security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

* configure.ac: Remove some stuff no longer needed with newer autoconf. 

Use AC_GNU_SOURCE instead of defining _GNU_SOURCE manually.  Add check for
strchr() for gettext.  Add "ngettext" check for gettext, since that check
supposedly implies a check for bind_textdomain_codeset.  Add check for
times() for random.c.  Fix URL for EGD.  Make --enable-old-tiger match the
stable branch as a separate item.

* NEWS: "OpenPGP" trust model is now "PGP".  Add note about TIGER being
dropped from OpenPGP.  Note trust bug fix.

* README: Fix all URLs to point to the right place in the reorganized
gnupg.org web pages.  Some minor language fixes.
This commit is contained in:
David Shaw 2003-05-11 22:00:31 +00:00
parent 4b256be065
commit 59c5b524d6
4 changed files with 124 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ChangeLog
View File

@ -1,3 +1,19 @@
2003-05-11 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Remove some stuff no longer needed with newer
autoconf. Use AC_GNU_SOURCE instead of defining _GNU_SOURCE
manually. Add check for strchr() for gettext. Add "ngettext"
check for gettext, since that check supposedly implies a check for
bind_textdomain_codeset. Add check for times() for random.c. Fix
URL for EGD. Make --enable-old-tiger match the stable branch as a
separate item.
* NEWS: "OpenPGP" trust model is now "PGP". Add note about TIGER
being dropped from OpenPGP. Note trust bug fix.
* README: Fix all URLs to point to the right place in the
reorganized gnupg.org web pages. Some minor language fixes.
2003-04-27 David Shaw <dshaw@jabberwocky.com>
* BUGS: Fix bug reporting URL.

14
NEWS
View File

@ -1,12 +1,17 @@
Noteworthy changes in version 1.3.2 (unreleased)
------------------------------------------------
* A bug in key validation has been fixed. This bug only affects
keys with more than one user ID (photo IDs do not count here),
and results in all user IDs on a given key being treated with
the validity of the most-valid user ID on that key.
* Notation names that do not contain a '@' are no longer allowed
unless --expert is set. This is to help prevent pollution of
the (as yet unused) IETF notation namespace.
* Multiple trust models are now supported via the --trust-model
option. The options are "openpgp" (web-of-trust plus trust
option. The options are "pgp" (web-of-trust plus trust
signatures), "classic" (web-of-trust only), and "always"
(identical to the --always-trust option).
@ -79,6 +84,13 @@ Noteworthy changes in version 1.3.2 (unreleased)
* The keyserver no-modify flag on a key can now be displayed and
modified.
* Note that the TIGER/192 digest algorithm is in the process of
being dropped from the OpenPGP standard. While this release of
GnuPG still contains it, it is disabled by default. To ensure
you will still be able to use your messages with future versions
of GnuPG and other OpenPGP programs, please do not use this
algorithm.
Noteworthy changes in version 1.3.1 (2002-11-12)
------------------------------------------------

116
README
View File

@ -25,21 +25,25 @@
GnuPG works best on GNU/Linux or *BSD systems. Most other Unices
are also supported but are not as well tested as the Free Unices.
See http://www.gnupg.org/gnupg.html#supsys for a list of systems
which are known to work.
See http://www.gnupg.org/download/supported_systems.html for a
list of systems which are known to work.
See the file COPYING for copyright and warranty information.
Because GnuPG does not use use any patented algorithm it cannot be
compatible with PGP2 versions. PGP 2.x uses IDEA (which is patented
worldwide).
Because GnuPG does not use use any patented algorithms it is not
by default fully compatible with PGP 2.x, which uses the patented
IDEA algorithm. See http://www.gnupg.org/why-not-idea.html for
more information on this subject, including what to do if you are
legally entitled to use IDEA.
The default algorithms are DSA and ElGamal, but RSA is also
supported. ElGamal for signing is available, but because of the
larger size of such signatures it is deprecated (Please note that
the GnuPG implementation of ElGamal signatures is *not* insecure).
Symmetric algorithms are: AES, 3DES, Blowfish, CAST5 and Twofish.
Digest algorithms available are MD5, RIPEMD160 and SHA1.
larger size of such signatures it is strongly deprecated (Please
note that the GnuPG implementation of ElGamal signatures is *not*
insecure). Symmetric algorithms are: AES, 3DES, Blowfish, CAST5
and Twofish. Digest algorithms available are MD5, RIPEMD/160,
SHA-1, SHA-256, SHA-384, and SHA-512. Compression algorithms
available are ZIP and ZLIB.
Installation
@ -50,12 +54,12 @@
1) Check that you have unmodified sources. See below on how to do
this. Don't skip it - this is an important step!
2) Unpack the TAR. With GNU tar you can do it this way:
"tar xzvf gnupg-x.y.z.tar.gz"
2) Unpack the tarball. With GNU tar you can do it this way:
"tar xzvf gnupg-x.y.z.tar.gz"
3) "cd gnupg-x.y.z"
4) "./configure"
4) "./configure"
5) "make"
@ -63,9 +67,9 @@
7) You end up with a "gpg" binary in /usr/local/bin.
8) To avoid swapping out of sensitive data, you can install "gpg" as
suid root. If you don't do so, you may want to add the option
"no-secmem-warning" to ~/.gnupg/gpg.conf
8) To avoid swapping out of sensitive data, you can install "gpg"
setuid root. If you don't do so, you may want to add the
option "no-secmem-warning" to ~/.gnupg/gpg.conf
How to Verify the Source
@ -113,23 +117,23 @@
published via the announcement list and probably via Usenet.
Documentation
-------------
The manual will be distributed separate under the name "gph".
The manual will be distributed separately under the name "gph".
An online version of the latest manual draft is available at the
GnuPG web pages:
http://www.gnupg.org/gph/
http://www.gnupg.org/documentation/
A list of frequently asked questions is available in GnuPG's
distibution in the file doc/FAQ and online as:
A list of frequently asked questions is available in the GnuPG
distribution in the file doc/FAQ and online as:
http://www.gnupg.org/faq.html
http://www.gnupg.org/documentation/faqs.html
A couple of HOWTO documents are available online; for a listing see:
http://www.gnupg.org/docs.html#howtos
http://www.gnupg.org/documentation/howtos.html
A man page with a description of all commands and options gets installed
along with the program.
@ -142,9 +146,15 @@
cryptography. GnuPG is only a tool, secure usage requires that
YOU KNOW WHAT YOU ARE DOING.
If you already have a DSA key from PGP 5 (they call them DH/ElGamal)
you can simply copy the pgp keyrings over the GnuPG keyrings after
running gpg once to create the correct directory.
The first time you run gpg, it will create a .gnupg directory in
your home directory and populate it with a default configuration
file. Once this is done, you may create a new key, or if you
already have keyrings from PGP, you can import them into GnuPG
with:
gpg --import path/to/pgp/keyring/pubring.pkr
and
gpg --import path/to/pgp/keyring/secring.skr
The normal way to create a key is
@ -154,23 +164,23 @@
good random numbers for the key parameters, GnuPG needs to gather
enough noise (entropy) from your system. If you see no progress
during key generation you should start some other activities such
as mouse moves or hitting on the CTRL and SHIFT keys.
as moving the mouse or hitting the CTRL and SHIFT keys.
Generate a key ONLY on a machine where you have direct physical
access - don't do it over the network or on a machine used also
by others - especially if you have no access to the root account.
access - don't do it over the network or on a machine also used
by others, especially if you have no access to the root account.
When you are asked for a passphrase use a good one which you can
easy remember. Don't make the passphrase too long because you have
to type it for every decryption or signing; but, - AND THIS IS VERY
IMPORTANT - use a good one that is not easily to guess because the
security of the whole system relies on your secret key and the
passphrase that protects it when someone gains access to your secret
keyring. A good way to select a passphrase is to figure out a short
nonsense sentence which makes some sense for you and modify it by
inserting extra spaces, non-letters and changing the case of some
characters - this is really easy to remember especially if you
associate some pictures with it.
easily remember. Don't make the passphrase too long because you
have to type it for every decryption or signing; but, - AND THIS
IS VERY IMPORTANT - use a good one that is not easily to guess
because the security of the whole system relies on your secret key
and the passphrase that protects it when someone gains access to
your secret keyring. One good way to select a passphrase is to
figure out a short nonsense sentence which makes some sense for
you and modify it by inserting extra spaces, non-letters and
changing the case of some characters - this is really easy to
remember especially if you associate some pictures with it.
Next, you should create a revocation certificate in case someone
gets knowledge of your secret key or you forgot your passphrase
@ -472,9 +482,9 @@
as the socket to connect EGD. Using this option the
socket name can be changed. You may use any filename
here with 2 exceptions: a filename starting with
"~/" uses the socket in the homedirectory of the user
"~/" uses the socket in the home directory of the user
and one starting with a "=" uses a socket in the
GnuPG homedirectory which is bye default "~/.gnupg".
GnuPG home directory which is "~/.gnupg" by default.
--with-included-zlib
Forces usage of the local zlib sources. Default is
@ -559,12 +569,14 @@
We can't check all assembler files, so if you have problems
assembling them (or the program crashes) use --disable-asm with
./configure. The configure scripts may consider several
subdirectories to get all available assembler files; be sure to
delete the correct ones. The assembler replacements are in C and
in mpi/generic; never delete udiv-qrnnd.S in any CPU directory,
because there may be no C substitute. Don't forget to delete
"config.cache" and run "./config.status --recheck".
./configure. If you opt to delete individual replacement files in
hopes of using the remaining ones, be aware that the configure
scripts may consider several subdirectories to get all available
assembler files; be sure to delete the correct ones. The assembler
replacements are in C and in mpi/generic; never delete
udiv-qrnnd.S in any CPU directory, because there may be no C
substitute. Don't forget to delete "config.cache" and run
"./config.status --recheck".
Some make tools are broken - the best solution is to use GNU's
make. Try gmake or grab the sources from a GNU archive and
@ -642,9 +654,9 @@
The primary WWW page is "http://www.gnupg.org"
The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"
See http://www.gnupg.org/mirrors.html for a list of mirrors
and use them if possible. You may also find GnuPG mirrored on
some of the regular GNU mirrors.
See http://www.gnupg.org/download/mirrors.html for a list of
mirrors and use them if possible. You may also find GnuPG
mirrored on some of the regular GNU mirrors.
We have some mailing lists dedicated to GnuPG:
@ -661,9 +673,10 @@
You subscribe to one of the list by sending mail with a subject
of "subscribe" to x-request@gnupg.org, where x is the name of the
mailing list (gnupg-announce, gnupg-users, etc.). An archive of
the mailing lists is available at http://lists.gnupg.org .
the mailing lists are available at
http://www.gnupg.org/documentation/mailing-lists.html
Please direct bug reports to <bug-gnupg@gnu.org> or post
Please direct bug reports to http://bugs.gnupg.org or post
them direct to the mailing list <gnupg-devel@gnupg.org>.
Please direct questions about GnuPG to the users mailing list or
@ -674,4 +687,3 @@
Commercial grade support for GnuPG is available; please see
the GNU service directory or search other resources.

56
configure.ac
View File

@ -33,20 +33,13 @@ development_version=yes
ALL_LINGUAS="de"
PACKAGE=$PACKAGE_NAME
VERSION=$PACKAGE_VERSION
AC_CONFIG_AUX_DIR(scripts)
AC_CONFIG_SRCDIR(g10/g10.c)
AC_CANONICAL_TARGET()
AM_INIT_AUTOMAKE($PACKAGE, $VERSION)
AM_INIT_AUTOMAKE
AM_CONFIG_HEADER(config.h)
AC_SUBST(PACKAGE)
AC_SUBST(VERSION)
AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of this package])
AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version of this package])
AC_DEFINE(_GNU_SOURCE,1,[Some tests rely on this (stpcpy) and it should be used for new programs anyway])
AC_GNU_SOURCE
dnl
dnl Check for random module options
@ -121,6 +114,7 @@ use_blowfish=yes
use_aes=yes
use_twofish=yes
use_tiger192=no
use_old_tiger192=no
use_sha256=yes
use_sha512=yes
use_exec=yes
@ -201,16 +195,23 @@ fi
dnl this is because the stable branch calls it just "tiger".
AC_ARG_ENABLE(tiger,,use_tiger192=$enableval)
AC_ARG_ENABLE(old-tiger,,use_old_tiger192=$enableval)
dnl TIGER192 is actually defined only after we confirm 64-bit support
dnl later
AC_MSG_CHECKING([whether to enable the TIGER/192 digest])
AC_MSG_CHECKING([whether to enable the nonstandard TIGER/192 digest])
AC_ARG_ENABLE(tiger192,
AC_HELP_STRING([--enable-tiger192],[enable the TIGER/192 digest]),
AC_HELP_STRING([--enable-tiger192],[enable the nonstandard TIGER/192 digest]),
use_tiger192=$enableval)
AC_MSG_RESULT($use_tiger192)
if test x"$use_tiger192" = xyes ; then
AC_MSG_CHECKING([whether to enable old-style nonstandard TIGER/192 digest support])
AC_ARG_ENABLE(old-tiger192,
AC_HELP_STRING([--enable-old-tiger192],[enable old-style nonstandard TIGER/192 digest support]),
use_old_tiger=$enableval)
AC_MSG_RESULT($use_old_tiger192)
if test x"$use_tiger192" = xyes || test x"$use_old_tiger192" = xyes ; then
AC_MSG_WARN([[
***
*** The TIGER/192 digest is in the process of being removed from the
@ -635,7 +636,13 @@ AC_SUBST(MPI_OPT_FLAGS)
dnl Checks for libraries.
if test "$try_gettext" = yes; then
AM_GNU_GETTEXT
AM_GNU_GETTEXT(,[need-ngettext])
# gettext requires some extra checks. These really should be part of
# the basic AM_GNU_GETTEXT macro. TODO: move other gettext-specific
# function checks to here.
AC_CHECK_FUNCS(strchr)
else
USE_NLS=no
USE_INCLUDED_LIBINTL=no
@ -710,16 +717,14 @@ else
if test x"$use_tiger192" = xyes ; then
AC_SUBST(TIGER_O,tiger.o)
AC_DEFINE(USE_TIGER192,1,[Define to include the TIGER/192 digest])
AC_MSG_CHECKING([whether to enable old-style TIGER/192 digest support])
AC_ARG_ENABLE(old-tiger,
[ --enable-old-tiger enable old-style TIGER/192 digest support],
old_tiger=$enableval, old_tiger=no)
AC_MSG_RESULT($old_tiger)
if test "$old_tiger" = yes ; then
AC_DEFINE(USE_OLD_TIGER,1,[Define to use the old fake OID for TIGER/192 digest support])
fi
fi
if test "$use_old_tiger192" = yes ; then
AC_SUBST(TIGER_O,tiger.o)
AC_DEFINE(USE_TIGER192,1,[Define to include the TIGER/192 digest])
AC_DEFINE(USE_OLD_TIGER,1,[Define to use the old fake OID for TIGER/192 digest support])
fi
if test x"$use_sha512" = xyes ; then
AC_SUBST(SHA512_O,sha512.o)
AC_DEFINE(USE_SHA512,1,[Define to include the SHA-384 and SHA-512 digests])
@ -731,7 +736,7 @@ AC_FUNC_FSEEKO
AC_FUNC_VPRINTF
AC_FUNC_FORK
AC_CHECK_FUNCS(strerror stpcpy strsep strlwr tcgetattr strtoul mmap)
AC_CHECK_FUNCS(strcasecmp strncasecmp ctermid)
AC_CHECK_FUNCS(strcasecmp strncasecmp ctermid times)
AC_CHECK_FUNCS(memmove gettimeofday getrusage setrlimit clock_gettime)
AC_CHECK_FUNCS(atexit raise getpagesize strftime nl_langinfo setlocale)
AC_CHECK_FUNCS(waitpid wait4 sigaction sigprocmask rand pipe stat)
@ -1057,9 +1062,10 @@ if test "$print_egd_warning" = yes; then
*** in Perl and available at the GnuPG FTP servers. For more information
*** consult the GnuPG webpages:
***
*** http://www.gnupg.org/download.html#egd
*** http://www.gnupg.org/download/#EGD
***
*** You may want to run ./configure with --enable-static-rnd=egd to use it.
*** You may want to run ./configure with --enable-static-rnd=egd or
*** --enable-static-rnd=auto to use it.
***]])
fi