-Noteworthy changes in version 1.1.0 (1999-10-26)
+Noteworthy changes in version 1.3.93
+-------------------------------------------------
+
+
+Noteworthy changes in version 1.3.92 (2004-10-28)
+-------------------------------------------------
+
+ * Added Russian man page. Thanks to Pawel I. Shajdo.
+
+ * libiconv is now used to support other character sets other than
+ UTF-8, Latin-1,-2 and KOI8-2. The W32 version will only work
+ correctly when iconv.dll is installed on the system. A binary
+ version is available at all GNU mirror sites under libiconv.
+
+ * gettext for Windows has been simplified. The MO files are now
+ distributed UTF-8 encoded and gpg translates on the fly.
+
+
+Noteworthy changes in version 1.3.91 (2004-10-15)
+-------------------------------------------------
+
+ * A new configure option --enable-selinux-support disallows
+ processing of confidential files used by gpg (e.g. secring.gpg).
+ This helps writing ACLs for the SELinux kernel.
+
+ * Support for fetching keys via finger has been added. This is
+ useful for setting a preferred keyserver URL like
+ "finger:wk@g10code.com".
+
+ * Timeout support has been added to the keyserver helpers. This
+ allows users to set an upper limit on how long to wait for the
+ keyserver before giving up.
+
+ * New "direct" trust model where users can set key validity
+ directly if they do not want to participate in the web of trust.
+
+ * Minor bug fixes, code and string cleanups.
+
+
+Noteworthy changes in version 1.3.90 (2004-10-01)
+-------------------------------------------------
+
+ * Readline support at all prompts is now available if the systems
+ provides a readline library. The build time option
+ --without-readline may be used to disable this feature.
+
+ * Support for the OpenPGP smartcard is now enabled by default.
+ Use the option --disable-card-support to build without support
+ for smartcards.
+
+ * New command "addcardkey" in the key edit menu to add subkeys to
+ a smartcard. New command "keytocard" to transfer a key to a smartcard.
+ The serial number of the card is show in secret key listings.
+
+ * -K may now be used as an alias for --list-secret-keys.
+
+ * HTTP Basic authentication is now supported for all HKP and HTTP
+ keyserver functions, either through a proxy or via direct
+ access.
+
+
+Noteworthy changes in version 1.3.6 (2004-05-22)
+------------------------------------------------
+
+ * New --keyid-format option that selects short (99242560), long
+ (DB698D7199242560), 0xshort (0x99242560), or 0xlong
+ (0xDB698D7199242560) keyid displays. This lets users tune the
+ display to what they prefer.
+
+ * The --list-options and --verify-options option
+ "show-long-keyids" has been removed since --keyid-format
+ obviates the need for them.
+
+ * Support for the old quasi-1991 partial length encoding has been
+ removed.
+
+ * The --export-all and --export-options include-non-rfc options
+ have been removed as superfluous since nonstandard V3 Elgamal
+ sign+encrypt keys have been removed.
+
+ * Preferred keyserver support has been added. Users may set a
+ preferred keyserver via the --edit-key command "keyserver". If
+ the --keyserver-option honor-keyserver-url is set (and it is by
+ default), then the preferred keyserver is used when refreshing
+ that key.
+
+ * The --sig-keyserver-url option can be used to inform signature
+ recipients where the signing key can be downloaded. When
+ verifying the signature, if the signing key is not present, and
+ the keyserver options honor-keyserver-url and auto-key-retrieve
+ are set, this URL will be used to retrieve the key.
+
+ * Support for fetching keys via HTTP has been added. This is
+ mainly useful for setting a preferred keyserver URL like
+ "http://www.jabberwocky.com/key.asc".
+
+ * New --ask-cert-level/--no-ask-cert-level option to turn on and
+ off the prompt for signature level when signing a key. Defaults
+ to off.
+
+ * New --gpgconf-list command for internal use by the gpgconf
+ utility from gnupg 1.9.x.
+
+
+Noteworthy changes in version 1.3.5 (2004-02-26)
+------------------------------------------------
+
+ * New --min-cert-level option to disregard key signatures that are
+ under a specified level. Defaults to 2 (i.e. discard 0x11
+ signatures).
+
+ * New --max-output option to limit the amount of plaintext output
+ generated by GnuPG. This option can be used by programs which
+ call GnuPG to process messages that may result in plaintext
+ larger than the calling program is prepared to handle. This is
+ sometimes called a "Decompression Bomb".
+
+ * New --list-config command for frontends and other programs that
+ call GnuPG. See doc/DETAILS for the specifics of this.
+
+ * Some performance improvements with large keyrings. See the
+ build time option --enable-key-cache=SIZE in the README file for
+ details.
+
+ * Some portability fixes for the OpenBSD/i386, HPPA, and AIX
+ platforms.
+
+ * New keyserver-option "http-proxy" to specify which proxy to use
+ in the config file without using environment variables.
+
+ * Added support for storing, retrieving, and searching for keys in
+ LDAP servers. Note that this is different than the "LDAP
+ keyserver" which was already (and remains) supported.
+
+ * Added support for TLS and LDAPS session encryption for LDAP.
+
+ * --show-session-key/--override-session-key now works with
+ --symmetric messages.
+
+ * The configure options --enable-rsa and --disable-rsa can now be
+ used to enable or disable the RSA algorithm. This can be useful
+ for embedded use where space is tight. --enable-minimal
+ includes --disable-rsa. RSA is enabled by default.
+
+ * The last support for Elgamal sign+encrypt keys has been removed.
+
+
+Noteworthy changes in version 1.3.4 (2003-11-27)
+------------------------------------------------
+
+ * Added support for BZIP2 compression. This should be considered
+ experimental, and is only available if the libbzip2 library
+ <http://sources.redhat.com/bzip2/> is installed.
+
+ * Added the ability to handle messages that can be decrypted with
+ either a passphrase or a secret key. These messages may be
+ generated with --symmetric --encrypt or --symmetric --sign
+ --encrypt.
+
+ * The config file search has been enhanced to try for less
+ specific filename matches before giving up. For example,
+ version 1.3.4 will try for gpg.conf-1.3.4, gpg.conf-1.3, and
+ gpg.conf-1 before falling back to the regular gpg.conf file.
+
+ * Fixed a format string bug in the HKP keyserver handler.
+
+ * Support for Elgamal sign+encrypt keys has been removed. Old
+ signatures may still be verified, and existing encrypted
+ messages may still be decrypted, but no new signatures may be
+ issued by, and no new messages will be encrypted to, these keys.
+
+
+Noteworthy changes in version 1.3.3 (2003-10-10)
+------------------------------------------------
+
+ * Basic support for the OpenPGP card. New commands --card-status,
+ --card-edit, --change-pin and the configuration options
+ --reader-port, --ctapi-driver, --pcsc-driver, and --disable-ccid.
+
+ * Full (read/write) support for the SHA-256 hash has been added.
+
+ * Support for the TIGER/192 hash has been dropped. This should
+ not be interpreted as a statement as to the strength of
+ TIGER/192 - rather, the upcoming revision to the OpenPGP
+ standard removes support for several unused (or mostly unused)
+ hashes.
+
+ * Revoked or expired user IDs are now skipped when selecting keys
+ for encryption. Specifying a key by the key ID overrides this
+ check and allows the selection of any key.
+
+ * Note that --no-mangle-dos-filenames is now the default. If you
+ are upgrading from a 1.2.x version of GnuPG, and are running a
+ very old version of Windows that has the 8.3 filename limit, you
+ may need to change this.
+
+ * Multiple "Comment:" lines in armored output are now allowed.
+
+ * New --list-options option. This option takes a list of
+ arguments that allows the user to customize exactly what key
+ listings (including the --edit-key listing) look like, enabling
+ or disabling things such as photo display, policy URL, preferred
+ keyserver URL, or notation display, long or short keyIDs,
+ calculated validity for each user ID, etc. See the manual for
+ the complete list of list-options.
+
+ * New --verify-options option. This option takes a list of
+ arguments that allows the user to customize exactly what happens
+ during signature verification, enabling or disabling things such
+ as photo display, policy URL, preferred keyserver URL, or
+ notation display, long or short keyIDs, calculated validity for
+ each user ID, etc. See the manual for the complete list of
+ verify-options.
+
+ * New --sig-keyserver-url to embed a "where to get my key"
+ subpacket into a signature.
+
+ * The options --show-photos, --show-policy-url, --show-notation,
+ and --show-keyring are all deprecated in favor of those
+ arguments to --list-options and --verify-options. The new
+ method is more flexible since a user can specify (for example)
+ showing photos during sig verification, but not in key listings.
+
+ * The complete fingerprint of the key that made a given key
+ certification is now available in the --with-colons output. For
+ technical reasons, this is only available when running with
+ --no-sig-cache set. See doc/DETAILS for the specifics of this.
+
+ * IPv6 support for HKP keyserver access. IPv6 for LDAP keyserver
+ access is also supported, but is dependent on the LDAP library
+ used.
+
+ * To simplify running both the stable (1.2.x) and development
+ (1.3.x) versions of GnuPG, the development version will try to
+ load the options file gpg.conf-VERSION (e.g. gpg.conf-1.3.3 for
+ this release) before falling back to the regular gpg.conf file.
+
+ * Two new %-expandos for use in notation and policy URLs. "%g"
+ expands to the fingerprint of the key making the signature
+ (which might be a subkey), and "%p" expands to the fingerprint
+ of the primary key that owns the key making the signature.
+
+ * New "tru" record in --with-colons --list-keys listings. It
+ shows the status of the trust database that was used to
+ calculate the key validity in the listings. See doc/DETAILS for
+ the specifics of this.
+
+ * New REVKEYSIG status tag for --status-fd. It indicates a valid
+ signature that was issued by a revoked key. See doc/DETAILS for
+ the specifics of this.
+
+ * A number of portability changes to make building GnuPG on
+ less-common platforms easier.
+
+
+Noteworthy changes in version 1.3.2 (2003-05-27)
+------------------------------------------------
+
+ * New "--gnupg" option (set by default) that disables --openpgp,
+ and the various --pgpX emulation options. This replaces
+ --no-openpgp, and --no-pgpX, and also means that GnuPG has
+ finally grown a --gnupg option to make GnuPG act like GnuPG.
+
+ * A bug in key validation has been fixed. This bug only affects
+ keys with more than one user ID (photo IDs do not count here),
+ and results in all user IDs on a given key being treated with
+ the validity of the most-valid user ID on that key.
+
+ * Notation names that do not contain a '@' are no longer allowed
+ unless --expert is set. This is to help prevent pollution of
+ the (as yet unused) IETF notation namespace.
+
+ * Multiple trust models are now supported via the --trust-model
+ option. The options are "pgp" (web-of-trust plus trust
+ signatures), "classic" (web-of-trust only), and "always"
+ (identical to the --always-trust option).
+
+ * The --personal-{cipher|digest|compression}-preferences are now
+ consulted to get default algorithms before resorting to the
+ last-ditch defaults of --s2k-cipher-algo, SHA1, and ZIP
+ respectively. This allows a user to set algorithms to use in a
+ safe manner so they are used when legal to do so, without
+ forcing them on for all messages.
+
+ * New --primary-keyring option to designate the keyring that the
+ user wants new keys imported into.
+
+ * --s2k-digest-algo is now used for all password mangling.
+ Earlier versions used both --s2k-digest-algo and --digest-algo
+ for passphrase mangling.
+
+ * Handling of --hidden-recipient or --throw-keyid messages is now
+ easier - the user only needs to give their passphrase once, and
+ GnuPG will try it against all of the available secret keys.
+
+ * Care is taken to prevent compiler optimization from removing
+ memory wiping code.
+
+ * New option --no-mangle-dos-filenames so that filenames are not
+ truncated in the W32 version.
+
+ * A "convert-from-106" script has been added. This is a simple
+ script that automates the conversion from a 1.0.6 or earlier
+ version of GnuPG to a 1.0.7 or later version.
+
+ * Disabled keys are now skipped when selecting keys for
+ encryption. If you are using the --with-colons key listings to
+ detect disabled keys, please see doc/DETAILS for a minor format
+ change in this release.
+
+ * Minor trustdb changes to make the trust calculations match
+ common usage.
+
+ * New command "revuid" in the --edit-key menu to revoke a user ID.
+ This is a simpler interface to the old method (which still
+ works) of revoking the user ID self-signature.
+
+ * Status VALIDSIG does now also print the primary key's
+ fingerprint, as well as the signature version, pubkey algorithm,
+ hash algorithm, and signature class.
+
+ * Add read-only support for the SHA-256 hash, and optional
+ read-only support for the SHA-384 and SHA-512 hashes.
+
+ * New option --enable-progress-filter for use with frontends.
+
+ * DNS SRV records are used in HKP keyserver lookups to allow
+ administrators to load balance and select keyserver ports
+ automatically. This is as specified in
+ draft-shaw-openpgp-hkp-00.txt.
+
+ * When using the "keyid!" syntax during a key export, only that
+ specified key is exported. If the key in question is a subkey,
+ the primary key plus only that subkey is exported.
+
+ * configure --disable-xxx options to disable individual algorithms
+ at build time. This can be used to build a smaller gpg binary
+ for embedded uses where space is tight. See the README file for
+ the algorithms that can be used with this option, or use
+ --enable-minimal to build the smallest gpg possible (disables
+ all optional algorithms, disables keyserver access, and disables
+ photo IDs).
+
+ * The keyserver no-modify flag on a key can now be displayed and
+ modified.
+
+ * Note that the TIGER/192 digest algorithm is in the process of
+ being dropped from the OpenPGP standard. While this release of
+ GnuPG still contains it, it is disabled by default. To ensure
+ you will still be able to use your messages with future versions
+ of GnuPG and other OpenPGP programs, please do not use this
+ algorithm.
+
+
+Noteworthy changes in version 1.3.1 (2002-11-12)
+------------------------------------------------
+
+ * Trust signature support. This is based on the Maurer trust
+ model where a user can specify the trust level along with the
+ signature with multiple levels so users can delegate
+ certification ability to other users, possibly restricted by a
+ regular expression on the user ID. Note that full trust
+ signature support requires a regular expression parsing library.
+ The regexp code from glibc 2.3.1 is included for those platforms
+ that don't have working regexp functions available. The
+ configure option --disable-regex may be used to disable any
+ regular expression code, which will make GnuPG ignore any trust
+ signature with a regular expression included.
+
+ * Two new commands --hidden-recipient (-R) and --hidden-encrypt-to
+ encrypt to a user, but hide the identity of that user. This is
+ the same functionality as --throw-keyid, but can be used on a
+ per-user basis.
+
+ * Full algorithm names (e.g. "3DES", "SHA1", "ZIP") can now be
+ used interchangeably with the short algorithm names (e.g. "S2",
+ "H2", "Z1") anywhere algorithm names are used in GnuPG.
+
+
+Noteworthy changes in version 1.3.0 (2002-10-18)
+------------------------------------------------
+
+ * The last piece of internal keyserver support has been removed,
+ and now all keyserver access is done via the keyserver plugins.
+ There is also a newer keyserver protocol used between GnuPG and
+ the plugins, so plugins from earlier versions of GnuPG may not
+ work properly.
+
+ * The HKP keyserver plugin supports the new machine-readable key
+ listing format for those keyservers that provide it.
+
+ * When using a HKP keyserver with multiple DNS records (such as
+ wwwkeys.pgp.net which has the addresses of multiple servers
+ around the world), try all records until one succeeds. Note
+ that it depends on the LDAP library used whether the LDAP
+ keyserver plugin does this as well.
+
+ * The library dependencies for OpenLDAP seem to change fairly
+ frequently, and GnuPG's configure script cannot guess all the
+ combinations. Use ./configure LDAPLIBS="-L libdir -l libs" to
+ override the script and use the libraries selected.
+
+ * Secret keys generated with --export-secret-subkeys are now
+ indicated in key listings with a '#' after the "sec", and in
+ --with-colons listings by showing no capabilities (no lowercase
+ characters).
+
+ * --trusted-key has been un-obsoleted, as it is useful for adding
+ ultimately trusted keys from the config file. It is identical
+ to using --edit and "trust" to change a key to ultimately
+ trusted.
+
+ * Translations other than de are no longer distributed with the
+ development branch. This is due to the frequent text changes
+ during development, which cause the translations to rapidly go
+ out of date.
+
+
+Noteworthy changes in version 1.1.92 (2002-09-11)
+-------------------------------------------------
+
+ * [IMPORTANT] The default configuration file is now
+ ~/.gnupg/gpg.conf. If an old ~/.gnupg/options is found it will
+ still be used. This change is required to have a more
+ consistent naming scheme with forthcoming tools.
+
+ * The use of MDCs have increased. A MDC will be used if the
+ recipients directly request it, if the recipients have AES,
+ AES192, AES256, or TWOFISH in their cipher preferences, or if
+ the chosen cipher has a blocksize not equal to 64 bits
+ (currently this is also AES, AES192, AES256, and TWOFISH).
+
+ * GnuPG will no longer automatically disable compression when
+ processing an already-compressed file unless a MDC is being
+ used. This is to give the message a certain amount of
+ resistance to the chosen-ciphertext attack while communicating
+ with other programs (most commonly PGP earlier than version 7.x)
+ that do not support MDCs.
+
+ * The option --interactive now has the desired effect when
+ importing keys.
+
+ * The file permission and ownership checks on files have been
+ clarified. Specifically, the homedir (usually ~/.gnupg) is
+ checked to protect everything within it. If the user specifies
+ keyrings outside this homedir, they are presumed to be shared
+ keyrings and therefore *not* checked. Configuration files
+ specified with the --options option and the IDEA cipher
+ extension specified with --load-extension are checked, along
+ with their enclosing directories.
+
+ * The configure option --with-static-rnd=auto allows to build gpg
+ with all available entropy gathering modules included. At
+ runtime the best usable one will be selected from the list
+ linux, egd, unix. This is also the default for systems lacking
+ a /dev/random device.
+
+ * The default character set is now taken from the current locale;
+ it can still be overridden by the --charset option. Using the
+ option -vvv shows the used character set.
+
+ * [REMOVED] --emulate-checksum-bug and --emulate-3des-s2k-bug have
+ been removed.
+
+
+Noteworthy changes in version 1.1.91 (2002-08-04)
+-------------------------------------------------
+
+ * All modules are now linked statically; the --load-extension
+ option is in general not useful anymore. The only exception is
+ to specify the deprecated idea cipher.
+
+ * The IDEA plugin has changed. Previous versions of the IDEA
+ plugin will no longer work with GnuPG. However, the current
+ version of the plugin will work with earlier GnuPG versions.
+
+ * When using --batch with one of the --delete-key commands, the
+ key must be specified by fingerprint. See the man page for
+ details.
+
+ * There are now various ways to restrict the ability GnuPG has to
+ exec external programs (for the keyserver helpers or photo ID
+ viewers). Read the README file for the complete list.
+
+ * New export option to leave off attribute packets (photo IDs)
+ during export. This is useful when exporting to HKP keyservers
+ which do not understand attribute packets.
+
+ * New import option to repair during import the HKP keyserver
+ mangling multiple subkeys bug. Note that this cannot completely
+ repair the damaged key as some crucial data is removed by the
+ keyserver, but it does at least give you back one subkey. This
+ is on by default for keyserver --recv-keys, and off by default
+ for regular --import.
+
+ * The keyserver helper programs now live in
+ /usr/[local/]libexec/gnupg by default. If you are upgrading
+ from 1.0.7, you might want to delete your old copies in
+ /usr/[local/]bin. If you use an OS that does not use libexec
+ for whatever reason, use configure --libexecdir=/usr/local/lib
+ to place the keyserver helpers there.
+
+ * The LDAP keyserver handler now works properly with very old
+ (version 1) LDAP keyservers.
+
+
+Noteworthy changes in version 1.1.90 (2002-07-01)
+-------------------------------------------------
+
+ * New commands: --personal-cipher-preferences,
+ --personal-digest-preferences, and
+ --personal-compress-preferences allow the user to specify which
+ algorithms are to be preferred. Note that this does not permit
+ using an algorithm that is not present in the recipient's
+ preferences (which would violate the OpenPGP standard). This
+ just allows sorting the preferences differently.
+
+ * New "group" command to refer to several keys with one name.
+
+ * A warning is issued if the user forces the use of an algorithm
+ that is not listed in the recipient's preferences.
+
+ * Full revocation key (aka "designated revoker") support.
+
+ * The preferred hash algorithms on a key are consulted when
+ encrypting a signed message to that key. Note that this is
+ disabled by default by a SHA1 preference in
+ --personal-digest-preferences.
+
+ * --cert-digest-algo allows the user to specify the hash algorithm
+ to use when signing a key rather than the default SHA1 (or MD5
+ for PGP2 keys). Do not use this feature unless you fully
+ understand the implications of this.
+
+ * --pgp7 mode automatically sets all necessary options to ensure
+ that the resulting message will be usable by a user of PGP 7.x.
+
+ * New --attribute-fd command for frontends and scripts to get the
+ contents of attribute packets (i.e. photos)
+
+ * In expert mode, the user can now re-sign a v3 key with a v4
+ self-signature. This does not change the v3 key into a v4 key,
+ but it does allow the user to use preferences, primary ID flags,
+ etc.
+
+ * Significantly improved photo ID support on non-unixlike
+ platforms.
+
+ * The version number has jumped ahead to 1.1.90 to skip over the
+ old version 1.1 and to get ready for the upcoming 1.2.
+
+ * ElGamal sign and encrypt is not anymore allowed in the key
+ generation dialog unless in expert mode. RSA sign and encrypt
+ has been added with the same restrictions.
+
+ * [W32] Keyserver access does work with Windows NT.
+
+
+Noteworthy changes in version 1.0.7 (2002-04-29)
+------------------------------------------------
+
+ * Secret keys are now stored and exported in a new format which
+ uses SHA-1 for integrity checks. This format renders the
+ Rosa/Klima attack useless. Other OpenPGP implementations might
+ not yet support this, so the option --simple-sk-checksum creates
+ the old vulnerable format.
+
+ * The default cipher algorithm for encryption is now CAST5,
+ default hash algorithm is SHA-1. This will give us better
+ interoperability with other OpenPGP implementations.
+
+ * Symmetric encrypted messages now use a fixed file size if
+ possible. This is a tradeoff: it breaks PGP 5, but fixes PGP 2,
+ 6, and 7. Note this was only an issue with RFC-1991 style
+ symmetric messages.
+
+ * Photographic user ID support. This uses an external program to
+ view the images.
+
+ * Enhanced keyserver support via keyserver "plugins". GnuPG comes
+ with plugins for the NAI LDAP keyserver as well as the HKP email
+ keyserver. It retains internal support for the HKP HTTP
+ keyserver.
+
+ * Nonrevocable signatures are now supported. If a user signs a
+ key nonrevocably, this signature cannot be taken back so be
+ careful!
+
+ * Multiple signature classes are usable when signing a key to
+ specify how carefully the key information (fingerprint, photo
+ ID, etc) was checked.
+
+ * --pgp2 mode automatically sets all necessary options to ensure
+ that the resulting message will be usable by a user of PGP 2.x.
+
+ * --pgp6 mode automatically sets all necessary options to ensure
+ that the resulting message will be usable by a user of PGP 6.x.
+
+ * Signatures may now be given an expiration date. When signing a
+ key with an expiration date, the user is prompted whether they
+ want their signature to expire at the same time.
+
+ * Revocation keys (designated revokers) are now supported if
+ present. There is currently no way to designate new keys as
+ designated revokers.
+
+ * Permissions on the .gnupg directory and its files are checked
+ for safety.
+
+ * --expert mode enables certain silly things such as signing a
+ revoked user id, expired key, or revoked key.
+
+ * Some fixes to build cleanly under Cygwin32.
+
+ * New tool gpgsplit to split OpenPGP data formats into packets.
+
+ * New option --preserve-permissions.
+
+ * Subkeys created in the future are not used for encryption or
+ signing unless the new option --ignore-valid-from is used.
+
+ * Revoked user-IDs are not listed unless signatures are listed too
+ or we are in verbose mode.
+
+ * There is no default comment string with ascii armors anymore
+ except for revocation certificates and --enarmor mode.
+
+ * The command "primary" in the edit menu can be used to change the
+ primary UID, "setpref" and "updpref" can be used to change the
+ preferences.
+
+ * Fixed the preference handling; since 1.0.5 they were erroneously
+ matched against against the latest user ID and not the given one.
+
+ * RSA key generation.
+
+ * Merged Stefan's patches for RISC OS in. See comments in
+ scripts/build-riscos.
+
+ * It is now possible to sign and conventional encrypt a message (-cs).
+
+ * The MDC feature flag is supported and can be set by using
+ the "updpref" edit command.
+
+ * The status messages GOODSIG and BADSIG are now returning the primary
+ UID, encoded using %XX escaping (but with spaces left as spaces,
+ so that it should not break too much)
+
+ * Support for GDBM based keyrings has been removed.
+
+ * The entire keyring management has been revamped.
+
+ * The way signature stati are store has changed so that v3
+ signatures can be supported. To increase the speed of many
+ operations for existing keyrings you can use the new
+ --rebuild-keydb-caches command.
+
+ * The entire key validation process (trustdb) has been revamped.
+ See the man page entries for --update-trustdb, --check-trustdb
+ and --no-auto-check-trustdb.
+
+ * --trusted-keys is again obsolete, --edit can be used to set the
+ ownertrust of any key to ultimately trusted.
+
+ * A subkey is never used to sign keys.
+
+ * Read only keyrings are now handled as expected.
+
+
+Noteworthy changes in version 1.0.6 (2001-05-29)
+------------------------------------------------
+
+ * Security fix for a format string bug in the tty code.
+
+ * Fixed format string bugs in all PO files.
+
+ * Removed Russian translation due to too many bugs. The FTP
+ server has an unofficial but better translation in the contrib
+ directory.
+
+ * Fixed expire time calculation and keyserver access.
+
+ * The usual set of minor bug fixes and enhancements.
+
+ * non-writable keyrings are now correctly handled.
+
+
+Noteworthy changes in version 1.0.5 (2001-04-29)
+------------------------------------------------
+
+ * WARNING: The semantics of --verify have changed to address a
+ problem with detached signature detection. --verify now ignores
+ signed material given on stdin unless this is requested by using
+ a "-" as the name for the file with the signed material. Please
+ check all your detached signature handling applications and make
+ sure that they don't pipe the signed material to stdin without
+ using a filename together with "-" on the the command line.
+
+ * WARNING: Corrected hash calculation for input data larger than
+ 512M - it was just wrong, so you might notice bad signature in
+ some very big files. It may be wise to keep an old copy of
+ GnuPG around.
+
+ * Secret keys are no longer imported unless you use the new option
+ --allow-secret-key-import. This is a kludge and future versions will
+ handle it in another way.
+
+ * New command "showpref" in the --edit-key menu to show an easier
+ to understand preference listing.
+
+ * There is now the notation of a primary user ID. For example, it
+ is printed with a signature verification as the first user ID;
+ revoked user IDs are not printed there anymore. In general the
+ primary user ID is the one with the latest self-signature.
+
+ * New --charset=utf-8 to bypass all internal conversions.
+
+ * Large File Support (LFS) is now working.
+
+ * New options: --ignore-crc-error, --no-sig-create-check,
+ --no-sig-cache, --fixed_list_mode, --no-expensive-trust-checks,
+ --enable-special-filenames and --use-agent. See man page.
+
+ * New command --pipemode, which can be used to run gpg as a
+ co-process. Currently only the verification of detached
+ signatures are working. See doc/DETAILS.
+
+ * Keyserver support for the W32 version.
+
+ * Rewritten key selection code so that GnuPG can better cope with
+ multiple subkeys, expire dates and so. The drawback is that it
+ is slower.
+
+ * A whole lot of bug fixes.
+
+ * The verification status of self-signatures are now cached. To
+ increase the speed of key list operations for existing keys you
+ can do the following in your GnuPG homedir (~/.gnupg):
+ cp pubring.gpg pubring.gpg.save && gpg --export-all >x && \
+ rm pubring.gpg && gpg --import x
+ Only v4 keys (i.e not the old RSA keys) benefit from this caching.
+
+ * New translations: Estonian, Turkish.
+
+
+Noteworthy changes in version 1.0.4 (2000-10-17)
+------------------------------------------------
+
+ * Fixed a serious bug which could lead to false signature verification
+ results when more than one signature is fed to gpg. This is the
+ primary reason for releasing this version.
+
+ * New utility gpgv which is a stripped down version of gpg to
+ be used to verify signatures against a list of trusted keys.
+
+ * Rijndael (AES) is now supported and listed with top preference.
+
+ * --with-colons now works with --print-md[s].
+
+Noteworthy changes in version 1.0.3 (2000-09-18)
+------------------------------------------------
+
+ * Fixed problems with piping to/from other MS-Windows software
+
+ * Expiration time of the primary key can be changed again.
+
+ * Revoked user IDs are now marked in the output of --list-key
+
+ * New options --show-session-key and --override-session-key
+ to help the British folks to somewhat minimize the danger
+ of this Orwellian RIP bill.
+
+ * New options --merge-only and --try-all-secrets.
+
+ * New configuration option --with-egd-socket.
+
+ * The --trusted-key option is back after it left us with 0.9.5
+
+ * RSA is supported. Key generation does not yet work but will come
+ soon.
+
+ * CAST5 and SHA-1 are now the default algorithms to protect the key
+ and for symmetric-only encryption. This should solve a couple
+ of compatibility problems because the old algorithms are optional
+ according to RFC2440
+
+ * Twofish and MDC enhanced encryption is now used. PGP 7 supports
+ this. Older versions of GnuPG don't support it, so they should be
+ upgraded to at least 1.0.2
+
+
+Noteworthy changes in version 1.0.2 (2000-07-12)
+----------------------------------------------
+
+ * Fixed expiration handling of encryption keys.
+
+ * Add an experimental feature to do unattended key generation.
+
+ * The user is now asked for the reason of revocation as required
+ by the new OpenPGP draft.
+
+ * There is a ~/.gnupg/random_seed file now which saves the
+ state of the internal RNG and increases system performance
+ somewhat. This way the full entropy source is only used in
+ cases were it is really required.
+ Use the option --no-random-seed-file to disable this feature.
+
+ * New options --ignore-time-conflict and --lock-never.
+
+ * Some fixes for the W32 version.
+
+ * The entropy.dll is not anymore used by the W32 version but replaced
+ by code derived from Cryptlib.
+
+ * Encryption is now much faster: About 2 times for 1k bit keys
+ and 8 times for 4k keys.
+
+ * New encryption keys are generated in a way which allows a much
+ faster decryption.
+
+ * New command --export-secret-subkeys which outputs the
+ the _primary_ key with it's secret parts deleted. This is
+ useful for automated decryption/signature creation as it
+ allows to keep the real secret primary key offline and
+ thereby protecting the key certificates and allowing to
+ create revocations for the subkeys. See the FAQ for a
+ procedure to install such secret keys.
+
+ * Keygeneration now writes to the first writeable keyring or
+ as default to the one in the homedirectory. Prior versions
+ ignored all --keyring options.
+
+ * New option --command-fd to take user input from a file descriptor;
+ to be used with --status-fd by software which uses GnuPG as a backend.
+
+ * There is a new status PROGRESS which is used to show progress during
+ key generation.
+
+ * Support for the new MDC encryption packets. To create them either
+ --force-mdc must be use or cipher algorithm with a blocksize other
+ than 64 bits is to be used. --openpgp currently disables MDC packets
+ entirely. This option should not yet be used.
+
+ * New option --no-auto-key-retrieve to disable retrieving of
+ a missing public key from a keyserver, when a keyserver has been set.
+
+ * Danish translation
+
+Noteworthy changes in version 1.0.1 (1999-12-16)
-----------------------------------
- * Did a couple of changes for this new development series.
- This release basically works on my machine but may have
- serious problems.
+ * New command --verify-files. New option --fast-list-mode.
+
+ * $http_proxy is now used when --honor-http-proxy is set.
+
+ * Fixed some minor bugs and the problem with conventional encrypted
+ packets which did use the gpg v3 partial length headers.
+
+ * Add Indonesian and Portugese translations.
+
+ * Fixed a bug with symmetric-only encryption using the non-default 3DES.
+ The option --emulate-3des-s2k-bug may be used to decrypt documents
+ which have been encrypted this way; this should be done immediately
+ as this workaround will be remove in 1.1
+
+ * Can now handle (but not display) PGP's photo IDs. I don't know the
+ format of that packet but after stripping a few bytes from the start
+ it looks like a JPEG (at least my test data). Handling of this
+ package is required because otherwise it would mix up the
+ self signatures and you can't import those keys.
+
+ * Passing non-ascii user IDs on the commandline should now work in all
+ cases.
+
+ * New keys are now generated with an additional preference to Blowfish.
+
+ * Removed the GNU Privacy Handbook from the distribution as it will go
+ into a separate one.
Noteworthy changes in version 1.0.0 (1999-09-07)
* The string "(INSECURE!)" is appended to a new user-id if this
is generated on a system without a good random number generator.
+
+Copyright 1998, 1999, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+
+This file is free software; as a special exception the author gives
+unlimited permission to copy and/or distribute it, with or without
+modifications, as long as this notice is preserved.
+
+This file is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
projects / gnupg.git / blobdiff