| rev |
line source |
|
al@19226
|
1 GPGME - GnuPG Made Easy
|
|
al@19226
|
2 ---------------------------
|
|
al@19226
|
3
|
|
al@19226
|
4 Copyright 2004, 2006, 2010, 2012, 2013, 2014, 2015 g10 Code GmbH
|
|
al@19226
|
5
|
|
al@19226
|
6 This file is free software; as a special exception the author gives
|
|
al@19226
|
7 unlimited permission to copy and/or distribute it, with or without
|
|
al@19226
|
8 modifications, as long as this notice is preserved.
|
|
al@19226
|
9
|
|
al@19226
|
10 This file is distributed in the hope that it will be useful, but
|
|
al@19226
|
11 WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
|
al@19226
|
12 implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
al@19226
|
13 PURPOSE.
|
|
al@19226
|
14
|
|
al@19226
|
15
|
|
al@19226
|
16 Introduction
|
|
al@19226
|
17 --------------
|
|
al@19226
|
18
|
|
al@19226
|
19 GnuPG Made Easy (GPGME) is a C language library that allows to add
|
|
al@19226
|
20 support for cryptography to a program. It is designed to make access
|
|
al@19226
|
21 to public key crypto engines like GnuPG or GpgSM easier for
|
|
al@19226
|
22 applications. GPGME provides a high-level crypto API for encryption,
|
|
al@19226
|
23 decryption, signing, signature verification and key management.
|
|
al@19226
|
24
|
|
al@19226
|
25 GPGME uses GnuPG and GpgSM as its backends to support OpenPGP and the
|
|
al@19226
|
26 Cryptographic Message Syntax (CMS).
|
|
al@19226
|
27
|
|
al@19226
|
28 GPGME runs best on GNU/Linux or *BSD systems. Other Unices may
|
|
al@19226
|
29 require small portability fixes, please send us your patches.
|
|
al@19226
|
30
|
|
al@19226
|
31 See the files COPYING, COPYING.LESSER, and each file for copyright and
|
|
al@19226
|
32 warranty information. The file AUTHORS has a list of authors and
|
|
al@19226
|
33 useful web and mail addresses.
|
|
al@19226
|
34
|
|
al@19226
|
35
|
|
al@19226
|
36 Installation
|
|
al@19226
|
37 --------------
|
|
al@19226
|
38
|
|
al@19226
|
39 See the file INSTALL for generic installation instructions.
|
|
al@19226
|
40
|
|
al@19226
|
41 Check that you have unmodified sources. See below on how to do this.
|
|
al@19226
|
42 Don't skip it - this is an important step!
|
|
al@19226
|
43
|
|
al@19226
|
44 To build GPGME, you need to install libgpg-error (>= 1.11) and
|
|
al@19226
|
45 Libassuan (>= 2.0.2).
|
|
al@19226
|
46
|
|
al@19226
|
47 For support of the OpenPGP protocol (default), you should use the
|
|
al@19226
|
48 latest version of GnuPG (>= 1.4) , available at:
|
|
al@19226
|
49 ftp://ftp.gnupg.org/gcrypt/gnupg/. For support of the CMS
|
|
al@19226
|
50 (Cryptographic Message Syntax) protocol and lot of other features, you
|
|
al@19226
|
51 need a GnuPG version >= 2.0.
|
|
al@19226
|
52
|
|
al@19226
|
53 For building the GIT version of GPGME please see the file README.GIT
|
|
al@19226
|
54 for more information.
|
|
al@19226
|
55
|
|
al@19226
|
56
|
|
al@19226
|
57 How to Verify the Source
|
|
al@19226
|
58 --------------------------
|
|
al@19226
|
59
|
|
al@19226
|
60 In order to check that the version of GPGME which you are going to
|
|
al@19226
|
61 install is an original and unmodified one, you can do it in one of the
|
|
al@19226
|
62 following ways:
|
|
al@19226
|
63
|
|
al@19226
|
64 a) If you have a trusted Version of GnuPG installed, you can simply check
|
|
al@19226
|
65 the supplied signature:
|
|
al@19226
|
66
|
|
al@19226
|
67 $ gpg --verify gpgme-x.y.z.tar.gz.sig
|
|
al@19226
|
68
|
|
al@19226
|
69 This checks that the detached signature gpgme-x.y.z.tar.gz.sig is
|
|
al@19226
|
70 indeed a a signature of gpgme-x.y.z.tar.gz. The key used to create
|
|
al@19226
|
71 this signature is either of:
|
|
al@19226
|
72
|
|
al@19226
|
73 "pub 2048R/4F25E3B6 2011-01-12 Werner Koch (dist sig)"
|
|
al@19226
|
74 "pub 1024D/87978569 1999-05-13
|
|
al@19226
|
75 Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
|
|
al@19226
|
76 Marcus Brinkmann <mb@g10code.com>"
|
|
al@19226
|
77
|
|
al@19226
|
78 If you do not have this key, you can get it from any keyserver. You
|
|
al@19226
|
79 have to make sure that this is really the key and not a faked one.
|
|
al@19226
|
80 You can do this by comparing the output of:
|
|
al@19226
|
81
|
|
al@19226
|
82 $ gpg --fingerprint 0x4F25E3B6
|
|
al@19226
|
83
|
|
al@19226
|
84 with the fingerprint published elsewhere.
|
|
al@19226
|
85
|
|
al@19226
|
86 b) If you don't have any of the above programs, you have to verify
|
|
al@19226
|
87 the SHA1 checksum:
|
|
al@19226
|
88
|
|
al@19226
|
89 $ sha1sum gpgme-x.y.z.tar.gz
|
|
al@19226
|
90
|
|
al@19226
|
91 This should yield an output _similar_ to this:
|
|
al@19226
|
92
|
|
al@19226
|
93 fd9351b26b3189c1d577f0970f9dcadc3412def1 gpgme-x.y.z.tar.gz
|
|
al@19226
|
94
|
|
al@19226
|
95 Now check that this checksum is _exactly_ the same as the one
|
|
al@19226
|
96 published via the announcement list and probably via Usenet.
|
|
al@19226
|
97
|
|
al@19226
|
98
|
|
al@19226
|
99 Documentation
|
|
al@19226
|
100 ---------------
|
|
al@19226
|
101
|
|
al@19226
|
102 For information how to use the library you can read the info manual,
|
|
al@19226
|
103 which is also a reference book, in the doc/ directory. The programs
|
|
al@19226
|
104 in the tests/gpg/ directory may also prove useful.
|
|
al@19226
|
105
|
|
al@19226
|
106 Please subscribe to the gnupg-devel@gnupg.org mailing list if you want
|
|
al@19226
|
107 to do serious work.
|
|
al@19226
|
108
|
|
al@19226
|
109 For hacking on GPGME, please have a look at doc/HACKING.
|