gnupg: Installation
1
1 1 A short installation guide
1 ****************************
1
1 Unfortunately the installation guide has not been finished in time.
1 Instead of delaying the release of GnuPG 2.0 even further, I decided to
1 release without that guide. The chapter on gpg-agent and gpgsm do
1 include brief information on how to set up the whole thing. Please
1 watch the GnuPG website for updates of the documentation. In the
1 meantime you may search the GnuPG mailing list archives or ask on the
1 gnupg-users mailing list for advise on how to solve problems or how to
1 get that whole thing up and running.
1
1 ** Building the software
1
1 Building the software is described in the file 'INSTALL'. Given that
1 you are already reading this documentation we can only give some extra
1 hints.
1
1 To comply with the rules on GNU systems you should have build time
1 configured 'gnupg' using:
1
1 ./configure --sysconfdir=/etc --localstatedir=/var
1
1 This is to make sure that system wide configuration files are
1 searched in the directory '/etc' and variable data below '/var'; the
1 default would be to also install them below '/usr/local' where the
1 binaries get installed. If you selected to use the '--prefix=/' you
1 obviously don't need those option as they are the default then.
1
1 ** Notes on setting a root CA key to trusted
1
1 X.509 is based on a hierarchical key infrastructure. At the root of
1 the tree a trusted anchor (root certificate) is required. There are
1 usually no other means of verifying whether this root certificate is
1 trustworthy than looking it up in a list. GnuPG uses a file
1 ('trustlist.txt') to keep track of all root certificates it knows about.
1 There are 3 ways to get certificates into this list:
1
1 * Use the list which comes with GnuPG. However this list only
1 contains a few root certificates. Most installations will need
1 more.
1
1 * Let 'gpgsm' ask you whether you want to insert a new root
1 certificate. This feature is enabled by default; you may disable
1 it using the option 'no-allow-mark-trusted' into 'gpg-agent.conf'.
1
1 * Manually maintain the list of trusted root certificates. For a
1 multi user installation this can be done once for all users on a
1 machine. Specific changes on a per-user base are also possible.
1