wok-next annotate gpgme/description.txt @ rev 21383

updated nbd again (3.3 -> 3.20)
author Hans-G?nter Theisgen
date Thu Apr 16 17:34:38 2020 +0100 (2020-04-16)
parents
children
rev   line source
al@19226 1 GPGME - GnuPG Made Easy
al@19226 2 ---------------------------
al@19226 3
al@19226 4 Copyright 2004, 2006, 2010, 2012, 2013, 2014, 2015 g10 Code GmbH
al@19226 5
al@19226 6 This file is free software; as a special exception the author gives
al@19226 7 unlimited permission to copy and/or distribute it, with or without
al@19226 8 modifications, as long as this notice is preserved.
al@19226 9
al@19226 10 This file is distributed in the hope that it will be useful, but
al@19226 11 WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
al@19226 12 implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
al@19226 13 PURPOSE.
al@19226 14
al@19226 15
al@19226 16 Introduction
al@19226 17 --------------
al@19226 18
al@19226 19 GnuPG Made Easy (GPGME) is a C language library that allows to add
al@19226 20 support for cryptography to a program. It is designed to make access
al@19226 21 to public key crypto engines like GnuPG or GpgSM easier for
al@19226 22 applications. GPGME provides a high-level crypto API for encryption,
al@19226 23 decryption, signing, signature verification and key management.
al@19226 24
al@19226 25 GPGME uses GnuPG and GpgSM as its backends to support OpenPGP and the
al@19226 26 Cryptographic Message Syntax (CMS).
al@19226 27
al@19226 28 GPGME runs best on GNU/Linux or *BSD systems. Other Unices may
al@19226 29 require small portability fixes, please send us your patches.
al@19226 30
al@19226 31 See the files COPYING, COPYING.LESSER, and each file for copyright and
al@19226 32 warranty information. The file AUTHORS has a list of authors and
al@19226 33 useful web and mail addresses.
al@19226 34
al@19226 35
al@19226 36 Installation
al@19226 37 --------------
al@19226 38
al@19226 39 See the file INSTALL for generic installation instructions.
al@19226 40
al@19226 41 Check that you have unmodified sources. See below on how to do this.
al@19226 42 Don't skip it - this is an important step!
al@19226 43
al@19226 44 To build GPGME, you need to install libgpg-error (>= 1.11) and
al@19226 45 Libassuan (>= 2.0.2).
al@19226 46
al@19226 47 For support of the OpenPGP protocol (default), you should use the
al@19226 48 latest version of GnuPG (>= 1.4) , available at:
al@19226 49 ftp://ftp.gnupg.org/gcrypt/gnupg/. For support of the CMS
al@19226 50 (Cryptographic Message Syntax) protocol and lot of other features, you
al@19226 51 need a GnuPG version >= 2.0.
al@19226 52
al@19226 53 For building the GIT version of GPGME please see the file README.GIT
al@19226 54 for more information.
al@19226 55
al@19226 56
al@19226 57 How to Verify the Source
al@19226 58 --------------------------
al@19226 59
al@19226 60 In order to check that the version of GPGME which you are going to
al@19226 61 install is an original and unmodified one, you can do it in one of the
al@19226 62 following ways:
al@19226 63
al@19226 64 a) If you have a trusted Version of GnuPG installed, you can simply check
al@19226 65 the supplied signature:
al@19226 66
al@19226 67 $ gpg --verify gpgme-x.y.z.tar.gz.sig
al@19226 68
al@19226 69 This checks that the detached signature gpgme-x.y.z.tar.gz.sig is
al@19226 70 indeed a a signature of gpgme-x.y.z.tar.gz. The key used to create
al@19226 71 this signature is either of:
al@19226 72
al@19226 73 "pub 2048R/4F25E3B6 2011-01-12 Werner Koch (dist sig)"
al@19226 74 "pub 1024D/87978569 1999-05-13
al@19226 75 Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
al@19226 76 Marcus Brinkmann <mb@g10code.com>"
al@19226 77
al@19226 78 If you do not have this key, you can get it from any keyserver. You
al@19226 79 have to make sure that this is really the key and not a faked one.
al@19226 80 You can do this by comparing the output of:
al@19226 81
al@19226 82 $ gpg --fingerprint 0x4F25E3B6
al@19226 83
al@19226 84 with the fingerprint published elsewhere.
al@19226 85
al@19226 86 b) If you don't have any of the above programs, you have to verify
al@19226 87 the SHA1 checksum:
al@19226 88
al@19226 89 $ sha1sum gpgme-x.y.z.tar.gz
al@19226 90
al@19226 91 This should yield an output _similar_ to this:
al@19226 92
al@19226 93 fd9351b26b3189c1d577f0970f9dcadc3412def1 gpgme-x.y.z.tar.gz
al@19226 94
al@19226 95 Now check that this checksum is _exactly_ the same as the one
al@19226 96 published via the announcement list and probably via Usenet.
al@19226 97
al@19226 98
al@19226 99 Documentation
al@19226 100 ---------------
al@19226 101
al@19226 102 For information how to use the library you can read the info manual,
al@19226 103 which is also a reference book, in the doc/ directory. The programs
al@19226 104 in the tests/gpg/ directory may also prove useful.
al@19226 105
al@19226 106 Please subscribe to the gnupg-devel@gnupg.org mailing list if you want
al@19226 107 to do serious work.
al@19226 108
al@19226 109 For hacking on GPGME, please have a look at doc/HACKING.