diff options
Diffstat (limited to 'README')
| -rw-r--r-- | README | 39 |
1 files changed, 14 insertions, 25 deletions
@@ -22,10 +22,10 @@ to public key crypto engines like GnuPG or GpgSM easier for applications. GPGME provides a high-level crypto API for encryption, decryption, signing, signature verification and key management. -GPGME comes with language bindings for Common Lisp, C++, QT, Python2 +GPGME comes with language bindings for Common Lisp, C++, QT, Python2, and Python 3. -GPGME uses GnuPG and GpgSM as its backends to support OpenPGP and the +GPGME uses GnuPG as its backend to support OpenPGP and the Cryptographic Message Syntax (CMS). See the files COPYING, COPYING.LESSER, and each file for copyright and @@ -41,16 +41,14 @@ See the file INSTALL for generic installation instructions. Check that you have unmodified sources. See below on how to do this. Don't skip it - this is an important step! -To build GPGME, you need to install libgpg-error (>= 1.11) and -Libassuan (>= 2.0.2). +To build GPGME, you need to install libgpg-error (>= 1.24) and +Libassuan (>= 2.4.2). -For support of the OpenPGP protocol (default), you should use the -latest version of GnuPG (>= 1.4) , available at: -ftp://ftp.gnupg.org/gcrypt/gnupg/. For support of the CMS -(Cryptographic Message Syntax) protocol and lot of other features, you -need a GnuPG version >= 2.0. +For support of the OpenPGP and the CMS protocols, you should use the +latest version of GnuPG (>= 2.1.18) , available at: +https://gnupg.org/ftp/gcrypt/gnupg/. -For building the GIT version of GPGME please see the file README.GIT +For building the Git version of GPGME please see the file README.GIT for more information. @@ -68,34 +66,25 @@ a) If you have a trusted Version of GnuPG installed, you can simply check This checks that the detached signature gpgme-x.y.z.tar.gz.sig is indeed a a signature of gpgme-x.y.z.tar.gz. The key used to create - this signature is either of: + this signature is at least one of: - rsa2048/4F25E3B6 2011-01-12 [expires: 2019-12-31] + rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) - rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] + rsa2048 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959 David Shaw (GnuPG Release Signing Key) <dshaw 'at' jabberwocky.com> - rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28] + rsa2048 2014-10-29 [expires: 2020-10-30] Key fingerprint = 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06 NIIBE Yutaka (GnuPG Release Key) <gniibe 'at' fsij.org> - rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31] - Key fingerprint = D238 EA65 D64C 67ED 4C30 73F2 8A86 1B1C 7EFD 60D9 - Werner Koch (Release Signing Key) - - rsa3072/4B092E28 2017-03-17 [expires: 2027-03-15] + rsa3072 2017-03-17 [expires: 2027-03-15] Key fingerprint = 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28 Andre Heinecke (Release Signing Key) - You may retrieve these files from the keyservers using this command - - gpg --recv-keys 249B39D24F25E3B6 04376F3EE0856959 \ - 2071B08A33BD3F06 8A861B1C7EFD60D9 BCEF7E294B092E28 - - The keys are also available at https://gnupg.org/signature_key.html + The keys are available at <https://gnupg.org/signature_key.html> and in released GnuPG tarballs in the file g10/distsigkey.gpg . You have to make sure that these are really the desired keys and not faked one. You should do this by comparing the fingerprints |