mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-31 11:41:32 +01:00
40b7911130
-- Signed-off-by: Werner Koch <wk@gnupg.org>
269 lines
10 KiB
Plaintext
269 lines
10 KiB
Plaintext
The GNU Privacy Guard 2
|
|
=========================
|
|
Version 2.1
|
|
|
|
Copyright 1997-2017 Werner Koch
|
|
Copyright 1998-2017 Free Software Foundation, Inc.
|
|
|
|
|
|
* INTRODUCTION
|
|
|
|
GnuPG is a complete and free implementation of the OpenPGP standard
|
|
as defined by RFC4880 (also known as PGP). GnuPG enables encryption
|
|
and signing of data and communication, and features a versatile key
|
|
management system as well as access modules for public key
|
|
directories.
|
|
|
|
GnuPG, also known as GPG, is a command line tool with features for
|
|
easy integration with other applications. A wealth of frontend
|
|
applications and libraries are available that make use of GnuPG.
|
|
Starting with version 2 GnuPG provides support for S/MIME and Secure
|
|
Shell in addition to OpenPGP.
|
|
|
|
GnuPG is Free Software (meaning that it respects your freedom). It
|
|
can be freely used, modified and distributed under the terms of the
|
|
GNU General Public License.
|
|
|
|
We are currently maintaining three branches of GnuPG:
|
|
|
|
- 2.1 (i.e. this release) is the latest stable version with a lot of
|
|
new features.
|
|
|
|
- 2.0 is an often used stable version. This branch will reach
|
|
end-of-life on 2017-12-31.
|
|
|
|
- 1.4 is the old standalone version which is most suitable for older
|
|
or embedded platforms.
|
|
|
|
You may not install 2.1 and 2.0 at the same time. However, it is
|
|
possible to install 1.4 along with any of the 2.x versions.
|
|
|
|
|
|
* BUILD INSTRUCTIONS
|
|
|
|
GnuPG 2.1 depends on the following GnuPG related packages:
|
|
|
|
npth (ftp://ftp.gnupg.org/gcrypt/npth/)
|
|
libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/)
|
|
libgcrypt (ftp://ftp.gnupg.org/gcrypt/libgcrypt/)
|
|
libksba (ftp://ftp.gnupg.org/gcrypt/libksba/)
|
|
libassuan (ftp://ftp.gnupg.org/gcrypt/libassuan/)
|
|
|
|
You should get the latest versions of course, the GnuPG configure
|
|
script complains if a version is not sufficient.
|
|
|
|
For some advanced features several other libraries are required.
|
|
The configure script prints diagnostic messages if one of these
|
|
libraries is not available and a feature will not be available..
|
|
|
|
You also need the Pinentry package for most functions of GnuPG;
|
|
however it is not a build requirement. Pinentry is available at
|
|
ftp://ftp.gnupg.org/gcrypt/pinentry/ .
|
|
|
|
After building and installing the above packages in the order as
|
|
given above, you may continue with GnuPG installation (you may also
|
|
just try to build GnuPG to see whether your already installed
|
|
versions are sufficient).
|
|
|
|
As with all packages, you just have to do
|
|
|
|
./configure
|
|
make
|
|
make install
|
|
|
|
(Before doing install you might need to become root.)
|
|
|
|
If everything succeeds, you have a working GnuPG with support for
|
|
OpenPGP, S/MIME, ssh-agent, and smartcards. Note that there is no
|
|
binary gpg but a gpg2 so that this package won't conflict with a
|
|
GnuPG 1.4 installation. gpg2 behaves just like gpg.
|
|
|
|
In case of problem please ask on the gnupg-users@gnupg.org mailing
|
|
list for advise.
|
|
|
|
Instruction on how to build for Windows can be found in the file
|
|
doc/HACKING in the section "How to build an installer for Windows".
|
|
This requires some experience as developer.
|
|
|
|
Note that the PKITS tests are always skipped unless you copy the
|
|
PKITS test data file into the tests/pkits directory. There is no
|
|
need to run these test and some of them may even fail because the
|
|
test scripts are not yet complete.
|
|
|
|
You may run
|
|
|
|
gpgconf --list-dirs
|
|
|
|
to view the default directories used by GnuPG.
|
|
|
|
To quickly build all required software without installing it, the
|
|
Speedo method may be used:
|
|
|
|
make -f build-aux/speedo.mk native
|
|
|
|
This method downloads all required libraries and does a native build
|
|
of GnuPG to PLAY/inst/. GNU make is required and you need to set
|
|
LD_LIBRARY_PATH to $(pwd)/PLAY/inst/lib to test the binaries.
|
|
|
|
** Specific build problems on some machines:
|
|
|
|
*** Apple OSX 10.x using XCode
|
|
|
|
On some versions the correct location of a header file can't be
|
|
detected by configure. To fix that you should run configure like
|
|
this
|
|
|
|
./configure gl_cv_absolute_stdint_h=/usr/include/stdint.h
|
|
|
|
Add other options as needed.
|
|
|
|
|
|
*** Systems without a full C99 compiler
|
|
|
|
If you run into problems with your compiler complaining about dns.c
|
|
you may use
|
|
|
|
./configure --disable-libdns
|
|
|
|
Add other options as needed.
|
|
|
|
|
|
* MIGRATION from 1.4 or 2.0 to 2.1
|
|
|
|
The major change in 2.1 is gpg-agent taking care of the OpenPGP
|
|
secret keys (those managed by GPG). The former file "secring.gpg"
|
|
will not be used anymore. Newly generated keys are stored in the
|
|
agent's key store directory "~/.gnupg/private-keys-v1.d/". The
|
|
first time gpg needs a secret key it checks whether a "secring.gpg"
|
|
exists and copies them to the new store. The old secring.gpg is
|
|
kept for use by older versions of gpg.
|
|
|
|
Note that gpg-agent now uses a fixed socket. All tools will start
|
|
the gpg-agent as needed. The formerly used environment variable
|
|
GPG_AGENT_INFO is ignored by 2.1. The SSH_AUTH_SOCK environment
|
|
variable should be set to a fixed value.
|
|
|
|
The Dirmngr is now part of GnuPG proper and also used to access
|
|
OpenPGP keyservers. The directory layout of Dirmngr changed to make
|
|
use of the GnuPG directories. Dirmngr is started by gpg or gpgsm as
|
|
needed. There is no more need to install a separate Dirmngr package.
|
|
|
|
* RECOMMENDATIONS
|
|
|
|
** Socket directory
|
|
|
|
GnuPG uses Unix domain sockets to connect its components (on Windows
|
|
an emulation of these sockets is used). Depending on the type of
|
|
the file system, it is sometimes not possible to use the GnuPG home
|
|
directory (i.e. ~/.gnupg) as the location for the sockets. To solve
|
|
this problem GnuPG prefers the use of a per-user directory below the
|
|
the /run (or /var/run) hierarchy for the the sockets. It is thus
|
|
suggested to create per-user directories on system or session
|
|
startup. For example the following snippet can be used in
|
|
/etc/rc.local to create these directories:
|
|
|
|
[ ! -d /run/user ] && mkdir /run/user
|
|
awk -F: </etc/passwd '$3 >= 1000 && $3 < 65000 {print $3}' \
|
|
| ( while read uid rest; do
|
|
if [ ! -d "/run/user/$uid" ]; then
|
|
mkdir /run/user/$uid
|
|
chown $uid /run/user/$uid
|
|
chmod 700 /run/user/$uid
|
|
fi
|
|
done )
|
|
|
|
|
|
* DOCUMENTATION
|
|
|
|
The complete documentation is in the texinfo manual named
|
|
`gnupg.info'. Run "info gnupg" to read it. If you want a a
|
|
printable copy of the manual, change to the "doc" directory and
|
|
enter "make pdf" For a HTML version enter "make html" and point your
|
|
browser to gnupg.html/index.html. Standard man pages for all
|
|
components are provided as well. An online version of the manual is
|
|
available at [[https://gnupg.org/documentation/manuals/gnupg/]] . A
|
|
version of the manual pertaining to the current development snapshot
|
|
is at [[https://gnupg.org/documentation/manuals/gnupg-devel/]] .
|
|
|
|
|
|
* GnuPG 1.4 and GnuPG 2.0
|
|
|
|
GnuPG 2.0 is a newer version of GnuPG with additional support for
|
|
S/MIME. It has a different design philosophy that splits
|
|
functionality up into several modules. Both versions may be
|
|
installed simultaneously without any conflict (gpg is called gpg2 in
|
|
GnuPG 2). In fact, the gpg version from GnuPG 1.4 is able to make
|
|
use of the gpg-agent as included in GnuPG 2 and allows for seamless
|
|
passphrase caching. The advantage of GnuPG 1.4 is its smaller size
|
|
and no dependency on other modules at run and build time.
|
|
|
|
|
|
* HOW TO GET MORE INFORMATION
|
|
|
|
A description of new features and changes in version 2.1 can be
|
|
found in the file "doc/whats-new-in-2.1.txt" and online at
|
|
"https://gnupg.org/faq/whats-new-in-2.1.html" .
|
|
|
|
The primary WWW page is "https://www.gnupg.org"
|
|
or using Tor "http://ic6au7wa3f6naxjq.onion"
|
|
The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"
|
|
|
|
See [[https://gnupg.org/download/mirrors.html]] for a list of
|
|
mirrors and use them if possible. You may also find GnuPG mirrored
|
|
on some of the regular GNU mirrors.
|
|
|
|
We have some mailing lists dedicated to GnuPG:
|
|
|
|
gnupg-announce@gnupg.org For important announcements like new
|
|
versions and such stuff. This is a
|
|
moderated list and has very low traffic.
|
|
Do not post to this list.
|
|
|
|
gnupg-users@gnupg.org For general user discussion and
|
|
help (English).
|
|
|
|
gnupg-de@gnupg.org German speaking counterpart of
|
|
gnupg-users.
|
|
|
|
gnupg-ru@gnupg.org Russian speaking counterpart of
|
|
gnupg-users.
|
|
|
|
gnupg-devel@gnupg.org GnuPG developers main forum.
|
|
|
|
You subscribe to one of the list by sending mail with a subject of
|
|
"subscribe" to x-request@gnupg.org, where x is the name of the
|
|
mailing list (gnupg-announce, gnupg-users, etc.). See
|
|
https://www.gnupg.org/documentation/mailing-lists.html for archives
|
|
of the mailing lists.
|
|
|
|
Please direct bug reports to http://bugs.gnupg.org or post them
|
|
direct to the mailing list <gnupg-devel@gnupg.org>.
|
|
|
|
Please direct questions about GnuPG to the users mailing list or one
|
|
of the PGP newsgroups; please do not direct questions to one of the
|
|
authors directly as we are busy working on improvements and bug
|
|
fixes. The English and German mailing lists are watched by the
|
|
authors and we try to answer questions when time allows us.
|
|
|
|
Commercial grade support for GnuPG is available; for a listing of
|
|
offers see https://www.gnupg.org/service.html . Maintaining and
|
|
improving GnuPG requires a lot of time. Since 2001, g10 Code GmbH,
|
|
a German company owned and headed by GnuPG's principal author Werner
|
|
Koch, is bearing the majority of these costs. To keep GnuPG in a
|
|
healthy state, they need your support.
|
|
|
|
Please consider to donate at https://gnupg.org/donate/ .
|
|
|
|
|
|
# This file is Free Software; as a special exception the authors gives
|
|
# unlimited permission to copy and/or distribute it, with or without
|
|
# modifications, as long as this notice is preserved. For conditions
|
|
# of the whole package, please see the file COPYING. This file is
|
|
# distributed in the hope that it will be useful, but WITHOUT ANY
|
|
# WARRANTY, to the extent permitted by law; without even the implied
|
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
#
|
|
# Local Variables:
|
|
# mode:org
|
|
# End:
|