GPGee (GnuPG Explorer Extension) Version 1.1.2 Released - PGP

This is a discussion on GPGee (GnuPG Explorer Extension) Version 1.1.2 Released - PGP ; -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Version 1.1.2 of GPGee has been released. This release fixes a newly identified security issue. In previous versions of GPGee, the mechanism that was intended to overwrite passphrases after they were used had a ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: GPGee (GnuPG Explorer Extension) Version 1.1.2 Released

  1. GPGee (GnuPG Explorer Extension) Version 1.1.2 Released

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: RIPEMD160

    Version 1.1.2 of GPGee has been released. This release fixes a newly
    identified security issue.

    In previous versions of GPGee, the mechanism that was intended to
    overwrite passphrases after they were used had a flaw that prevented
    this from occuring. This makes is more likely (though still not very)
    that a passphrase could end up being written in the clear to the Windows
    swap file.

    In addition to fixing the above issue, version 1.1.2 has much more
    robust internal handling of passphrases all around. All memory used for
    passphrase handling is now locked to prevent it being swapped out.
    Also, a better caching mechanism is in place to cache all passphrases
    entered during a single verify/decrypt operation. You never have to
    enter a passphrase for a particular key more than once when multiple
    files are verified/decrypted in a single operation. For security
    reasons, passphrases are still not ever cached longer than a single
    operation.

    For those of you who are unfamilliar with the program, GPGee is the
    GnuPG Explorer Extension - a Windows shell extension front end for GnuPG
    that gives you access to GnuPG functionality directly through the
    Windows explorer right-click context menu.

    More information (including a full discussion of the new version, the
    security flaw, and its implications) and downloads are available from:
    http://gpgee.excelcia.org

    Kurt Fitzner
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (MingW32)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iQEVAwUBQusy7d366Kf2Ie2tAQMBkwf/f2k1ayTOT/3p3+nGJs462Hv/v1w3hDDo
    iJ4M+WE9/jgZKYs5dJmdREzFw7w7uvSFPDcbiaKTi9gWHyg9NlcsvRjnqLZ lCi8x
    EvyXoP02Pcq2DJJqfjWm4GJPDYWr/QErGYF7VAUCfWNdbQNIzTKaHuc2onYKnrvv
    lWPfN8wndydPs3ANvOt52hxiAFegFFAwQSZaz24f0ubsptsH2k A73Conl838/mHE
    K6D1tGb6aPo94/W8PYvVDHp/lQ1Fv20v21zh5R4Yg5w+b0uV5BLhhchVPWyAhDv6
    NhR+LGy/s7ygDCdm8nmlZXnaDI41eGvUuh4XB1JVOeHOSsouR5ao6g==
    =+lx/
    -----END PGP SIGNATURE-----

  2. Re: GPGee (GnuPG Explorer Extension) Version 1.1.2 Released



    Kurt Fitzner (kfitzner at excelcia period org) wrote:
    > Version 1.1.2 of GPGee has been released. This release fixes a newly
    > identified security issue.


    Kurt, I got an installation error with 1.1.2 - "Error opening file for
    writing c:\program files\GPGee\GPGee.dll - Abort, retry,fail. I deleted the
    existing .dll file (not marked "read-only etc. - appeared perfectly normal)
    and then re-installed OK. All seems to be well, apart from this.

    Regards,

    Bob

    --
    Remove "x" from address to reply by email.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (MingW32)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFC60D1/yGczvugYoIRAtVLAKDZtAauZIBCDFY+cBru0PVjfDaTYACgjOc v
    PsXPiPwpQ5p+x4/eAHkMmHM=
    =fbVD
    -----END PGP SIGNATURE-----


+ Reply to Thread