blob: 0aa0f5d23c0648bedf734f09eb71324daa10858b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
@c instguide.texi - Installation guide for GnuPG
@c Copyright (C) 2006 Free Software Foundation, Inc.
@c This is part of the GnuPG manual.
@c For copying conditions, see the file gnupg.texi.
@node Installation
@chapter A short installation guide.
[to be written]
Tell how to setup the system, install certificates, how dirmngr relates
to GnuPG etc.
** Explain how to setup a root CA key as trusted
X.509 is based on a hierarchical key infrastructure. At the root of the
tree a trusted anchor (root certificate) is required. There are usually
no other means of verfying whether this root certificate is trutsworthy
than looking it up in a list. GnuPG uses a file (@file{trustlist.txt})
to keep track of all root certificates it knows about. There are 3 ways
to get certificates into this list:
@itemize
@item
Use the list which comes with GnuPG. However this list only
contains a few root certifciates. Most installations will need more.
@item
Let @command{gpgsm} ask you whether you want to insert a new root
certificate. To enable this feature you need to set the option
@option{allow-mark-trusted} into @file{gpg-agent.conf}. In general it
is not a good idea to do it this way. Checking whether a root
certificate is really trustworthy requires a decsions, which casual
usuers are not up to. Thus, by default this option is not enabled.
@item
Manually maintain the list of trusted root certificates. For a multi
user installation this can be done once for all users on a machine.
Specific changes on a per-user base are also possible.
@end itemize
XXX decribe how to maintain trustlist.txt and /etc/gnupg/trustlist.txt.
** How to get the ssh support running
How to use the ssh support.
@section Installation Overview
|
