There’s been an application vulnerability raised for an older version of Gpg4win (2.3.3) installed on one of our servers. I’d like to update the app to a later version, however I know know very little about the application, aside from what I’ve read on this website.
Due to the function of this server and what Gpg4win deals with, I don’t want to update Gpg4win without any guidance. However, I can’t find any best practice documentation for updating the app. Can someone please assist, or point me in the right direction…
- What’s the best way to update this app?
- Are there any “gotchyas” I need to be aware of?
- Do I need to manually backup anything from within the server OS before updating this?
- Does Kleopatra update when Gpg4win update, or is this a separate process?
- Anything else?
I’m no expert but I just tested this case. First, I installed Gpg4win 2.3.3 and created a key pair and imported a public key. Then I installed Gpg4win 4.1.0 and saw that all keys were still available. So it should be not necessary to backup the keys just for the upgrade. But, of course you always should have a backup of your keys
What I noticed was that the default install directory was a different one. So if you use GnuPG on the command line you should edit your environment variables.
You don’t need to update Kleopatra separately.
I hope I could answer at least some of your questions. Maybe someone else has additional information about what you have to watch out for.
to upgrade, the recommended way is to use the same methods that you have also used for the installation.
The data parts will be kept in place, but of course you should have a backup in general.
For regular usage, all components will be upgraded and be fine to use. If you have a special use case and made manual adaptation, there maybe things you need to adjust. If you are very thorough, you can read the release notes between your version and the one you are going to upgrade to. E.g. read https://www.gpg4win.org/version4.html
Some defaults may have changed, some algorithms deprecated and there is no GPA in the distribution package.