diff options
Diffstat (limited to '')
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | README | 131 | ||||
| -rw-r--r-- | TODO | 3 | ||||
| -rw-r--r-- | configure.ac | 2 |
5 files changed, 128 insertions, 18 deletions
@@ -1,3 +1,9 @@ +2004-01-29 Werner Koch <[email protected]> + + * README: Updated. + + * configure.ac: Require libksba 0.9.2 due to bug fixes. + 2004-01-24 Werner Koch <[email protected]> * configure.ac: Now requires libassuan 0.6.3. @@ -1,6 +1,10 @@ Noteworthy changes in version 1.9.4 (unreleased) ------------------------------------------------ + * Added support for the Telesec NKS 2.0 card application. + + * Various minor bug fixes and cleanups; mainly gpgsm and gpg-agent + related. Noteworthy changes in version 1.9.3 (2003-12-23) ------------------------------------------------ @@ -1,22 +1,56 @@ -GnuPG 1.9 is a temporary project to work on GnuPG extensions; it is a -merke fo gnupg 1.3 and the old newpg package. It will eventually lead -to a GnuPG 2.0 release. + The GNU Privacy Guard 2 + ========================= + Version 1.9.x -jnlib/ utility functions -kbx/ keybox library -g10/ the gpg program here called gpg2 -sm/ the gpgsm program -agent/ the gpg-agent -scd/ the smartcard daemon +GnuPG 1.9 is the future version of GnuPG; it is based on the gnupg-1.3 +code and the previous newpg package. It will eventually lead to a +GnuPG 2.0 release. Note that GnuPG 1.3 and 1.9 are not always in sync +and thus features and bug fixes done in 1.3 are not necessary +available in 1.9. + + +BUILD INSTRUCTIONS +================== + +GnuPG 1.9 depends on the following packages: + + libgpg-error (ftp://ftp.gnupg.org/gcrypt/alpha/libgpg-error/) + libgcrypt (ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/) + libassuan (ftp://ftp.gnupg.org/gcrypt/alpha/libassuan/) + libksba (ftp://ftp.gnupg.org/gcrypt/alpha/libksba/) + +You also need the pinentry package for most function of GnupG; however +it is not a build requirement. pinentry is available at +ftp://ftp.gnupg.org/gcrypt/pinentry/ . + +You should get the latest versions of course, the GnuPG configure +script complains if a version is not sufficient. + +After building and installing the above packages in the order as given +above, you may now continue with GnupG installation (you may also just +try to build GnuPG to see whether your already installed versions are +sufficient). + +As with all packages, you just have to do -You need the libgpg-error package. Libassuan, Libksba and Libgcrypt -are also required to build it. + ./configure + make + make install -Keybox is designed to be source include-able. +(Before doing install you might need to become root.) -A texinfo manual `gnupg.info' will get installed. Some commands and -options given below. +If everything succeeds, you have a working GnuPG with support for +S/MIME and smartcards. Note that there is no binary gpg but a gpg2 so +that this package won't confict with a GnuPG 1.2 or1.3 +installation. gpg2 behaves just like gpg and it is possible to symlink +oto gpg if you want to use gpg 1.9. + +In case of problem please ask on [email protected] for advise. Note +that this release is only expected to build on GNU and *BSD systems. + +A texinfo manual named `gnupg.info' will get installed. Some commands +and options given below. See also the section `SMARTCARD INTRO'. COMMANDS @@ -177,6 +211,12 @@ scdaemon: ctAPI, a number must be specified (the default is 32768 for the first USB port). +--disable-ccid + + Disable the integrated support for CCID compliant readers. This + allows to fall back to one of the other drivers even if the internal + CCID driver can handle the reader. Note, that CCID support is only + available if libusb was available at build time. FILES @@ -261,7 +301,22 @@ private-keys-v1.d/ about. -How to specify a user ID +SOURCE FILES +============ + +Here is a list of directories with source files: + +jnlib/ utility functions +kbx/ keybox library +g10/ the gpg program here called gpg2 +sm/ the gpgsm program +agent/ the gpg-agent +scd/ the smartcard daemon +doc/ documentation + + + +HOW TO SPECIFY A USER ID ======================== Due to the way X.509 certificates are made up we need a few new ways @@ -394,7 +449,7 @@ data. Some of the search modes are not yet implemented ;-) -How to import a private key +HOW TO IMPORT A PRIVATE KEY =========================== There is some limited support to import a private key from a PKCS-12 file. Note, that this does only import the private key and not any @@ -408,7 +463,7 @@ however this is in general not a good idea. If that key already exists, the protect-tool refuses to store it unless you use the option "--force". -How to export a private key +HOW TO EXPORT A PRIVATE KEY =========================== There is also limited support to export a private key in PKCS-12 format. However the certificate is not stored and there is no MAC applied. @@ -416,3 +471,45 @@ format. However the certificate is not stored and there is no MAC applied. gpgsm --call-protect-tool --p12-export foo.key >foo.p12 +SMARTCARD INTRO +=============== + +GPG, the OpenPGP implementation supports the OpenPGP smartcard +(surprise!); see http://g10code.com/p-card.html. + +[Fixme: We need to explain this further] + + +GPGSM, the CMS (S/MIME) implementation supports two kinds of +smartcards. The most flexible way is to use PKCS#15 compliant cards, +however you must have build GnuPG with support for the OpenSC library. +The build process automagically detects the presence of this library +and will include support for these cards. + +The other card we currently support is the Telesec NetKey card with +the NKS 2.0 card application. + +Before GPGSM can make use of a new card it must gather some +information, like the card's serial number, the public keys and the +certificates stored on the card. Thus for a new card you need to run +the command + + gpgsm --learn-card + +once. This is also a good test to see whether your card reader is +properly installed. See below in case of error. Once this has been +done you may use the keys stored on the card in the same way you use +keys stored on the disk. gpgsm automagically knows whether a card is +required and will pop up the pinentry to ask you to insert the +correct card. + +For selecting the driver, see the options of scdaemon. A useful +debugging flag is "--debug 2048" showing the communication between +scdaemon and the reader. + +[fixme: write more stuff] + + + + + @@ -59,6 +59,9 @@ might want to have an agent context for each service request * agent/pkdecrypt.c, agent/pksign.c ** Don't use stdio to return results. +* agent/divert-scd.c + Remove the agent_reset_scd kludge. + * agent/protect-tool.c ** Export and import certificates along with the secret key. ** Make it more comfortable; i.e. copy files to the correct place. diff --git a/configure.ac b/configure.ac index cd0486f4b..f47ef1f8b 100644 --- a/configure.ac +++ b/configure.ac @@ -32,7 +32,7 @@ development_version=yes NEED_GPG_ERROR_VERSION=0.6 NEED_LIBGCRYPT_VERSION=1.1.91 NEED_LIBASSUAN_VERSION=0.6.3 -NEED_KSBA_VERSION=0.9.1 +NEED_KSBA_VERSION=0.9.2 NEED_OPENSC_VERSION=0.8.0 |