2016-09-21 06:57:07 +00:00
|
|
|
GPGME - GnuPG Made Easy
|
|
|
|
---------------------------
|
2000-10-27 14:55:24 +00:00
|
|
|
|
2023-02-10 10:00:35 +00:00
|
|
|
Copyright 2001-2023 g10 Code GmbH
|
2004-09-30 02:37:13 +00:00
|
|
|
|
|
|
|
This file is free software; as a special exception the author gives
|
|
|
|
unlimited permission to copy and/or distribute it, with or without
|
|
|
|
modifications, as long as this notice is preserved.
|
|
|
|
|
|
|
|
This file is distributed in the hope that it will be useful, but
|
|
|
|
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
|
|
|
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
|
|
PURPOSE.
|
|
|
|
|
|
|
|
|
|
|
|
Introduction
|
|
|
|
--------------
|
|
|
|
|
|
|
|
GnuPG Made Easy (GPGME) is a C language library that allows to add
|
|
|
|
support for cryptography to a program. It is designed to make access
|
|
|
|
to public key crypto engines like GnuPG or GpgSM easier for
|
|
|
|
applications. GPGME provides a high-level crypto API for encryption,
|
|
|
|
decryption, signing, signature verification and key management.
|
|
|
|
|
2017-12-12 11:46:00 +00:00
|
|
|
GPGME comes with language bindings for Common Lisp, C++, QT, Python2,
|
2016-09-21 06:57:07 +00:00
|
|
|
and Python 3.
|
|
|
|
|
2017-12-12 11:46:00 +00:00
|
|
|
GPGME uses GnuPG as its backend to support OpenPGP and the
|
2004-09-30 02:37:13 +00:00
|
|
|
Cryptographic Message Syntax (CMS).
|
|
|
|
|
2013-02-26 16:28:04 +00:00
|
|
|
See the files COPYING, COPYING.LESSER, and each file for copyright and
|
|
|
|
warranty information. The file AUTHORS has a list of authors and
|
|
|
|
useful web and mail addresses.
|
2004-09-30 02:37:13 +00:00
|
|
|
|
|
|
|
|
|
|
|
Installation
|
|
|
|
--------------
|
|
|
|
|
|
|
|
See the file INSTALL for generic installation instructions.
|
|
|
|
|
|
|
|
Check that you have unmodified sources. See below on how to do this.
|
|
|
|
Don't skip it - this is an important step!
|
|
|
|
|
2023-10-25 08:56:14 +00:00
|
|
|
To build GPGME, you need to install libgpg-error (>= 1.36) and
|
2017-12-12 11:46:00 +00:00
|
|
|
Libassuan (>= 2.4.2).
|
2003-06-06 03:04:09 +00:00
|
|
|
|
2023-10-25 08:56:14 +00:00
|
|
|
For support of the OpenPGP and the CMS protocols, you should use at
|
|
|
|
least GnuPG version 2.2.41 or 2.4.3, available at:
|
2017-12-12 11:46:00 +00:00
|
|
|
https://gnupg.org/ftp/gcrypt/gnupg/.
|
2000-11-16 17:26:53 +00:00
|
|
|
|
2017-12-12 11:46:00 +00:00
|
|
|
For building the Git version of GPGME please see the file README.GIT
|
2004-09-30 01:30:28 +00:00
|
|
|
for more information.
|
|
|
|
|
2004-09-30 02:37:13 +00:00
|
|
|
|
|
|
|
How to Verify the Source
|
|
|
|
--------------------------
|
|
|
|
|
|
|
|
In order to check that the version of GPGME which you are going to
|
|
|
|
install is an original and unmodified one, you can do it in one of the
|
|
|
|
following ways:
|
|
|
|
|
|
|
|
a) If you have a trusted Version of GnuPG installed, you can simply check
|
|
|
|
the supplied signature:
|
|
|
|
|
2016-11-16 12:29:02 +00:00
|
|
|
$ gpg --verify gpgme-x.y.z.tar.gz.sig gpgme-x.y.z.tar.gz
|
2004-09-30 02:37:13 +00:00
|
|
|
|
|
|
|
This checks that the detached signature gpgme-x.y.z.tar.gz.sig is
|
|
|
|
indeed a a signature of gpgme-x.y.z.tar.gz. The key used to create
|
2017-12-12 11:46:00 +00:00
|
|
|
this signature is at least one of:
|
2004-09-30 02:37:13 +00:00
|
|
|
|
2017-12-12 11:46:00 +00:00
|
|
|
rsa2048 2011-01-12 [expires: 2019-12-31]
|
2016-09-21 06:57:07 +00:00
|
|
|
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
|
|
|
|
Werner Koch (dist sig)
|
|
|
|
|
2017-12-12 11:46:00 +00:00
|
|
|
rsa2048 2014-10-29 [expires: 2019-12-31]
|
2016-09-21 06:57:07 +00:00
|
|
|
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959
|
|
|
|
David Shaw (GnuPG Release Signing Key) <dshaw 'at' jabberwocky.com>
|
|
|
|
|
2017-12-12 11:46:00 +00:00
|
|
|
rsa2048 2014-10-29 [expires: 2020-10-30]
|
2016-09-21 06:57:07 +00:00
|
|
|
Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06
|
|
|
|
NIIBE Yutaka (GnuPG Release Key) <gniibe 'at' fsij.org>
|
|
|
|
|
2017-12-12 11:46:00 +00:00
|
|
|
rsa3072 2017-03-17 [expires: 2027-03-15]
|
2017-03-28 14:21:37 +00:00
|
|
|
Key fingerprint = 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28
|
|
|
|
Andre Heinecke (Release Signing Key)
|
|
|
|
|
2017-12-12 11:46:00 +00:00
|
|
|
The keys are available at <https://gnupg.org/signature_key.html>
|
2016-09-21 06:57:07 +00:00
|
|
|
and in released GnuPG tarballs in the file g10/distsigkey.gpg .
|
|
|
|
You have to make sure that these are really the desired keys and
|
|
|
|
not faked one. You should do this by comparing the fingerprints
|
|
|
|
with the fingerprints published elsewhere.
|
2004-09-30 02:37:13 +00:00
|
|
|
|
|
|
|
b) If you don't have any of the above programs, you have to verify
|
2005-01-12 10:28:42 +00:00
|
|
|
the SHA1 checksum:
|
2004-09-30 02:37:13 +00:00
|
|
|
|
2005-01-12 10:28:42 +00:00
|
|
|
$ sha1sum gpgme-x.y.z.tar.gz
|
2004-09-30 02:37:13 +00:00
|
|
|
|
|
|
|
This should yield an output _similar_ to this:
|
|
|
|
|
2005-01-12 10:28:42 +00:00
|
|
|
fd9351b26b3189c1d577f0970f9dcadc3412def1 gpgme-x.y.z.tar.gz
|
2004-09-30 02:37:13 +00:00
|
|
|
|
|
|
|
Now check that this checksum is _exactly_ the same as the one
|
|
|
|
published via the announcement list and probably via Usenet.
|
|
|
|
|
|
|
|
|
|
|
|
Documentation
|
|
|
|
---------------
|
|
|
|
|
2004-09-30 01:30:28 +00:00
|
|
|
For information how to use the library you can read the info manual,
|
|
|
|
which is also a reference book, in the doc/ directory. The programs
|
2016-09-21 06:57:07 +00:00
|
|
|
in the tests/ directory may also prove useful.
|
2000-11-16 17:26:53 +00:00
|
|
|
|
2001-11-23 01:12:04 +00:00
|
|
|
Please subscribe to the gnupg-devel@gnupg.org mailing list if you want
|
|
|
|
to do serious work.
|
2012-09-25 17:19:13 +00:00
|
|
|
|
|
|
|
For hacking on GPGME, please have a look at doc/HACKING.
|