1997-12-16 20:15:09 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
GNUPG - The GNU Privacy Guard
|
|
|
|
-------------------------------
|
1997-12-16 20:15:09 +01:00
|
|
|
|
1998-05-04 20:49:26 +02:00
|
|
|
THIS IS ALPHA SOFTWARE, YOU MAY ENCOUNTER SOME BUGS.
|
1997-12-16 20:15:09 +01:00
|
|
|
|
1998-02-13 21:58:50 +01:00
|
|
|
On a Linux box (version 2.x.x, alpha or x86 CPU) it should
|
1998-04-14 19:51:16 +02:00
|
|
|
work reliably. You may create your key on such a machine and
|
1998-02-24 19:50:46 +01:00
|
|
|
use it. Please verify the tar file; there is a PGP and a GNUPG
|
1998-02-13 21:58:50 +01:00
|
|
|
signature available. My PGP key is well known and published in
|
|
|
|
the "Global Trust Register for 1998", ISBN 0-9532397-0-5.
|
1997-12-16 20:15:09 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
I have included my pubring as "g10/pubring.asc", which contains
|
|
|
|
the key used to make GNUPG signatures:
|
1998-02-13 21:58:50 +01:00
|
|
|
"pub 1312G/FF3EAA0B 1998-02-09 Werner Koch <wk@isil.d.shuttle.de>"
|
|
|
|
"Key fingerprint = 8489 6CD0 1851 0E33 45DA CD67 036F 11B8 FF3E AA0B"
|
1997-12-16 20:15:09 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
You may add it to your GNUPG pubring and use it in the future to
|
1998-02-13 21:58:50 +01:00
|
|
|
verify new releases. Because you verified the tar file containing
|
|
|
|
this file here, you can be sure that the above fingerprint is correct.
|
1997-12-16 20:15:09 +01:00
|
|
|
|
1997-12-20 18:23:29 +01:00
|
|
|
Please subscribe to g10@net.lut.ac.uk by sending a mail with
|
1997-12-16 20:15:09 +01:00
|
|
|
the word "subscribe" in the body to "g10-request@net.lut.ac.uk".
|
|
|
|
|
|
|
|
See the file COPYING for copyright and warranty information.
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
Due to the fact that GNUPG does not use use any patented algorithm,
|
1998-04-14 19:51:16 +02:00
|
|
|
it cannot be compatible with old PGP versions, because those use
|
|
|
|
IDEA (which is patented worldwide) and RSA (which is patented in
|
1997-12-16 20:15:09 +01:00
|
|
|
the United States until Sep 20, 2000). I'm sorry about this, but
|
1997-12-20 18:23:29 +01:00
|
|
|
this is the world we have created (e.g. by using proprietary software).
|
1997-12-16 20:15:09 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
Because the OpenPGP standard is still a draft, GNUPG is not yet
|
1998-04-14 19:51:16 +02:00
|
|
|
compatible with it (or PGP 5) - but it will be. The data structures
|
|
|
|
used are compatible with PGP 2.x, so it can parse and list such files
|
1998-02-24 19:50:46 +01:00
|
|
|
and PGP should be able to parse data created by GNUPG and complain
|
1997-12-20 18:23:29 +01:00
|
|
|
about unsupported algorithms.
|
1997-12-16 20:15:09 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
The default algorithms used by GNUPG are ElGamal for public-key
|
1998-04-30 16:06:01 +02:00
|
|
|
encryption and signing; Blowfish with a 128 bit key for protecting
|
1997-12-16 20:15:09 +01:00
|
|
|
the secret-key components, conventional and session encryption;
|
1998-04-30 16:06:01 +02:00
|
|
|
RIPE MD-160 to create message digest. DSA, SHA-1, CAST and TIGER are
|
1998-04-14 19:51:16 +02:00
|
|
|
also implemented, but not used by default. I decided not
|
|
|
|
to use DSA as the default signing algorithm, because it allows only
|
|
|
|
for 1024 bit keys and this may not be enough in a couple of years.
|
1997-12-16 20:15:09 +01:00
|
|
|
|
|
|
|
|
1998-01-05 20:13:15 +01:00
|
|
|
|
1998-01-12 11:18:17 +01:00
|
|
|
Installation
|
|
|
|
------------
|
|
|
|
|
1998-02-13 21:58:50 +01:00
|
|
|
See the file INSTALL. Here is a quick summary:
|
1998-01-12 11:18:17 +01:00
|
|
|
|
1998-02-13 21:58:50 +01:00
|
|
|
1) "./configure"
|
1998-01-12 11:18:17 +01:00
|
|
|
|
|
|
|
2) "make"
|
|
|
|
|
|
|
|
3) "make install"
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
4) You end up with a binary "gpg" in /usr/local/bin
|
1998-02-13 21:58:50 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
5) Optional, but suggested: install the program "gpg" as suid root.
|
1998-01-12 11:18:17 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
1997-12-20 18:23:29 +01:00
|
|
|
Key Generation
|
|
|
|
--------------
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpg --gen-key
|
1997-12-20 18:23:29 +01:00
|
|
|
|
|
|
|
This asks some questions and then starts key generation. To create
|
|
|
|
good random numbers for prime number generation, it uses a /dev/random
|
1998-04-14 19:51:16 +02:00
|
|
|
which will only emit bytes if the kernel can gather enough entropy.
|
1997-12-20 18:23:29 +01:00
|
|
|
If you see no progress, you should start some other activities such
|
1998-04-14 19:51:16 +02:00
|
|
|
as mouse moves, "find /" or using the keyboard (in another window).
|
|
|
|
Because we have no hardware device to generate randomness we have to
|
|
|
|
use this method.
|
1997-12-20 18:23:29 +01:00
|
|
|
|
|
|
|
Key generation shows progress by printing different characters to
|
|
|
|
stderr:
|
1998-04-14 19:51:16 +02:00
|
|
|
"." Last 10 Miller-Rabin tests failed
|
|
|
|
"+" Miller-Rabin test succeeded
|
1997-12-20 18:23:29 +01:00
|
|
|
"!" Reloading the pool with fresh prime numbers
|
|
|
|
"^" Checking a new value for the generator
|
|
|
|
"<" Size of one factor decreased
|
|
|
|
">" Size of one factor increased
|
|
|
|
|
|
|
|
The prime number for ElGamal is generated this way:
|
|
|
|
|
1998-04-14 19:51:16 +02:00
|
|
|
1) Make a prime number q of 160, 200, 240 bits (depending on the keysize)
|
1997-12-20 18:23:29 +01:00
|
|
|
2) Select the length of the other prime factors to be at least the size
|
|
|
|
of q and calculate the number of prime factors needed
|
1998-04-14 19:51:16 +02:00
|
|
|
3) Make a pool of prime numbers, each of the length determined in step 2
|
1997-12-20 18:23:29 +01:00
|
|
|
4) Get a new permutation out of the pool or continue with step 3
|
|
|
|
if we have tested all permutations.
|
|
|
|
5) Calculate a candidate prime p = 2 * q * p[1] * ... * p[n] + 1
|
|
|
|
6) Check that this prime has the correct length (this may change q if
|
|
|
|
it seems not to be possible to make a prime of the desired length)
|
|
|
|
7) Check whether this is a prime using trial divisions and the
|
|
|
|
Miller-Rabin test.
|
|
|
|
8) Continue with step 4 if we did not find a prime in step 7.
|
|
|
|
9) Find a generator for that prime.
|
|
|
|
|
1998-03-09 22:44:06 +01:00
|
|
|
You should make a revocation certificate in case someone gets
|
1998-02-17 21:48:52 +01:00
|
|
|
knowledge of your secret key or you forgot your passphrase:
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpg --gen-revoke your_user_id
|
1998-02-17 21:48:52 +01:00
|
|
|
|
|
|
|
Run this command and store it away; output is always ASCII armored,
|
|
|
|
so that you can print it and (hopefully never) re-create it if
|
|
|
|
your electronic media fails.
|
|
|
|
|
1997-12-20 18:23:29 +01:00
|
|
|
|
1998-01-02 21:40:10 +01:00
|
|
|
You can sign a key with this command:
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpg --sign-key Donald
|
1998-01-02 21:40:10 +01:00
|
|
|
|
1998-01-24 17:32:27 +01:00
|
|
|
This let you sign the key of "Donald" with your default userid.
|
1998-01-02 21:40:10 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpg --sign-key -u Karl -u Joe Donald
|
1998-01-02 21:40:10 +01:00
|
|
|
|
1998-01-24 17:32:27 +01:00
|
|
|
This let you sign the key of of "Donald" with the userids of "Karl"
|
|
|
|
and "Joe".
|
1998-04-14 19:51:16 +02:00
|
|
|
All existing signatures are checked; if some are invalid, a menu is
|
|
|
|
offered to delete some of them, and then you are asked for every user
|
|
|
|
whether you want to sign this key.
|
1998-01-02 21:40:10 +01:00
|
|
|
|
1998-01-24 17:32:27 +01:00
|
|
|
You may remove a signature at any time using the option "--edit-sig",
|
1998-04-30 16:06:01 +02:00
|
|
|
which asks for the sigs to remove. Self-signatures are not removable.
|
1998-02-17 21:48:52 +01:00
|
|
|
|
|
|
|
|
1998-01-02 21:40:10 +01:00
|
|
|
|
|
|
|
|
|
|
|
Sign
|
|
|
|
----
|
1997-12-20 18:23:29 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpg -s file
|
1997-12-20 18:23:29 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
This creates a file file.gpg which is compressed and has a signature
|
1997-12-20 18:23:29 +01:00
|
|
|
attached.
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpg -sa file
|
1997-12-20 18:23:29 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
Same as above, but file.gpg is ascii armored.
|
1997-12-20 18:23:29 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpg -s -o out file
|
1997-12-20 18:23:29 +01:00
|
|
|
|
|
|
|
Creates a signature of file, but writes the output to the file "out".
|
|
|
|
|
1998-01-02 21:40:10 +01:00
|
|
|
|
|
|
|
Encrypt
|
|
|
|
-------
|
1997-12-20 18:23:29 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpg -e -r heine file
|
1997-12-20 18:23:29 +01:00
|
|
|
|
|
|
|
This encrypts files with the public key of "heine" and writes it
|
1998-02-24 19:50:46 +01:00
|
|
|
to "file.gpg"
|
1997-12-20 18:23:29 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
echo "hallo" | gpg -ea -r heine | mail heine
|
1997-12-20 18:23:29 +01:00
|
|
|
|
|
|
|
Ditto, but encrypts "hallo\n" and mails it as ascii armored message.
|
|
|
|
|
|
|
|
|
1998-01-02 21:40:10 +01:00
|
|
|
Sign and Encrypt
|
|
|
|
----------------
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpg -se -r heine file
|
1998-01-02 21:40:10 +01:00
|
|
|
|
|
|
|
This encrypts files with the public key of "heine" and writes it
|
1998-02-24 19:50:46 +01:00
|
|
|
to "file.gpg" after signing it with the default user id.
|
1998-01-02 21:40:10 +01:00
|
|
|
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpg -se -r heine -u Suttner file
|
1998-01-02 21:40:10 +01:00
|
|
|
|
|
|
|
Ditto, but sign the file with the user id "Suttner"
|
|
|
|
|
|
|
|
|
1998-02-17 21:48:52 +01:00
|
|
|
Keyring Management
|
|
|
|
------------------
|
|
|
|
To export your complete keyring(s) do this:
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpg --export
|
1998-02-17 21:48:52 +01:00
|
|
|
|
|
|
|
To export only some user ids do this:
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpg --export userids
|
1998-02-17 21:48:52 +01:00
|
|
|
|
|
|
|
Use "-a" or "--armor" to create ASCII armored output.
|
|
|
|
|
|
|
|
Importing keys is done with the option, you guessed it, "--import":
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpg --import [filenames]
|
1998-02-17 21:48:52 +01:00
|
|
|
|
|
|
|
New keys are appended to the default keyring and already existing
|
|
|
|
keys are merged. Keys without a self-signature are ignored.
|
|
|
|
|
|
|
|
|
1998-01-26 23:09:01 +01:00
|
|
|
How to Specify a UserID
|
|
|
|
-----------------------
|
|
|
|
There are several ways to specify a userID, here are some examples:
|
|
|
|
|
1998-02-26 17:56:31 +01:00
|
|
|
* Only by the short keyid (prepend a zero if it begins with A..F):
|
1998-01-26 23:09:01 +01:00
|
|
|
|
|
|
|
"234567C4"
|
|
|
|
"0F34E556E"
|
|
|
|
"01347A56A"
|
1998-03-09 22:44:06 +01:00
|
|
|
"0xAB123456
|
1998-01-26 23:09:01 +01:00
|
|
|
|
|
|
|
* By a complete keyid:
|
|
|
|
|
|
|
|
"234AABBCC34567C4"
|
|
|
|
"0F323456784E56EAB"
|
|
|
|
"01AB3FED1347A5612"
|
1998-03-09 22:44:06 +01:00
|
|
|
"0x234AABBCC34567C4"
|
1998-01-26 23:09:01 +01:00
|
|
|
|
1998-04-09 13:19:09 +02:00
|
|
|
* By a fingerprint:
|
1998-01-26 23:09:01 +01:00
|
|
|
|
|
|
|
"1234343434343434C434343434343434"
|
|
|
|
"123434343434343C3434343434343734349A3434"
|
|
|
|
"0E12343434343434343434EAB3484343434343434"
|
|
|
|
|
|
|
|
The first one is MD5 the others are ripemd160 or sha1.
|
|
|
|
|
|
|
|
* By an exact string (not yet implemented):
|
|
|
|
|
|
|
|
"=Heinrich Heine <heinrichh@uni-duesseldorf.de>"
|
|
|
|
|
|
|
|
* By an email address:
|
|
|
|
|
|
|
|
"<heinrichh@uni-duesseldorf.de>"
|
|
|
|
|
|
|
|
This can be used by a keyserver instead of a substring to
|
|
|
|
find this key faster.
|
|
|
|
|
|
|
|
* By the Local ID (from the trustdb):
|
|
|
|
|
|
|
|
"#34"
|
|
|
|
|
|
|
|
This can be used by a MUA to specify an exact key after selecting
|
1998-02-24 19:50:46 +01:00
|
|
|
a key from GNUPG (by the use of a special option or an extra utility)
|
1998-01-26 23:09:01 +01:00
|
|
|
|
|
|
|
|
|
|
|
* Or by the usual substring:
|
|
|
|
|
|
|
|
"Heine"
|
|
|
|
"*Heine"
|
|
|
|
|
|
|
|
The '*' indicates substring search explicitly.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1998-01-02 21:40:10 +01:00
|
|
|
Batch mode
|
|
|
|
----------
|
1998-02-24 19:50:46 +01:00
|
|
|
If you use the option "--batch", GNUPG runs in non-interactive mode and
|
1998-04-14 19:51:16 +02:00
|
|
|
never prompts for input data. This does not even allow entering the
|
1998-01-02 21:40:10 +01:00
|
|
|
passphrase; until we have a better solution (something like ssh-agent),
|
|
|
|
you can use the option "--passhrase-fd n", which works like PGPs
|
|
|
|
PGPPASSFD.
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
Batch mode also causes GNUPG to terminate as soon as a BAD signature is
|
1998-01-02 21:40:10 +01:00
|
|
|
detected.
|
|
|
|
|
|
|
|
|
|
|
|
Exit status
|
|
|
|
-----------
|
1998-02-24 19:50:46 +01:00
|
|
|
GNUPG returns with an exit status of 1 if in batch mode and a bad signature
|
1998-01-02 21:40:10 +01:00
|
|
|
has been detected or 2 or higher for all other errors. You should parse
|
1998-04-09 13:19:09 +02:00
|
|
|
stderr or the output of the fd specified with --status-fd to get detailed
|
1998-04-14 19:51:16 +02:00
|
|
|
information about the errors.
|
1998-01-02 21:40:10 +01:00
|
|
|
|
|
|
|
|
1998-01-24 17:32:27 +01:00
|
|
|
Esoteric commands
|
|
|
|
-----------------
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpg --list-packets datafile
|
1998-01-24 17:32:27 +01:00
|
|
|
|
|
|
|
Use this to list the contents of a data file. If the file is encrypted
|
1998-02-24 19:50:46 +01:00
|
|
|
you are asked for the passphrase, so that GNUPG is able to look at the
|
1998-01-24 17:32:27 +01:00
|
|
|
inner structure of a encrypted packet.
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpgm --list-trustdb
|
1998-01-24 17:32:27 +01:00
|
|
|
|
|
|
|
List the contents of the trustdb in a human readable format
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpgm --list-trustdb <usernames>
|
1998-01-24 17:32:27 +01:00
|
|
|
|
|
|
|
List the tree of certificates for the given usernames
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpgm --list-trust-path depth username
|
1998-01-24 17:32:27 +01:00
|
|
|
|
|
|
|
List the possible trust paths for the given username, up to the specified
|
|
|
|
depth. If depth is negative, duplicate introducers are not listed,
|
1998-04-14 19:51:16 +02:00
|
|
|
because those would increase the trust probability only minimally.
|
1998-01-24 17:32:27 +01:00
|
|
|
(you must use the special option "--" to stop option parsing when
|
1998-01-25 19:56:33 +01:00
|
|
|
using a negative number). This option may create new entries in the
|
|
|
|
trustdb.
|
1998-01-24 17:32:27 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpgm --print-mds filenames
|
1998-01-24 17:32:27 +01:00
|
|
|
|
|
|
|
List all available message digest values for the fiven filenames
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpgm --gen-prime n
|
1998-01-24 17:32:27 +01:00
|
|
|
|
|
|
|
Generate and print a simple prime number of size n
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpgm --gen-prime n q
|
1998-01-24 17:32:27 +01:00
|
|
|
|
|
|
|
Generate a prime number suitable for ElGamal signatures of size n with
|
1998-04-14 19:51:16 +02:00
|
|
|
a q as largest prime factor of n-1.
|
1998-01-24 17:32:27 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
gpgm --gen-prime n q 1
|
1998-01-24 17:32:27 +01:00
|
|
|
|
|
|
|
Ditto, but calculate a generator too.
|
|
|
|
|
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
For more options/commands see the file g10/OPTIONS, or use "gpg --help"
|
1998-01-24 17:32:27 +01:00
|
|
|
|
1998-01-02 21:40:10 +01:00
|
|
|
|
1997-12-20 18:23:29 +01:00
|
|
|
Debug Flags
|
|
|
|
-----------
|
1998-04-14 19:51:16 +02:00
|
|
|
Use the option "--debug n" to output debug information. This option
|
1997-12-20 18:23:29 +01:00
|
|
|
can be used multiple times, all values are ORed; n maybe prefixed with
|
|
|
|
0x to use hex-values.
|
|
|
|
|
|
|
|
value used for
|
|
|
|
----- ----------------------------------------------
|
|
|
|
1 packet reading/writing
|
|
|
|
2 MPI details
|
|
|
|
4 ciphers and primes (may reveal sensitive data)
|
|
|
|
8 iobuf filter functions
|
|
|
|
16 iobuf stuff
|
|
|
|
32 memory allocation stuff
|
|
|
|
64 caching
|
|
|
|
128 show memory statistics at exit
|
1998-01-24 17:32:27 +01:00
|
|
|
256 trust verification stuff
|
1997-12-20 18:23:29 +01:00
|
|
|
|
|
|
|
|
|
|
|
Other Notes
|
|
|
|
-----------
|
|
|
|
This is work in progress, so you may find duplicated code fragments,
|
1998-04-14 19:51:16 +02:00
|
|
|
ugly data structures, weird usage of filenames and other things.
|
1997-12-20 18:23:29 +01:00
|
|
|
I will run "indent" over the source when making a real distribution,
|
|
|
|
but for now I stick to my own formatting rules.
|
|
|
|
|
|
|
|
The primary FTP site is "ftp://ftp.guug.de/pub/gcrypt/"
|
1998-02-24 19:50:46 +01:00
|
|
|
The primary WWW page is "http://www.d.shuttle.de/isil/crypt/gnupg.html"
|
1998-02-13 21:58:50 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
If you like, send your keys to <gnupg-keys@isil.d.shuttle.de>; use
|
1998-04-30 16:06:01 +02:00
|
|
|
"gpg --export --armor | mail gnupg-keys@isil.d.shuttle.de" to do this.
|
1997-12-16 20:15:09 +01:00
|
|
|
|
1998-02-24 19:50:46 +01:00
|
|
|
Please direct bug reports to <gnupg-bugs@isil.d.shuttle.de> or better
|
1997-12-20 18:23:29 +01:00
|
|
|
post them to the mailing list <g10@net.lut.ac.uk>.
|
1997-12-16 20:15:09 +01:00
|
|
|
|
|
|
|
|