Page MenuHome GnuPG
Create Task
Maniphest T6197

Update the gpg4win-3.1.16.exe package to latest release of version 3 gpg4win (aka gpg4win-3.1.24.exe)
Closed, WontfixPublic
Actions

Description

Hello ...

Till now i've built and updated the version 3.x.xx-releases (... 3.1.22, 3.1.23, etc.) of "gpg4win" by myself, but you will know that these packages are not digitally signed by "g10 Code GmbH":

E = code@g10code.com
CN = g10 Code GmbH
O = g10 Code GmbH
L = Erkrath
S = Nordrhein-Westfalen
C = DE

So ... only singned version 3.x.xx-releases of "gpg4win" are allowed to be used in de-vs mode by the BSI, documented in their "Security Operation Procedures" by sha256-Hashes (SecOps) BSI-VSA-10584 and BSI-VSA-10573:

Quote -begin- (BSI-VSA-10584 and BSI-VSA-10573 / Annex A zur Zulassung)

4 Konstruktionsstand
... Der Konstruktionsstand wird für jede zugelassene Produktversion
festgehalten und ist integraler Bestandteil der Zulassungsdokumentation.
Die Zulassung bezieht sich auf die folgende Version:
====================================================

  • Version 3.x, ab Unterversion 3.1.15 und folgende ...
  ...
1. 
Gpg4win 3.1.15 (gpg4win-3.1.15.exe)
SHA256: 58b4de192ce0f3a7f25766e96ec379a8f125e3a1e2bdb2519c185a03a0a4ed4c
Gpg4win 3.1.16 (gpg4win-3.1.16.exe)
SHA256: c499213ff3e14e93c3b245546994cc0e654ec267b40a188788665ae8f4e9f5ad
  ...
3. 
Die Softwarepakete der Produkte Gpg4win und Gpg4KDE werden mit dem öffentlicher
OpenPGP-Schlüssel 42D876082688DA1A signiert der unter der URL
https://gnupg.org/signature_key.html bezogen werden kann.
  ...

Quote -end-

So i would like to ask, when a "gpg4win" 3.1.24 package (aka gpg4win-3.1.24.exe) will be available for download ?

Best regards,
Veit Berwig

Details

Version
gpg4win 3.1.23, 3.1.24, 3.1.xx

Event Timeline

vitusb created this task.Sep 8 2022, 3:45 PM
aheinecke closed this task as Wontfix.Sep 9 2022, 9:24 AM
aheinecke claimed this task.
aheinecke added a subscriber: aheinecke.

Hello,

For Gpg4win we will soon release a 4.0.4 Version that will contain the latest Kleopatra updates and GnuPG 2.3.x, but the 3.1.x series of Gpg4win is something that we only release in binary form as part of our Product GnuPG VS-Desktop.
The reason for this is that for VS-NfD there are some responsibilities for the supplier, and so the VS-NfD user needs a responsible supplier. We do not promise that for Gpg4win, which is the free community version anyone can download. If we would provide Gpg4win-3.1.24 also in binary form we would make it harder for us to argue that VS-NfD users have to purchase GnuPG VS-Desktop with the required support.

As you know we maintain Gpg4win with the highest quality standards and are proud to provide it as free software. But for the specialized use case for businesses and agencies working with restricted material a support contract must be purchased. A pay what you want model, like we have for Gpg4win, cannot work with businesses that are required to optimize their profits.

Gpg4win-4.x can always be used to decrypt material. But for serious VS-NfD work with encryption and key management GnuPG VS-Desktop is required.

Best Regards,
Andre

vitusb updated the task description. (Show Details)Sep 9 2022, 10:34 AM
vitusb added a comment.Sep 9 2022, 10:40 AM

Hello ...

If we would provide Gpg4win-3.1.24 also in binary form we would make it harder for us to argue that VS-NfD users have to purchase GnuPG VS-Desktop with the required support

Thanx for clarification ...

Best regards,
Veit Berwig

canti59 added a commit: rG8046fcac63db: po: Update Czech translation..Oct 14 2022, 2:10 AM
gniibe removed a commit: rG8046fcac63db: po: Update Czech translation..Oct 14 2022, 2:50 AM