* README: Updated.

ChangeLog

@@ -1,3 +1,9 @@
+2004-01-29  Werner Koch  <wk@gnupg.org>
+
+	* README: Updated.
+
+	* configure.ac: Require libksba 0.9.2 due to bug fixes.
+
 2004-01-24  Werner Koch  <wk@gnupg.org>
 
 	* configure.ac: Now requires libassuan 0.6.3.

NEWS

@@ -1,6 +1,10 @@
 Noteworthy changes in version 1.9.4 (unreleased)
 ------------------------------------------------
 
+ * Added support for the Telesec NKS 2.0 card application.
+
+ * Various minor bug fixes and cleanups; mainly gpgsm and gpg-agent
+   related.
 
 Noteworthy changes in version 1.9.3 (2003-12-23)
 ------------------------------------------------

README

@@ -1,22 +1,56 @@
-GnuPG 1.9 is a temporary project to work on GnuPG extensions; it is a
-merke fo gnupg 1.3 and the old newpg package.  It will eventually lead
-to a GnuPG 2.0 release.
-
-jnlib/  utility functions
-kbx/    keybox library
-g10/    the gpg program here called gpg2
-sm/     the gpgsm program
-agent/  the gpg-agent
-scd/    the smartcard daemon
+                   The GNU Privacy Guard 2
+                  =========================
+                       Version 1.9.x
 
 
-You need the libgpg-error package.  Libassuan, Libksba and Libgcrypt
-are also required to build it.
+GnuPG 1.9 is the future version of GnuPG; it is based on the gnupg-1.3
+code and the previous newpg package.  It will eventually lead to a
+GnuPG 2.0 release.  Note that GnuPG 1.3 and 1.9 are not always in sync
+and thus features and bug fixes done in 1.3 are not necessary
+available in 1.9.
 
-Keybox is designed to be source include-able.
 
-A texinfo manual `gnupg.info' will get installed.  Some commands and
-options given below.
+BUILD INSTRUCTIONS
+==================
+
+GnuPG 1.9 depends on the following packages:
+
+  libgpg-error (ftp://ftp.gnupg.org/gcrypt/alpha/libgpg-error/)
+  libgcrypt    (ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/)
+  libassuan    (ftp://ftp.gnupg.org/gcrypt/alpha/libassuan/)
+  libksba      (ftp://ftp.gnupg.org/gcrypt/alpha/libksba/)
+  
+You also need the pinentry package for most function of GnupG; however
+it is not a build requirement.  pinentry is available at
+ftp://ftp.gnupg.org/gcrypt/pinentry/ .
+
+You should get the latest versions of course, the GnuPG configure
+script complains if a version is not sufficient.
+
+After building and installing the above packages in the order as given
+above, you may now continue with GnupG installation (you may also just
+try to build GnuPG to see whether your already installed versions are
+sufficient).
+
+As with all packages, you just have to do
+
+ ./configure
+ make
+ make install
+
+(Before doing install you might need to become root.)
+
+If everything succeeds, you have a working GnuPG with support for
+S/MIME and smartcards.  Note that there is no binary gpg but a gpg2 so
+that this package won't confict with a GnuPG 1.2 or1.3
+installation. gpg2 behaves just like gpg and it is possible to symlink
+oto gpg if you want to use gpg 1.9.
+
+In case of problem please ask on gpa-dev@gnupg.org for advise.  Note
+that this release is only expected to build on GNU and *BSD systems.
+
+A texinfo manual named `gnupg.info' will get installed.  Some commands
+and options given below.  See also the section `SMARTCARD INTRO'.
 
 
 COMMANDS
@@ -177,6 +211,12 @@ scdaemon:
   ctAPI, a number must be specified (the default is 32768 for the
   first USB port).
 
+--disable-ccid 
+
+  Disable the integrated support for CCID compliant readers.  This
+  allows to fall back to one of the other drivers even if the internal
+  CCID driver can handle the reader.  Note, that CCID support is only
+  available if libusb was available at build time.
 
 
 FILES
@@ -261,7 +301,22 @@ private-keys-v1.d/
         about.
 
 
-How to specify a user ID
+SOURCE FILES
+============
+
+Here is a list of directories with source files:
+
+jnlib/  utility functions
+kbx/    keybox library
+g10/    the gpg program here called gpg2
+sm/     the gpgsm program
+agent/  the gpg-agent
+scd/    the smartcard daemon
+doc/    documentation
+
+
+
+HOW TO SPECIFY A USER ID
 ========================
 
 Due to the way X.509 certificates are made up we need a few new ways
@@ -394,7 +449,7 @@ data.
 Some of the search modes are not yet implemented ;-)
 
 
-How to import a private key
+HOW TO IMPORT A PRIVATE KEY
 ===========================
 There is some limited support to import a private key from a PKCS-12
 file.  Note, that this does only import the private key and not any
@@ -408,7 +463,7 @@ however this is in general not a good idea.  If that key already
 exists, the protect-tool refuses to store it unless you use the option
 "--force". 
 
-How to export a private key
+HOW TO EXPORT A PRIVATE KEY
 ===========================
 There is also limited support to export a private key in PKCS-12
 format. However the certificate is not stored and there is no MAC applied.
@@ -416,3 +471,45 @@ format. However the certificate is not stored and there is no MAC applied.
  gpgsm --call-protect-tool --p12-export  foo.key  >foo.p12
 
 
+SMARTCARD INTRO
+===============
+
+GPG, the OpenPGP implementation supports the OpenPGP smartcard
+(surprise!); see http://g10code.com/p-card.html.
+
+[Fixme: We need to explain this further]
+
+
+GPGSM, the CMS (S/MIME) implementation supports two kinds of
+smartcards.  The most flexible way is to use PKCS#15 compliant cards,
+however you must have build GnuPG with support for the OpenSC library.
+The build process automagically detects the presence of this library
+and will include support for these cards.
+
+The other card we currently support is the Telesec NetKey card with
+the NKS 2.0 card application.
+
+Before GPGSM can make use of a new card it must gather some
+information, like the card's serial number, the public keys and the
+certificates stored on the card.  Thus for a new card you need to run
+the command
+
+  gpgsm --learn-card
+
+once.  This is also a good test to see whether your card reader is
+properly installed. See below in case of error.  Once this has been
+done you may use the keys stored on the card in the same way you use
+keys stored on the disk.  gpgsm automagically knows whether a card is
+required and will pop up the pinentry to ask you to insert the
+correct card.
+
+For selecting the driver, see the options of scdaemon.  A useful
+debugging flag is "--debug 2048" showing the communication between
+scdaemon and the reader.
+
+[fixme: write more stuff]
+
+
+
+
+

TODO

@@ -59,6 +59,9 @@ might want to have an agent context for each service request
 * agent/pkdecrypt.c, agent/pksign.c
 ** Don't use stdio to return results.
 
+* agent/divert-scd.c
+ Remove the agent_reset_scd kludge.
+
 * agent/protect-tool.c
 ** Export and import certificates along with the secret key.
 ** Make it more comfortable; i.e. copy files to the correct place.

configure.ac

@@ -32,7 +32,7 @@ development_version=yes
 NEED_GPG_ERROR_VERSION=0.6
 NEED_LIBGCRYPT_VERSION=1.1.91
 NEED_LIBASSUAN_VERSION=0.6.3
-NEED_KSBA_VERSION=0.9.1
+NEED_KSBA_VERSION=0.9.2
 NEED_OPENSC_VERSION=0.8.0