|
Packit |
d7e8d0 |
GPGME - GnuPG Made Easy
|
|
Packit |
d7e8d0 |
---------------------------
|
|
Packit |
d7e8d0 |
|
|
Packit Service |
30b792 |
Copyright 2001-2018 g10 Code GmbH
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
This file is free software; as a special exception the author gives
|
|
Packit |
d7e8d0 |
unlimited permission to copy and/or distribute it, with or without
|
|
Packit |
d7e8d0 |
modifications, as long as this notice is preserved.
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
This file is distributed in the hope that it will be useful, but
|
|
Packit |
d7e8d0 |
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
|
Packit |
d7e8d0 |
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
Packit |
d7e8d0 |
PURPOSE.
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
Introduction
|
|
Packit |
d7e8d0 |
--------------
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
GnuPG Made Easy (GPGME) is a C language library that allows to add
|
|
Packit |
d7e8d0 |
support for cryptography to a program. It is designed to make access
|
|
Packit |
d7e8d0 |
to public key crypto engines like GnuPG or GpgSM easier for
|
|
Packit |
d7e8d0 |
applications. GPGME provides a high-level crypto API for encryption,
|
|
Packit |
d7e8d0 |
decryption, signing, signature verification and key management.
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
GPGME comes with language bindings for Common Lisp, C++, QT, Python2,
|
|
Packit |
d7e8d0 |
and Python 3.
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
GPGME uses GnuPG as its backend to support OpenPGP and the
|
|
Packit |
d7e8d0 |
Cryptographic Message Syntax (CMS).
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
See the files COPYING, COPYING.LESSER, and each file for copyright and
|
|
Packit |
d7e8d0 |
warranty information. The file AUTHORS has a list of authors and
|
|
Packit |
d7e8d0 |
useful web and mail addresses.
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
Installation
|
|
Packit |
d7e8d0 |
--------------
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
See the file INSTALL for generic installation instructions.
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
Check that you have unmodified sources. See below on how to do this.
|
|
Packit |
d7e8d0 |
Don't skip it - this is an important step!
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
To build GPGME, you need to install libgpg-error (>= 1.24) and
|
|
Packit |
d7e8d0 |
Libassuan (>= 2.4.2).
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
For support of the OpenPGP and the CMS protocols, you should use the
|
|
Packit |
d7e8d0 |
latest version of GnuPG (>= 2.1.18) , available at:
|
|
Packit |
d7e8d0 |
https://gnupg.org/ftp/gcrypt/gnupg/.
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
For building the Git version of GPGME please see the file README.GIT
|
|
Packit |
d7e8d0 |
for more information.
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
How to Verify the Source
|
|
Packit |
d7e8d0 |
--------------------------
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
In order to check that the version of GPGME which you are going to
|
|
Packit |
d7e8d0 |
install is an original and unmodified one, you can do it in one of the
|
|
Packit |
d7e8d0 |
following ways:
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
a) If you have a trusted Version of GnuPG installed, you can simply check
|
|
Packit |
d7e8d0 |
the supplied signature:
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
$ gpg --verify gpgme-x.y.z.tar.gz.sig gpgme-x.y.z.tar.gz
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
This checks that the detached signature gpgme-x.y.z.tar.gz.sig is
|
|
Packit |
d7e8d0 |
indeed a a signature of gpgme-x.y.z.tar.gz. The key used to create
|
|
Packit |
d7e8d0 |
this signature is at least one of:
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
rsa2048 2011-01-12 [expires: 2019-12-31]
|
|
Packit |
d7e8d0 |
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
|
|
Packit |
d7e8d0 |
Werner Koch (dist sig)
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
rsa2048 2014-10-29 [expires: 2019-12-31]
|
|
Packit |
d7e8d0 |
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959
|
|
Packit |
d7e8d0 |
David Shaw (GnuPG Release Signing Key) <dshaw 'at' jabberwocky.com>
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
rsa2048 2014-10-29 [expires: 2020-10-30]
|
|
Packit |
d7e8d0 |
Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06
|
|
Packit |
d7e8d0 |
NIIBE Yutaka (GnuPG Release Key) <gniibe 'at' fsij.org>
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
rsa3072 2017-03-17 [expires: 2027-03-15]
|
|
Packit |
d7e8d0 |
Key fingerprint = 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28
|
|
Packit |
d7e8d0 |
Andre Heinecke (Release Signing Key)
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
The keys are available at <https://gnupg.org/signature_key.html>
|
|
Packit |
d7e8d0 |
and in released GnuPG tarballs in the file g10/distsigkey.gpg .
|
|
Packit |
d7e8d0 |
You have to make sure that these are really the desired keys and
|
|
Packit |
d7e8d0 |
not faked one. You should do this by comparing the fingerprints
|
|
Packit |
d7e8d0 |
with the fingerprints published elsewhere.
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
b) If you don't have any of the above programs, you have to verify
|
|
Packit |
d7e8d0 |
the SHA1 checksum:
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
$ sha1sum gpgme-x.y.z.tar.gz
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
This should yield an output _similar_ to this:
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
fd9351b26b3189c1d577f0970f9dcadc3412def1 gpgme-x.y.z.tar.gz
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
Now check that this checksum is _exactly_ the same as the one
|
|
Packit |
d7e8d0 |
published via the announcement list and probably via Usenet.
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
Documentation
|
|
Packit |
d7e8d0 |
---------------
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
For information how to use the library you can read the info manual,
|
|
Packit |
d7e8d0 |
which is also a reference book, in the doc/ directory. The programs
|
|
Packit |
d7e8d0 |
in the tests/ directory may also prove useful.
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
Please subscribe to the gnupg-devel@gnupg.org mailing list if you want
|
|
Packit |
d7e8d0 |
to do serious work.
|
|
Packit |
d7e8d0 |
|
|
Packit |
d7e8d0 |
For hacking on GPGME, please have a look at doc/HACKING.
|