Go to file
Werner Koch 2b32eb15aa gpg: Disallow the use of v3 keys.
* g10/gpg.c: Add options --allow-v3-keys and --no-allow-v3-keys.
(main): Enable --allow-v3-keys in --pgp2 mode.
* g10/options.h (opt): Add field allow_v3_keys.
* g10/import.c (delete_v3_subkeys): New.
(import_one): Skip v3 keys and delete v3 subkeys.
(import_print_stats): Print stats on v3 keys and subkeys.
* g10/getkey.c (finish_lookup): Skip v3 keys.
--

This is a first take on disabling v3 keys.  We may need to add some
tweaks to make decryption using an existing v3 key easier.  There is
no need to disallow decryption.

Thanks to Georgi Guninski to put some pressure on us to finally do
what PGP 2 folks will probably don’t like.  See the discussion on
gnupg-devel starting 2012-06-22.
2012-06-25 16:27:04 +02:00
agent Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
am Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
artwork Define SUN_LEN also for W32. 2009-06-04 14:19:21 +00:00
common Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
dirmngr Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
doc gpg: Disallow the use of v3 keys. 2012-06-25 16:27:04 +02:00
g10 gpg: Disallow the use of v3 keys. 2012-06-25 16:27:04 +02:00
g13 Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
gl Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
include Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
kbx Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
keyserver Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
m4 Port to npth. 2012-01-25 14:50:47 +01:00
po Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
scd scd: handle reader/token removal. 2012-06-25 10:48:11 +09:00
scripts Extend gitlog-to-changelog option --tear-off. 2012-01-25 11:58:54 +01:00
sm Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
tests Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
tools Change all quotes in strings and comments to the new GNU standard. 2012-06-05 19:29:22 +02:00
.gitignore Minor doc updates v2.0 vs. v2.1) 2011-08-08 10:17:33 +02:00
ABOUT-NLS Preparing a test release 2008-02-15 09:58:01 +00:00
AUTHORS Change license for some files in common to LGPLv3+/GPLv2+. 2012-04-20 15:48:48 +02:00
COPYING Changed to GPLv3. 2007-07-04 19:49:40 +00:00
COPYING.LIB Changed to GPLv3. 2007-07-04 19:49:40 +00:00
ChangeLog Generate the ChangeLog from commit logs. 2011-12-01 11:09:02 +01:00
ChangeLog-2011 Generate the ChangeLog from commit logs. 2011-12-01 11:09:02 +01:00
INSTALL Upgraded gettext. 2007-05-07 19:49:12 +00:00
Makefile.am Require gitlog-to-changelog to be installed. 2012-01-25 12:11:41 +01:00
NEWS gpg: Disallow the use of v3 keys. 2012-06-25 16:27:04 +02:00
README Require libgcrypt 1.5 2011-03-08 12:23:59 +01:00
README.GIT Nuked almost all trailing white space. 2011-02-04 12:57:53 +01:00
README.maint Switch to the new automagic beta numbering scheme. 2012-05-11 10:20:29 +02:00
THANKS Support the Cherry ST-2000 card reader. 2011-12-02 18:09:58 +01:00
TODO Impleemned gpgsm's IMPORT --re-import feature. 2009-07-07 16:52:12 +00:00
acinclude.m4 Better support unsigned time_t 2010-10-27 11:26:53 +00:00
autogen.sh Add hook to check the commit log syntax. 2011-12-01 18:14:26 +01:00
configure.ac Switch to the new automagic beta numbering scheme. 2012-05-11 10:20:29 +02:00

README

                       The GNU Privacy Guard 2
                      =========================
                             Version 2.1

   THIS IS A DEVELOPMENT VERSION AND NOT INTENDED FOR REGULAR USE.

      Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
     2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.


INTRODUCTION
============

GnuPG is GNU's tool for secure communication and data storage.  It can
be used to encrypt data and to create digital signatures.  It includes
an advanced key management facility and is compliant with the proposed
OpenPGP Internet standard as described in RFC4880 and the S/MIME
standard as described by several RFCs.

GnuPG is distributed under the terms of the GNU General Public
License.  See the file COPYING for details.  GnuPG works best on
GNU/Linux or *BSD systems.  Most other Unices are also supported but
are not as well tested as the Free Unices.

GnuPG 2.0 is the stable version of GnuPG integrating support for
OpenPGP and S/MIME.  It does not conflict with an installed 1.4
OpenPGP-only version.


BUILD INSTRUCTIONS
==================

GnuPG 2.1 depends on the following packages:

  libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/)
  libgcrypt    (ftp://ftp.gnupg.org/gcrypt/libgcrypt/)
  libksba      (ftp://ftp.gnupg.org/gcrypt/libksba/)
  libassuan    (ftp://ftp.gnupg.org/gcrypt/libassuan/)

You also need the Pinentry package for most function of GnuPG; however
it is not a build requirement.  Pinentry is available at
ftp://ftp.gnupg.org/gcrypt/pinentry/ .

You should get the latest versions of course, the GnuPG configure
script complains if a version is not sufficient.

After building and installing the above packages in the order as given
above, you may now continue with GnuPG installation (you may also just
try to build GnuPG to see whether your already installed versions are
sufficient).

As with all packages, you just have to do

 ./configure
 make
 make install

(Before doing install you might need to become root.)

If everything succeeds, you have a working GnuPG with support for
S/MIME and smartcards.  Note that there is no binary gpg but a gpg2 so
that this package won't conflict with a GnuPG 1.4 installation.  gpg2
behaves just like gpg.

In case of problem please ask on gnupg-users@gnupg.org for advise.

Note that the PKITS tests are always skipped unless you copy the PKITS
test data file into the tests/pkits directory.  There is no need to
run these test and some of them may even fail because the test scripts
are not yet complete.

You may run

  gpgconf --list-dirs

to view the default directories used by GnuPG.


MIGRATION FROM 1.4 or 2.0 to 2.1
================================

The major change in 2.1 is that gpg-agent now takes care of the
OpenPGP secret keys (those managed by GPG).  The former secring.gpg
will not be used anymore.  Newly generated keys are generated and
stored in the agent's key store (~/.gnupg/private-keys-v1.d/).  To
migrate your existing keys to the agent you should run this command

  gpg2 --import ~/.gnupg/secring.gpg

The agent will you ask for the passphrase of each key.  You may use
the Cancel button of the Pinentry to skip importing this key.  If you
want to stop the import process and you use one of the latest
pinentries, you should close the pinentry window instead of hitting
the cancel button.  Secret keys already imported are skipped by the
import command.  It is advisable to keep the secring.gpg for use with
older versions of GPG.

Note that gpg-agent now uses a fixed socket by default.  All tools
will start the gpg-agent as needed.  In general there is no more need
to set the GPG_AGENT_INFO environment variable.  The SSH_AUTH_SOCK
environment variable should be set to a fixed value.

GPG's smartcard commands --card-edit and --card-status as well as some
of the card related sub-commands of --edit-key are not yet fully
supported.  However, signing and decryption with a smartcard does
work.

The Dirmngr is now part of GnuPG proper.  Thus there is no more need
to install the separate dirmngr package.  The directroy layout of
Dirmngr changed to make use of the GnuPG directories; for example you
use /etc/gnupg/trusted-certs and /var/lib/gnupg/extra-certs.  Dirmngr
needs to be started as a system daemon.



DOCUMENTATION
=============

The complete documentation is in the texinfo manual named
`gnupg.info'.  Run "info gnupg" to read it.  If you want a a printable
copy of the manual, change to the "doc" directory and enter "make pdf"
For a HTML version enter "make html" and point your browser to
gnupg.html/index.html.  Standard man pages for all components are
provided as well.  An online version of the manual is available at
http://www.gnupg.org/documentation/manuals/gnupg/ .  A version of the
manual pertaining to the current development snapshot is at
http://www.gnupg.org/documentation/manuals/gnupg-devel/ .


GNUPG 1.4 AND GNUPG 2.0
=======================

GnuPG 2.0 is a newer version of GnuPG with additional support for
S/MIME.  It has a different design philosophy that splits
functionality up into several modules.  Both versions may be installed
simultaneously without any conflict (gpg is called gpg2 in GnuPG 2).
In fact, the gpg version from GnuPG 1.4 is able to make use of the
gpg-agent as included in GnuPG 2 and allows for seamless passphrase
caching.  The advantage of GnuPG 1.4 is its smaller size and no
dependency on other modules at run and build time.


HOW TO GET MORE INFORMATION
===========================

The primary WWW page is "http://www.gnupg.org"
The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"

See http://www.gnupg.org/download/mirrors.html for a list of mirrors
and use them if possible.  You may also find GnuPG mirrored on some of
the regular GNU mirrors.

We have some mailing lists dedicated to GnuPG:

   gnupg-announce@gnupg.org   For important announcements like new
                              versions and such stuff.  This is a
                              moderated list and has very low traffic.
                              Do not post to this list.

   gnupg-users@gnupg.org      For general user discussion and
                              help (English).

   gnupg-de@gnupg.org         German speaking counterpart of
                              gnupg-users.

   gnupg-ru@gnupg.org         Russian speaking counterpart of
                              gnupg-users.

   gnupg-devel@gnupg.org      GnuPG developers main forum.

You subscribe to one of the list by sending mail with a subject of
"subscribe" to x-request@gnupg.org, where x is the name of the mailing
list (gnupg-announce, gnupg-users, etc.).  An archive of the mailing
lists are available at http://www.gnupg.org/documentation/mailing-lists.html

Please direct bug reports to http://bugs.gnupg.org or post them direct
to the mailing list <gnupg-devel@gnupg.org>.

Please direct questions about GnuPG to the users mailing list or one
of the pgp newsgroups; please do not direct questions to one of the
authors directly as we are busy working on improvements and bug fixes.
The English and German mailing lists are watched by the authors and we
try to answer questions when time allows us to do so.

Commercial grade support for GnuPG is available; please see
http://www.gnupg.org/service.html .


  This file is Free Software; as a special exception the authors gives
  unlimited permission to copy and/or distribute it, with or without
  modifications, as long as this notice is preserved. For conditions
  of the whole package, please see the file COPYING.  This file is
  distributed in the hope that it will be useful, but WITHOUT ANY
  WARRANTY, to the extent permitted by law; without even the implied
  warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.