security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/README

211 lines
8.3 KiB
Plaintext
Raw Normal View History

post release updates
2006-11-06 11:26:55 +01:00
The GNU Privacy Guard 2
=========================
Start a new development branch. Translations are for now disabled.
2009-09-21 20:26:52 +02:00
Version 2.1
Update head to match stable 1.0
2002-06-29 16:15:02 +02:00
Start a new development branch. Translations are for now disabled.
2009-09-21 20:26:52 +02:00
THIS IS A DEVELOPMENT VERSION AND NOT INTENDED FOR REGULAR USE.
Update README file. -- The copyright list in AUTHORS as been compiled from a distribution tarball.
2014-06-05 16:20:44 +02:00
Copyright 1997-1998, 2013-2014 Werner Koch
Copyright 1998-2013 Free Software Foundation, Inc.
Update scripts etc.
2010-10-26 14:25:47 +02:00
.
2006-11-11 15:17:09 +01:00
INTRODUCTION
============
Update README file. -- The copyright list in AUTHORS as been compiled from a distribution tarball.
2014-06-05 16:20:44 +02:00
GnuPG is a tool for secure communication and data storage. It can be
used to encrypt data and to create digital signatures. It includes an
advanced key management facility and is compliant with the proposed
Reworked the posix and w32 exechelpers.
2010-08-20 14:18:38 +02:00
OpenPGP Internet standard as described in RFC4880 and the S/MIME
.
2006-11-11 15:17:09 +01:00
standard as described by several RFCs.
GnuPG is distributed under the terms of the GNU General Public
License. See the file COPYING for details. GnuPG works best on
GNU/Linux or *BSD systems. Most other Unices are also supported but
are not as well tested as the Free Unices.
Update README file. -- The copyright list in AUTHORS as been compiled from a distribution tarball.
2014-06-05 16:20:44 +02:00
GnuPG-2 is the stable version of GnuPG integrating support for OpenPGP
and S/MIME. It does not conflict with an installed 1.4 OpenPGP-only
version.
* trustlist.c (read_list): Allow colons in the fingerprint. (headerblurb): Rephrased. * gpg-agent.c (handle_connections): Increase the stack size ot 256k. * de.po: Updated. * scdaemon.c (main): Bumbed thread stack size up to 512k. * keylist.c (list_cert_raw): Print the keygrip.
2004-07-22 11:37:36 +02:00
* README: Updated.
2004-01-29 21:16:59 +01:00
BUILD INSTRUCTIONS
==================
Require libgcrypt 1.5 Without Libgcrypt 1.5 is was not possible to use ECC keys. ECC is major new feature and thus it does not make sense to allow building with an older Libgcrypt without supporting ECC. Also fixed a few missing prototypes.
2011-03-08 12:23:59 +01:00
GnuPG 2.1 depends on the following packages:
* README: Updated.
2004-01-29 21:16:59 +01:00
Implement unattended OpenPGP secret key import. * agent/command.c (cmd_import_key): Add option --unattended. * agent/cvt-openpgp.c (convert_transfer_key): New. (do_unprotect): Factor some code out to ... (prepare_unprotect): new function. (convert_from_openpgp): Factor all code out to ... (convert_from_openpgp_main): this. Add arg 'passphrase'. Implement openpgp-native protection modes. (convert_from_openpgp_native): New. * agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion * agent/protect-tool.c (convert_from_openpgp_native): Ditto. * agent/protect.c (agent_unprotect): Add arg CTRL. Adjust all callers. Support openpgp-native protection. * g10/call-agent.c (agent_import_key): Add arg 'unattended'. * g10/import.c (transfer_secret_keys): Use unattended in batch mode. -- With the gpg-agent taking care of the secret keys, the user needs to migrate existing keys from secring.gpg to the agent. This and also the standard import of secret keys required the user to unprotect the secret keys first, so that gpg-agent was able to re-protected them using its own scheme. With many secret keys this is quite some usability hurdle. In particular if a passphrase is not instantly available. To make this migration smoother, this patch implements an unattended key import/migration which delays the conversion to the gpg-agent format until the key is actually used. For example: gpg2 --batch --import mysecretkey.gpg works without any user interaction due to the use of --batch. Now if a key is used (e.g. "gpg2 -su USERID_FROM_MYSECRETKEY foo"), gpg-agent has to ask for the passphrase anyway, converts the key from the openpgp format to the internal format, signs, re-encrypts the key and tries to store it in the gpg-agent format to the disk. The next time, the internal format of the key is used. This patch has only been tested with the old demo keys, more tests with other protection formats and no protection are needed. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-22 10:50:12 +02:00
npth (ftp://ftp.gnupg.org/gcrypt/npth/)
Preparing a new release. Updated gettext
2004-09-30 16:34:34 +02:00
libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/)
libgcrypt (ftp://ftp.gnupg.org/gcrypt/libgcrypt/)
doc fixes
2006-09-08 19:02:06 +02:00
libksba (ftp://ftp.gnupg.org/gcrypt/libksba/)
post release updates
2006-11-06 11:26:55 +01:00
libassuan (ftp://ftp.gnupg.org/gcrypt/libassuan/)
Update copyright year Nuked some trailing spaces.
2011-02-03 16:50:01 +01:00
* README: Updated.
2004-01-29 21:16:59 +01:00
You should get the latest versions of course, the GnuPG configure
script complains if a version is not sufficient.
Update README file. -- The copyright list in AUTHORS as been compiled from a distribution tarball.
2014-06-05 16:20:44 +02:00
For some advanced features several other libraries are required. The
configure script prints diagnostic messages if one of these libraries
is not available and a feature will not be available..
Implement unattended OpenPGP secret key import. * agent/command.c (cmd_import_key): Add option --unattended. * agent/cvt-openpgp.c (convert_transfer_key): New. (do_unprotect): Factor some code out to ... (prepare_unprotect): new function. (convert_from_openpgp): Factor all code out to ... (convert_from_openpgp_main): this. Add arg 'passphrase'. Implement openpgp-native protection modes. (convert_from_openpgp_native): New. * agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion * agent/protect-tool.c (convert_from_openpgp_native): Ditto. * agent/protect.c (agent_unprotect): Add arg CTRL. Adjust all callers. Support openpgp-native protection. * g10/call-agent.c (agent_import_key): Add arg 'unattended'. * g10/import.c (transfer_secret_keys): Use unattended in batch mode. -- With the gpg-agent taking care of the secret keys, the user needs to migrate existing keys from secring.gpg to the agent. This and also the standard import of secret keys required the user to unprotect the secret keys first, so that gpg-agent was able to re-protected them using its own scheme. With many secret keys this is quite some usability hurdle. In particular if a passphrase is not instantly available. To make this migration smoother, this patch implements an unattended key import/migration which delays the conversion to the gpg-agent format until the key is actually used. For example: gpg2 --batch --import mysecretkey.gpg works without any user interaction due to the use of --batch. Now if a key is used (e.g. "gpg2 -su USERID_FROM_MYSECRETKEY foo"), gpg-agent has to ask for the passphrase anyway, converts the key from the openpgp format to the internal format, signs, re-encrypts the key and tries to store it in the gpg-agent format to the disk. The next time, the internal format of the key is used. This patch has only been tested with the old demo keys, more tests with other protection formats and no protection are needed. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-22 10:50:12 +02:00
You also need the Pinentry package for most functions of GnuPG;
however it is not a build requirement. Pinentry is available at
ftp://ftp.gnupg.org/gcrypt/pinentry/ .
* README: Updated.
2004-01-29 21:16:59 +01:00
After building and installing the above packages in the order as given
Implement unattended OpenPGP secret key import. * agent/command.c (cmd_import_key): Add option --unattended. * agent/cvt-openpgp.c (convert_transfer_key): New. (do_unprotect): Factor some code out to ... (prepare_unprotect): new function. (convert_from_openpgp): Factor all code out to ... (convert_from_openpgp_main): this. Add arg 'passphrase'. Implement openpgp-native protection modes. (convert_from_openpgp_native): New. * agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion * agent/protect-tool.c (convert_from_openpgp_native): Ditto. * agent/protect.c (agent_unprotect): Add arg CTRL. Adjust all callers. Support openpgp-native protection. * g10/call-agent.c (agent_import_key): Add arg 'unattended'. * g10/import.c (transfer_secret_keys): Use unattended in batch mode. -- With the gpg-agent taking care of the secret keys, the user needs to migrate existing keys from secring.gpg to the agent. This and also the standard import of secret keys required the user to unprotect the secret keys first, so that gpg-agent was able to re-protected them using its own scheme. With many secret keys this is quite some usability hurdle. In particular if a passphrase is not instantly available. To make this migration smoother, this patch implements an unattended key import/migration which delays the conversion to the gpg-agent format until the key is actually used. For example: gpg2 --batch --import mysecretkey.gpg works without any user interaction due to the use of --batch. Now if a key is used (e.g. "gpg2 -su USERID_FROM_MYSECRETKEY foo"), gpg-agent has to ask for the passphrase anyway, converts the key from the openpgp format to the internal format, signs, re-encrypts the key and tries to store it in the gpg-agent format to the disk. The next time, the internal format of the key is used. This patch has only been tested with the old demo keys, more tests with other protection formats and no protection are needed. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-22 10:50:12 +02:00
above, you may continue with GnuPG installation (you may also just try
to build GnuPG to see whether your already installed versions are
* README: Updated.
2004-01-29 21:16:59 +01:00
sufficient).
As with all packages, you just have to do
* README-alpha: Removed. * configure.ac, Makefile.am: Add the tests and tools directories.
2003-12-23 12:05:19 +01:00
* README: Updated.
2004-01-29 21:16:59 +01:00
./configure
make
make install
Update head to match stable 1.0
2002-06-29 16:15:02 +02:00
* README: Updated.
2004-01-29 21:16:59 +01:00
(Before doing install you might need to become root.)
Update head to match stable 1.0
2002-06-29 16:15:02 +02:00
* README: Updated.
2004-01-29 21:16:59 +01:00
If everything succeeds, you have a working GnuPG with support for
Update README file. -- The copyright list in AUTHORS as been compiled from a distribution tarball.
2014-06-05 16:20:44 +02:00
OpenPGP, S/MIME, ssh-agent, and smartcards. Note that there is no
binary gpg but a gpg2 so that this package won't conflict with a GnuPG
1.4 installation. gpg2 behaves just like gpg.
* README: Updated.
2004-01-29 21:16:59 +01:00
Update README file. -- The copyright list in AUTHORS as been compiled from a distribution tarball.
2014-06-05 16:20:44 +02:00
In case of problem please ask on the gnupg-users@gnupg.org mailing
list for advise.
* README: Updated.
2004-01-29 21:16:59 +01:00
speedo: Support building from dist-source generated tarball.
2014-06-16 23:25:44 +02:00
Instruction on how to build for Windows can be found in the file
doc/HACKING in the section "How to build an installer for Windows".
This requires some experience as developer.
Fixed release creation.
2008-02-19 13:58:34 +01:00
Note that the PKITS tests are always skipped unless you copy the PKITS
Update scripts etc.
2010-10-26 14:25:47 +02:00
test data file into the tests/pkits directory. There is no need to
run these test and some of them may even fail because the test scripts
are not yet complete.
You may run
Update copyright year Nuked some trailing spaces.
2011-02-03 16:50:01 +01:00
gpgconf --list-dirs
Update scripts etc.
2010-10-26 14:25:47 +02:00
to view the default directories used by GnuPG.
Release 2.1.0-beta834.
2014-09-18 16:00:34 +02:00
To quickly build all required software without installing it, the
Speedo method may be used:
make -f build-aux/speedo.mk native
This method downloads all required libraries and does a native build
of GnuPG to PLAY/inst/. GNU make is required and you need to set
LD_LIBRARY_PATH to $(pwd)/PLAY/inst/lib.
Update scripts etc.
2010-10-26 14:25:47 +02:00
Require libgcrypt 1.5 Without Libgcrypt 1.5 is was not possible to use ECC keys. ECC is major new feature and thus it does not make sense to allow building with an older Libgcrypt without supporting ECC. Also fixed a few missing prototypes.
2011-03-08 12:23:59 +01:00
MIGRATION FROM 1.4 or 2.0 to 2.1
================================
Update scripts etc.
2010-10-26 14:25:47 +02:00
Implement unattended OpenPGP secret key import. * agent/command.c (cmd_import_key): Add option --unattended. * agent/cvt-openpgp.c (convert_transfer_key): New. (do_unprotect): Factor some code out to ... (prepare_unprotect): new function. (convert_from_openpgp): Factor all code out to ... (convert_from_openpgp_main): this. Add arg 'passphrase'. Implement openpgp-native protection modes. (convert_from_openpgp_native): New. * agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion * agent/protect-tool.c (convert_from_openpgp_native): Ditto. * agent/protect.c (agent_unprotect): Add arg CTRL. Adjust all callers. Support openpgp-native protection. * g10/call-agent.c (agent_import_key): Add arg 'unattended'. * g10/import.c (transfer_secret_keys): Use unattended in batch mode. -- With the gpg-agent taking care of the secret keys, the user needs to migrate existing keys from secring.gpg to the agent. This and also the standard import of secret keys required the user to unprotect the secret keys first, so that gpg-agent was able to re-protected them using its own scheme. With many secret keys this is quite some usability hurdle. In particular if a passphrase is not instantly available. To make this migration smoother, this patch implements an unattended key import/migration which delays the conversion to the gpg-agent format until the key is actually used. For example: gpg2 --batch --import mysecretkey.gpg works without any user interaction due to the use of --batch. Now if a key is used (e.g. "gpg2 -su USERID_FROM_MYSECRETKEY foo"), gpg-agent has to ask for the passphrase anyway, converts the key from the openpgp format to the internal format, signs, re-encrypts the key and tries to store it in the gpg-agent format to the disk. The next time, the internal format of the key is used. This patch has only been tested with the old demo keys, more tests with other protection formats and no protection are needed. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-22 10:50:12 +02:00
The major change in 2.1 is gpg-agent taking care of the OpenPGP secret
keys (those managed by GPG). The former file "secring.gpg" will not
be used anymore. Newly generated keys are stored in the agent's key
gpg: Auto-migrate existing secring.gpg. * g10/migrate.c: New. * g10/import.c (import_old_secring): New. (import_one): Add arg silent. (transfer_secret_keys): Add arg batch. (import_secret_one): Add args batch and for_migration. * g10/gpg.c (main): Call migration function.
2014-06-05 11:19:59 +02:00
store directory "~/.gnupg/private-keys-v1.d/". The first time gpg
needs a secret key it checks whether a "secring.gpg" exists and
copies them to the new store. The old secring.gpg is kept for use by
older versions of gpg.
Update scripts etc.
2010-10-26 14:25:47 +02:00
Note that gpg-agent now uses a fixed socket by default. All tools
will start the gpg-agent as needed. In general there is no more need
to set the GPG_AGENT_INFO environment variable. The SSH_AUTH_SOCK
environment variable should be set to a fixed value.
Require libgcrypt 1.5 Without Libgcrypt 1.5 is was not possible to use ECC keys. ECC is major new feature and thus it does not make sense to allow building with an older Libgcrypt without supporting ECC. Also fixed a few missing prototypes.
2011-03-08 12:23:59 +01:00
GPG's smartcard commands --card-edit and --card-status as well as some
of the card related sub-commands of --edit-key are not yet fully
supported. However, signing and decryption with a smartcard does
work.
Update scripts etc.
2010-10-26 14:25:47 +02:00
gpg: Auto-migrate existing secring.gpg. * g10/migrate.c: New. * g10/import.c (import_old_secring): New. (import_one): Add arg silent. (transfer_secret_keys): Add arg batch. (import_secret_one): Add args batch and for_migration. * g10/gpg.c (main): Call migration function.
2014-06-05 11:19:59 +02:00
The Dirmngr is now part of GnuPG proper and also used to access
OpenPGP keyservers. The directroy layout of Dirmngr changed to make
use of the GnuPG directories. Dirmngr is started by gpg or gpgsm as
needed needed. There is no more need to install a separate dirmngr
package.
Update scripts etc.
2010-10-26 14:25:47 +02:00
* README: Updated.
2004-01-29 21:16:59 +01:00
doc fixes
2006-09-08 19:02:06 +02:00
DOCUMENTATION
.
2006-11-11 15:17:09 +01:00
=============
* README: Updated.
2004-01-29 21:16:59 +01:00
doc fixes
2006-09-08 19:02:06 +02:00
The complete documentation is in the texinfo manual named
`gnupg.info'. Run "info gnupg" to read it. If you want a a printable
Preparing 2.0.4
2007-05-09 13:01:33 +02:00
copy of the manual, change to the "doc" directory and enter "make pdf"
For a HTML version enter "make html" and point your browser to
gnupg.html/index.html. Standard man pages for all components are
provided as well. An online version of the manual is available at
http://www.gnupg.org/documentation/manuals/gnupg/ . A version of the
manual pertaining to the current development snapshot is at
http://www.gnupg.org/documentation/manuals/gnupg-devel/ .
.
2006-11-11 15:17:09 +01:00
GNUPG 1.4 AND GNUPG 2.0
=======================
GnuPG 2.0 is a newer version of GnuPG with additional support for
S/MIME. It has a different design philosophy that splits
functionality up into several modules. Both versions may be installed
simultaneously without any conflict (gpg is called gpg2 in GnuPG 2).
In fact, the gpg version from GnuPG 1.4 is able to make use of the
gpg-agent as included in GnuPG 2 and allows for seamless passphrase
Preparing 2.0.4
2007-05-09 13:01:33 +02:00
caching. The advantage of GnuPG 1.4 is its smaller size and no
.
2006-11-11 15:17:09 +01:00
dependency on other modules at run and build time.
HOW TO GET MORE INFORMATION
===========================
Update README file. -- The copyright list in AUTHORS as been compiled from a distribution tarball.
2014-06-05 16:20:44 +02:00
The primary WWW page is "https://www.gnupg.org"
or using TOR "http://ic6au7wa3f6naxjq.onion"
.
2006-11-11 15:17:09 +01:00
The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"
Update README file. -- The copyright list in AUTHORS as been compiled from a distribution tarball.
2014-06-05 16:20:44 +02:00
See https://www.gnupg.org/download/mirrors.html for a list of mirrors
.
2006-11-11 15:17:09 +01:00
and use them if possible. You may also find GnuPG mirrored on some of
the regular GNU mirrors.
We have some mailing lists dedicated to GnuPG:
Update copyright year Nuked some trailing spaces.
2011-02-03 16:50:01 +01:00
.
2006-11-11 15:17:09 +01:00
gnupg-announce@gnupg.org For important announcements like new
versions and such stuff. This is a
moderated list and has very low traffic.
Do not post to this list.
gnupg-users@gnupg.org For general user discussion and
help (English).
gnupg-de@gnupg.org German speaking counterpart of
gnupg-users.
gnupg-ru@gnupg.org Russian speaking counterpart of
gnupg-users.
gnupg-devel@gnupg.org GnuPG developers main forum.
You subscribe to one of the list by sending mail with a subject of
"subscribe" to x-request@gnupg.org, where x is the name of the mailing
list (gnupg-announce, gnupg-users, etc.). An archive of the mailing
lists are available at http://www.gnupg.org/documentation/mailing-lists.html
Please direct bug reports to http://bugs.gnupg.org or post them direct
to the mailing list <gnupg-devel@gnupg.org>.
Please direct questions about GnuPG to the users mailing list or one
of the pgp newsgroups; please do not direct questions to one of the
authors directly as we are busy working on improvements and bug fixes.
The English and German mailing lists are watched by the authors and we
try to answer questions when time allows us to do so.
Implement unattended OpenPGP secret key import. * agent/command.c (cmd_import_key): Add option --unattended. * agent/cvt-openpgp.c (convert_transfer_key): New. (do_unprotect): Factor some code out to ... (prepare_unprotect): new function. (convert_from_openpgp): Factor all code out to ... (convert_from_openpgp_main): this. Add arg 'passphrase'. Implement openpgp-native protection modes. (convert_from_openpgp_native): New. * agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion * agent/protect-tool.c (convert_from_openpgp_native): Ditto. * agent/protect.c (agent_unprotect): Add arg CTRL. Adjust all callers. Support openpgp-native protection. * g10/call-agent.c (agent_import_key): Add arg 'unattended'. * g10/import.c (transfer_secret_keys): Use unattended in batch mode. -- With the gpg-agent taking care of the secret keys, the user needs to migrate existing keys from secring.gpg to the agent. This and also the standard import of secret keys required the user to unprotect the secret keys first, so that gpg-agent was able to re-protected them using its own scheme. With many secret keys this is quite some usability hurdle. In particular if a passphrase is not instantly available. To make this migration smoother, this patch implements an unattended key import/migration which delays the conversion to the gpg-agent format until the key is actually used. For example: gpg2 --batch --import mysecretkey.gpg works without any user interaction due to the use of --batch. Now if a key is used (e.g. "gpg2 -su USERID_FROM_MYSECRETKEY foo"), gpg-agent has to ask for the passphrase anyway, converts the key from the openpgp format to the internal format, signs, re-encrypts the key and tries to store it in the gpg-agent format to the disk. The next time, the internal format of the key is used. This patch has only been tested with the old demo keys, more tests with other protection formats and no protection are needed. Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-22 10:50:12 +02:00
Commercial grade support for GnuPG is available; for a listing of
Update README file. -- The copyright list in AUTHORS as been compiled from a distribution tarball.
2014-06-05 16:20:44 +02:00
offers see https://www.gnupg.org/service.html . Maintaining and
improving GnuPG is costly. Since 2001, g10 Code GmbH, a German
company owned and headed by GnuPG's principal author Werner Koch, is
bearing the majority of these costs. To help them carry on this work,
they need your support. See https://gnupg.org/donate/ .
.
2006-11-11 15:17:09 +01:00
This file is Free Software; as a special exception the authors gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved. For conditions
of the whole package, please see the file COPYING. This file is
distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY, to the extent permitted by law; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.