"Fossies" - the Fresh Open Source Software Archive

Member "gpgme-1.15.1/README" (8 Jan 2021, 4073 Bytes) of package /linux/privat/gpgme-1.15.1.tar.bz2:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "README": 1.15.0_vs_1.15.1.

    1                        GPGME - GnuPG Made Easy
    2                      ---------------------------
    3 
    4 Copyright 2001-2021 g10 Code GmbH
    5 
    6 This file is free software; as a special exception the author gives
    7 unlimited permission to copy and/or distribute it, with or without
    8 modifications, as long as this notice is preserved.
    9 
   10 This file is distributed in the hope that it will be useful, but
   11 WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
   12 implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
   13 PURPOSE.
   14 
   15 
   16 Introduction
   17 --------------
   18 
   19 GnuPG Made Easy (GPGME) is a C language library that allows to add
   20 support for cryptography to a program.  It is designed to make access
   21 to public key crypto engines like GnuPG or GpgSM easier for
   22 applications.  GPGME provides a high-level crypto API for encryption,
   23 decryption, signing, signature verification and key management.
   24 
   25 GPGME comes with language bindings for Common Lisp, C++, QT, Python2,
   26 and Python 3.
   27 
   28 GPGME uses GnuPG as its backend to support OpenPGP and the
   29 Cryptographic Message Syntax (CMS).
   30 
   31 See the files COPYING, COPYING.LESSER, and each file for copyright and
   32 warranty information.  The file AUTHORS has a list of authors and
   33 useful web and mail addresses.
   34 
   35 
   36 Installation
   37 --------------
   38 
   39 See the file INSTALL for generic installation instructions.
   40 
   41 Check that you have unmodified sources.  See below on how to do this.
   42 Don't skip it - this is an important step!
   43 
   44 To build GPGME, you need to install libgpg-error (>= 1.24) and
   45 Libassuan (>= 2.4.2).
   46 
   47 For support of the OpenPGP and the CMS protocols, you should use the
   48 latest version of GnuPG (>= 2.1.18) , available at:
   49 https://gnupg.org/ftp/gcrypt/gnupg/.
   50 
   51 For building the Git version of GPGME please see the file README.GIT
   52 for more information.
   53 
   54 
   55 How to Verify the Source
   56 --------------------------
   57 
   58 In order to check that the version of GPGME which you are going to
   59 install is an original and unmodified one, you can do it in one of the
   60 following ways:
   61 
   62 a) If you have a trusted Version of GnuPG installed, you can simply check
   63    the supplied signature:
   64 
   65 	$ gpg --verify gpgme-x.y.z.tar.gz.sig gpgme-x.y.z.tar.gz
   66 
   67    This checks that the detached signature gpgme-x.y.z.tar.gz.sig is
   68    indeed a a signature of gpgme-x.y.z.tar.gz.  The key used to create
   69    this signature is at least one of:
   70 
   71      rsa2048 2011-01-12 [expires: 2019-12-31]
   72      Key fingerprint = D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
   73      Werner Koch (dist sig)
   74 
   75      rsa2048 2014-10-29 [expires: 2019-12-31]
   76      Key fingerprint = 46CC 7308 65BB 5C78 EBAB  ADCF 0437 6F3E E085 6959
   77      David Shaw (GnuPG Release Signing Key) <dshaw 'at' jabberwocky.com>
   78 
   79      rsa2048 2014-10-29 [expires: 2020-10-30]
   80      Key fingerprint = 031E C253 6E58 0D8E A286  A9F2 2071 B08A 33BD 3F06
   81      NIIBE Yutaka (GnuPG Release Key) <gniibe 'at' fsij.org>
   82 
   83      rsa3072 2017-03-17 [expires: 2027-03-15]
   84      Key fingerprint = 5B80 C575 4298 F0CB 55D8  ED6A BCEF 7E29 4B09 2E28
   85      Andre Heinecke (Release Signing Key)
   86 
   87    The keys are available at <https://gnupg.org/signature_key.html>
   88    and in released GnuPG tarballs in the file g10/distsigkey.gpg .
   89    You have to make sure that these are really the desired keys and
   90    not faked one.  You should do this by comparing the fingerprints
   91    with the fingerprints published elsewhere.
   92 
   93 b) If you don't have any of the above programs, you have to verify
   94    the SHA1 checksum:
   95 
   96 	$ sha1sum gpgme-x.y.z.tar.gz
   97 
   98    This should yield an output _similar_ to this:
   99 
  100    fd9351b26b3189c1d577f0970f9dcadc3412def1  gpgme-x.y.z.tar.gz
  101 
  102    Now check that this checksum is _exactly_ the same as the one
  103    published via the announcement list and probably via Usenet.
  104 
  105 
  106 Documentation
  107 ---------------
  108 
  109 For information how to use the library you can read the info manual,
  110 which is also a reference book, in the doc/ directory.  The programs
  111 in the tests/ directory may also prove useful.
  112 
  113 Please subscribe to the gnupg-devel@gnupg.org mailing list if you want
  114 to do serious work.
  115 
  116 For hacking on GPGME, please have a look at doc/HACKING.