Beyond Linux® From Scratch - Version 7.5

Chapter 4. Security

GnuPG-2.0.22

Introduction to GnuPG

The GnuPG package is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described by several RFCs. GnuPG 2 is the stable version of GnuPG integrating support for OpenPGP and S/MIME.

This package is known to build and work properly using an LFS-7.5 platform.

Package Information

GnuPG 2 Dependencies

Required

Pth-2.0.7, Libassuan-2.1.1, libgcrypt-1.6.1, and Libksba-1.3.0

Recommended

PIN-Entry-0.8.3 (Run-time requirement for most of the package's functionality)

Optional

OpenLDAP-2.4.39, libusb-compat-0.1.5, cURL-7.35.0, GNU adns, and an MTA

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/gnupg2

Installation of GnuPG

Install GnuPG by running the following commands: 

./configure --prefix=/usr \
            --docdir=/usr/share/doc/gnupg-2.0.22 &&
make &&

makeinfo --html --no-split -o doc/gnupg_nochunks.html doc/gnupg.texi &&
makeinfo --plaintext       -o doc/gnupg.txt           doc/gnupg.texi

If you have texlive-20130530 installed and you wish to create documentation in alternate formats, issue the following commands: 

make -C doc pdf ps html

To test the results, issue: make check.

Note that if you have already installed GnuPG, the instructions below will overwrite /usr/share/man/man1/gpg-zip.1. Now, as the root user: 

make install               &&
ln -sv gpg2  /usr/bin/gpg  &&
ln -sv gpgv2 /usr/bin/gpgv &&

install -v -m755 -d /usr/share/doc/gnupg-2.0.22/html       &&
install -v -m644    doc/gnupg_nochunks.html \
                    /usr/share/doc/gnupg-2.0.22/gnupg.html &&
install -v -m644    doc/*.texi doc/gnupg.txt \
                    /usr/share/doc/gnupg-2.0.22

If you created alternate formats of the documentation, install it using the following command as the root user: 

install -v -m644 doc/gnupg.html/* \
                 /usr/share/doc/gnupg-2.0.22/html &&
install -v -m644 doc/gnupg.{pdf,dvi,ps} \
                 /usr/share/doc/gnupg-2.0.22

Command Explanations

ln -sv gpg...: Symlinks for compatibility with the first version of GnuPG.

--docdir=/usr/share/doc/gnupg-2.0.22: This switch changes the default docdir to /usr/share/doc/gnupg-2.0.22.

--enable-symcryptrun: This switch enables building the symcryptrun program.

--libexecdir=/usr/lib/gnupg2: This option creates a gnupg directory in /usr/lib instead of /usr/libexec in accordance with the old version of the FHS used before LFS-7.5.

Contents

Installed Programs: addgnupghome, applygnupgdefaults, gpg-agent, gpg-connect-agent, gpg2, gpgconf, gpgkey2ssh, gpgparsemail, gpgsm, gpgsm-gencert.sh, gpgv2, kbxutil, scdaemon, symcryptrun, and watchgnupg
Installed Libraries: None
Installed Directories: /usr/share/gnupg and /usr/share/doc/gnupg-2.0.22

Short Descriptions

addgnupghome

is used to create and populate user's ~/.gnupg directories

applygnupgdefaults

is a wrapper script used to run gpgconf with the --apply-defaults parameter on all user's GnuPG home directories.

gpg-agent

is a daemon used to manage secret (private) keys independently from any protocol. It is used as a backend for gpg and gpgsm as well as for a couple of other utilities.

gpg-connect-agent

is a utility used to communicate with a running gpg-agent.

gpg2

is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a tool used to provide digital encryption and signing services using the OpenPGP standard.

gpgconf

is a utility used to automatically and reasonable safely query and modify configuration files in the ~/.gnupg home directory. It is designed not to be invoked manually by the user, but automatically by graphical user interfaces.

gpgparsemail

is a utility currently only useful for debugging. Run it with --help for usage information.

gpgsm

is a tool similar to gpg used to provide digital encryption and signing services on X.509 certificates and the CMS protocol. It is mainly used as a backend for S/MIME mail processing.

gpgsm-gencert.sh

is a simple tool used to interactively generate a certificate request which will be printed to stdout.

gpgv2

is a verify only version of gpg2.

kbxutil

is used to list, export and import Keybox data.

scdaemon

is a daemon used to manage smartcards. It is usually invoked by gpg-agent and in general not used directly.

symcryptrun

is a simple symmetric encryption tool.

watchgnupg

is used to listen to a Unix Domain socket created by any of the GnuPG tools.

Last updated on 2014-03-03 19:06:31 -0800