7

I'm trying to upgrade my 1.4.14 GNUPG to 2.0.26 version and the repository has 1.4.14 version... I tryied removing it and building the lastest version from the official GNUPG website downloading its source code (2.0.26), but I can't do it! it is always 1.4.14! and gpg generates this key:

-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1

It generates v1 keys, that's bad... I wan't the lastest version to generate my keys, is more safe, doesn't it?

How can I repair it?

Thanks in advance!

(I'm using Linux Mint, but this happened in Ubuntu too)

Joshua Hales Silva
  • 81
  • 1
  • 2
  • 1
    If you're currently doing this on Mint, it would be better if you asked this on [unix.se]. – muru Oct 18 '14 at 05:41

3 Answers3

9

GnuPG 1 and 2

First of all, GnuPG 1.4.14 is not really outdated, there are two branches of GnuPG developed at the same time. Also see Are gnupg and gnupg2 compatible with each other?

On Debian and derivated distributions, GnuPG 1 is installed as gpg, whereas GnuPG 2 is installed as gpg2 (but you might need to install the gnupg2 package).

Key Versions

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

This is not an OpenPGP v1 key, the comment just indicates that GnuPG 1 created it. Both GnuPG 1 and 2 generate OpenPGP v4 keys. You can see what format is actually used by running (no matter whether using gpg or gpg2)

gpg --export [key-id] | gpg --list-packets | head

which will output something like

:public key packet:
    version 4, algo 1, created 1356475387, expires 0

(Not) Building GnuPG on Your own

I strongly recommend not building GnuPG on your own. Apart from verifying sources, you need to regularly recompile to get security updates. Mint Linux already includes a fairly recent version of GnuPG 2 (2.0.22) with all security fixes backported, it should be totally fine sticking with that until a newer distribution will bring a new minor version.

Community
  • 1
Jens Erat
  • 5,051
  • 7
  • 31
  • 37
0

Older versions of gnupg are insecure.

GnuPG 1.4.23 released (2018-06-11) important

Although GnuPG 1.4 is of very limited use today we did a maintenance release to address the critical security bug CVE-2017-7526. See the download section on how to get this version.

GnuPG 2.2.8 released> (2018-06-08) important

This version fixes a critical security bug. Either this version or a vendor provided fix should be installed. There are also a few other changes; see the announcement mail. This is CVE-2018-12020 and our bug #4012.

To update to a safe version, you might have to install a backport explained further here.

Elliptical view
  • 1,808
0

i dont know if this would help but if you use linux mint you can download it here http://community.linuxmint.com/software/view/gnupg2 or if you use ubuntu you can download it here https://apps.ubuntu.com/cat/applications/gnupg2/

jonathan
  • 1