path: root/README
diff options
authorJinWang An <>2021-12-01 16:54:37 +0900
committerJinWang An <>2021-12-01 16:54:37 +0900
commit442a1386c9708114c2b721afea60d5593e36c423 (patch)
treed3b22c8ec8d6aaa40297028da6f9da358bb15f80 /README
parent214479142a766516e8770c3e1a3b0b0cc37c239e (diff)
Imported Upstream version 1.10.0upstream/1.10.0
Diffstat (limited to 'README')
1 files changed, 14 insertions, 25 deletions
diff --git a/README b/README
index 214ea87..f7b006f 100644
--- a/README
+++ b/README
@@ -22,10 +22,10 @@ to public key crypto engines like GnuPG or GpgSM easier for
applications. GPGME provides a high-level crypto API for encryption,
decryption, signing, signature verification and key management.
-GPGME comes with language bindings for Common Lisp, C++, QT, Python2
+GPGME comes with language bindings for Common Lisp, C++, QT, Python2,
and Python 3.
-GPGME uses GnuPG and GpgSM as its backends to support OpenPGP and the
+GPGME uses GnuPG as its backend to support OpenPGP and the
Cryptographic Message Syntax (CMS).
See the files COPYING, COPYING.LESSER, and each file for copyright and
@@ -41,16 +41,14 @@ See the file INSTALL for generic installation instructions.
Check that you have unmodified sources. See below on how to do this.
Don't skip it - this is an important step!
-To build GPGME, you need to install libgpg-error (>= 1.11) and
-Libassuan (>= 2.0.2).
+To build GPGME, you need to install libgpg-error (>= 1.24) and
+Libassuan (>= 2.4.2).
-For support of the OpenPGP protocol (default), you should use the
-latest version of GnuPG (>= 1.4) , available at:
- For support of the CMS
-(Cryptographic Message Syntax) protocol and lot of other features, you
-need a GnuPG version >= 2.0.
+For support of the OpenPGP and the CMS protocols, you should use the
+latest version of GnuPG (>= 2.1.18) , available at:
-For building the GIT version of GPGME please see the file README.GIT
+For building the Git version of GPGME please see the file README.GIT
for more information.
@@ -68,34 +66,25 @@ a) If you have a trusted Version of GnuPG installed, you can simply check
This checks that the detached signature gpgme-x.y.z.tar.gz.sig is
indeed a a signature of gpgme-x.y.z.tar.gz. The key used to create
- this signature is either of:
+ this signature is at least one of:
- rsa2048/4F25E3B6 2011-01-12 [expires: 2019-12-31]
+ rsa2048 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
- rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
+ rsa2048 2014-10-29 [expires: 2019-12-31]
Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959
David Shaw (GnuPG Release Signing Key) <dshaw 'at'>
- rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28]
+ rsa2048 2014-10-29 [expires: 2020-10-30]
Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06
NIIBE Yutaka (GnuPG Release Key) <gniibe 'at'>
- rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31]
- Key fingerprint = D238 EA65 D64C 67ED 4C30 73F2 8A86 1B1C 7EFD 60D9
- Werner Koch (Release Signing Key)
- rsa3072/4B092E28 2017-03-17 [expires: 2027-03-15]
+ rsa3072 2017-03-17 [expires: 2027-03-15]
Key fingerprint = 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28
Andre Heinecke (Release Signing Key)
- You may retrieve these files from the keyservers using this command
- gpg --recv-keys 249B39D24F25E3B6 04376F3EE0856959 \
- 2071B08A33BD3F06 8A861B1C7EFD60D9 BCEF7E294B092E28
- The keys are also available at
+ The keys are available at <>
and in released GnuPG tarballs in the file g10/distsigkey.gpg .
You have to make sure that these are really the desired keys and
not faked one. You should do this by comparing the fingerprints