use an OS that does not use libexec
      for whatever reason, use configure --libexecdir=/usr/local/lib
      to place the keyserver helpers there.


  New features:

    * New "group" command to refer to several keys with one name.

    * The option --interactive now has the desired effect when
      importing keys.

    * Full revocation key (aka "designated revoker") support.

    * When using --batch with one of the --delete-key commands, the
      key must be specified by fingerprint.  See the man page for
      details.

    * New export option to leave off attribute packets (photo IDs)
      during export.  This is useful when exporting to HKP keyservers
      which do not understand attribute packets.

    * New import option to repair during import the HKP keyserver
      mangling multiple subkeys bug.  Note that this cannot completely
      repair the damaged key as some crucial data is removed by the
      keyserver, but it does at least give you back one subkey.  This
      is on by default for keyserver --recv-keys, and off by default
      for regular --import.

    * New commands: --personal-cipher-preferences,
      --personal-digest-preferences, and
      --personal-compress-preferences allow the user to specify which
      algorithms are to be preferred.  Note that this does not permit
      using an algorithm that is not present in the recipient's
      preferences (which would violate the OpenPGP standard).  This
      just allows sorting the preferences differently.

    * New --attribute-fd command for frontends and scripts to get the
      contents of attribute packets (i.e. photos)


  Incompatible changes:

    * Options --emulate-checksum-bug and --emulate-3des-s2k-bug have