mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-21 14:47:03 +01:00
7637d39fe2
-- This reflects the state of commit 1f846823b397d68eaa8a31422f78c99f8e9ff738 featuring these commits: 1f846823b scd:p15: Fix the name of a card. cc5aa68b6 scd:p15: Fix last commit and improve D-TRUST detection. 21e3f750b scd:p15: Shorten the displayed s/n of RSCS cards 30f90fc85 scd:p15: Support attribute KEY-FPR. ecb9265b8 scd:p15: Match private keys with certificates also by ... e17d3f866 scd:p15: New flag APP_LEARN_FLAG_REREAD. 1c16878ef scd: Replace all assert macros by the log_assert macro. 7f9126363 scd:p15: Return labels for keys and certificates. 651c07a73 scd:p15: For CardOS make use of ISO7816_VERIFY_NOT_NEEDED. de4d3c99a scd:p15: Return the creation time of the keys. 592f48011 scd:p15: Make RSA with SHA512 work with CardOS. a494b29af scd:p15: Support ECDSA and ECDH for CardOS. 964363e78 scd:p15: Make $SIGNKEY et al determination more fault ... 85082a83c scd:p15: Allow to use an auth object label with cmd CHECKPIN. ef29a960b scd:p15: New attribute CHV-LABEL. bf1d7bc36 scd:p15: Implement CHV-STATUS attribute 0f191a070 scd:p15: Fix faulty removal of a test code change. 08b5ac492 scd:p15: Support special extended usage flags for OpenPGP ... d51a5ca10 scd:p15: Read out the access flags. cfdaf2bcc scd:p15: Get the label value of all objects for better diag... 33aaa37e5 scd:p15: Make it code work again for D-Trust cards. 488eaedc9 scd:p15: Extract extended usage flagsand act upon them. 0c080ed57 scd:p15: Read PuKDF and minor refactoring. 1e197c29e scd:p15: Make file selection more robust. 5bcbc8cee scd:p15: Factor the commonKeyAttributes parser out. fb84674d6 scd:p15: Factor the commonObjectAttributes parser out. fc287c055 scd:p15: First step towards real CardOS 5 support. 60499d989 scd:p15: Show the ATR as part of the TokenInfo diagnostics. 00037f499 scd:p15: Print the internal card type. c7b9a4ee4 scd:p15: Improve support for some CardOS based cards. Signed-off-by: Werner Koch <wk@gnupg.org>
The GNU Privacy Guard 2
=========================
Version 2.2
Copyright 1997-2019 Werner Koch
Copyright 1998-2021 Free Software Foundation, Inc.
Copyright 2003-2021 g10 Code GmbH
* INTRODUCTION
GnuPG is a complete and free implementation of the OpenPGP standard
as defined by RFC4880 (also known as PGP). GnuPG enables encryption
and signing of data and communication, and features a versatile key
management system as well as access modules for public key
directories.
GnuPG, also known as GPG, is a command line tool with features for
easy integration with other applications. A wealth of frontend
applications and libraries are available that make use of GnuPG.
Starting with version 2 GnuPG provides support for S/MIME and Secure
Shell in addition to OpenPGP.
GnuPG is Free Software (meaning that it respects your freedom). It
can be freely used, modified and distributed under the terms of the
GNU General Public License.
Note that the 2.0 series of GnuPG reached end-of-life on 2017-12-31.
It is not possible to install a 2.2.x version along with any 2.0.x
version.
* BUILD INSTRUCTIONS
GnuPG 2.2 depends on the following GnuPG related packages:
npth (https://gnupg.org/ftp/gcrypt/npth/)
libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/)
libgcrypt (https://gnupg.org/ftp/gcrypt/libgcrypt/)
libksba (https://gnupg.org/ftp/gcrypt/libksba/)
libassuan (https://gnupg.org/ftp/gcrypt/libassuan/)
You should get the latest versions of course, the GnuPG configure
script complains if a version is not sufficient.
For some advanced features several other libraries are required.
The configure script prints diagnostic messages if one of these
libraries is not available and a feature will not be available..
You also need the Pinentry package for most functions of GnuPG;
however it is not a build requirement. Pinentry is available at
https://gnupg.org/ftp/gcrypt/pinentry/ .
After building and installing the above packages in the order as
given above, you may continue with GnuPG installation (you may also
just try to build GnuPG to see whether your already installed
versions are sufficient).
As with all packages, you just have to do
./configure
make
make check
make install
The "make check" is optional but highly recommended. To run even
more tests you may add "--enable-all-tests" to the configure run.
Before running the "make install" you might need to become root.
If everything succeeds, you have a working GnuPG with support for
OpenPGP, S/MIME, ssh-agent, and smartcards. Note that there is no
binary gpg but a gpg2 so that this package won't conflict with a
GnuPG 1.4 installation. gpg2 behaves just like gpg.
In case of problem please ask on the gnupg-users@gnupg.org mailing
list for advise.
Instruction on how to build for Windows can be found in the file
doc/HACKING in the section "How to build an installer for Windows".
This requires some experience as developer.
Note that the PKITS tests are always skipped unless you copy the
PKITS test data file into the tests/pkits directory. There is no
need to run these test and some of them may even fail because the
test scripts are not yet complete.
You may run
gpgconf --list-dirs
to view the default directories used by GnuPG.
To quickly build all required software without installing it, the
Speedo method may be used:
make -f build-aux/speedo.mk native
This method downloads all required libraries and does a native build
of GnuPG to PLAY/inst/. GNU make is required and you need to set
LD_LIBRARY_PATH to $(pwd)/PLAY/inst/lib to test the binaries.
** Specific build problems on some machines:
*** Apple OSX 10.x using XCode
On some versions the correct location of a header file can't be
detected by configure. To fix that you should run configure like
this
./configure gl_cv_absolute_stdint_h=/usr/include/stdint.h
Add other options as needed.
*** Systems without a full C99 compiler
If you run into problems with your compiler complaining about dns.c
you may use
./configure --disable-libdns
Add other options as needed.
* MIGRATION from 1.4 or 2.0 to 2.2
The major change in 2.2 is gpg-agent taking care of the OpenPGP
secret keys (those managed by GPG). The former file "secring.gpg"
will not be used anymore. Newly generated keys are stored in the
agent's key store directory "~/.gnupg/private-keys-v1.d/". The
first time gpg needs a secret key it checks whether a "secring.gpg"
exists and copies them to the new store. The old secring.gpg is
kept for use by older versions of gpg.
Note that gpg-agent now uses a fixed socket. All tools will start
the gpg-agent as needed. The formerly used environment variable
GPG_AGENT_INFO is ignored by 2.2. The SSH_AUTH_SOCK environment
variable should be set to a fixed value.
The Dirmngr is now part of GnuPG proper and also used to access
OpenPGP keyservers. The directory layout of Dirmngr changed to make
use of the GnuPG directories. Dirmngr is started by gpg or gpgsm as
needed. There is no more need to install a separate Dirmngr package.
All changes introduced with GnuPG 2.2 have been developed in the 2.1
series of releases. See the respective entries in the file NEWS.
* RECOMMENDATIONS
** Socket directory
GnuPG uses Unix domain sockets to connect its components (on Windows
an emulation of these sockets is used). Depending on the type of
the file system, it is sometimes not possible to use the GnuPG home
directory (i.e. ~/.gnupg) as the location for the sockets. To solve
this problem GnuPG prefers the use of a per-user directory below the
the /run (or /var/run) hierarchy for the the sockets. It is thus
suggested to create per-user directories on system or session
startup. For example the following snippet can be used in
/etc/rc.local to create these directories:
[ ! -d /run/user ] && mkdir /run/user
awk -F: </etc/passwd '$3 >= 1000 && $3 < 65000 {print $3}' \
| ( while read uid rest; do
if [ ! -d "/run/user/$uid" ]; then
mkdir /run/user/$uid
chown $uid /run/user/$uid
chmod 700 /run/user/$uid
fi
done )
* DOCUMENTATION
The complete documentation is in the texinfo manual named
`gnupg.info'. Run "info gnupg" to read it. If you want a a
printable copy of the manual, change to the "doc" directory and
enter "make pdf" For a HTML version enter "make html" and point your
browser to gnupg.html/index.html. Standard man pages for all
components are provided as well. An online version of the manual is
available at [[https://gnupg.org/documentation/manuals/gnupg/]] . A
version of the manual pertaining to the current development snapshot
is at [[https://gnupg.org/documentation/manuals/gnupg-devel/]] .
* Installing GnuPG 2.2. and GnuPG 1.4
GnuPG 2.2 is a current version of GnuPG with state of the art
security design and many more features. To install both versions
alongside, it is suggested to rename the 1.4 version of "gpg" to
"gpg1" as well as the corresponding man page. Newer releases of the
1.4 branch will likely do this by default. In case this is not
possible, the 2.2 version can be installed under the name "gpg2"
using the configure option --enable-gpg-is-gpg2.
* HOW TO GET MORE INFORMATION
A description of new features and changes since version 2.1 can be
found in the file "doc/whats-new-in-2.1.txt" and online at
"https://gnupg.org/faq/whats-new-in-2.1.html" .
The primary WWW page is "https://gnupg.org"
or using Tor "http://ic6au7wa3f6naxjq.onion"
The primary FTP site is "https://gnupg.org/ftp/gcrypt/"
See [[https://gnupg.org/download/mirrors.html]] for a list of
mirrors and use them if possible. You may also find GnuPG mirrored
on some of the regular GNU mirrors.
We have some mailing lists dedicated to GnuPG:
gnupg-announce@gnupg.org For important announcements like new
versions and such stuff. This is a
moderated list and has very low traffic.
Do not post to this list.
gnupg-users@gnupg.org For general user discussion and
help (English).
gnupg-de@gnupg.org German speaking counterpart of
gnupg-users.
gnupg-ru@gnupg.org Russian speaking counterpart of
gnupg-users.
gnupg-devel@gnupg.org GnuPG developers main forum.
You subscribe to one of the list by sending mail with a subject of
"subscribe" to x-request@gnupg.org, where x is the name of the
mailing list (gnupg-announce, gnupg-users, etc.). See
https://gnupg.org/documentation/mailing-lists.html for archives
of the mailing lists.
Please direct bug reports to [[https://bugs.gnupg.org]] or post them
direct to the mailing list <gnupg-devel@gnupg.org>.
Please direct questions about GnuPG to the users mailing list or one
of the PGP newsgroups; please do not direct questions to one of the
authors directly as we are busy working on improvements and bug
fixes. The English and German mailing lists are watched by the
authors and we try to answer questions when time allows us.
Commercial grade support for GnuPG is available; for a listing of
offers see https://gnupg.org/service.html. Maintaining and
improving GnuPG requires a lot of time. Since 2001 g10 Code GmbH, a
German company owned and headed by GnuPG's principal author Werner
Koch and Gpg4win maintainer Andre Heinecke, is bearing the majority
of these costs. Under the brand https://gnupg.com g10 Code GmbH
does now provide commercial offers. Donations are also appreciated;
see https://gnupg.org/donate/ .
# This file is Free Software; as a special exception the authors gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. For conditions
# of the whole package, please see the file COPYING. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Local Variables:
# mode:org
# End: