diff --git a/README b/README index 372d84aa4..94c07569f 100644 --- a/README +++ b/README @@ -8,203 +8,215 @@ Copyright 1998-2013 Free Software Foundation, Inc. -INTRODUCTION -============ +* INTRODUCTION -GnuPG is a tool for secure communication and data storage. It can be -used to encrypt data and to create digital signatures. It includes an -advanced key management facility and is compliant with the proposed -OpenPGP Internet standard as described in RFC4880 and the S/MIME -standard as described by several RFCs. + GnuPG is a tool for secure communication and data storage. It can + be used to encrypt data and to create digital signatures. It + includes an advanced key management facility and is compliant with + the proposed OpenPGP Internet standard as described in RFC4880 and + the S/MIME standard as described by several RFCs. -GnuPG is distributed under the terms of the GNU General Public -License. See the file COPYING for details. GnuPG works best on -GNU/Linux or *BSD systems. Most other Unices are also supported but -are not as well tested as the Free Unices. + GnuPG is distributed under the terms of the GNU General Public + License. See the file COPYING for details. GnuPG works best on + GNU/Linux or *BSD systems. Most other Unices are also supported but + are not as well tested as the Free Unices. -GnuPG-2 is the stable version of GnuPG integrating support for OpenPGP -and S/MIME. It does not conflict with an installed 1.4 OpenPGP-only -version. + GnuPG-2 is the stable version of GnuPG integrating support for + OpenPGP and S/MIME. It does not conflict with an installed 1.4 + OpenPGP-only version. -BUILD INSTRUCTIONS -================== +* BUILD INSTRUCTIONS -GnuPG 2.1 depends on the following packages: + GnuPG 2.1 depends on the following GnuPG related packages: - npth (ftp://ftp.gnupg.org/gcrypt/npth/) - libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/) - libgcrypt (ftp://ftp.gnupg.org/gcrypt/libgcrypt/) - libksba (ftp://ftp.gnupg.org/gcrypt/libksba/) - libassuan (ftp://ftp.gnupg.org/gcrypt/libassuan/) + npth (ftp://ftp.gnupg.org/gcrypt/npth/) + libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/) + libgcrypt (ftp://ftp.gnupg.org/gcrypt/libgcrypt/) + libksba (ftp://ftp.gnupg.org/gcrypt/libksba/) + libassuan (ftp://ftp.gnupg.org/gcrypt/libassuan/) -You should get the latest versions of course, the GnuPG configure -script complains if a version is not sufficient. + You should get the latest versions of course, the GnuPG configure + script complains if a version is not sufficient. -For some advanced features several other libraries are required. The -configure script prints diagnostic messages if one of these libraries -is not available and a feature will not be available.. + For some advanced features several other libraries are required. + The configure script prints diagnostic messages if one of these + libraries is not available and a feature will not be available.. -You also need the Pinentry package for most functions of GnuPG; -however it is not a build requirement. Pinentry is available at -ftp://ftp.gnupg.org/gcrypt/pinentry/ . + You also need the Pinentry package for most functions of GnuPG; + however it is not a build requirement. Pinentry is available at + ftp://ftp.gnupg.org/gcrypt/pinentry/ . -After building and installing the above packages in the order as given -above, you may continue with GnuPG installation (you may also just try -to build GnuPG to see whether your already installed versions are -sufficient). + After building and installing the above packages in the order as + given above, you may continue with GnuPG installation (you may also + just try to build GnuPG to see whether your already installed + versions are sufficient). -As with all packages, you just have to do + As with all packages, you just have to do - ./configure - make - make install + ./configure + make + make install -(Before doing install you might need to become root.) + (Before doing install you might need to become root.) -If everything succeeds, you have a working GnuPG with support for -OpenPGP, S/MIME, ssh-agent, and smartcards. Note that there is no -binary gpg but a gpg2 so that this package won't conflict with a GnuPG -1.4 installation. gpg2 behaves just like gpg. + If everything succeeds, you have a working GnuPG with support for + OpenPGP, S/MIME, ssh-agent, and smartcards. Note that there is no + binary gpg but a gpg2 so that this package won't conflict with a + GnuPG 1.4 installation. gpg2 behaves just like gpg. -In case of problem please ask on the gnupg-users@gnupg.org mailing -list for advise. + In case of problem please ask on the gnupg-users@gnupg.org mailing + list for advise. -Instruction on how to build for Windows can be found in the file -doc/HACKING in the section "How to build an installer for Windows". -This requires some experience as developer. + Instruction on how to build for Windows can be found in the file + doc/HACKING in the section "How to build an installer for Windows". + This requires some experience as developer. -Note that the PKITS tests are always skipped unless you copy the PKITS -test data file into the tests/pkits directory. There is no need to -run these test and some of them may even fail because the test scripts -are not yet complete. + Note that the PKITS tests are always skipped unless you copy the + PKITS test data file into the tests/pkits directory. There is no + need to run these test and some of them may even fail because the + test scripts are not yet complete. -You may run + You may run - gpgconf --list-dirs + gpgconf --list-dirs -to view the default directories used by GnuPG. + to view the default directories used by GnuPG. -To quickly build all required software without installing it, the -Speedo method may be used: + To quickly build all required software without installing it, the + Speedo method may be used: - make -f build-aux/speedo.mk native + make -f build-aux/speedo.mk native -This method downloads all required libraries and does a native build -of GnuPG to PLAY/inst/. GNU make is required and you need to set -LD_LIBRARY_PATH to $(pwd)/PLAY/inst/lib. + This method downloads all required libraries and does a native build + of GnuPG to PLAY/inst/. GNU make is required and you need to set + LD_LIBRARY_PATH to $(pwd)/PLAY/inst/lib to test the binaries. + +** Specific build problems on some machines: + +*** Apple OSX 10.x using XCode + + On some versions the correct location of a header file can't be + detected by configure. To fix that you should run configure like + this + + ./configure gl_cv_absolute_stdint_h=/usr/include/stdint.h + + Add other options as needed. -MIGRATION FROM 1.4 or 2.0 to 2.1 -================================ +* MIGRATION from 1.4 or 2.0 to 2.1 -The major change in 2.1 is gpg-agent taking care of the OpenPGP secret -keys (those managed by GPG). The former file "secring.gpg" will not -be used anymore. Newly generated keys are stored in the agent's key -store directory "~/.gnupg/private-keys-v1.d/". The first time gpg -needs a secret key it checks whether a "secring.gpg" exists and -copies them to the new store. The old secring.gpg is kept for use by -older versions of gpg. + The major change in 2.1 is gpg-agent taking care of the OpenPGP + secret keys (those managed by GPG). The former file "secring.gpg" + will not be used anymore. Newly generated keys are stored in the + agent's key store directory "~/.gnupg/private-keys-v1.d/". The + first time gpg needs a secret key it checks whether a "secring.gpg" + exists and copies them to the new store. The old secring.gpg is + kept for use by older versions of gpg. -Note that gpg-agent now uses a fixed socket by default. All tools -will start the gpg-agent as needed. In general there is no more need -to set the GPG_AGENT_INFO environment variable. The SSH_AUTH_SOCK -environment variable should be set to a fixed value. + GPG's smartcard commands --card-edit and --card-status as well as some + of the card related sub-commands of --edit-key are not yet fully + supported. However, signing and decryption with a smartcard does + work. -GPG's smartcard commands --card-edit and --card-status as well as some -of the card related sub-commands of --edit-key are not yet fully -supported. However, signing and decryption with a smartcard does -work. + Note that gpg-agent now uses a fixed socket by default. All tools + will start the gpg-agent as needed. In general there is no more + need to set the GPG_AGENT_INFO environment variable. The + SSH_AUTH_SOCK environment variable should be set to a fixed value. -The Dirmngr is now part of GnuPG proper and also used to access -OpenPGP keyservers. The directroy layout of Dirmngr changed to make -use of the GnuPG directories. Dirmngr is started by gpg or gpgsm as -needed needed. There is no more need to install a separate dirmngr -package. + The Dirmngr is now part of GnuPG proper and also used to access + OpenPGP keyservers. The directroy layout of Dirmngr changed to make + use of the GnuPG directories. Dirmngr is started by gpg or gpgsm as + needed needed. There is no more need to install a separate dirmngr + package. -DOCUMENTATION -============= +* DOCUMENTATION -The complete documentation is in the texinfo manual named -`gnupg.info'. Run "info gnupg" to read it. If you want a a printable -copy of the manual, change to the "doc" directory and enter "make pdf" -For a HTML version enter "make html" and point your browser to -gnupg.html/index.html. Standard man pages for all components are -provided as well. An online version of the manual is available at -http://www.gnupg.org/documentation/manuals/gnupg/ . A version of the -manual pertaining to the current development snapshot is at -http://www.gnupg.org/documentation/manuals/gnupg-devel/ . + The complete documentation is in the texinfo manual named + `gnupg.info'. Run "info gnupg" to read it. If you want a a + printable copy of the manual, change to the "doc" directory and + enter "make pdf" For a HTML version enter "make html" and point your + browser to gnupg.html/index.html. Standard man pages for all + components are provided as well. An online version of the manual is + available at http://www.gnupg.org/documentation/manuals/gnupg/ . A + version of the manual pertaining to the current development snapshot + is at http://www.gnupg.org/documentation/manuals/gnupg-devel/ . -GNUPG 1.4 AND GNUPG 2.0 -======================= +* GnuPG 1.4 and GnuPG 2.0 -GnuPG 2.0 is a newer version of GnuPG with additional support for -S/MIME. It has a different design philosophy that splits -functionality up into several modules. Both versions may be installed -simultaneously without any conflict (gpg is called gpg2 in GnuPG 2). -In fact, the gpg version from GnuPG 1.4 is able to make use of the -gpg-agent as included in GnuPG 2 and allows for seamless passphrase -caching. The advantage of GnuPG 1.4 is its smaller size and no -dependency on other modules at run and build time. + GnuPG 2.0 is a newer version of GnuPG with additional support for + S/MIME. It has a different design philosophy that splits + functionality up into several modules. Both versions may be + installed simultaneously without any conflict (gpg is called gpg2 in + GnuPG 2). In fact, the gpg version from GnuPG 1.4 is able to make + use of the gpg-agent as included in GnuPG 2 and allows for seamless + passphrase caching. The advantage of GnuPG 1.4 is its smaller size + and no dependency on other modules at run and build time. -HOW TO GET MORE INFORMATION -=========================== +* HOW TO GET MORE INFORMATION -The primary WWW page is "https://www.gnupg.org" - or using TOR "http://ic6au7wa3f6naxjq.onion" -The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/" + The primary WWW page is "https://www.gnupg.org" + or using TOR "http://ic6au7wa3f6naxjq.onion" + The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/" -See https://www.gnupg.org/download/mirrors.html for a list of mirrors -and use them if possible. You may also find GnuPG mirrored on some of -the regular GNU mirrors. + See https://www.gnupg.org/download/mirrors.html for a list of + mirrors and use them if possible. You may also find GnuPG mirrored + on some of the regular GNU mirrors. -We have some mailing lists dedicated to GnuPG: + We have some mailing lists dedicated to GnuPG: - gnupg-announce@gnupg.org For important announcements like new - versions and such stuff. This is a - moderated list and has very low traffic. - Do not post to this list. + gnupg-announce@gnupg.org For important announcements like new + versions and such stuff. This is a + moderated list and has very low traffic. + Do not post to this list. - gnupg-users@gnupg.org For general user discussion and - help (English). + gnupg-users@gnupg.org For general user discussion and + help (English). - gnupg-de@gnupg.org German speaking counterpart of - gnupg-users. + gnupg-de@gnupg.org German speaking counterpart of + gnupg-users. - gnupg-ru@gnupg.org Russian speaking counterpart of - gnupg-users. + gnupg-ru@gnupg.org Russian speaking counterpart of + gnupg-users. - gnupg-devel@gnupg.org GnuPG developers main forum. + gnupg-devel@gnupg.org GnuPG developers main forum. -You subscribe to one of the list by sending mail with a subject of -"subscribe" to x-request@gnupg.org, where x is the name of the mailing -list (gnupg-announce, gnupg-users, etc.). An archive of the mailing -lists are available at http://www.gnupg.org/documentation/mailing-lists.html + You subscribe to one of the list by sending mail with a subject of + "subscribe" to x-request@gnupg.org, where x is the name of the + mailing list (gnupg-announce, gnupg-users, etc.). See + https://www.gnupg.org/documentation/mailing-lists.html for archives + of the mailing lists. -Please direct bug reports to http://bugs.gnupg.org or post them direct -to the mailing list . + Please direct bug reports to http://bugs.gnupg.org or post them + direct to the mailing list . -Please direct questions about GnuPG to the users mailing list or one -of the pgp newsgroups; please do not direct questions to one of the -authors directly as we are busy working on improvements and bug fixes. -The English and German mailing lists are watched by the authors and we -try to answer questions when time allows us to do so. + Please direct questions about GnuPG to the users mailing list or one + of the PGP newsgroups; please do not direct questions to one of the + authors directly as we are busy working on improvements and bug + fixes. The English and German mailing lists are watched by the + authors and we try to answer questions when time allows us. -Commercial grade support for GnuPG is available; for a listing of -offers see https://www.gnupg.org/service.html . Maintaining and -improving GnuPG is costly. Since 2001, g10 Code GmbH, a German -company owned and headed by GnuPG's principal author Werner Koch, is -bearing the majority of these costs. To help them carry on this work, -they need your support. See https://gnupg.org/donate/ . + Commercial grade support for GnuPG is available; for a listing of + offers see https://www.gnupg.org/service.html . Maintaining and + improving GnuPG is costly. Since 2001, g10 Code GmbH, a German + company owned and headed by GnuPG's principal author Werner Koch, is + bearing the majority of these costs. To help them carry on this + work, they need your support. See https://gnupg.org/donate/ . - This file is Free Software; as a special exception the authors gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. For conditions - of the whole package, please see the file COPYING. This file is - distributed in the hope that it will be useful, but WITHOUT ANY - WARRANTY, to the extent permitted by law; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This file is Free Software; as a special exception the authors gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. For conditions +# of the whole package, please see the file COPYING. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Local Variables: +# mode:org +# End: diff --git a/doc/gpg.texi b/doc/gpg.texi index b8c4ab1da..0472a4a5d 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3159,12 +3159,13 @@ files; They all live in in the current home directory (@pxref{option @item ~/.gnupg/openpgp-revocs.d/ This is the directory where gpg stores pre-generated revocation - certificates. It is suggested to backup those certificates and if the - primary private key is not stored on the disk to move them to an - external storage device. Anyone who can access theses files is able to - revoke the corresponding key. You may want to print them out. You - should backup all files in this directory and take care to keep this - backup closed away. + certificates. The file name corresponds to the OpenPGP fingerprint of + the respective key. It is suggested to backup those certificates and + if the primary private key is not stored on the disk to move them to + an external storage device. Anyone who can access theses files is + able to revoke the corresponding key. You may want to print them out. + You should backup all files in this directory and take care to keep + this backup closed away. @item /usr[/local]/share/gnupg/options.skel The skeleton options file.