[Pkg-gnupg-commit] [gnupg2] 116/159: doc: Update whats-new-in-2.1 from gnupg-doc.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 27 13:24:00 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 99cdc15cf103cace11aa6eec9e13a3a8ecf13004
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jan 14 11:01:14 2016 +0100
doc: Update whats-new-in-2.1 from gnupg-doc.
--
---
doc/whats-new-in-2.1.txt | 119 +++++++++++++++++++++++++++++++----------------
1 file changed, 80 insertions(+), 39 deletions(-)
diff --git a/doc/whats-new-in-2.1.txt b/doc/whats-new-in-2.1.txt
index d20239f..6c46b04 100644
--- a/doc/whats-new-in-2.1.txt
+++ b/doc/whats-new-in-2.1.txt
@@ -6,7 +6,7 @@
━━━━━━━━━━━━━━━━━━━━━━━━━━━
- 2014-11-04
+ 2016-01-14
Table of Contents
@@ -28,8 +28,9 @@ Table of Contents
.. 1.13 Improved card support
.. 1.14 New format for key listings
.. 1.15 Support for Putty
-.. 1.16 Improved X.509 certificate creation
-.. 1.17 Scripts to create a Windows installer
+.. 1.16 Export of SSH public keys
+.. 1.17 Improved X.509 certificate creation
+.. 1.18 Scripts to create a Windows installer
A possibly revised version of this article can be found at:
@@ -91,6 +92,8 @@ https://gnupg.org/faq/whats-new-in-2.1.html
possible to export them directly in PKCS#8 and PEM format for use on
TLS servers.
+ • Export of /ssh/ keys has been integrated.
+
• The scripts to create a Windows installer are now part of GnuPG.
Now for the detailed description of these new features:
@@ -172,7 +175,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
This is best shown with an example:
- ╭────
+ ┌────
│ $ gpg2 --gen-key
│ gpg (GnuPG) 2.1.0; Copyright (C) 2014 Free Software Foundation, Inc.
│ This is free software: you are free to change and redistribute it.
@@ -194,7 +197,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
│ Key fingerprint = 0290 5ABF 17C7 81FB C390 9B00 636A 1BBD 68FD 0088
│ uid [ultimate] Glenn Greenwald <glenn at example.org>
│ sub rsa2048/84439DCD 2014-11-03
- ╰────
+ └────
Thus only the name and the mail address are required. For all other
parameters the default values are used. Many graphical frontends
@@ -212,10 +215,10 @@ https://gnupg.org/faq/whats-new-in-2.1.html
options to create an ECC key.
For those who want to experiment with ECC or already want to prepare a
- key for future use, the command `--gen-full-key' along with the option
+ key for future use, the command `--full-gen-key' along with the option
`--expert' is the enabler:
- ╭────
+ ┌────
│ $ gpg2 --expert --full-gen-key
│ gpg (GnuPG) 2.1.0; Copyright (C) 2014 Free Software Foundation, Inc.
│ This is free software: you are free to change and redistribute it.
@@ -264,7 +267,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
│ Key fingerprint = E630 27CF 3D68 22A7 6FF2 093E D179 9E72 3826 60E3
│ uid [ultimate] Edward Snowden <edward at example.org>
│ sub nistp256/48C9A997 2014-11-03 nistp256
- ╰────
+ └────
In this example we created a primary ECC key for signing and an subkey
for encryption. For both we use the NIST P-256 curve. The key may
@@ -284,7 +287,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
releases. Recall that an encryption subkey can be added to a key at
any time. If you want to create a signing key you may do it this way:
- ╭────
+ ┌────
│ $ gpg2 --expert --full-gen-key
│ gpg (GnuPG) 2.1.0; Copyright (C) 2014 Free Software Foundation, Inc.
│ This is free software: you are free to change and redistribute it.
@@ -335,7 +338,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
│ pub ed25519/5C1AFC2A 2014-11-03
│ Key fingerprint = ED85 4D98 5D8F 502F C6C5 FFB2 AA81 319E 5C1A FC2A
│ uid [ultimate] Laura Poitras <laura at example.org>
- ╰────
+ └────
Support for ECC keys is available only on some keyservers but it is
expected that this will be fixed over the next few months.
@@ -355,17 +358,17 @@ https://gnupg.org/faq/whats-new-in-2.1.html
parameter file or interactive prompts for generating a key or to sign
a key. This can now be accomplished with a few new commands:
- ╭────
+ ┌────
│ $ gpg2 --batch --quick-gen-key 'Daniel Ellsberg <ellsberg at example.org>'
│ gpg: key 911B90A9 marked as ultimately trusted
- ╰────
+ └────
If a key with that user id already exists, gpg bails out with an error
message. You can force creation using the option `--yes'. If you
want some more control, you may not use `--batch' and gpg will ask for
confirmation and show the resulting key:
- ╭────
+ ┌────
│ $ gpg2 --quick-gen-key 'Daniel Ellsberg <ellsberg at example.org>'
│ About to create a key for:
│ "Daniel Ellsberg <ellsberg at example.org>"
@@ -379,13 +382,13 @@ https://gnupg.org/faq/whats-new-in-2.1.html
│ Key fingerprint = 15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C
│ uid [ultimate] Daniel Ellsberg <ellsberg at example.org>
│ sub rsa2048/72A4D018 2014-11-04
- ╰────
+ └────
Another common operation is to sign a key. /gpg/ can do this directly
from the command line by giving the fingerprint of the to-be-signed
key:
- ╭────
+ ┌────
│ $ gpg2 --quick-sign-key '15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C'
│
│ pub rsa2048/BD19AC1C
@@ -394,13 +397,13 @@ https://gnupg.org/faq/whats-new-in-2.1.html
│ Primary key fingerprint: 15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C
│
│ Daniel Ellsberg <ellsberg at example.org>
- ╰────
+ └────
In case the key has already been signed, the command prints a note and
exits with success. In case you want to check that it really worked,
use `=--check-sigs' as usual:
- ╭────
+ ┌────
│ $ gpg2 --check-sigs '15CB 723E 2000 A1A8 2505 F3B7 CC00 B501 BD19 AC1C'
│ gpg: checking the trustdb
│ gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
@@ -411,7 +414,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
│ sig! 68FD0088 2014-11-04 Glenn Greenwald <glenn at example.org>
│ sub rsa2048/72A4D018 2014-11-04
│ sig! BD19AC1C 2014-11-04 Daniel Ellsberg <ellsberg at example.org>
- ╰────
+ └────
The fingerprint may also be given without the spaces in which case
@@ -420,6 +423,20 @@ https://gnupg.org/faq/whats-new-in-2.1.html
To create a non-exportable key signature, use the command
`--quick-lsign-key' instead.
+ Since version 2.1.4 it possible to directly add another user id to an
+ existing key:
+
+ ┌────
+ │ $ gpg2 -k 8CFDE12197965A9A
+ │ pub ed25519/8CFDE12197965A9A 2014-08-19
+ │ uid [ unknown] EdDSA sample key 1
+ │ $ gpg2 --quick-adduid 8CFDE12197965A9A 'Sample 2 <me at example.org>'
+ │ $ gpg2 -k 8CFDE12197965A9A
+ │ pub ed25519/8CFDE12197965A9A 2014-08-19
+ │ uid [ unknown] Sample 2 <me at example.org>
+ │ uid [ unknown] EdDSA sample key 1
+ └────
+
1.6 Improved Pinentry support
─────────────────────────────
@@ -531,10 +548,10 @@ https://gnupg.org/faq/whats-new-in-2.1.html
dead so that it won’t be used in future. To interact with the
/dirmngr/ the `gpg-connect-agent' tool is used:
- ╭────
+ ┌────
│ $ gpg-connect-agent --dirmngr 'help keyserver' /bye
│ $ gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye
- ╰────
+ └────
The first command prints a help screen for the keyserver command and
the second command prints the current host table.
@@ -571,16 +588,23 @@ https://gnupg.org/faq/whats-new-in-2.1.html
keybox file.
To convert an existing `pubring.gpg' file to the keybox format, you
- first rename the file to (for example) `publickeys' so it won’t be
- recognized by any GnuPG version and then you run the command
-
- ╭────
- │ $ gpg2 --import publickeys
- ╰────
+ first backup the ownertrust values, then rename the file to (for
+ example) `publickeys', so it won’t be recognized by any GnuPG version,
+ then run import, and finally restore the ownertrust values:
+
+ ┌────
+ │ $ cd ~/.gnupg
+ │ $ gpg --export-ownertrust >otrust.lst
+ │ $ mv pubring.gpg publickeys
+ │ $ gpg2 --import-options import-local-sigs --import publickeys
+ │ $ gpg2 --import-ownertrust otrust.lst
+ └────
You may then rename the `publickeys' file back so that it can be used
by older GnuPG versions. Remember that in this case you have two
- independent copies of the public keys.
+ independent copies of the public keys. The ownertrust values are kept
+ by all gpg versions in the file `trustdb.gpg' but the above
+ precautions need to be taken to keep them over an import.
1.12 Auto-generated revocation certificates
@@ -597,14 +621,17 @@ https://gnupg.org/faq/whats-new-in-2.1.html
──────────────────────────
The /scdaemon/, which is responsible for accessing smardcards and
- other tokens, has received may updates. In particular plugable USB
+ other tokens, has received many updates. In particular plugable USB
readers with a fixed card now work smoothless and similar to standard
- readers. The latest features of the /gnuk/ token are supported. Code
- for the HSM smartcard has been added. More card readers with a PIN
+ readers. The latest features of the [gnuk] token are supported. Code
+ for the SmartCard-HSM has been added. More card readers with a PIN
pad are supported. The internal CCID driver does now also work with
certain non-auto configuration equipped readers.
+ [gnuk] http://www.fsij.org/doc-gnuk/
+
+
1.14 New format for key listings
────────────────────────────────
@@ -616,11 +643,11 @@ https://gnupg.org/faq/whats-new-in-2.1.html
either use the algorithm name with appended key length or use the name
of the curve:
- ╭────
+ ┌────
│ pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31]
│ pub dsa2048/1E42B367 2007-12-31 [expires: 2018-12-31]
│ pub ed25519/0AA914C9 2014-10-18
- ╰────
+ └────
The first two lines show the same key in the old format and in the new
format. The third line shows an example of an ECC key using the
@@ -653,7 +680,18 @@ https://gnupg.org/faq/whats-new-in-2.1.html
[Putty] http://www.chiark.greenend.org.uk/~sgtatham/putty/
-1.16 Improved X.509 certificate creation
+1.16 Export of SSH public keys
+──────────────────────────────
+
+ The new command `--export-ssh-key' makes it easy to export an /ssh/
+ public key in the format used for ssh’s `authorized_keys' file. By
+ default the command exports the newest subkey with an authorization
+ usage flags. A special syntax can be used to export other subkeys.
+ This command is available since 2.1.11 and replaces the former debug
+ utility /gpgkey2ssh/.
+
+
+1.17 Improved X.509 certificate creation
────────────────────────────────────────
In addition to an improved certificate signing request menu, it is now
@@ -673,7 +711,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
and directly exported in a format suitable for OpenSSL based servers.
-1.17 Scripts to create a Windows installer
+1.18 Scripts to create a Windows installer
──────────────────────────────────────────
GnuPG now comes with the /speedo/ build system which may be used to
@@ -686,9 +724,9 @@ https://gnupg.org/faq/whats-new-in-2.1.html
and GpgEX as a Windows Explorer extension. GnuPG needs to be unpacked
and from the top source directory you run this command
- ╭────
+ ┌────
│ make -f build-aux/speedo.mk w32-installer
- ╰────
+ └────
This command downloads all direct dependencies, checks the signatures
using the GnuPG version from the build system (all Linux distros
@@ -696,12 +734,15 @@ https://gnupg.org/faq/whats-new-in-2.1.html
uses NSIS to create the installer. Although this sounds easy, some
experience in setting up a development machine is still required.
Some versions of the toolchain exhibit bugs and thus your mileage may
- vary. Support for keyserver access over TLS is currently not
- available but will be added with one of the next point releases.
+ vary. See the [Wiki] for more info.
+
+ Support for keyserver access over TLS is currently not available but
+ will be added with one of the next point releases.
+ [Wiki] https://wiki.gnupg.org/Build2.1_Windows
- # Copyright 2014 The GnuPG Project.
+ # Copyright 2014--2016 The GnuPG Project.
# This work is licensed under the Creative Commons
# Attribution-ShareAlike 4.0 International License. To view a copy of
# this license, visit http://creativecommons.org/licenses/by-sa/4.0/
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list