2 GnuPG - The GNU Privacy Guard
3 -------------------------------
6 Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004,
7 2005, 2006 Free Software Foundation, Inc.
9 This file is free software; as a special exception the author
10 gives unlimited permission to copy and/or distribute it, with or
11 without modifications, as long as this notice is preserved.
13 This file is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY, to the extent permitted by law; without even
15 the implied warranty of MERCHANTABILITY or FITNESS FOR A
22 GnuPG is GNU's tool for secure communication and data storage.
23 It can be used to encrypt data and to create digital signatures.
24 It includes an advanced key management facility and is compliant
25 with the proposed OpenPGP Internet standard as described in RFC2440.
27 GnuPG works best on GNU/Linux or *BSD systems. Most other Unices
28 are also supported but are not as well tested as the Free Unices.
29 See http://www.gnupg.org/download/supported_systems.html for a
30 list of systems which are known to work.
32 See the file COPYING for copyright and warranty information.
34 Because GnuPG does not use use any patented algorithms it is not
35 by default fully compatible with PGP 2.x, which uses the patented
36 IDEA algorithm. See http://www.gnupg.org/why-not-idea.html for
37 more information on this subject, including what to do if you are
38 legally entitled to use IDEA.
40 The default public key algorithms are DSA and Elgamal, but RSA is
41 also supported. Symmetric algorithms available are AES (with 128,
42 192, and 256 bit keys), 3DES, Blowfish, CAST5 and Twofish. Digest
43 algorithms available are MD5, RIPEMD/160, SHA-1, SHA-256, SHA-384,
44 and SHA-512. Compression algorithms available are ZIP, ZLIB, and
45 BZIP2 (with libbz2 installed).
51 Please read the file INSTALL and the sections in this file
52 related to the installation. Here is a quick summary:
54 1) Check that you have unmodified sources. See below on how to do
55 this. Don't skip it - this is an important step!
57 2) Unpack the tarball. With GNU tar you can do it this way:
58 "tar xzvf gnupg-x.y.z.tar.gz". If got a bzip2 compressed
59 tarball you need to use: "tar xjvf gnupg-x.y.z.tar.bz2".
69 7) You end up with a "gpg" binary in /usr/local/bin.
71 8) To avoid swapping out of sensitive data, you can install "gpg"
72 setuid root. If you don't do so, you may want to add the
73 option "no-secmem-warning" to ~/.gnupg/gpg.conf
76 How to Verify the Source
77 ------------------------
79 In order to check that the version of GnuPG which you are going to
80 install is an original and unmodified one, you can do it in one of
83 a) If you already have a trusted Version of GnuPG installed, you
84 can simply check the supplied signature:
86 $ gpg --verify gnupg-x.y.z.tar.gz.sig
88 This checks that the detached signature gnupg-x.y.z.tar.gz.sig
89 is indeed a signature of gnupg-x.y.z.tar.gz. The key used to
90 create this signature is:
92 "pub 1024D/57548DCD 1998-07-07 Werner Koch (gnupg sig) <dd9jn@gnu.org>"
94 If you do not have this key, you can get it from the source in
95 the file doc/samplekeys.asc (use "gpg --import doc/samplekeys.asc"
96 to add it to the keyring) or from any keyserver. You have to
97 make sure that this is really the key and not a faked one. You
98 can do this by comparing the output of:
100 $ gpg --fingerprint 0x57548DCD
102 with the fingerprint published elsewhere.
104 Please note, that you have to use an old version of GnuPG to
105 do all this stuff. *Never* use the version which you are going
109 b) If you don't have any of the above programs, you have to verify
112 $ sha1sum gnupg-x.y.z.tar.gz
114 This should yield an output _similar_ to this:
116 fd9351b26b3189c1d577f0970f9dcadc1234abcd gnupg-x.y.z.tar.gz
118 Now check that this checksum is _exactly_ the same as the one
119 published via the announcement list and probably via Usenet.
125 The manual will be distributed separately under the name "gph".
126 An online version of the latest manual draft is available at the
129 http://www.gnupg.org/documentation/
131 A list of frequently asked questions is available in the GnuPG
132 distribution in the file doc/FAQ and online as:
134 http://www.gnupg.org/documentation/faqs.html
136 A couple of HOWTO documents are available online; for a listing see:
138 http://www.gnupg.org/documentation/howtos.html
140 A man page with a description of all commands and options gets installed
141 along with the program.
147 Here is a brief overview on how to use GnuPG - it is strongly suggested
148 that you read the manual and other information about the use of
149 cryptography. GnuPG is only a tool, secure usage requires that
150 YOU KNOW WHAT YOU ARE DOING.
152 The first time you run gpg, it will create a .gnupg directory in
153 your home directory and populate it with a default configuration
154 file. Once this is done, you may create a new key, or if you
155 already have keyrings from PGP, you can import them into GnuPG
158 gpg --import path/to/pgp/keyring/pubring.pkr
160 gpg --import path/to/pgp/keyring/secring.skr
162 The normal way to create a key is
166 This asks some questions and then starts key generation. To create
167 good random numbers for the key parameters, GnuPG needs to gather
168 enough noise (entropy) from your system. If you see no progress
169 during key generation you should start some other activities such
170 as moving the mouse or hitting the CTRL and SHIFT keys.
172 Generate a key ONLY on a machine where you have direct physical
173 access - don't do it over the network or on a machine also used
174 by others, especially if you have no access to the root account.
176 When you are asked for a passphrase use a good one which you can
177 easily remember. Don't make the passphrase too long because you
178 have to type it for every decryption or signing; but, - AND THIS
179 IS VERY IMPORTANT - use a good one that is not easily to guess
180 because the security of the whole system relies on your secret key
181 and the passphrase that protects it when someone gains access to
182 your secret keyring. One good way to select a passphrase is to
183 figure out a short nonsense sentence which makes some sense for
184 you and modify it by inserting extra spaces, non-letters and
185 changing the case of some characters - this is really easy to
186 remember especially if you associate some pictures with it.
188 Next, you should create a revocation certificate in case someone
189 gets knowledge of your secret key or you forgot your passphrase
191 gpg --gen-revoke your_user_id
193 Run this command and store the revocation certificate away. The output
194 is always ASCII armored, so that you can print it and (hopefully
195 never) re-create it if your electronic media fails.
197 Now you can use your key to create digital signatures
201 This creates a file "file.gpg" which is compressed and has a
206 Same as above, but creates a file "file.asc" which is ASCII armored
207 and and ready for sending by mail. It is better to use your
208 mailers features to create signatures (The mailer uses GnuPG to do
209 this) because the mailer has the ability to MIME encode such
210 signatures - but this is not a security issue.
214 Creates a signature of "file", but writes the output to the file
217 Everyone who knows your public key (you can and should publish
218 your key by putting it on a key server, a web page or in your .plan
219 file) is now able to check whether you really signed this text
223 GnuPG now checks whether the signature is valid and prints an
224 appropriate message. If the signature is good, you know at least
225 that the person (or machine) has access to the secret key which
226 corresponds to the published public key.
228 If you run gpg without an option it will verify the signature and
229 create a new file that is identical to the original. gpg can also
230 run as a filter, so that you can pipe data to verify trough it
232 cat signed-file | gpg | wc -l
234 which will check the signature of signed-file and then display the
235 number of lines in the original file.
237 To send a message encrypted to someone you can use
241 This encrypts "file" with the public key of the user "heine" and
242 writes it to "file.gpg"
244 echo "hello" | gpg -ea -r heine | mail heine
246 Ditto, but encrypts "hello\n" and mails it as ASCII armored message
247 to the user with the mail address heine.
249 gpg -se -r heine file
251 This encrypts "file" with the public key of "heine" and writes it
252 to "file.gpg" after signing it with your user id.
254 gpg -se -r heine -u Suttner file
256 Ditto, but sign the file with your alternative user id "Suttner"
259 GnuPG has some options to help you publish public keys. This is
260 called "exporting" a key, thus
262 gpg --export >all-my-keys
264 exports all the keys in the keyring and writes them (in a binary
265 format) to "all-my-keys". You may then mail "all-my-keys" as an
266 MIME attachment to someone else or put it on an FTP server. To
267 export only some user IDs, you give them as arguments on the command
270 To mail a public key or put it on a web page you have to create
271 the key in ASCII armored format
273 gpg --export --armor | mail panther@tiger.int
275 This will send all your public keys to your friend panther.
277 If you have received a key from someone else you can put it
278 into your public keyring. This is called "importing"
280 gpg --import [filenames]
282 New keys are appended to your keyring and already existing
283 keys are updated. Note that GnuPG does not import keys that
286 Because anyone can claim that a public key belongs to her
287 we must have some way to check that a public key really belongs
288 to the owner. This can be achieved by comparing the key during
289 a phone call. Sure, it is not very easy to compare a binary file
290 by reading the complete hex dump of the file - GnuPG (and nearly
291 every other program used for management of cryptographic keys)
292 provides other solutions.
294 gpg --fingerprint <username>
296 prints the so called "fingerprint" of the given username which
297 is a sequence of hex bytes (which you may have noticed in mail
298 sigs or on business cards) that uniquely identifies the public
299 key - different keys will always have different fingerprints.
300 It is easy to compare fingerprints by phone and I suggest
301 that you print your fingerprint on the back of your business
302 card. To see the fingerprints of the secondary keys, you can
303 give the command twice; but this is normally not needed.
305 If you don't know the owner of the public key you are in trouble.
306 Suppose however that friend of yours knows someone who knows someone
307 who has met the owner of the public key at some computer conference.
308 Suppose that all the people between you and the public key holder
309 may now act as introducers to you. Introducers signing keys thereby
310 certify that they know the owner of the keys they sign. If you then
311 trust all the introducers to have correctly signed other keys, you
312 can be be sure that the other key really belongs to the one who
315 There are 2 steps to validate a key:
316 1. First check that there is a complete chain
317 of signed keys from the public key you want to use
318 and your key and verify each signature.
319 2. Make sure that you have full trust in the certificates
320 of all the introduces between the public key holder and
322 Step 2 is the more complicated part because there is no easy way
323 for a computer to decide who is trustworthy and who is not. GnuPG
324 leaves this decision to you and will ask you for a trust value
325 (here also referenced as the owner-trust of a key) for every key
326 needed to check the chain of certificates. You may choose from:
327 a) "I don't know" - then it is not possible to use any
328 of the chains of certificates, in which this key is used
329 as an introducer, to validate the target key. Use this if
330 you don't know the introducer.
331 b) "I do not trust" - Use this if you know that the introducer
332 does not do a good job in certifying other keys. The effect
333 is the same as with a) but for a) you may later want to
334 change the value because you got new information about this
336 c) "I trust marginally" - Use this if you assume that the
337 introducer knows what he is doing. Together with some
338 other marginally trusted keys, GnuPG validates the target
340 d) "I fully trust" - Use this if you really know that this
341 introducer does a good job when certifying other keys.
342 If all the introducer are of this trust value, GnuPG
343 normally needs only one chain of signatures to validate
344 a target key okay. (But this may be adjusted with the help
346 This information is confidential because it gives your personal
347 opinion on the trustworthiness of someone else. Therefore this data
348 is not stored in the keyring but in the "trustdb"
349 (~/.gnupg/trustdb.gpg). Do not assign a high trust value just
350 because the introducer is a friend of yours - decide how well she
351 understands the implications of key signatures and you may want to
352 tell her more about public key cryptography so you can later change
353 the trust value you assigned.
355 Okay, here is how GnuPG helps you with key management. Most stuff
356 is done with the --edit-key command
358 gpg --edit-key <keyid or username>
360 GnuPG displays some information about the key and then prompts
361 for a command (enter "help" to see a list of commands and see
362 the man page for a more detailed explanation). To sign a key
363 you select the user ID you want to sign by entering the number
364 that is displayed in the leftmost column (or do nothing if the
365 key has only one user ID) and then enter the command "sign" and
366 follow all the prompts. When you are ready, give the command
367 "save" (or use "quit" to cancel your actions).
369 If you want to sign the key with another of your user IDs, you
370 must give an "-u" option on the command line together with the
373 Normally you want to sign only one user ID because GnuPG
374 uses only one and this keeps the public key certificate
375 small. Because such key signatures are very important you
376 should make sure that the signatories of your key sign a user ID
377 which is very likely to stay for a long time - choose one with an
378 email address you have full control of or do not enter an email
379 address at all. In future GnuPG will have a way to tell which
380 user ID is the one with an email address you prefer - because
381 you have no signatures on this email address it is easy to change
382 this address. Remember, your signatories sign your public key (the
383 primary one) together with one of your user IDs - so it is not possible
384 to change the user ID later without voiding all the signatures.
386 Tip: If you hear about a key signing party on a computer conference
387 join it because this is a very convenient way to get your key
388 certified (But remember that signatures have nothing to to with the
389 trust you assign to a key).
392 8 Ways to Specify a User ID
393 ---------=-----------------
395 There are several ways to specify a user ID, here are some examples.
397 * Only by the short keyid (prepend a zero if it begins with A..F):
404 * By a complete keyid:
413 "1234343434343434C434343434343434"
414 "123434343434343C3434343434343734349A3434"
415 "0E12343434343434343434EAB3484343434343434"
417 The first one is a short fingerprint for PGP 2.x style keys.
418 The others are long fingerprints for OpenPGP keys.
420 * By an exact string:
422 "=Heinrich Heine <heinrichh@uni-duesseldorf.de>"
424 * By an email address:
426 "<heinrichh@uni-duesseldorf.de>"
430 "+Heinrich Heine duesseldorf"
432 All words must match exactly (not case sensitive) and appear in
433 any order in the user ID. Words are any sequences of letters,
434 digits, the underscore and characters with bit 7 set.
436 * Or by the usual substring:
441 The '*' indicates substring search explicitly.
447 If you use the option "--batch", GnuPG runs in non-interactive mode and
448 never prompts for input data. This does not even allow entering the
449 passphrase. Until we have a better solution (something like ssh-agent),
450 you can use the option "--passphrase-fd n", which works like PGP's
453 Batch mode also causes GnuPG to terminate as soon as a BAD signature is
460 GnuPG returns with an exit status of 1 if in batch mode and a bad signature
461 has been detected or 2 or higher for all other errors. You should parse
462 stderr or, better, the output of the fd specified with --status-fd to get
463 detailed information about the errors.
469 Here is a list of configure options which are sometime useful
472 --enable-static-rnd=<name>
473 Force the use of the random byte gathering
474 module <name>. Default is either to use /dev/random
475 or the auto mode. Value for name:
476 egd - Use the module which accesses the
477 Entropy Gathering Daemon. See the webpages
478 for more information about it.
479 unix - Use the standard Unix module which does not
480 have a very good performance.
481 linux - Use the module which accesses /dev/random.
482 This is the first choice and the default one
483 for GNU/Linux or *BSD.
484 auto - Compile linux, egd and unix in and
485 automagically select at runtime.
487 --with-egd-socket=<name>
488 This is only used when EGD is used as random
489 gatherer. GnuPG uses by default "~/.gnupg/entropy"
490 as the socket to connect EGD. Using this option the
491 socket name can be changed. You may use any filename
492 here with 2 exceptions: a filename starting with
493 "~/" uses the socket in the home directory of the user
494 and one starting with a "=" uses a socket in the
495 GnuPG home directory which is "~/.gnupg" by default.
498 Do not include support for the readline library
499 even if it is available. The default is to check
500 whether the readline library is a available and
501 use it to allow fancy command line editing.
504 Forces usage of the local zlib sources. Default is
505 to use the (shared) library of the system.
508 Look for the system zlib in DIR.
511 Look for the system libbz2 in DIR.
514 Disable the BZIP2 compression algorithm.
516 --with-included-gettext
517 Forces usage of the local gettext sources instead of
518 the one provided by your system.
521 Disable NLS support (See the file ABOUT-NLS)
524 Enable the integrated malloc checking code. Please
525 note that this feature does not work on all CPUs
526 (e.g. SunOS 5.7 on UltraSparc-2) and might give
530 If you have problems with dynamic loading, this
531 option disables all dynamic loading stuff. Note
532 that the use of dynamic linking is very limited.
535 Do not use assembler modules. It is not possible
536 to use this on some CPU types.
539 Disable all remote program execution. This
540 disables photo ID viewing as well as all keyserver
543 --disable-photo-viewers
544 Disable only photo ID viewing.
546 --disable-keyserver-helpers
547 Disable only keyserver helpers.
549 --disable-keyserver-path
550 Disables the user's ability to use the exec-path
551 feature to add additional search directories when
552 executing a keyserver helper.
554 --with-photo-viewer=FIXED_VIEWER
555 Force the photo viewer to be FIXED_VIEWER and
556 disable any ability for the user to change it in
560 Removes support for the RSA public key algorithm.
561 This can give a smaller gpg binary for places
562 where space is tight.
571 Removes support for the selected symmetric or hash
572 algorithm. This can give a smaller gpg binary for
573 places where space is tight.
575 **** Note that if there are existing keys that
576 have one of these algorithms as a preference,
577 messages may be received that use one of these
578 algorithms and you will not be able to decrypt the
581 The public key preference list can be updated to
582 match the list of available algorithms by using
583 "gpg --edit-key (thekey)", and running the
587 Build the smallest gpg binary possible (disables
588 all optional algorithms, disables keyserver
589 access, and disables photo IDs). Specifically,
590 this means --disable-rsa --disable-idea,
591 --disable-cast5, --disable-blowfish,
592 --disable-aes, --disable-twofish,
593 --disable-sha256, --disable-sha512,
594 --without-bzip2, --disable-exec,
595 --disable-card-support and
596 --disable-agent-support.
597 Configure command lines are read from left to
598 right, so if you want to have an "almost minimal"
599 configuration, you can do (for example)
600 "--enable-minimal --enable-rsa" to have RSA added
601 to the minimal build.
603 --enable-key-cache=SIZE
604 Set the internal key and UID cache size. This has
605 a significant impact on performance with large
606 keyrings. The default is 4096, but for use on
607 platforms where memory is an issue, it can be set
610 --disable-card-support
611 Do not include smartcard support. The default is
612 to include support if all required libraries are
615 --disable-agent-support
616 Do not include support for the gpg-agent. The
617 default is to include support.
619 --enable-selinux-support
620 This prevents access to certain files and won't
621 allow import or export of secret keys.
624 Pass option --noexecstack to as. Works only when
627 --disable-gnupg-iconv
628 If iconv is available it is used to convert
629 between utf-8 and the system character set. This
630 is in general the preferable solution. However
631 the code is new and under some cirumstances it may
632 give different output than with the limited old
633 support. This option allows to explicity disable
634 the use of iconv. Note, that iconv is also
635 disabled if gettext has been disabled.
638 Installation Problems
639 ---------------------
641 If you get unresolved externals "gettext" you should run configure
642 again with the option "--with-included-gettext"; this is version
643 0.12.1 which is available at ftp.gnu.org.
645 If you have other compile problems, try the configure options
646 "--with-included-zlib" or "--disable-nls" (See ABOUT-NLS) or
649 We can't check all assembler files, so if you have problems
650 assembling them (or the program crashes) use --disable-asm with
651 ./configure. If you opt to delete individual replacement files in
652 hopes of using the remaining ones, be aware that the configure
653 scripts may consider several subdirectories to get all available
654 assembler files; be sure to delete the correct ones. The assembler
655 replacements are in C and in mpi/generic; never delete
656 udiv-qrnnd.S in any CPU directory, because there may be no C
657 substitute. Don't forget to delete "config.cache" and run
658 "./config.status --recheck". We have also heard reports of
659 problems when using versions of gcc earlier than 2.96 along with a
660 non-GNU assembler (as). If this applies to your platform, you can
661 either upgrade gcc to a more recent version, or use the GNU
664 Some make tools are broken - the best solution is to use GNU's
665 make. Try gmake or grab the sources from a GNU archive and
668 On some OSF systems you may get unresolved externals. This is a
669 libtool problem and the workaround is to manually remove all the
670 "-lc -lz" but the last one from the linker line and execute them
673 On some architectures you see warnings like:
674 longlong.h:175: warning: function declaration isn't a prototype
676 http.c:647: warning: cast increases required alignment of target type
677 This doesn't matter and we know about it (actually it is due to
678 some warning options which we have enabled for gcc)
681 Specific problems on some machines
682 ----------------------------------
686 ./configure --with-libiconv-prefix=/sw
688 * Compaq C V6.2 for alpha:
690 You may want to use the option "-msg-disable ptrmismatch1"
691 to get rid of the sign/unsigned char mismatch warnings.
693 * IBM RS/6000 running AIX:
695 Due to a change in gcc (since version 2.8) the MPI stuff may
696 not build. In this case try to run configure using:
697 CFLAGS="-g -O2 -mcpu=powerpc" ./configure
699 * SVR4.2 (ESIX V4.2 cc)
701 Due to problems with the ESIX as, you probably want to do
702 CFLAGS="-O -K pentium" ./configure --disable-asm
706 ./configure ac_cv_sys_symbol_underscore=yes
712 Random devices are available in Linux, FreeBSD and OpenBSD.
713 Operating systems without a random devices must use another
716 This collector works by running a lot of commands that yield more
717 or less unpredictable output and feds this as entropy into the
718 random generator - It should work reliably but you should check
719 whether it produces good output for your version of Unix. There
720 are some debug options to help you (see cipher/rndunix.c).
723 Creating an RPM package
724 -----------------------
726 The file scripts/gnupg.spec is used to build a RPM package (both
728 1. copy the spec file into /usr/src/redhat/SPECS
729 2. copy the tar file into /usr/src/redhat/SOURCES
730 3. type: rpm -ba SPECS/gnupg.spec
732 Or use the -t (--tarbuild) option of rpm:
733 1. rpm -ta gnupg-x.x.x.tar.gz
735 The binary rpm file can now be found in /usr/src/redhat/RPMS, source
736 rpm in /usr/src/redhat/SRPMS
739 Building Universal Binaries on Apple OS X
740 -----------------------------------------
742 You can build a universal ("fat") binary that will work on both
743 PPC and Intel Macs with something like:
745 ./configure CFLAGS="-arch ppc -arch i386" --disable-endian-check \
746 --disable-dependency-tracking --disable-asm
748 If you are doing the build on a OS X 10.4 (Tiger) PPC machine you
749 may need to add "-isysroot /Developer/SDKs/MacOSX10.4u.sdk" to
750 those CFLAGS. Note that any third-party libraries you may link
751 with need to be universal as well. All Apple-supplied libraries
752 (even libraries not originally written by Apple like curl, zip,
753 and BZ2) are universal.
756 GnuPG 1.4 and GnuPG 1.9
757 -----------------------
759 GnuPG 1.4 is the stable version of GnuPG; GnuPG 1.9 is the
760 development branch. However, large parts of GnuPG 1.9 are also
761 considered to be stable and useful. In particular the tools
762 "gpg-agent" (private key operations and passphrase caching) and
763 "gpgsm" (S/MIME cousin of "gpg") are considered stable. Both
764 packages (1.4.x and 1.9.x) may be installed at the same time and
765 it is actually suggested to do this if you need S/MIME support or
766 want to make use of gpg-agent.
769 How to Get More Information
770 ---------------------------
772 The primary WWW page is "http://www.gnupg.org"
773 The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"
775 See http://www.gnupg.org/download/mirrors.html for a list of
776 mirrors and use them if possible. You may also find GnuPG
777 mirrored on some of the regular GNU mirrors.
779 We have some mailing lists dedicated to GnuPG:
781 gnupg-announce@gnupg.org For important announcements like
782 new versions and such stuff.
783 This is a moderated list and has
784 very low traffic. Do not post to
787 gnupg-users@gnupg.org For general user discussion and
790 gnupg-de@gnupg.org German speaking counterpart of
793 gnupg-ru@gnupg.org Russian speaking counterpart of
796 gnupg-devel@gnupg.org GnuPG developers main forum.
798 You subscribe to one of the list by sending mail with a subject
799 of "subscribe" to x-request@gnupg.org, where x is the name of the
800 mailing list (gnupg-announce, gnupg-users, etc.). An archive of
801 the mailing lists are available at
802 http://www.gnupg.org/documentation/mailing-lists.html
804 Please direct bug reports to http://bugs.gnupg.org or post
805 them direct to the mailing list <gnupg-devel@gnupg.org>.
807 Please direct questions about GnuPG to the users mailing list or
808 one of the pgp newsgroups; please do not direct questions to one
809 of the authors directly as we are busy working on improvements and
810 bug fixes. The English and German mailing lists are watched by
811 the authors and we try to answer questions when time allows us to
814 Commercial grade support for GnuPG is available; please see
815 the GNU service directory or check out http://g10code.com.