Version 1.1.2 of GPGee has been released. This release fixes a newly identified security issue. In previous versions of GPGee, the mechanism that was intended to overwrite passphrases after they were used had a flaw that prevented this from occuring. This makes is more likely (though still not very) that a passphrase could end up being written in the clear to the Windows swap file. In addition to fixing the above issue, version 1.1.2 has much more robust internal handling of passphrases all around. All memory used for passphrase handling is now locked to prevent it being swapped out. Also, a better caching mechanism is in place to cache all passphrases entered during a single verify/decrypt operation. You never have to enter a passphrase for a particular key more than once when multiple files are verified/decrypted in a single operation. For security reasons, passphrases are still not ever cached longer than a single operation. For those of you who are unfamilliar with the program, GPGee is the GnuPG Explorer Extension - a Windows shell extension front end for GnuPG that gives you access to GnuPG functionality directly through the Windows explorer right-click context menu. More information (including a full discussion of the new version, the security flaw, and its implications) and downloads are available from: http://gpgee.excelcia.org Kurt Fitzner _______________________________________________ Gnupg-announce mailing list Gnupg-announce@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce