gpgme/README

123 lines
4.0 KiB
Plaintext
Raw Permalink Normal View History

2000-10-27 14:55:24 +00:00
GPGME - GnuPG Made Easy
---------------------------
2004-09-30 02:37:13 +00:00
Copyright 2004 g10 Code GmbH
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
Introduction
--------------
GnuPG Made Easy (GPGME) is a C language library that allows to add
support for cryptography to a program. It is designed to make access
to public key crypto engines like GnuPG or GpgSM easier for
applications. GPGME provides a high-level crypto API for encryption,
decryption, signing, signature verification and key management.
GPGME uses GnuPG and GpgSM as its backends to support OpenPGP and the
Cryptographic Message Syntax (CMS).
GPGME runs best on GNU/Linux or *BSD systems. Other Unices may
require small portability fixes, send us your patches.
2004-12-07 Marcus Brinkmann <marcus@g10code.de> * README: Refer to COPYING.LESSER and "each file" instead of COPYING. * COPYING.LESSER: New file. * gpgme.spec.in (%doc): Add COPYING.LESSER. * acinclude.m4, configure.ac, Makefile.am: Change license to LGPL 2.1 or later. * TODO: Add copyright notice. * README.CVS: Likewise. assuan/ 2004-12-07 Marcus Brinkmann <marcus@g10code.de> * README.1st: Add copyright notice. doc/ 2004-12-07 Marcus Brinkmann <marcus@g10code.de> * Makefile.am: Change license to LGPL. (gpgme_TEXINFOS): Replace gpl.texi with lesser.texi. * gpgme.texi: Change license to LGPL (also for documentation of GPGME's license). * lesser.texi: New file. * gpl.texi: File removed. gpgme/ 2004-12-07 Marcus Brinkmann <marcus@g10code.de> * putc_unlocked.c, funopen.c: I just claim copyright on these files and change their license to LGPL, because they are totally trivial wrapper functions. * isascii.c: Change copyright notice to the one from ctype/ctype.h in the GNU C Library (CVS Head 2004-10-10), where isascii is defined as a macro doing exactly the same as the function in this file. * memrchr.c: Update from the GNU C Library (CVS Head 2001-07-06). * stpcpy.c: Update from the GNU C Library (CVS Head 2004-10-10). * ath.c, ath-compat.c, ath.h, ath-pth.c, ath-pth-compat.c, ath-pthread.c, ath-pthread-compat.c, context.h, conversion.c, data.c, data-compat.c, data-fd.c, data.h, data-mem.c, data-stream.c, data-user.c, debug.c, debug.h, decrypt.c, decrypt-verify.c, delete.c, edit.c, encrypt.c, encrypt-sign.c, engine-backend.h, engine.c, engine-gpgsm.c, engine.h, error.c, export.c, genkey.c, get-env.c, gpgme.c, gpgme.h, import.c, io.h, key.c, keylist.c, mkstatus, Makefile.am, ops.h, op-support.c, passphrase.c, posix-io.c, posix-sema.c, posix-util.c, progress.c, rungpg.c, sema.h, sign.c, signers.c, trust-item.c, trustlist.c, util.h, verify.c, version.c, w32-io.c, w32-sema.c, w32-util.c, wait.c, wait-global.c, wait.h, wait-private.c, wait-user.c: Change license to LGPL. tests/ 2004-12-07 Marcus Brinkmann <marcus@g10code.de> * gpg/mkdemodirs: Add copyright notice. * gpgsm/Makefile.am, gpgsm/t-support.h, gpgsm/t-decrypt.c, gpgsm/t-encrypt.c, gpgsm/t-export.c, gpgsm/t-genkey.c, gpgsm/t-import.c, gpgsm/t-keylist.c, gpgsm/t-sign.c, gpgsm/t-verify.c, gpg/Makefile.am, gpg/t-decrypt.c, gpg/t-decrypt-verify.c, gpg/t-edit.c, gpg/t-encrypt.c, gpg/t-encrypt-sign.c, gpg/t-encrypt-sym.c, gpg/t-eventloop.c, gpg/t-export.c, gpg/t-genkey.c, gpg/t-import.c, gpg/t-keylist.c, gpg/t-keylist-sig.c, gpg/t-sign.c, gpg/t-signers.c, gpg/t-support.h, gpg/t-thread1.c, gpg/t-trustlist.c, gpg/t-verify.c, Makefile.am, t-data.c, t-engine-info.c, t-version.c: Change license to LGPL.
2004-12-07 21:11:53 +00:00
See the file COPYING.LESSER and each file for copyright and warranty
information.
2004-09-30 02:37:13 +00:00
Installation
--------------
See the file INSTALL for generic installation instructions.
Check that you have unmodified sources. See below on how to do this.
Don't skip it - this is an important step!
To build GPGME, you need to install libgpg-error. You need at least
2003-09-14 00:41:39 +00:00
libgpg-error 0.5.
2004-09-30 01:30:28 +00:00
For support of the OpenPGP protocol (default), you should use the
latest version of GnuPG 1.2 or 1.4, available at:
2004-09-30 01:30:28 +00:00
ftp://ftp.gnupg.org/gcrypt/gnupg/
2001-01-11 11:56:34 +00:00
2003-05-26 21:59:11 +00:00
You need at least GnuPG 1.2.2.
2000-11-16 17:26:53 +00:00
2001-11-23 01:12:04 +00:00
If configure can't find the `gpg' binary in your path, you can specify
the location with the --with-gpg=/path/to/gpg argument to configure.
2000-12-29 10:34:34 +00:00
2001-11-23 01:12:04 +00:00
For support of the CMS (Cryptographic Message Syntax) protocol, you
2004-09-30 01:30:28 +00:00
need the latest CVS version of GnuPG 1.9, which is available in the
GnuPG repository:
http://www.gnupg.org/download/cvs_access.html
2004-09-30 01:30:28 +00:00
Use the tag `GNUPG-1-9-BRANCH'. There are also snapshots available at:
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/
2000-12-19 10:07:32 +00:00
2004-04-06 14:22:55 +00:00
You need at least GpgSM 1.9.6.
2001-11-23 01:12:04 +00:00
If configure can't find the `gpgsm' binary in your path, you can
specify the location with the --with-gpgsm=/path/to/gpgsm argument to
configure.
2004-09-30 01:30:28 +00:00
For building the CVS version of GPGME please see the file README.CVS
for more information.
2004-09-30 02:37:13 +00:00
How to Verify the Source
--------------------------
In order to check that the version of GPGME which you are going to
install is an original and unmodified one, you can do it in one of the
following ways:
a) If you have a trusted Version of GnuPG installed, you can simply check
the supplied signature:
$ gpg --verify gpgme-x.y.z.tar.gz.sig
This checks that the detached signature gpgme-x.y.z.tar.gz.sig is
indeed a a signature of gpgme-x.y.z.tar.gz. The key used to create
this signature is either of:
"pub 1024D/57548DCD 1998-07-07 Werner Koch (gnupg sig) <dd9jn@gnu.org>"
"pub 1024D/87978569 1999-05-13
Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
Marcus Brinkmann <mb@g10code.com>"
If you do not have this key, you can get it from any keyserver. You
have to make sure that this is really the key and not a faked one.
You can do this by comparing the output of:
$ gpg --fingerprint 0x57548DCD
with the fingerprint published elsewhere.
b) If you don't have any of the above programs, you have to verify
the SHA1 checksum:
2004-09-30 02:37:13 +00:00
$ sha1sum gpgme-x.y.z.tar.gz
2004-09-30 02:37:13 +00:00
This should yield an output _similar_ to this:
fd9351b26b3189c1d577f0970f9dcadc3412def1 gpgme-x.y.z.tar.gz
2004-09-30 02:37:13 +00:00
Now check that this checksum is _exactly_ the same as the one
published via the announcement list and probably via Usenet.
Documentation
---------------
2004-09-30 01:30:28 +00:00
For information how to use the library you can read the info manual,
which is also a reference book, in the doc/ directory. The programs
in the tests/gpg/ directory may also prove useful.
2000-11-16 17:26:53 +00:00
2001-11-23 01:12:04 +00:00
Please subscribe to the gnupg-devel@gnupg.org mailing list if you want
to do serious work.